Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PathCopyCopy20.0.exe

Overview

General Information

Sample name:PathCopyCopy20.0.exe
Analysis ID:1388325
MD5:77b6af6ca0463c866d60a2fdc3dd7010
SHA1:62bc4583d346021411dc7a7d04880123682da2de
SHA256:1cd49bdd01d4543a3022a09bc4f638a6faa1637f5aa1664e2c456a02c42dc3e1
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:20%

Signatures

Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample file is different than original file name gathered from version info
Sigma detected: Classes Autorun Keys Modification
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

  • System is w10x64
  • PathCopyCopy20.0.exe (PID: 6892 cmdline: C:\Users\user\Desktop\PathCopyCopy20.0.exe MD5: 77B6AF6CA0463C866D60A2FDC3DD7010)
    • PathCopyCopy20.0.tmp (PID: 6364 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" MD5: E45F712F1BB2F77DBF445F2EBE2E827C)
      • regsvr32.exe (PID: 4480 cmdline: C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC32.dll MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 6836 cmdline: C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC64.dll MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • rundll32.exe (PID: 1168 cmdline: "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisions MD5: EF3179D498793BF4234F708D3BE28633)
        • rundll32.exe (PID: 5528 cmdline: "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisions MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 3672 cmdline: "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC64.dll",ApplyGlobalRevisions MD5: EF3179D498793BF4234F708D3BE28633)
  • PathCopyCopySettings.exe (PID: 3260 cmdline: "C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe" /frompcc /bitness:x64 /updatecheck MD5: 55385A5A0043FCF1BC13FAB3F8D7D488)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Classes Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: {82CB99A2-2F18-4D5D-9476-54347E3B6720}, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\regsvr32.exe, ProcessId: 4480, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PathCopyCopy\(Default)
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp, ParentCommandLine: C:\Users\user\Desktop\PathCopyCopy20.0.exe, ParentImage: C:\Users\user\Desktop\PathCopyCopy20.0.exe, ParentProcessId: 6892, ParentProcessName: PathCopyCopy20.0.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" , ProcessId: 6364, ProcessName: PathCopyCopy20.0.tmp
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp, ParentCommandLine: C:\Users\user\Desktop\PathCopyCopy20.0.exe, ParentImage: C:\Users\user\Desktop\PathCopyCopy20.0.exe, ParentProcessId: 6892, ParentProcessName: PathCopyCopy20.0.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" , ProcessId: 6364, ProcessName: PathCopyCopy20.0.tmp

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: PathCopyCopy20.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.MIT LicenseCopyright (c) 2008-2021 Charles LechasseurPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included in allcopies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THESOFTWARE.I &accept the agreementI &do not accept the agreement&NextCancel
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.MIT LicenseCopyright (c) 2008-2021 Charles LechasseurPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included in allcopies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THESOFTWARE.I &accept the agreementI &do not accept the agreement&NextCancel
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy CopyJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-EB7E3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-79DGJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-PNPEC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-LE0PK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-33810.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-T30I4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\fr-CAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\fr-CA\is-G2954.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-361M8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-BO877.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-UJC4A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-KBNV1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-CAKIT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-FKITH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-42UMT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-Q66AU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\SchemasJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Schemas\is-DSJPB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type LibrariesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\Win32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\Win32\is-VU3KM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\x64\is-RNPTK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\SamplesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\PluginsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COMJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\is-PRKBH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPluginJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-G8NN9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-8QCHD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-5AGG7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-OMNNI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-6J4UG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-S7SCF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-E44AF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-IOHPQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-L3Q4N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-VS4IJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-SL4C4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-JB5H0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-23U3N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-FMV4H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-3LAOT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-I1DFT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-SSDP7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-EQKN2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-RSQOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-HJHT8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\is-E5A70.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPluginJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\is-7P2IU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\is-C5UMS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\apiJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x64\is-68UJQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x86Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x86\is-DM6IP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\PropertiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\Properties\is-660KS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C01F274-867C-4D1D-BE8C-CB488C31B0C9}_is1Jump to behavior
Source: PathCopyCopy20.0.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: PathCopyCopy20.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_en.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-LE0PK.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopy.pdb] source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-79DGJ.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyRegexTester.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-361M8.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyCOMPluginExecutor32.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-BO877.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\x64\Release\PathCopyCopyCOMPluginExecutor64.pdb source: PathCopyCopy20.0.tmp, 00000002.00000002.1566095857.000000000018C000.00000004.00000010.00020000.00000000.sdmp, PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-UJC4A.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopy.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-79DGJ.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_en.pdbGCTL source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-LE0PK.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_fr.pdbGCTL source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-33810.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\x64\Release\PathCopyCopy.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-PNPEC.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_fr.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-33810.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\x64\Release\PathCopyCopy.pdbZ source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-PNPEC.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\obj\Win32\Release\PathCopyCopySettings\PathCopyCopySettings.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.dr
Source: global trafficHTTP traffic detected: GET /clechasseur/pcc-updates/master/UpdateInfo2.xml HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /clechasseur/pcc-updates/master/UpdateInfo2.xml HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: raw.githubusercontent.com
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://RAW.GITHUBUSERCONTENT.COM/CLECHASSEUR/PCC-UPDATES/MASTER/UPDATEINFO2.XML
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/documentation
Source: is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/wikipage?title=Network%20Administrator&referringTitle=Documentation
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/10263
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/10273
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/10950
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/10979
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/10980
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/10999
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11337
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11339
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11340
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11342
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11343
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11344
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11345
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11346
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11347
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11348
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11349
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11350
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11351
Source: is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11353
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11354
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11355
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11357
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11358
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11359
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11360
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11362
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11363
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11364
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11365
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11367
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/11371
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/4604).
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/7070)
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/7071)
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/8998)
Source: is-Q66AU.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/workitem/9845)
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd
Source: is-DSJPB.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/PipelinePlugins/V1
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/S
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/Softw
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpd
Source: is-T30I4.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2::True2
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2::True:http://pathcopycopy.codeplex.com/xsd/So
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:InstallSources
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:Name
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:Namep
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:ReleaseNotes
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:ReleaseNotes?
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:RequiredW
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:RequiredWindowsVersion
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:SoftwaI3
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:SoftwareUpdateCollection
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:SoftwareUpdateCollectionp
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:SoftwareUpdateInfo
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:UpdateInfos
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:Url
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:Version
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:string
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA17F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:stringInfos
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2H
Source: PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2V3u
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2p
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88FEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.com
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://subca.ocsp-certum.com01
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://subca.ocsp-certum.com02
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://subca.ocsp-certum.com05
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-FKITH.tmp.2.drString found in binary or memory: http://www.apache.org/licenses/
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-FKITH.tmp.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: http://www.certum.pl/CPS0
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: http://www.regular-expressions.info/javascript.html
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: http://www.regular-expressions.info/javascript.htmlC
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: http://www.regular-expressions.info/reference.html
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: http://www.regular-expressions.info/reference.htmlC
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/blob/default/LICENSE
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/101
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/107
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/108
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/11
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/110
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/114
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/117
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/118
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/122
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/125
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/127
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/128
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/129
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/131
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/132
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/133
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/142
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/146
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/17
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/2
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/20
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/24
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/25
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/27
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/28
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/30
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/32
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/38
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/4
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/43
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/46
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/47
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/49
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/5
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/51
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/52
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/57
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/6
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/61
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/63
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/64
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/65
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/68
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/7
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/70
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/73
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/74
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/76
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/77
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/79
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/81
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/83
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/84
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/85
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/86
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/87
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/88
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/89
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/90
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/91
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/92
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/93
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/94
Source: is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/96
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/issues/99
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89010000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/clechasseur/pathcopycopy/milestone/8?closed=1
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/clechasseur/pathcopycopy/milestone/9?closed=1
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/clechasseur/pathcopycopy/releases/tag/v17.1
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/clechasseur/pathcopycopy/releases/tag/v19.0
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/clechasseur/pathcopycopy/releases/tag/v20.0
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-3LAOT.tmp.2.dr, is-7P2IU.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/wiki
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/wiki/Custom-Commands
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/wiki/Custom-Commands-:-Expert-Mode
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/wiki/Settings
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://github.com/clechasseur/pathcopycopy/wiki/SettingsNi
Source: PathCopyCopy20.0.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11369
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11370
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11373
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11374
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11375
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11376
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11377
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11378
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11379
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11383
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11384
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11386
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11387
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11392
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11393
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11395
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11396
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11398
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11399
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11404
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11406
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11412
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11413
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11415
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drString found in binary or memory: https://pathcopycopy.codeplex.com/workitem/11423
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1291371446.0000000003520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pathcopycopy.github.io/
Source: PathCopyCopy20.0.exe, 00000000.00000003.1567921865.00000000022D1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pathcopycopy.github.io/A
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://pathcopycopy.github.io/I
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88FE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://raw.githubusercontent.com/clechasseur/pcc-updates/master/UpdateInfo2.xml
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/clechasseur/pcc-updates/master/UpdateInfo2.xml8
Source: PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/clechasseur/pcc-updates/master/UpdateInfo2.xmllicKeyToken=b77a5c56
Source: PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: https://www.certum.pl/CPS0
Source: PathCopyCopy20.0.exe, 00000000.00000003.1165100767.0000000002520000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.exe, 00000000.00000003.1165548940.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.tmp, 00000002.00000000.1167769631.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: https://www.innosetup.com/
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drString found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=LM5B9WNTH4KN4&lc=CA&item_name=Charles%
Source: PathCopyCopy20.0.exe, 00000000.00000003.1165100767.0000000002520000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.exe, 00000000.00000003.1165548940.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.tmp, 00000002.00000000.1167769631.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drString found in binary or memory: https://www.remobjects.com/ps
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.7:49708 version: TLS 1.2
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeCode function: 19_2_00007FFAAC3659D119_2_00007FFAAC3659D1
Source: PathCopyCopy20.0.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-EB7E3.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-G2954.tmp.2.drStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
Source: is-LE0PK.tmp.2.drStatic PE information: No import functions for PE file found
Source: is-33810.tmp.2.drStatic PE information: No import functions for PE file found
Source: PathCopyCopy20.0.exe, 00000000.00000000.1163122548.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs PathCopyCopy20.0.exe
Source: PathCopyCopy20.0.exe, 00000000.00000003.1165548940.000000007FE33000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs PathCopyCopy20.0.exe
Source: PathCopyCopy20.0.exe, 00000000.00000003.1567921865.0000000002288000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs PathCopyCopy20.0.exe
Source: PathCopyCopy20.0.exe, 00000000.00000003.1165100767.0000000002617000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs PathCopyCopy20.0.exe
Source: PathCopyCopy20.0.exeBinary or memory string: OriginalFileName vs PathCopyCopy20.0.exe
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: duser.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: rasman.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeSection loaded: gpapi.dllJump to behavior
Source: PathCopyCopy20.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: is-T30I4.tmp.2.dr, InjectDriveLabelPipelineElementUserControl.csSuspicious method names: .InjectDriveLabelPipelineElementUserControl.InitializeComponent
Source: is-T30I4.tmp.2.dr, InjectDriveLabelPipelineElementUserControl.csSuspicious method names: .InjectDriveLabelPipelineElementUserControl.Dispose
Source: is-T30I4.tmp.2.dr, InjectDriveLabelPipelineElement.csSuspicious method names: .InjectDriveLabelPipelineElement.Encode
Source: is-T30I4.tmp.2.dr, InjectDriveLabelPipelineElement.csSuspicious method names: .InjectDriveLabelPipelineElement.GetEditingControl
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1564352342.0000000002480000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.2.drBinary or memory string: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\SampleCOMPlugin.csproj
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1291371446.0000000003520000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: `{app}\Samples\Plugins\COM\C#\SampleCOMPlugin.sln
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1565687869.0000000000AD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\SampleCOMPlugin.csproj0;
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1291371446.0000000003520000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b{app}\Samples\Plugins\COM\C++\SampleCOMPlugin.sln
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1564352342.0000000002544000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.2.drBinary or memory string: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin.sln
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1564352342.00000000024CB000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 1{app}\Samples\Plugins\COM\C++\SampleCOMPlugin.sln
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1564352342.0000000002534000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: KC:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin.sln1
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1564352342.0000000002491000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: >\Samples\Plugins\COM\C#\SampleCOMPlugin\SampleCOMPlugin.csprojprojy!I
Source: unins000.dat.2.drBinary or memory string: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin.sln
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1564352342.00000000024CB000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 0{app}\Samples\Plugins\COM\C#\SampleCOMPlugin.sln9+M
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1564352342.0000000002491000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C{app}\Samples\Plugins\COM\C#\SampleCOMPlugin\SampleCOMPlugin.csproj
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1291371446.0000000003520000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {app}\Samples\Plugins\COM\C#\SampleCOMPlugin\SampleCOMPlugin.csproj
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-E5A70.tmp.2.drBinary or memory string: Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SampleCOMPlugin", "SampleCOMPlugin\SampleCOMPlugin.csproj", "{F6CC72AE-E340-42E8-9900-68D0E2654D99}"
Source: classification engineClassification label: clean5.winEXE@14/96@1/1
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy CopyJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeMutant created: NULL
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeMutant created: \Sessions\1\BaseNamedObjects\PathCopyCopySettings.UpdateCheck.Mutex
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeFile created: C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmpJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile read: C:\Program Files\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\System32\rundll32.exe "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisions
Source: PathCopyCopy20.0.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeFile read: C:\Users\user\Desktop\PathCopyCopy20.0.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\PathCopyCopy20.0.exe C:\Users\user\Desktop\PathCopyCopy20.0.exe
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe"
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC32.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC64.dll
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\System32\rundll32.exe "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisions
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisions
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\System32\rundll32.exe "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC64.dll",ApplyGlobalRevisions
Source: unknownProcess created: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe "C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe" /frompcc /bitness:x64 /updatecheck
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeProcess created: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp "C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC64.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\System32\rundll32.exe "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\System32\rundll32.exe "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC64.dll",ApplyGlobalRevisionsJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe "rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisionsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Path Copy Copy Settings.lnk.2.drLNK file: ..\..\..\..\..\..\Program Files\Path Copy Copy\PathCopyCopySettings.exe
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.MIT LicenseCopyright (c) 2008-2021 Charles LechasseurPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included in allcopies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THESOFTWARE.I &accept the agreementI &do not accept the agreement&NextCancel
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpWindow detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.MIT LicenseCopyright (c) 2008-2021 Charles LechasseurPermission is hereby granted free of charge to any person obtaining a copyof this software and associated documentation files (the "Software") to dealin the Software without restriction including without limitation the rightsto use copy modify merge publish distribute sublicense and/or sellcopies of the Software and to permit persons to whom the Software isfurnished to do so subject to the following conditions:The above copyright notice and this permission notice shall be included in allcopies or substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS ORIMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITYFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THEAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHERLIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROMOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THESOFTWARE.I &accept the agreementI &do not accept the agreement&NextCancel
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy CopyJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-EB7E3.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-79DGJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-PNPEC.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-LE0PK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-33810.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-T30I4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\fr-CAJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\fr-CA\is-G2954.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-361M8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-BO877.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-UJC4A.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-KBNV1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-CAKIT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-FKITH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-42UMT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\is-Q66AU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\SchemasJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Schemas\is-DSJPB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type LibrariesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\Win32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\Win32\is-VU3KM.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Type Libraries\x64\is-RNPTK.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\SamplesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\PluginsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COMJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\is-PRKBH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPluginJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-G8NN9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-8QCHD.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-5AGG7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-OMNNI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-6J4UG.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-S7SCF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-E44AF.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-IOHPQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-L3Q4N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-VS4IJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-SL4C4.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-JB5H0.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-23U3N.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-FMV4H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-3LAOT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-I1DFT.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-SSDP7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-EQKN2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-RSQOI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-HJHT8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\is-E5A70.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPluginJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\is-7P2IU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\is-C5UMS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\apiJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x64\is-68UJQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x86Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x86\is-DM6IP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\PropertiesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\Properties\is-660KS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDirectory created: C:\Program Files\Path Copy Copy\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C01F274-867C-4D1D-BE8C-CB488C31B0C9}_is1Jump to behavior
Source: PathCopyCopy20.0.exeStatic PE information: certificate valid
Source: PathCopyCopy20.0.exeStatic file information: File size 2492160 > 1048576
Source: PathCopyCopy20.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_en.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-LE0PK.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopy.pdb] source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-79DGJ.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyRegexTester.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-361M8.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyCOMPluginExecutor32.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-BO877.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\x64\Release\PathCopyCopyCOMPluginExecutor64.pdb source: PathCopyCopy20.0.tmp, 00000002.00000002.1566095857.000000000018C000.00000004.00000010.00020000.00000000.sdmp, PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-UJC4A.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopy.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-79DGJ.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_en.pdbGCTL source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-LE0PK.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_fr.pdbGCTL source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-33810.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\x64\Release\PathCopyCopy.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-PNPEC.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_fr.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-33810.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\x64\Release\PathCopyCopy.pdbZ source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-PNPEC.tmp.2.dr
Source: Binary string: C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\obj\Win32\Release\PathCopyCopySettings\PathCopyCopySettings.pdb source: PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.dr
Source: PathCopyCopy20.0.exeStatic PE information: section name: .didata
Source: PathCopyCopy20.0.tmp.0.drStatic PE information: section name: .didata
Source: is-79DGJ.tmp.2.drStatic PE information: section name: .orpc
Source: is-PNPEC.tmp.2.drStatic PE information: section name: .orpc
Source: is-PNPEC.tmp.2.drStatic PE information: section name: _RDATA
Source: is-UJC4A.tmp.2.drStatic PE information: section name: _RDATA
Source: is-EB7E3.tmp.2.drStatic PE information: section name: .didata
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC32.dll
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeCode function: 19_2_00007FFAAC3611A0 push ebx; retn FFEFh19_2_00007FFAAC36128A
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeCode function: 19_2_00007FFAAC363F9B push ebx; ret 19_2_00007FFAAC363F9A
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeCode function: 19_2_00007FFAAC363F6D push ebx; ret 19_2_00007FFAAC363F9A
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeCode function: 19_2_00007FFAAC36447A push eax; retf 19_2_00007FFAAC36448D
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Users\user\AppData\Local\Temp\is-TJ7N7.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_fr.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-33810.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-T30I4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PathCopyCopyRegexTester.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-PNPEC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-361M8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-EB7E3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-BO877.tmpJump to dropped file
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeFile created: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PCC64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-LE0PK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PCC32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\fr-CA\is-G2954.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_en.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-79DGJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\fr-CA\PathCopyCopySettings.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\is-UJC4A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor32.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path Copy CopyJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path Copy Copy\Path Copy Copy Settings.lnkJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\PathCopyCopy20.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeMemory allocated: 1FA88CA0000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeMemory allocated: 1FAA0F40000 memory reserve | memory write watchJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_fr.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TJ7N7.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\is-33810.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\PathCopyCopyRegexTester.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\is-PNPEC.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\is-361M8.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\is-BO877.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\PCC64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\is-LE0PK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\PCC32.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\fr-CA\is-G2954.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_en.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\fr-CA\PathCopyCopySettings.resources.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\is-79DGJ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\is-UJC4A.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpDropped PE file which has not been started: C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor32.exe (copy)Jump to dropped file
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe TID: 1928Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe TID: 1964Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: PathCopyCopy20.0.tmp, 00000002.00000003.1565687869.0000000000AD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}^
Source: PathCopyCopy20.0.tmp, 00000002.00000002.1566705243.0000000000AD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}^
Source: PathCopyCopySettings.exe, 00000013.00000002.1594760367.000001FA874AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeQueries volume information: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe VolumeInformationJump to behavior
Source: C:\Program Files\Path Copy Copy\PathCopyCopySettings.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		3
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Process Injection		1
Disable or Modify Tools		LSASS Memory32
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		32
Virtualization/Sandbox Evasion		Security Account Manager2
System Owner/User Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		1
Process Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets12
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Regsvr32		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Rundll32		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1388325 Sample: PathCopyCopy20.0.exe Startdate: 07/02/2024 Architecture: WINDOWS Score: 5 37 raw.githubusercontent.com 2->37 8 PathCopyCopy20.0.exe 2 2->8         started        11 PathCopyCopySettings.exe 14 3 2->11         started        process3 dnsIp4 27 C:\Users\user\...\PathCopyCopy20.0.tmp, PE32 8->27 dropped 14 PathCopyCopy20.0.tmp 31 79 8->14         started        39 raw.githubusercontent.com 185.199.109.133, 443, 49708 FASTLYUS Netherlands 11->39 file5 process6 file7 29 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 14->29 dropped 31 C:\Program Files\...\unins000.exe (copy), PE32 14->31 dropped 33 C:\Program Files\...\is-UJC4A.tmp, PE32+ 14->33 dropped 35 18 other files (none is malicious) 14->35 dropped 17 rundll32.exe 14->17         started        19 regsvr32.exe 63 14->19         started        21 regsvr32.exe 43 14->21         started        23 rundll32.exe 2 14->23         started        process8 process9 25 rundll32.exe 2 17->25         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
PathCopyCopy20.0.exe4%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\Path Copy Copy\PCC32.dll (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\PCC64.dll (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor32.exe (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor64.exe (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_en.dll (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_fr.dll (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\PathCopyCopyRegexTester.exe (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe (copy)3%ReversingLabs
C:\Program Files\Path Copy Copy\fr-CA\PathCopyCopySettings.resources.dll (copy)0%ReversingLabs
C:\Program Files\Path Copy Copy\fr-CA\is-G2954.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\is-33810.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\is-361M8.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\is-79DGJ.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\is-BO877.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\is-EB7E3.tmp3%ReversingLabs
C:\Program Files\Path Copy Copy\is-LE0PK.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\is-PNPEC.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\is-T30I4.tmp3%ReversingLabs
C:\Program Files\Path Copy Copy\is-UJC4A.tmp0%ReversingLabs
C:\Program Files\Path Copy Copy\unins000.exe (copy)3%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp3%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-TJ7N7.tmp\_isetup\_setup64.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.remobjects.com/ps0%URL Reputationsafe
http://subca.ocsp-certum.com050%URL Reputationsafe
http://subca.ocsp-certum.com020%URL Reputationsafe
http://subca.ocsp-certum.com010%URL Reputationsafe
https://www.innosetup.com/0%Avira URL Cloudsafe
HTTPS://RAW.GITHUBUSERCONTENT.COM/CLECHASSEUR/PCC-UPDATES/MASTER/UPDATEINFO2.XML0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
raw.githubusercontent.com
185.199.109.133
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://pathcopycopy.codeplex.com/workitem/10979PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
      		high
      https://github.com/clechasseur/pathcopycopy/wiki/SettingsNiPathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drfalse
        		high
        https://github.com/clechasseur/pathcopycopy/issues/2PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
          		high
          https://github.com/clechasseur/pathcopycopy/issues/7PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
            		high
            https://github.com/clechasseur/pathcopycopy/issues/6PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
              		high
              https://github.com/clechasseur/pathcopycopy/issues/5PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                		high
                https://github.com/clechasseur/pathcopycopy/issues/4PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                  		high
                  http://pathcopycopy.codeplex.com/workitem/10980PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                    		high
                    https://github.com/clechasseur/pathcopycopy/issues/101PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                      		high
                      https://www.remobjects.com/psPathCopyCopy20.0.exe, 00000000.00000003.1165100767.0000000002520000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.exe, 00000000.00000003.1165548940.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.tmp, 00000002.00000000.1167769631.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://github.com/clechasseur/pathcopycopy/issues/107PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                        		high
                        https://github.com/clechasseur/pathcopycopy/issues/108PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                          		high
                          https://pathcopycopy.codeplex.com/workitem/11406PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                            		high
                            https://www.innosetup.com/PathCopyCopy20.0.exe, 00000000.00000003.1165100767.0000000002520000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.exe, 00000000.00000003.1165548940.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopy20.0.tmp, 00000002.00000000.1167769631.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://pathcopycopy.codeplex.com/workitem/11404PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.certum.pl/CPS0PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                  		high
                                  http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:stringInfosPathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA17F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://pathcopycopy.codeplex.com/workitem/7070)PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                      		high
                                      https://github.com/clechasseur/pathcopycopy/releases/tag/v17.1PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://pathcopycopy.codeplex.com/workitem/11412PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                          		high
                                          https://pathcopycopy.codeplex.com/workitem/11413PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                            		high
                                            https://pathcopycopy.codeplex.com/workitem/11415PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                              		high
                                              http://pathcopycopy.codeplex.com/workitem/11371PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                		high
                                                https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=LM5B9WNTH4KN4&lc=CA&item_name=Charles%PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drfalse
                                                  		high
                                                  https://github.com/clechasseur/pathcopycopy/milestone/8?closed=1PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89010000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://pathcopycopy.codeplex.com/workitem/7071)PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                      		high
                                                      https://pathcopycopy.codeplex.com/workitem/11423PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/wsdl/PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/clechasseur/pathcopycopy/wikiPathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-3LAOT.tmp.2.dr, is-7P2IU.tmp.2.drfalse
                                                            		high
                                                            https://github.com/clechasseur/pathcopycopy/issues/20PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                              		high
                                                              http://crl.certum.pl/ctsca2021.crl0oPathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                                                		high
                                                                http://pathcopycopy.codeplex.com/workitem/11349PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                  		high
                                                                  http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:SoftwareUpdateInfoPathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://github.com/clechasseur/pathcopycopy/issues/24PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                      		high
                                                                      https://github.com/clechasseur/pathcopycopy/issues/25PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                        		high
                                                                        https://github.com/clechasseur/pathcopycopy/wiki/Custom-CommandsPathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000000.1579102059.000001FA87142000.00000002.00000001.01000000.0000000A.sdmp, is-T30I4.tmp.2.drfalse
                                                                          		high
                                                                          http://pathcopycopy.codeplex.com/workitem/11350PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                            		high
                                                                            http://pathcopycopy.codeplex.com/workitem/11351PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                              		high
                                                                              http://pathcopycopy.codeplex.com/workitem/11357PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                		high
                                                                                https://github.com/clechasseur/pathcopycopy/issues/27PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                  		high
                                                                                  http://pathcopycopy.codeplex.com/workitem/11358PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                    		high
                                                                                    https://github.com/clechasseur/pathcopycopy/issues/28PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                      		high
                                                                                      http://pathcopycopy.codeplex.com/workitem/10263PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                        		high
                                                                                        http://pathcopycopy.codeplex.com/workitem/11359PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                          		high
                                                                                          http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:NamePathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://pathcopycopy.codeplex.com/workitem/11353is-Q66AU.tmp.2.drfalse
                                                                                              		high
                                                                                              http://pathcopycopy.codeplex.com/workitem/11354PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                		high
                                                                                                http://pathcopycopy.codeplex.com/workitem/11355PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                  		high
                                                                                                  https://github.com/clechasseur/pathcopycopy/issues/30PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                    		high
                                                                                                    https://github.com/clechasseur/pathcopycopy/issues/32PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                      		high
                                                                                                      http://subca.ocsp-certum.com05PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://subca.ocsp-certum.com02PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://subca.ocsp-certum.com01PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://repository.certum.pl/ctnca2.cer09PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                                                                                        		high
                                                                                                        http://pathcopycopy.codeplex.com/workitem/11360PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                          		high
                                                                                                          https://github.com/clechasseur/pathcopycopy/milestone/9?closed=1PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://pathcopycopy.codeplex.com/workitem/11362PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                              		high
                                                                                                              http://pathcopycopy.codeplex.com/workitem/10273PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                		high
                                                                                                                http://pathcopycopy.codeplex.com/workitem/11367PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                  		high
                                                                                                                  http://pathcopycopy.codeplex.com/workitem/10950PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                    		high
                                                                                                                    https://github.com/clechasseur/pathcopycopy/issues/38PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                      		high
                                                                                                                      http://pathcopycopy.codeplex.com/workitem/11363PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                        		high
                                                                                                                        http://pathcopycopy.codeplex.com/workitem/11364PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                          		high
                                                                                                                          http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:NamepPathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://pathcopycopy.codeplex.com/workitem/11365PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                              		high
                                                                                                                              http://pathcopycopy.codeplex.com/xsd/PipelinePlugins/V1is-DSJPB.tmp.2.drfalse
                                                                                                                                		high
                                                                                                                                http://pathcopycopy.codeplex.com/xsd/SoftwPathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://github.com/clechasseur/pathcopycopy/releases/tag/v19.0PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:ReleaseNotesPathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmp, PathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://pathcopycopy.codeplex.com/xsd/SPathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.certum.pl/CPS0PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                                                                                                                          		high
                                                                                                                                          http://pathcopycopy.codeplex.com/workitem/11337PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/clechasseur/pathcopycopy/issues/11PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                              		high
                                                                                                                                              http://pathcopycopy.codeplex.com/workitem/11339PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                		high
                                                                                                                                                http://pathcopycopy.codeplex.com/workitem/11340PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://pathcopycopy.codeplex.com/workitem/11345PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://pathcopycopy.codeplex.com/workitem/11346PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://pathcopycopy.codeplex.com/workitem/11347PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/clechasseur/pathcopycopy/issues/17PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                          		high
                                                                                                                                                          http://pathcopycopy.codeplex.com/workitem/11348PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://pathcopycopy.codeplex.com/workitem/11342PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://pathcopycopy.codeplex.com/workitem/11343PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://pathcopycopy.codeplex.com/workitem/11344PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/clechasseur/pathcopycopy/issues/63PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUPathCopyCopy20.0.exefalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://github.com/clechasseur/pathcopycopy/issues/64PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://github.com/clechasseur/pathcopycopy/issues/65PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/clechasseur/pathcopycopy/issues/68PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com/clechasseur/pathcopycopy/issues/61PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://pathcopycopy.codeplex.com/wikipage?title=Network%20Administrator&referringTitle=Documentationis-Q66AU.tmp.2.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                HTTPS://RAW.GITHUBUSERCONTENT.COM/CLECHASSEUR/PCC-UPDATES/MASTER/UPDATEINFO2.XMLPathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA88F41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2::True2PathCopyCopySettings.exe, 00000013.00000002.1595502825.000001FA89014000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/clechasseur/pathcopycopy/issues/73PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/clechasseur/pathcopycopy/issues/74PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2:RequiredWindowsVersionPathCopyCopySettings.exe, 00000013.00000002.1596436815.000001FAA1836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://github.com/clechasseur/pathcopycopy/issues/76PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/clechasseur/pathcopycopy/issues/77PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://github.com/clechasseur/pathcopycopy/issues/79PathCopyCopy20.0.tmp, 00000002.00000003.1562046522.00000000068D0000.00000004.00001000.00020000.00000000.sdmp, is-Q66AU.tmp.2.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://repository.certum.pl/ctsca2021.cer0PathCopyCopy20.0.exe, is-EB7E3.tmp.2.dr, PathCopyCopy20.0.tmp.0.drfalse
                                                                                                                                                                                                		high

                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                185.199.109.133
                                                                                                                                                                                                		raw.githubusercontent.comNetherlands
                                                                                                                                                                                                		54113FASTLYUSfalse

                                                                                                                                                                                                General Information

                                                                                                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                Analysis ID:1388325
                                                                                                                                                                                                Start date and time:2024-02-07 14:27:50 +01:00
                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                Overall analysis duration:0h 6m 16s
                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                Number of analysed new started processes analysed:23
                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                Sample name:PathCopyCopy20.0.exe
                                                                                                                                                                                                Detection:CLEAN
                                                                                                                                                                                                Classification:clean5.winEXE@14/96@1/1
                                                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                • Successful, ratio: 92%
                                                                                                                                                                                                • Number of executed functions: 33
                                                                                                                                                                                                • Number of non-executed functions: 2
                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                Warnings

                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                • Execution Graph export aborted for target PathCopyCopySettings.exe, PID 3260 because it is empty
                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                • VT rate limit hit for: PathCopyCopy20.0.exe

                                                                                                                                                                                                Simulations

                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                                16:12:31API Interceptor1x Sleep call for process: PathCopyCopySettings.exe modified

                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                IPs

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                185.199.109.133SecuriteInfo.com.FileRepMalware.29948.26447.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                                                                                  SecuriteInfo.com.Trojan.DownloaderNET.74.18381.3316.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousGurcu StealerBrowse
                                                                                                                                                                                                      SecuriteInfo.com.Win64.Evo-gen.4079.4864.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        SecuriteInfo.com.Trojan.MulDrop21.51235.20307.20161.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          SecuriteInfo.com.Trojan.GenericKD.71032217.25306.31344.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            SecuriteInfo.com.Trojan.GenericKD.71032217.25306.31344.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              MultiCheat.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                SecuriteInfo.com.Trojan.Siggen24.48788.13091.30197.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                  https://update-metamask.pages.dev/Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    raw.githubusercontent.comSecuriteInfo.com.Trojan.GenericKD.71070171.3623.12188.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 185.199.111.133
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.GenericKD.71070171.3623.12188.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 185.199.108.133
                                                                                                                                                                                                                    file.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                                                                                                                                                                    • 185.199.108.133
                                                                                                                                                                                                                    RGAVGSoWvM.exeGet hashmaliciousLummaC, Amadey, PureLog Stealer, RedLine, Stealc, Xmrig, zgRATBrowse
                                                                                                                                                                                                                    • 185.199.110.133
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.199.108.133
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    • 185.199.111.133
                                                                                                                                                                                                                    SecuriteInfo.com.FileRepMalware.14986.32558.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                                                                                                    • 185.199.111.133
                                                                                                                                                                                                                    SecuriteInfo.com.Win32.Malware-gen.28626.23191.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 185.199.110.133
                                                                                                                                                                                                                    SecuriteInfo.com.Win32.Malware-gen.28626.23191.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 185.199.108.133
                                                                                                                                                                                                                    SecuriteInfo.com.FileRepMalware.29948.26447.exeGet hashmaliciousLuna LoggerBrowse
                                                                                                                                                                                                                    • 185.199.109.133

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    FASTLYUShttps://gift-card-granny10.myfreesites.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 151.101.64.84
                                                                                                                                                                                                                    https://apiv2.kol.eco/builder-redirect?url=https://ibime.edu.mx/klmrkvlmv/jhhcff/eawseawseawseawseaws/Y2hhcnRsaWViQHNvbWVudGVjLmRlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 151.101.66.137
                                                                                                                                                                                                                    https://pub-ef27be0b73394d53a6b96a33e8eee1cf.r2.dev/link.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 151.101.66.137
                                                                                                                                                                                                                    Remittance Notice.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 151.101.2.137
                                                                                                                                                                                                                    https://protect-de.mimecast.com/s/S6wVCNOl15IJZqMqT4-IEIGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 151.101.1.229
                                                                                                                                                                                                                    https://fzlplfznqa-xn----c1aprj-xn----p1ai.translate.goog/qfxa/xdgggw/dgldrytq?ZG1sbGJtNWxRR1JuZEhKbGMyOXlMbWR2ZFhZdVpuST06eXBndGdzY2dodg==+&_x_tr_sch=http&_x_tr_sl=mkpxozso&_x_tr_tl=urmyagaoGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 151.101.52.193
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.GenericKD.71070171.3623.12188.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 185.199.111.133
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.GenericKD.71070171.3623.12188.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 185.199.108.133
                                                                                                                                                                                                                    https://www.amazon.de/gp/f.html?C=AJZW1ZEFUHPE&K=2YDGM17M7XH0Q&M=urn:rtn:msg:20240206162806c82193245dc4492696d89233a0b0p0eu&R=1DB3NK1ZWAAXE&T=C&U=https%3A%2F%2Famazon.de%2Fhz%2Fcontact-us%2Fforesight%2Fhubgateway%3Flanguage%3Dde-DE%26ref_%3Dpe_63884131_793474541&H=7AONDFUAL9HWOCG3VVOVACIYU6WA&ref_=pe_63884131_793474541Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 151.101.1.16
                                                                                                                                                                                                                    https://ptpjbs.lt.emlnk.com/Prod/link-tracker?notrack=1&redirectUrl=aHR0cHMlM0ElMkYlMkZwdWItMGJmYmRjZDcyNTkyNGFlNGFiYWIwNDM1NGE1ZTAyNmYucjIuZGV2JTJGbW93YS5odG1s&sig=AJdmQs5TgXRs5fdsaBrUMtopcJzcXhndMCNTTKUBnCQ7&iat=1707221213&a=%7C%7C478491787%7C%7C&account=ptpjbs%2Eactivehosted%2Ecom&email=VNZw%2Bovf2JEift%2FJgWy5CQOiTDPRZTlhqyZNzcjH2uQWaAeo%2BiK6eYI%3D%3A8VkMXoBZwhlYVspbxRM4iDXcbAkUbPmq&s=bS5yYW1saUBzZW1lbmJvc293YS5jby5pZA==&i=3A5A0A4#pakkasem.tongchai@iucn.orgGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                                                                                                                    • 151.101.130.137

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0e0VRmzMYLNu.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    rQUOTE_HBKMC56376_docx.exeGet hashmaliciousAgentTesla, Discord Token StealerBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.PackedNET.2661.5423.1947.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    rNeworder.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    z15SHIPPINGDOCUMENT.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    RFQ-998112537 (2).exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    PURCHASE_ORDER.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    ARS26922692326922692.zipGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    FedEx_AWB#5305300204643.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 185.199.109.133
                                                                                                                                                                                                                    Monthly Meeting Minutes.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                    • 185.199.109.133

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\HISTORY.TXT (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):23582
                                                                                                                                                                                                                    Entropy (8bit):4.9525005145406436
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:g7MHgzvK9na8EZ6SM7LZRdW2i0NiFA/b2C1A0wqTHcaQnSUMudhVnQGEQyzT84:gQHgzvKBa8IfkiA/bv1t37tBiQwy/84
                                                                                                                                                                                                                    MD5:0582795327B1823FFCCAC85AC5540840
                                                                                                                                                                                                                    SHA1:D81844CE9FEC3248B03A868A0B7448E3258E96D0
                                                                                                                                                                                                                    SHA-256:E64B59577D7724A9AA26BAE92C337890CE786B144EC1DACE9F13DEE286BF3E8C
                                                                                                                                                                                                                    SHA-512:FB082C66B18B93DDB6520158B0CB497D2D967639B9A622254972AB533F6C8D3F6A5360DB9784E7461FACD2209E8AC726F2B4BE793131A761FC1A72728B38FC0E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:Version 20.0 (2021-08-28)..-------------------------..- Now requires Windows 7 SP1 at a minimum..- Now requires .NET Framework 4.8 at a minimum; installer will offer to download and install it..- Paths are now copied in alphabetical order (case-insensitively) [https://github.com/clechasseur/pathcopycopy/issues/129]..- Fixed data error when associating icons to commands in the Settings application [https://github.com/clechasseur/pathcopycopy/issues/132]..- Fixed icon scaling when using bigger icons for commands [https://github.com/clechasseur/pathcopycopy/issues/133]..- Fixed non-working paths copied when following symlink paths [https://github.com/clechasseur/pathcopycopy/issues/127]..- Fixed copying of .url paths on recent Windows 10 OSes [https://github.com/clechasseur/pathcopycopy/issues/128]..- Fixed crash when clicking in Icon column header [https://github.com/clechasseur/pathcopycopy/issues/142]..- New custom command element to display command when files and/or folders are select

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\LICENSE.CommandLineArguments.TXT (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2751
                                                                                                                                                                                                                    Entropy (8bit):4.467321778834221
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:z9OvpbOF2EfEQIfFfy6GpDEqCJ59WXx9USCJwM930nO9X9F+D5mYktKvU2HgR2Y4:z9OJOF2EEQAFK6iFCAXx9TCCM0O9tADJ
                                                                                                                                                                                                                    MD5:F147C0098E52F132DFB35395E728F31F
                                                                                                                                                                                                                    SHA1:3C4F8B490258B2B1DB2357D52A5AA2278704033D
                                                                                                                                                                                                                    SHA-256:726314D2960985E7C45B7422DB7A698B8A1597786BB9D55755A10E001E111EE3
                                                                                                                                                                                                                    SHA-512:53977CE269344CD1CB7BB3E13058DA1238F6F73C0D3F2B4CEC227F5C2C90FACECF9ADB409B41933098DAD9EDFB47B1C9277FCC53D7F3570A0BD83739C9ABE336
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:Microsoft Public License (Ms-PL)....This license governs use of the accompanying software. If you use the software, you..accept this license. If you do not accept the license, do not use the software.....1. Definitions....The terms "reproduce," "reproduction," "derivative works," and "distribution" have the..same meaning here as under U.S. copyright law.....A "contribution" is the original software, or any additions or changes to the software.....A "contributor" is any person that distributes its contribution under this license....."Licensed patents" are a contributor's patent claims that read directly on its contribution.....2. Grant of Rights....(A) Copyright Grant- Subject to the terms of this license, including the license conditions.. and limitations in section 3, each contributor grants you a non-exclusive, worldwide,.. royalty-free copyright license to reproduce its contribution, prepare derivative works.. of its contribution, and distribute its contribution or any deri

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\LICENSE.TXT (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1101
                                                                                                                                                                                                                    Entropy (8bit):5.156875998333765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:7qtshrzJHkH0yw3gt3DQJq1hBE9QHbsUv4fOk4/+8/3oqaFN:7ushHJMlUE/BGQHbs5JK/3oDFN
                                                                                                                                                                                                                    MD5:BCE478F6FCDBAF1BE460D9905324DE03
                                                                                                                                                                                                                    SHA1:1945B5B5A4EF682E2C5FC9E150BFE82F104E481A
                                                                                                                                                                                                                    SHA-256:E037FDC22878939A48300B07CB5202AD43AD0CCA8E8EE0BA760DF99071A76B84
                                                                                                                                                                                                                    SHA-512:F6E0099DF086F955727E6D0524F773EBC678F2B4D283F1B78ACABB7827D624B4B0B9FB94E06C1EE860706207A55C540873BF4D53DA9EA3D6260631FE805C1FE3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Preview:MIT License....Copyright (c) 2008-2021 Charles Lechasseur....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARIS

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\LICENSE.coveo_linq.TXT (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):11541
                                                                                                                                                                                                                    Entropy (8bit):4.478395466448789
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:ff9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8MHfH2:9Ou9b01DY/rGBt+dc+aclkT8MH+
                                                                                                                                                                                                                    MD5:709B849FBED7C1D770661ED722B50B28
                                                                                                                                                                                                                    SHA1:CF3EB360CD5EE4D826CD7824DF217C968946D429
                                                                                                                                                                                                                    SHA-256:721165BEEA647F4410CAFC1E68BBCB558801AA23108C86E224213929844D49E8
                                                                                                                                                                                                                    SHA-512:BDF77281946C29E7E11F09FA4BC09E4F367035EDB16D1FEC5ABCCA542B6DDFB547D2A1A916CB96D02AFA80FB0529CC5A11A658C0E9848FB3993322816138D5D4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview: Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or (

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\LICENSE.microsoft_gsl.TXT (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1178
                                                                                                                                                                                                                    Entropy (8bit):5.096530357159641
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:ODkugarjVJHoH0yE3gtwF7q1h69QH9sUv4pOk4/+wJ3oqmFh:ODzRdJglQEZoQH9s5XyJ3otFh
                                                                                                                                                                                                                    MD5:3567C6B611A2758F4D5899030321B31D
                                                                                                                                                                                                                    SHA1:1B2FE8B1D1FCBDCCCAD138A06F108427DD3E7FCD
                                                                                                                                                                                                                    SHA-256:722575C3842E8B69142EB06066CD8B9160061E2C3E154EB198980B0CDAF94200
                                                                                                                                                                                                                    SHA-512:B686B004F4FCA881C600BAC519A1564A3AFD8BD5FE5BF661A79B3D78A2F2E35D5BCA102CAC84C7D89EF77A0C1834C9B2E75486FB4C18F988B31EB6B334997835
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Copyright (c) 2015 Microsoft Corporation. All rights reserved. .. ..This code is licensed under the MIT License (MIT). ....Permission is hereby granted, free of charge, to any person obtaining a copy ..of this software and associated documentation files (the "Software"), to deal ..in the Software without restriction, including without limitation the rights ..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies ..of the Software, and to permit persons to whom the Software is furnished to do ..so, subject to the following conditions: ....The above copyright notice and this permission notice shall be included in all ..copies or substantial portions of the Software. ....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OT

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PCC32.dll (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):749056
                                                                                                                                                                                                                    Entropy (8bit):6.588208106692203
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:9FJunw/e0IrGttWWNqpZS1fzNRDzae5Y3Cay0bXAJiCuboJbobil+YM2RV4a:9FJuaIr4gWNh1fzNRDzae5Y3lwuby1DX
                                                                                                                                                                                                                    MD5:227E2B076D1DFEC0395580F48CE1A577
                                                                                                                                                                                                                    SHA1:5183A54EBB8B923D30B2A5EC578CCD5DF9EF681D
                                                                                                                                                                                                                    SHA-256:D37F906DDCB1C40407112790FEF5A59D83D3B6A20DE7FB8F3CA0827F315E303D
                                                                                                                                                                                                                    SHA-512:B29130BCFB42CBB86C3498E063B9E751E6ACBFEC89BB067241CAD619C2F49C1002CE169A5E76F064F49D69520910F1F2F2F7951E81F2E3CA582D3650FB8DAF1C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@..........._......_.....V......V......V...U.._......_............R......R...5..R......R.z...........R......Rich...........PE..L.....*a...........!......................................................................@..........................t..h...8v..........06...................@...m......T...............................@...............l............................text....~.......................... ..`.orpc............................... ..`.rdata..............................@..@.data....e.......V...r..............@....rsrc...06.......8..................@..@.reloc...m...@...n..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PCC64.dll (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):965632
                                                                                                                                                                                                                    Entropy (8bit):6.378136851925327
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:i1nGF8OgO0JrIHeFiN8qTKAgKQMerA/wDAOy:iYF8VO0J4qiN8qTKPKv4A/
                                                                                                                                                                                                                    MD5:2491C5BEDD42859749DC74E09649AF2B
                                                                                                                                                                                                                    SHA1:C2F96A4CD78A0F3C25211135E4039A16840D752C
                                                                                                                                                                                                                    SHA-256:DA59B47F42A9031DE4A479D7E24BC4DA570F7187CFB9CA1EEDEA7269C943582B
                                                                                                                                                                                                                    SHA-512:E7AA6E1FC580031EA75DCE63F1E305F95E9075FBC5997B16D6B6696F7D5B8FBEC48AFA8DA79083D028DC6E628F7CAA05134470F5896BAC752F7B6D20A6EB24E4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9.\.W.\.W.\.W...T.V.W...R..W...S.S.W...T.V.W...R...W...S.H.W...V.E.W.\.V...W...S.^.W...R.m.W...W.].W....].W.\...].W...U.].W.Rich\.W.................PE..d.....*a.........." ................t........................................0............`.............................................h...............06...@...v..............`....(..T....................*..(....(..8............... ............................text...<........................... ..`.orpc............................... ..`.rdata..D...........................@..@.data............f..................@....pdata...v...@...x..................@..@_RDATA...............f..............@..@.rsrc...06.......8...h..............@..@.reloc..`...........................@..B........................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor32.exe (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):219136
                                                                                                                                                                                                                    Entropy (8bit):6.53560340769448
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:2XxdYlF42aEXO6CJyBxmh6mP+AOtZeiC:gAF42aEXO+Hm2oiC
                                                                                                                                                                                                                    MD5:EBE7DC37F77E2EFD9D50151397B4A206
                                                                                                                                                                                                                    SHA1:1C052EC152E3689AE07F524EAFAD79AA1B54A0E6
                                                                                                                                                                                                                    SHA-256:545C0071C286974BE7CA3019BFEC3DF8B61CAE91A9D35D01FA8790960CDE674D
                                                                                                                                                                                                                    SHA-512:764E05D1A690EAE1490FAAC9EDC262DAFB18C9E19D27417975D647FC912D6AC166B39EB295CA8AAA84E92E0D7ED887BE0DB401FA68D0C5ABD6D5DDAE3FAD2722
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@..o...o...o....-..o....+.co....*..o....*..o....-..o....+..o..../..o...o/..o....'..o......o...o...o....,..o..Rich.o..................PE..L.....*a.................8...,......1........P....@.......................................@.................................x+..P....`..x....................p..0.......p...................@...........@............P..T............................text....7.......8.................. ..`.rdata.......P.......<..............@..@.data...L....@....... ..............@....rsrc...x....`.......0..............@..@.reloc..0....p... ...8..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PathCopyCopyCOMPluginExecutor64.exe (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):275968
                                                                                                                                                                                                                    Entropy (8bit):6.292217574316531
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:su6D4MKxxIC9Xs64TOJuVAiQohT4xyPs:MD4MOx98bTO8A7oO
                                                                                                                                                                                                                    MD5:98A81DDF63DBBC605ABEABABC035AE76
                                                                                                                                                                                                                    SHA1:EC1B900F4DF25DE6CD435755584BA05E489AB411
                                                                                                                                                                                                                    SHA-256:D98805632D58A80057EEC41161B5A3E1CFD5161F56912DE2135A7C2C13CE9372
                                                                                                                                                                                                                    SHA-512:41D84D273DD0B9EF89552B135F49804958D81BF94EC6AB64A0F131467E42E6C6F0800CA6F7C03138A47A735E17B992C616A45E460EF5A13CAFE343E9C8567D3D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..f*.f*.f*...).f*.....f*.../..f*.....f*...).f*.../..f*...+.f*.f+..f*...#.f*.....f*.f..f*...(.f*.Rich.f*.........................PE..d.....*a..........".................(..........@..........................................`.....................................................P....p..x....0...$.....................p.......................(...`...8............................................text............................... ..`.rdata..,8.......:..................@..@.data...L-..........................@....pdata...$...0...&..................@..@_RDATA.......`......."..............@..@.rsrc...x....p.......$..............@..@.reloc...............,..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_en.dll (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                                                                    Entropy (8bit):3.554942055582771
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:yZMbzW/s/RlD1ls8nDH3LHaeCLZ7CHGdTYHPLGULu6dLMSL0D1e/WeseD5RuqS:NbC/s/08n7iLZ7CHdLGIHLfLYCZvx
                                                                                                                                                                                                                    MD5:66365CC20269449F012AD06146E06A70
                                                                                                                                                                                                                    SHA1:38E39C296F95E08A5BD32DAC0985ADDE5A1DAE35
                                                                                                                                                                                                                    SHA-256:B0898AE6B0171CF80169179448E9D5A02C2ABF4E9A4032BF57B1577797898D21
                                                                                                                                                                                                                    SHA-512:3A7AE2717D5E61AB9BFDDF42911535E3971047C380A97A281974E189D2C54994A92FEBB4744BA8271F9BA96CBCD837341595E949EC6072CEDFCB1A9925C20467
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=h..y...y...y.../|~.x...y...x.../|..x...Richy...........PE..L.....*a...........!.........................................................@............@.......................................... ..h...............................p............................................................................rdata..h...........................@..@.rsrc...h.... ......................@..@......*a............p...p.........*a..........................*a........T.................*a....................RSDS.)|.>\.H..PCv......C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_en.pdb........................GCTL....p....rdata..p........rdata$zzzdbg.... ..0....rsrc$01....0!..8....rsrc$02....................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PathCopyCopyLocalization_fr.dll (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7680
                                                                                                                                                                                                                    Entropy (8bit):3.4158498816307814
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:vWR4dYlqNGmyyroodoOmqmyxJ5myAmyFeT6zs+lHPN55WnNkx:vq4dYlqNGsldoOmq1J5EZbs+Fm
                                                                                                                                                                                                                    MD5:3B6BF104D09CE175F29B748BFE4754FB
                                                                                                                                                                                                                    SHA1:E95BD922045D6DC064A5487CD10A0C5D8BDC3739
                                                                                                                                                                                                                    SHA-256:289C2F400C60A38AA53E92E0C0790CD15A382E168978D67B256AF530D8783ACF
                                                                                                                                                                                                                    SHA-512:E1E88EEEC382530218DAC214D6F556C7936C6EB679804EE3EC7C5D99ADE016792FD29A27E756012C8CC7A9960610B0BE8E95037BB6F3DA5C1130B25FE3C2824B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=h..y...y...y.../|~.x...y...x.../|..x...Richy...........PE..L.....*a...........!.........................................................@............@.......................................... ..................................p............................................................................rdata..h...........................@..@.rsrc........ ......................@..@......*a............p...p.........*a..........................*a........T.................*a....................RSDS.ne...I..;.2.%....C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_fr.pdb........................GCTL....p....rdata..p........rdata$zzzdbg.... ..0....rsrc$01....0!..P....rsrc$02....................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PathCopyCopyRegexTester.exe (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):217600
                                                                                                                                                                                                                    Entropy (8bit):6.510638237498988
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:C5xoPN0KCidGDeOGEl8hWmbSbZ/iN5wtCNi9ncZSR6qEsQ9eXbMOAg0Fuj1yzDmH:C3INDGjGe1ZSMCuaSMeTAOhocK
                                                                                                                                                                                                                    MD5:068F091BF86B8730330B65C4D7085D5B
                                                                                                                                                                                                                    SHA1:83D10490EB96A7E66D4192AA4A4CFF3969E6BA03
                                                                                                                                                                                                                    SHA-256:EC0EBF839F7EF00061440CE61781C78BD71C1C10E22E19723CCB6937FC379E3C
                                                                                                                                                                                                                    SHA-512:56F6609E9435DE806E02725877EA001C47ED770963E50A4E6F69BC223F3085569D796FF8C0D0B63BAA137ECE07BAC48C117AD484944ABD1710B3A64AF710D0B0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(.j|F.j|F.j|F.1.E.g|F.1.C..|F.1.B.||F.8.B.{|F.8.E.~|F.8.C.!|F.1.G.i|F.j|G.=|F.<.O.h|F.<...k|F.j|..k|F.<.D.k|F.Richj|F.........PE..L.....*a.................8...&...............P....@.......................................@..................................(..(....P.......................`......,...p...............................@............P..4............................text....7.......8.................. ..`.rdata.......P.......<..............@..@.data...H....0......................@....rsrc........P.......,..............@..@.reloc.......`... ...2..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):502784
                                                                                                                                                                                                                    Entropy (8bit):5.634701707176868
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:j4JXHv6ACs5+9BOunum/1XG2vVxxv23QJdhWLh:j4pHv+s5w0uksVjv2Gdhu
                                                                                                                                                                                                                    MD5:55385A5A0043FCF1BC13FAB3F8D7D488
                                                                                                                                                                                                                    SHA1:A23FA7C31EF93B123B5E982921BC395E539EBB00
                                                                                                                                                                                                                    SHA-256:125A961BFCE7EE4232765631D94E7C2D343CC9BE71B0BDAAEAC60F99D3D26D36
                                                                                                                                                                                                                    SHA-512:ED002CC03A13D3D48B843FF058A7F0A673B75BF3D24CA536A77EE876C6FBD80DB8135516A3684B8878A18712034782EB41A2B4D168A6FB55BFF7D673CA9A1C42
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*a.........."...0.................. ........@.. ....................................`....................................O.................................................................................... ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......<P..............(!..h............................................0..v.......s.......(....&.{%.....E................+..(y...+..(y...+.(w...(y...+.(w...(y...( ....(!...s......o......("...- .(#.....($.....o%...($.....o&......,..o'.....{&...,P.r...p..s(.......-.....s........s.....o....&....&......,...o'......,...o'.....rO..p..s(.......-..m.{'...-.s~...(|...s........o....,.(....(.......()...&.6....,...o'....s-.......(*.......,...o'......,...o'....*...X....`.1...........

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin.sln (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1473
                                                                                                                                                                                                                    Entropy (8bit):5.528357452299328
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:pPEkuEc+5g5n06RoWEoOaTty6Iw8c0kB8ZfyW:pPx5exRoBoOaJzIVc0kuV
                                                                                                                                                                                                                    MD5:E4445E4CE234ED979F7B7B841AE836C8
                                                                                                                                                                                                                    SHA1:A9F882A085239F90238C3CA25078FDB67CD60EB9
                                                                                                                                                                                                                    SHA-256:905D9BCE0E92466CE91463CBF7623C44034CB7249778ADCCFBC3C63A05C91089
                                                                                                                                                                                                                    SHA-512:35A274A67FE10A927089D6E62CFFC6D9E103B424A3EC1F255D2EC237FF1FDDF81F5BE2112861E6873DD49943F9B995CE5C74C8D40A87A7AD36D2779B0B325551
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio Version 16..VisualStudioVersion = 16.0.29201.188..MinimumVisualStudioVersion = 10.0.40219.1..Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SampleCOMPlugin", "SampleCOMPlugin\SampleCOMPlugin.csproj", "{F6CC72AE-E340-42E8-9900-68D0E2654D99}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|Win32.ActiveCfg = Debug|x86....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|Win32.Build.0 = Debug|x86....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|x64.ActiveCfg = Debug|x64....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|x64.Build.0 = Debug|x64....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Release|Win32.ActiveCfg = Release|x86....{F6CC72AE-E34

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\Properties\AssemblyInfo.cs (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1536
                                                                                                                                                                                                                    Entropy (8bit):5.089884226766705
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:JINebtJwc0YRF2G+K+BPF+iet7kn5eRr4XeYheDDY/F:Jwebt+cJRF2Gp+PFlehk5eKuYhenY/F
                                                                                                                                                                                                                    MD5:4622719BFB9EB97670686847B3C94A7E
                                                                                                                                                                                                                    SHA1:BF60CF55F79A401950D469815D5A108ECB245342
                                                                                                                                                                                                                    SHA-256:DF6AA4010A148760BD2BCC4BAB8DFBEA90D3CBBDA33D694AC2457B2A017ADA61
                                                                                                                                                                                                                    SHA-512:8D270B00AACD7C73A4CF389A03C203A708EF75EFE08A99AEBC37685045AB633559A67E177661BB104B567C4DFDEE38A6083EC58BF2135A55A2BB0A5E0C7F67BF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.using System.Reflection;..using System.Runtime.CompilerServices;..using System.Runtime.InteropServices;....// General Information about an assembly is controlled through the following ..// set of attributes. Change these attribute values to modify the information..// associated with an assembly...[assembly: AssemblyTitle("SampleCOMPluginCSharp")]..[assembly: AssemblyDescription("Sample Path Copy Copy C# COM Plugin")]..[assembly: AssemblyConfiguration("")]..[assembly: AssemblyCompany("")]..[assembly: AssemblyProduct("SampleCOMPluginCSharp")]..[assembly: AssemblyCopyright("(c) 2015-2021, Charles Lechasseur. See LICENSE.TXT for details.")]..[assembly: AssemblyTrademark("")]..[assembly: AssemblyCulture("")]....// Setting ComVisible to false makes the types in this assembly not visible ..// to COM components. If you need to access a type in this assembly from ..// COM, set the ComVisible attribute to true on that type...[assembly: ComVisible(false)]....// The following GUID is for the I

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\Properties\is-660KS.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1536
                                                                                                                                                                                                                    Entropy (8bit):5.089884226766705
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:JINebtJwc0YRF2G+K+BPF+iet7kn5eRr4XeYheDDY/F:Jwebt+cJRF2Gp+PFlehk5eKuYhenY/F
                                                                                                                                                                                                                    MD5:4622719BFB9EB97670686847B3C94A7E
                                                                                                                                                                                                                    SHA1:BF60CF55F79A401950D469815D5A108ECB245342
                                                                                                                                                                                                                    SHA-256:DF6AA4010A148760BD2BCC4BAB8DFBEA90D3CBBDA33D694AC2457B2A017ADA61
                                                                                                                                                                                                                    SHA-512:8D270B00AACD7C73A4CF389A03C203A708EF75EFE08A99AEBC37685045AB633559A67E177661BB104B567C4DFDEE38A6083EC58BF2135A55A2BB0A5E0C7F67BF
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.using System.Reflection;..using System.Runtime.CompilerServices;..using System.Runtime.InteropServices;....// General Information about an assembly is controlled through the following ..// set of attributes. Change these attribute values to modify the information..// associated with an assembly...[assembly: AssemblyTitle("SampleCOMPluginCSharp")]..[assembly: AssemblyDescription("Sample Path Copy Copy C# COM Plugin")]..[assembly: AssemblyConfiguration("")]..[assembly: AssemblyCompany("")]..[assembly: AssemblyProduct("SampleCOMPluginCSharp")]..[assembly: AssemblyCopyright("(c) 2015-2021, Charles Lechasseur. See LICENSE.TXT for details.")]..[assembly: AssemblyTrademark("")]..[assembly: AssemblyCulture("")]....// Setting ComVisible to false makes the types in this assembly not visible ..// to COM components. If you need to access a type in this assembly from ..// COM, set the ComVisible attribute to true on that type...[assembly: ComVisible(false)]....// The following GUID is for the I

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\SampleCOMPlugin.cs (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):6358
                                                                                                                                                                                                                    Entropy (8bit):4.7499022004920874
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:/iPf4QH3oRoO9LhDTsc7g6g1WgwPgXg1WxVbSJFwrlat3LfXXXv:/BQH3KRoc7dQwPYBV6FaatjP
                                                                                                                                                                                                                    MD5:13BFFFBCBA802E298C8FA81CFCB297D5
                                                                                                                                                                                                                    SHA1:B0CCD1BD3EE6A58D8BCDCEFC7528843C36CD2A3A
                                                                                                                                                                                                                    SHA-256:F12F64394763568E1C91C035A96720B5ED1FBEAE7A5CB512A6ED53A6B0ACBE05
                                                                                                                                                                                                                    SHA-512:7A1D64C45C7DAFB58C9B45E89DE5C204D2F3BD811582629A5287CB1058DB08C8FF94FD9BA614311BC57EAE0652BCC304219C9E9E4946E37964302FECBF14F029
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.// SampleCOMPlugin.cs..// (c) 2015-2021, Charles Lechasseur..//..// Permission is hereby granted, free of charge, to any person obtaining a copy..// of this software and associated documentation files (the "Software"), to deal..// in the Software without restriction, including without limitation the rights..// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..// copies of the Software, and to permit persons to whom the Software is..// furnished to do so, subject to the following conditions:..//..// The above copyright notice and this permission notice shall be included in..// all copies or substantial portions of the Software...//..// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..// LIABILITY, WHETHER

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\SampleCOMPlugin.csproj (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3450
                                                                                                                                                                                                                    Entropy (8bit):5.292900612039816
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:3rWl5x8mfv/op3Hyi3Tr9i4HSML+/8i4Hhir5Mu24HhwH/824HxA6B6l6Auc3q7g:yl5x8Q/opCYiML1uMqqEOASo54L+U
                                                                                                                                                                                                                    MD5:6B00D6648020BAB6E9D20B4A6F5E1F5E
                                                                                                                                                                                                                    SHA1:BEEDB5A302B57CDF3C427E73948D02462B5FB527
                                                                                                                                                                                                                    SHA-256:DF634BA00A2DA33A68E5C578B483E2ABB10D27C62D3AF6594D4491E2434ED38B
                                                                                                                                                                                                                    SHA-512:B2FBE0323DB305551DBBEE7F3E61548A67FCFA2385955CBA2579196E33E0C217B8A41D1AA2A79BD494145D4C1A03F7B918A8EF7275D8919ABD2122C7B0E30C9E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <PropertyGroup>.. <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>.. <Platform Condition=" '$(Platform)' == '' ">x86</Platform>.. <ProductVersion>8.0.30703</ProductVersion>.. <SchemaVersion>2.0</SchemaVersion>.. <ProjectGuid>{F6CC72AE-E340-42E8-9900-68D0E2654D99}</ProjectGuid>.. <OutputType>Library</OutputType>.. <AppDesignerFolder>Properties</AppDesignerFolder>.. <RootNamespace>SampleCOMPlugin.CSharp</RootNamespace>.. <AssemblyName>SampleCOMPluginCSharp</AssemblyName>.. <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>.. <FileAlignment>512</FileAlignment>.. <TargetFrameworkProfile />.. </PropertyGroup>.. <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'">.. <DebugSymbols>true</DebugSymbols>.. <OutputPath>bin\x86\Debug\</OutputPath>..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x64\PathCopyCopy.tlb (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.889546219458058
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:Jfy7hCTAnx8DmUqShKXJEM+60rulArEJRMJZrY/5PqVxq1UMmRR7+:pwCOd1ShKXAbrulArE3MA5GyUB+
                                                                                                                                                                                                                    MD5:EB316F8AF0011883B82EA6D3D4B4E74C
                                                                                                                                                                                                                    SHA1:DCA46B64FE196C42F652863E0659091E990D6759
                                                                                                                                                                                                                    SHA-256:17695B18CEB570C6BB30F4F472C524DC1EE95596C1B7D4A6D3C432BE0141B906
                                                                                                                                                                                                                    SHA-512:DE766B1FFEC3DF1F4A09C3E1F6FA358DA11608FB4C00FCA7CCA3EB6FFA82D4B83FBD8F32C3922DB9C23345AC9225F17EF74A80CB1AB715379F1E379B331475B2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................C...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%B..........................................`............... .......................................#B..........................................x.......D.......D.................8.....................#B..X...............................................l.......l.................(.....................%B..................................................0.......@.......................................#B..................................................T.......`.......................................%B..................................................x............................... ...............#B..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x64\is-68UJQ.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.889546219458058
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:Jfy7hCTAnx8DmUqShKXJEM+60rulArEJRMJZrY/5PqVxq1UMmRR7+:pwCOd1ShKXAbrulArE3MA5GyUB+
                                                                                                                                                                                                                    MD5:EB316F8AF0011883B82EA6D3D4B4E74C
                                                                                                                                                                                                                    SHA1:DCA46B64FE196C42F652863E0659091E990D6759
                                                                                                                                                                                                                    SHA-256:17695B18CEB570C6BB30F4F472C524DC1EE95596C1B7D4A6D3C432BE0141B906
                                                                                                                                                                                                                    SHA-512:DE766B1FFEC3DF1F4A09C3E1F6FA358DA11608FB4C00FCA7CCA3EB6FFA82D4B83FBD8F32C3922DB9C23345AC9225F17EF74A80CB1AB715379F1E379B331475B2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................C...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%B..........................................`............... .......................................#B..........................................x.......D.......D.................8.....................#B..X...............................................l.......l.................(.....................%B..................................................0.......@.......................................#B..................................................T.......`.......................................%B..................................................x............................... ...............#B..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x86\PathCopyCopy.tlb (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.893957498880871
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:bfyTNyTAnx8DcUqShKXJEM+60rulArEJRMJZrY/5PqVxq14bd72:LLOD1ShKXAbrulArE3MA5Gy4F2
                                                                                                                                                                                                                    MD5:FBEC7B2A00F1BD3E29E4051ED78AA6BC
                                                                                                                                                                                                                    SHA1:A76BEE648B7ECD21523A37E9F16D265AD3342FA9
                                                                                                                                                                                                                    SHA-256:7D03D0256D3B36FC02A8AFB11745102D838ED0F5FF4F0B1A6F9C7D2193CCA024
                                                                                                                                                                                                                    SHA-512:9C4886E681B7E7812BFE7B5C838C304E91FD7BFDB3087A306AFF7D25AECD2D2B5BE12F90B67305424F906E7E91F26CCE925495C99A6EF8652D2EC7649F457095
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................A...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%"..........................................`............... .......................................#"..........................................x.......D.......D.......................................#"..X...............................................l.......l.......................................%"..................................................0.......@.......................................#"..................................................T.......`.......................................%"..................................................x............................... ...............#"..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\api\x86\is-DM6IP.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.893957498880871
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:bfyTNyTAnx8DcUqShKXJEM+60rulArEJRMJZrY/5PqVxq14bd72:LLOD1ShKXAbrulArE3MA5Gy4F2
                                                                                                                                                                                                                    MD5:FBEC7B2A00F1BD3E29E4051ED78AA6BC
                                                                                                                                                                                                                    SHA1:A76BEE648B7ECD21523A37E9F16D265AD3342FA9
                                                                                                                                                                                                                    SHA-256:7D03D0256D3B36FC02A8AFB11745102D838ED0F5FF4F0B1A6F9C7D2193CCA024
                                                                                                                                                                                                                    SHA-512:9C4886E681B7E7812BFE7B5C838C304E91FD7BFDB3087A306AFF7D25AECD2D2B5BE12F90B67305424F906E7E91F26CCE925495C99A6EF8652D2EC7649F457095
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................A...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%"..........................................`............... .......................................#"..........................................x.......D.......D.......................................#"..X...............................................l.......l.......................................%"..................................................0.......@.......................................#"..................................................T.......`.......................................%"..................................................x............................... ...............#"..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\is-7P2IU.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):6358
                                                                                                                                                                                                                    Entropy (8bit):4.7499022004920874
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:/iPf4QH3oRoO9LhDTsc7g6g1WgwPgXg1WxVbSJFwrlat3LfXXXv:/BQH3KRoc7dQwPYBV6FaatjP
                                                                                                                                                                                                                    MD5:13BFFFBCBA802E298C8FA81CFCB297D5
                                                                                                                                                                                                                    SHA1:B0CCD1BD3EE6A58D8BCDCEFC7528843C36CD2A3A
                                                                                                                                                                                                                    SHA-256:F12F64394763568E1C91C035A96720B5ED1FBEAE7A5CB512A6ED53A6B0ACBE05
                                                                                                                                                                                                                    SHA-512:7A1D64C45C7DAFB58C9B45E89DE5C204D2F3BD811582629A5287CB1058DB08C8FF94FD9BA614311BC57EAE0652BCC304219C9E9E4946E37964302FECBF14F029
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.// SampleCOMPlugin.cs..// (c) 2015-2021, Charles Lechasseur..//..// Permission is hereby granted, free of charge, to any person obtaining a copy..// of this software and associated documentation files (the "Software"), to deal..// in the Software without restriction, including without limitation the rights..// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..// copies of the Software, and to permit persons to whom the Software is..// furnished to do so, subject to the following conditions:..//..// The above copyright notice and this permission notice shall be included in..// all copies or substantial portions of the Software...//..// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..// LIABILITY, WHETHER

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\SampleCOMPlugin\is-C5UMS.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3450
                                                                                                                                                                                                                    Entropy (8bit):5.292900612039816
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:3rWl5x8mfv/op3Hyi3Tr9i4HSML+/8i4Hhir5Mu24HhwH/824HxA6B6l6Auc3q7g:yl5x8Q/opCYiML1uMqqEOASo54L+U
                                                                                                                                                                                                                    MD5:6B00D6648020BAB6E9D20B4A6F5E1F5E
                                                                                                                                                                                                                    SHA1:BEEDB5A302B57CDF3C427E73948D02462B5FB527
                                                                                                                                                                                                                    SHA-256:DF634BA00A2DA33A68E5C578B483E2ABB10D27C62D3AF6594D4491E2434ED38B
                                                                                                                                                                                                                    SHA-512:B2FBE0323DB305551DBBEE7F3E61548A67FCFA2385955CBA2579196E33E0C217B8A41D1AA2A79BD494145D4C1A03F7B918A8EF7275D8919ABD2122C7B0E30C9E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <PropertyGroup>.. <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>.. <Platform Condition=" '$(Platform)' == '' ">x86</Platform>.. <ProductVersion>8.0.30703</ProductVersion>.. <SchemaVersion>2.0</SchemaVersion>.. <ProjectGuid>{F6CC72AE-E340-42E8-9900-68D0E2654D99}</ProjectGuid>.. <OutputType>Library</OutputType>.. <AppDesignerFolder>Properties</AppDesignerFolder>.. <RootNamespace>SampleCOMPlugin.CSharp</RootNamespace>.. <AssemblyName>SampleCOMPluginCSharp</AssemblyName>.. <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>.. <FileAlignment>512</FileAlignment>.. <TargetFrameworkProfile />.. </PropertyGroup>.. <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'">.. <DebugSymbols>true</DebugSymbols>.. <OutputPath>bin\x86\Debug\</OutputPath>..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C#\is-E5A70.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1473
                                                                                                                                                                                                                    Entropy (8bit):5.528357452299328
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:pPEkuEc+5g5n06RoWEoOaTty6Iw8c0kB8ZfyW:pPx5exRoBoOaJzIVc0kuV
                                                                                                                                                                                                                    MD5:E4445E4CE234ED979F7B7B841AE836C8
                                                                                                                                                                                                                    SHA1:A9F882A085239F90238C3CA25078FDB67CD60EB9
                                                                                                                                                                                                                    SHA-256:905D9BCE0E92466CE91463CBF7623C44034CB7249778ADCCFBC3C63A05C91089
                                                                                                                                                                                                                    SHA-512:35A274A67FE10A927089D6E62CFFC6D9E103B424A3EC1F255D2EC237FF1FDDF81F5BE2112861E6873DD49943F9B995CE5C74C8D40A87A7AD36D2779B0B325551
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio Version 16..VisualStudioVersion = 16.0.29201.188..MinimumVisualStudioVersion = 10.0.40219.1..Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SampleCOMPlugin", "SampleCOMPlugin\SampleCOMPlugin.csproj", "{F6CC72AE-E340-42E8-9900-68D0E2654D99}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|Win32.ActiveCfg = Debug|x86....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|Win32.Build.0 = Debug|x86....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|x64.ActiveCfg = Debug|x64....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Debug|x64.Build.0 = Debug|x64....{F6CC72AE-E340-42E8-9900-68D0E2654D99}.Release|Win32.ActiveCfg = Release|x86....{F6CC72AE-E34

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin.sln (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1482
                                                                                                                                                                                                                    Entropy (8bit):5.55139058999107
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:pPEkkjNFPe50C6mAhE5R2I6Aa80a3n8ZhW:pPijNJ9WYEZsC
                                                                                                                                                                                                                    MD5:CA71DB195BA4E65F003EF298D92F4EDC
                                                                                                                                                                                                                    SHA1:A8B060A2C66DD493212FB7E4AECFA6450C6CCE88
                                                                                                                                                                                                                    SHA-256:118FA24E16CB49CC5F3321A2812AE499DD458D94A9F104FA21F190857D7476C1
                                                                                                                                                                                                                    SHA-512:51AD4A2A0C36EF916D9156C2B7169A2EE0DA4D09A18D003E9D38FBF35C4DB27F9AA0F42C05A3CA5CC00F3ACF1AC33403D0F4B657C668E0E711923D5A2DFD40AD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio Version 16..VisualStudioVersion = 16.0.29201.188..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SampleCOMPlugin", "SampleCOMPlugin\SampleCOMPlugin.vcxproj", "{154058E7-2433-4FB5-89BC-9D5D5153C0F0}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|Win32.ActiveCfg = Debug|Win32....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|Win32.Build.0 = Debug|Win32....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|x64.ActiveCfg = Debug|x64....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|x64.Build.0 = Debug|x64....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Release|Win32.ActiveCfg = Release|Win32....{15405

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\PathCopyCopy_i.h (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):28004
                                                                                                                                                                                                                    Entropy (8bit):5.271496577583969
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:wPBsIANzNH66eEZjN1yS3GLANuxIWRNS3e6qnQyNzuvIwVsNI9XcNNOYONiT:wPUNzY65Zj+S3GcG+qDYvC7kM
                                                                                                                                                                                                                    MD5:8C20ADCA8AB2E0FD66C104173C40B776
                                                                                                                                                                                                                    SHA1:C59C5052F589263026B0A85BE3686CE3BE977145
                                                                                                                                                                                                                    SHA-256:C045E12D813DD5B78B31F56E2A4DA5B20FEAF5618C590E047001DEB2774E67FD
                                                                                                                                                                                                                    SHA-512:A4DF8CE1C8540E960C9BF44D5A6B1C58D308D4AB01E9EED9E7A3E188991F1A1F755AFADFBA5BAF46C5380FBC1F358D121A46BF8FC8A5FDD76B81938358F5D7A2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..../* this ALWAYS GENERATED file contains the definitions for the interfaces */...... /* File created by MIDL compiler version 8.01.0622 */../* at Mon Jan 18 22:14:07 2038.. */../* Compiler settings for src\PathCopyCopy.idl:.. Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.01.0622 .. protocol : all , ms_ext, c_ext, robust.. error checks: allocation ref bounds_check enum stub_data .. VC __declspec() decoration level: .. __declspec(uuid()), __declspec(selectany), __declspec(novtable).. DECLSPEC_UUID(), MIDL_INTERFACE()..*/../* @@MIDL_FILE_HEADING( ) */......../* verify that the <rpcndr.h> version is high enough to compile this file*/..#ifndef __REQUIRED_RPCNDR_H_VERSION__..#define __REQUIRED_RPCNDR_H_VERSION__ 500..#endif....#include "rpc.h"..#include "rpcndr.h"....#ifndef __RPCNDR_H_VERSION__..#error this stub requires an updated version of <rpcndr.h>..#endif /* __RPCNDR_H_VERSION__ */....#ifndef COM_NO_WINDOWS_H..#include "windows.h"..#include "ol

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.cpp (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2156
                                                                                                                                                                                                                    Entropy (8bit):5.150481199612763
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:mSlpuI18vimdPcd6Rx/Z/jnRsjDi1t6UqV6p69mI6G6p6o6h1mbFUuN7nwCOO6Kj:mCuI186QRjnRsDi7bWKgjjKNycyg0CTj
                                                                                                                                                                                                                    MD5:54B43BA8F7FE8B0D095C9480164B8EC9
                                                                                                                                                                                                                    SHA1:71FE358758DD9729FB53391EC06415B2E6D218ED
                                                                                                                                                                                                                    SHA-256:6F043605A459EC29BA7937E49EB25152D9DB4018C4BC562C230C2A4C04ED432E
                                                                                                                                                                                                                    SHA-512:022D6ADA60AB99EDF3489BA38B2482715B65E84C6BF1CE35D452142F37D390AC600F291FF7AF0D30979CE69F9EA9E2E7D8D973351B1CF514DF65199C16B57EB0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SampleCOMPlugin.cpp : Implementation of DLL Exports.......#include "stdafx.h"..#include "resource.h"..#include "SampleCOMPlugin_i.h"..#include "dllmain.h"..#include "dlldatax.h"....// Used to determine whether the DLL can be unloaded by OLE..STDAPI DllCanUnloadNow(void)..{..#ifdef _MERGE_PROXYSTUB.. const HRESULT hr = PrxDllCanUnloadNow();.. if (hr != S_OK).. return hr;..#endif.. return _AtlModule.DllCanUnloadNow();..}......// Returns a class factory to create an object of the requested type..STDAPI DllGetClassObject(REFCLSID rclsid, REFIID riid, LPVOID* ppv)..{..#ifdef _MERGE_PROXYSTUB.. if (PrxDllGetClassObject(rclsid, riid, ppv) == S_OK).. return S_OK;..#endif.. return _AtlModule.DllGetClassObject(rclsid, riid, ppv);..}......// DllRegisterServer - Adds entries to the system registry..STDAPI DllRegisterServer(void)..{.. // registers object, typelib and all interfaces in typelib.. HRESULT hr = _AtlModule.DllRegisterServer();..#ifdef _MERGE_PROXYST

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.def (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):241
                                                                                                                                                                                                                    Entropy (8bit):5.106671820297012
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:a4nBQ8UUqAmBwL2Fsh525mXotn3otL/Fy:7nBQ8U3xBlFs/24X434DFy
                                                                                                                                                                                                                    MD5:2FB3287C765B0380C4A1B72E16E2896F
                                                                                                                                                                                                                    SHA1:D616B6A2E0C17F6AAFD5FFDFE53E3CD661F3ACCA
                                                                                                                                                                                                                    SHA-256:0A04A24A21CA89C66EAE935A4692B651351AEF7B495F852167B9954B988ED58B
                                                                                                                                                                                                                    SHA-512:EC2377052689D463E685602767E58CC9C92F67A7C228CC1174E3D8F78860E2805C14451D6D753685962063F755B14C227AA1F1CEAF235743B13C1C0DAF1F31AC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:; SampleCOMPlugin.def : Declares the module parameters.....LIBRARY "SampleCOMPlugin.DLL"....EXPORTS...DllCanUnloadNow..PRIVATE...DllGetClassObject.PRIVATE...DllRegisterServer.PRIVATE...DllUnregisterServer.PRIVATE...DllInstall..PRIVATE..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.dll.manifest (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):449
                                                                                                                                                                                                                    Entropy (8bit):4.974129346096939
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8oWRu9T3/ZQRu9TNNlxDYiUA+DHbxqF/BH3vf13/9KxO2z:TMHdN44iiiMNfp+D9ud3H13/sO2z
                                                                                                                                                                                                                    MD5:183995B7EE9302DDFE7E2E1BD7A80895
                                                                                                                                                                                                                    SHA1:BB83CF2683BC01F1B7F8D7BFF0874939B32C2FDD
                                                                                                                                                                                                                    SHA-256:A77C181415DE7795CAC790887DF859C8C3F9414D6683B1791F46E0745FC8BF9D
                                                                                                                                                                                                                    SHA-512:4CF302586A390DB485DC1C1075C27979B11A6B2141CF9DA61752DE91414845E985BF4605F5B43B810241B99D098D275CBD0788322AC49359DF2AEFDB178AB1C2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >.. <application xmlns="urn:schemas-microsoft-com:asm.v3">.. <windowsSettings xmlns:ws2="http://schemas.microsoft.com/SMI/2016/WindowsSettings">.. <ws2:longPathAware>true</ws2:longPathAware>.. </windowsSettings>.. </application>..</assembly>

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.idl (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):805
                                                                                                                                                                                                                    Entropy (8bit):5.531881521751864
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:j0ADxXC3f61TPZXGlSgBJ8C5FcPnEnNMZHoAJ8Mq4uQ1v6q8wIu00T2q3kJ4BYM:goxa6NxAnBP5WsnGZIA5h1589CpkeCM
                                                                                                                                                                                                                    MD5:F9F6F7EF5730F4FA41CC757C8A9EDDF7
                                                                                                                                                                                                                    SHA1:7F3833E252C4BB21A0FC0CA1CD5C44D3155F7554
                                                                                                                                                                                                                    SHA-256:743D410337441D124D16CCD560E3D68897AF8B433F839AF9C701563B58DF6F05
                                                                                                                                                                                                                    SHA-512:AD3CE87D21650853486CD38C5988AD915D8F83953AF236D355B9C80DF8CEE739D7AB74DB3CD94AEFCABE01A11617F96918791038455538FCC1882B52C29B26B4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SampleCOMPlugin.idl : IDL source for SampleCOMPlugin..//....// This file will be processed by the MIDL tool to..// produce the type library (SampleCOMPlugin.tlb) and marshalling code.....import "oaidl.idl";..import "ocidl.idl";....[...object,...uuid(AE980919-AA58-4387-8450-D2E17115B4C7),...helpstring("ISamplePathCopyCopyPlugin Interface"),...pointer_default(unique)..]..interface ISamplePathCopyCopyPlugin : IUnknown{..};..[...uuid(5EA2F6A2-8B00-4B14-81AF-39401CA26BA4),...version(1.0),...helpstring("SampleCOMPlugin 1.0 Type Library")..]..library SampleCOMPluginLib..{...importlib("stdole2.tlb");...[....uuid(50377643-61E1-4544-80D7-BF17140D8BFF),....helpstring("SamplePathCopyCopyPlugin Class")...]...coclass SamplePathCopyCopyPlugin...{....[default] interface ISamplePathCopyCopyPlugin;...};..};..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.rc (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3030
                                                                                                                                                                                                                    Entropy (8bit):4.659055200267223
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:fPnLIbFzP2SxRNzlX85odfNfQgo0MAVDBIyMlAJ9f8k:fPLWB9xRNRXyodf1TUAVd
                                                                                                                                                                                                                    MD5:925747AC8E45A6740D38BFB99AC21D16
                                                                                                                                                                                                                    SHA1:05C99F02E4527BFD0EC7B6E013874F069C1CB4EF
                                                                                                                                                                                                                    SHA-256:3519B1BDB3254635160E511301DFF051B8C63883DE95AC807907B721DD8E15C5
                                                                                                                                                                                                                    SHA-512:39BC849DA3FFF95C4B177989123B33587F0168D3E693C208BEAB5928DDA0EE6205862890F378C04DB7783461A58361BF8BCDC5ABAFF5DF7EF4599E9EDD12CF22
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// Microsoft Visual C++ generated resource script...//..#include "resource.h"....#define APSTUDIO_READONLY_SYMBOLS../////////////////////////////////////////////////////////////////////////////..//..// Generated from the TEXTINCLUDE 2 resource...//..#ifndef APSTUDIO_INVOKED..#include "targetver.h"..#endif..#include "winres.h"..../////////////////////////////////////////////////////////////////////////////..#undef APSTUDIO_READONLY_SYMBOLS..../////////////////////////////////////////////////////////////////////////////..// English (United States) resources....#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)..LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US..#pragma code_page(1252)....#ifdef APSTUDIO_INVOKED../////////////////////////////////////////////////////////////////////////////..//..// TEXTINCLUDE..//....1 TEXTINCLUDE ..BEGIN.. "resource.h\0"..END....2 TEXTINCLUDE ..BEGIN.. "#ifndef APSTUDIO_INVOKED\r\n".. "#include ""targetver.h""\r\n".. "#endif\r\n".. "#include "

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.rgs (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):135
                                                                                                                                                                                                                    Entropy (8bit):4.7551583156643735
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:yeo0rVMF7ooV41WAPknjNkrVCsjkzVs09FK/AAr020Ycv:Fe7+1vkaCsP09F6Kr
                                                                                                                                                                                                                    MD5:DED1C620FB9C89D06E23B286D761F9E0
                                                                                                                                                                                                                    SHA1:6E1431D774C5F0ACE92900FA425195D534911EA6
                                                                                                                                                                                                                    SHA-256:69847FEEAACA47BBDF911BA19051F36EFCE37713391C87ECC69897025F955CEE
                                                                                                                                                                                                                    SHA-512:E2430B5F80716692107A5DB2346EDCEF0073D001DBAF52EEF9B73C0EBD895D74D800F0E72639A2C567415F9F3555D496DBE8BD758417C061AE8130C0674825D5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:HKCR..{...NoRemove AppID...{....'%APPID%' = s 'SampleCOMPlugin'....'SampleCOMPlugin.DLL'....{.....val AppID = s '%APPID%'....}...}..}..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.vcxproj (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):20620
                                                                                                                                                                                                                    Entropy (8bit):5.27804643348226
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:E/awT+ruU0yT7Mxi/Y/XjAfKWP/F/Y/XjAfDWi/fe/Y/XjAHdzJ++/Ae/Y/XjGH1:saMycjAfJejAfnNjyQj8dUBK
                                                                                                                                                                                                                    MD5:BCDD194F4FBE7FA312E997BB6CB0027A
                                                                                                                                                                                                                    SHA1:57B49B529EBB7821D1B33605426C237EB06D9AFB
                                                                                                                                                                                                                    SHA-256:7C28E77162A442C4FD65020F80CE30FCAB3F1403A22A43B104823DDB7ABFD0ED
                                                                                                                                                                                                                    SHA-512:E067EE64A6AC2421123FF7D12AD8658BD738A597F5CC21B13595E5B7FEC46FB01B700B71ADA481FF65C98D0FEAAF19969E5D779026C037EB3BB1EE532159DDFC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup Label="ProjectConfigurations">.. <ProjectConfiguration Include="Debug|Win32">.. <Configuration>Debug</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Debug|x64">.. <Configuration>Debug</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|Win32">.. <Configuration>Release</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|x64">.. <Configuration>Release</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. </ItemGroup>.. <PropertyGroup Label="Globals">.. <ProjectGuid>{154058E7-2433-4FB5-89BC-9D5D5153C0F0}</ProjectGuid>.. <RootNamespace>SampleCOMPlugin</RootNamespac

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SampleCOMPlugin.vcxproj.filters (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3177
                                                                                                                                                                                                                    Entropy (8bit):5.021816472747988
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:3QlZ4adKCWpT2tGbQcobQcRrRRw2D9NRrMbMtlEX9T:AzdU35QtQIw2D9NRr7tmX9T
                                                                                                                                                                                                                    MD5:6422143913B05A58F870C36E53878B12
                                                                                                                                                                                                                    SHA1:517931E9415FBFF62B70D1820968C0C9382B7C91
                                                                                                                                                                                                                    SHA-256:3B728CCDC2408F23F1E0BEC6312BE60EDD3C947CDAB6CA4A383C68501471726A
                                                                                                                                                                                                                    SHA-512:C66E56715B075E349B82BBC9275BD2B74FC8224899F7AA388EF57EEA880F18FA273B19D4FE3AB83E2D7A50EBAB7B22686C09C748B161FA58F0FE9B534CEC7984
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup>.. <Filter Include="Source Files">.. <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>.. <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>.. </Filter>.. <Filter Include="Header Files">.. <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>.. <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>.. </Filter>.. <Filter Include="Resource Files">.. <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>.. <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>.. </Filter>.. <Filter Include="Generated Files">.. <UniqueIdentifier>{80e8232a-a09e-41a6-9d8e-f27e799dbf5e}</UniqueIdentifier>.. <SourceControlFiles>False</SourceControlFiles>.. </Filter>.. </ItemGroup>..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SamplePathCopyCopyPlugin.cpp (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2964
                                                                                                                                                                                                                    Entropy (8bit):5.219096703625941
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:mnp5AmtqxgBvtt1Kpeba0mtBcEdkmotAwa/rmO5/tWc99I0nteD40:mp5AiBRa0AkyjmO5x99vwc0
                                                                                                                                                                                                                    MD5:931A93C36C2C8B7C43B829233A80ED01
                                                                                                                                                                                                                    SHA1:CFD44436D546FB8BED80E3ADE6019657CAEB6459
                                                                                                                                                                                                                    SHA-256:110093AFFFF206C03511B9E5B796E3E355F0CD1FD5B4E13195B83838DD88C14F
                                                                                                                                                                                                                    SHA-512:6744D730647E2F854BFADABE2EE07B9178E00CB4FC12AF43CE4F926074CB5BB9A4DB8A43643F63F32F664E9CC6E75E7C1F70D65DD5405FCD78B2F1EA85CEA33B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SamplePathCopyCopyPlugin.cpp : Implementation of CSamplePathCopyCopyPlugin....#include "stdafx.h"..#include "SamplePathCopyCopyPlugin.h"......// CSamplePathCopyCopyPlugin....// Method that must return the plugin description, displayed in the contextual menu...[[gsl::suppress(c.128), gsl::suppress(f.6)]]..STDMETHODIMP CSamplePathCopyCopyPlugin::get_Description(BSTR *p_ppDescription)..{.. if (p_ppDescription == nullptr) {.. return E_INVALIDARG;.. }.. *p_ppDescription = ::SysAllocString(L"Sample C++ COM Plugin");.. return S_OK;..}....// Method that can return a help text to be displayed in the status bar when the cursor is over the plugin's menu item...// It is legal to return NULL or an empty string if no help text can be provided...[[gsl::suppress(c.128), gsl::suppress(f.6)]]..STDMETHODIMP CSamplePathCopyCopyPlugin::get_HelpText(BSTR *p_ppHelpText)..{.. if (p_ppHelpText == nullptr) {.. return E_INVALIDARG;.. }.. *p_ppHelpText = ::SysAllocString(L"Th

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SamplePathCopyCopyPlugin.h (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C++ source, ASCII text, with very long lines (472), with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2944
                                                                                                                                                                                                                    Entropy (8bit):5.394889452411585
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:GplZFkAx82NrI/e2NONRUSu2lXp2xj5Iilsn0cNgGgwJSuMgQ2Iz7yay3TnOY:GplUAx8cxVT1dZy6QeDDg2IXjOjr
                                                                                                                                                                                                                    MD5:93DAA8BA4EF94CA279651FDF445E5CF6
                                                                                                                                                                                                                    SHA1:46445D9EB2D0BA26F945144D2CA707F8EF5785DF
                                                                                                                                                                                                                    SHA-256:37CF309535B7E267E928E5449D6F804622F1CC3733D1A9149456BEA98F51A49D
                                                                                                                                                                                                                    SHA-512:DF946A5DFB99C3A94BB757621B812923D07D1E8FC46973B579C33AA5D032B8E1C391E32F770DC87BF249B576C265C8DB353A21506D8343C190B1868904CEC89A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SamplePathCopyCopyPlugin.h : Declaration of the CSamplePathCopyCopyPlugin....#pragma once..#include "resource.h" // main symbols....#include "SampleCOMPlugin_i.h"..#include "PathCopyCopy_i.h"......#if defined(_WIN32_WCE) && !defined(_CE_DCOM) && !defined(_CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA)..#error "Single-threaded COM objects are not properly supported on Windows CE platform, such as the Windows Mobile platforms that do not include full DCOM support. Define _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA to force ATL to support creating single-thread COM object's and allow use of it's single-threaded COM object implementations. The threading model in your rgs file was set to 'Free' as that is the only threading model supported in non DCOM Windows CE platforms."..#endif........// CSamplePathCopyCopyPlugin....class ATL_NO_VTABLE CSamplePathCopyCopyPlugin :...public CComObjectRootEx<CComSingleThreadModel>,...public CComCoClass<CSamplePathCopyCopyPlugin, &CLSID_SamplePathCopyCopyPl

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\SamplePathCopyCopyPlugin.rgs (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):753
                                                                                                                                                                                                                    Entropy (8bit):5.439706880442906
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:F2U3Prbk5Iu00Ta30k5Iu00TU3PhoiSUIu00TtLFk5YYP3P4YP3eWMmsH4HRsVVR:FbjbkWCG0kWC4IRChLFk5YY/AY/OH4Hw
                                                                                                                                                                                                                    MD5:5BEE0283BB9FBD51F4967246CE61E0CC
                                                                                                                                                                                                                    SHA1:F8CB26E1ECECA247860E1FA946F7B1A0F3EEA236
                                                                                                                                                                                                                    SHA-256:9B83192FC2D787228034C5C0947240512778AB9B16C8F2FF2F09A16C962DEB13
                                                                                                                                                                                                                    SHA-512:AE727E0C7572E13C67E9313194B2AAD91EE2E17BE079BCFAEAFCE314F009F5E9A7194262DF873138DA724719CBB7CD089AFE72A266CE6C555AB63F249F8C7ECA
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:HKCR..{...SampleCOMPlugin.SamplePathCopyCopyPlu.1 = s 'SamplePathCopyCopyPlugin Class'...{....CLSID = s '{50377643-61E1-4544-80D7-BF17140D8BFF}'...}...SampleCOMPlugin.SamplePathCopyCopyPlugi = s 'SamplePathCopyCopyPlugin Class'...{....CLSID = s '{50377643-61E1-4544-80D7-BF17140D8BFF}'....CurVer = s 'SampleCOMPlugin.SamplePathCopyCopyPlu.1'...}...NoRemove CLSID...{....ForceRemove {50377643-61E1-4544-80D7-BF17140D8BFF} = s 'SamplePathCopyCopyPlugin Class'....{.....ProgID = s 'SampleCOMPlugin.SamplePathCopyCopyPlu.1'.....VersionIndependentProgID = s 'SampleCOMPlugin.SamplePathCopyCopyPlugi'.....InprocServer32 = s '%MODULE%'.....{......val ThreadingModel = s 'Apartment'.....}.....'TypeLib' = s '{5EA2F6A2-8B00-4B14-81AF-39401CA26BA4}'....}...}..}..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\dlldatax.c (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):452
                                                                                                                                                                                                                    Entropy (8bit):5.460673385520514
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:jKVUn+P1M431jmX+ILV5axsEvwToGN0ZAGEbA3zl9:mKo6431aXT/axsEvwThNqBQC
                                                                                                                                                                                                                    MD5:340FF67FAB0C54F4A8E711E2A100815B
                                                                                                                                                                                                                    SHA1:3989030FEEC7A62715CAD2AE2052DA0F5C3E81A7
                                                                                                                                                                                                                    SHA-256:372C633C73174F8D47D70B41D0BF0F7269E845DDD31BDEEA662B6DFC97E4F2C5
                                                                                                                                                                                                                    SHA-512:D0234386213493CEFB438BB2B9B63B49A1326925331675F60E8847CB17D8DBE47FBB1491D0B93F0487AA97DB776C8FABC07840081B7BF4CD012C1BF8C838D726
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// wrapper for dlldata.c....#ifdef _MERGE_PROXYSTUB // merge proxy stub DLL....#define REGISTER_PROXY_DLL //DllRegisterServer, etc.....#define _WIN32_WINNT 0x0600.//for WinNT 4.0 or Win95 with DCOM..#define USE_STUBLESS_PROXY.//defined only with MIDL switch /Oicf....#pragma comment(lib, "rpcns4.lib")..#pragma comment(lib, "rpcrt4.lib")....#define ENTRY_PREFIX.Prx....#include "dlldata.c"..#include "SampleCOMPlugin_p.c"....#endif //_MERGE_PROXYSTUB..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\dlldatax.h (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):337
                                                                                                                                                                                                                    Entropy (8bit):5.343870624040308
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:2+bBEqp2yTM4b1qPSWmrFPy+muHLxLcmX6Gd+mk36GdS:lbP5t/5rFkkLpFX6wI6b
                                                                                                                                                                                                                    MD5:27B315F6123A00B59A76DDDC72949D07
                                                                                                                                                                                                                    SHA1:FBA98FD1F22153DFCF9407A76338B3DED215E558
                                                                                                                                                                                                                    SHA-256:1E54A98EC26FE4566DCA2C3FF6705296B8A36DF14A2CE637118BBDDDA6B11493
                                                                                                                                                                                                                    SHA-512:69254ABEE34CFC11D96D1D54951F46C540C47AD8D81477A58816DD76845462BB01857E2431366130B2B490FFB3C8765262302551CD50FE986D4D07A88013A186
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:#pragma once....#ifdef _MERGE_PROXYSTUB....extern "C" ..{..BOOL WINAPI PrxDllMain(HINSTANCE hInstance, DWORD dwReason, ...LPVOID lpReserved);..STDAPI PrxDllCanUnloadNow(void);..STDAPI PrxDllGetClassObject(REFCLSID rclsid, REFIID riid, LPVOID* ppv);..STDAPI PrxDllRegisterServer(void);..STDAPI PrxDllUnregisterServer(void);..}....#endif..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\dllmain.cpp (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1824
                                                                                                                                                                                                                    Entropy (8bit):5.348731984609404
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:rT5puI18vtZF45N03tR6366x7pkLcwzliM6oe06QF7pJ/LvmBi/:XjuI18lCN4zG6K7pkLcwZHVe077pFLOs
                                                                                                                                                                                                                    MD5:FD4783B9F0D70CD73B1295D1DC5B9004
                                                                                                                                                                                                                    SHA1:6475085712EE6AA1230F2D4B730E3AB6129A78C1
                                                                                                                                                                                                                    SHA-256:1F98EF8C29048EB2A42466786BA059C0643B6DAE1F3C98E2C3F53C161DA2121D
                                                                                                                                                                                                                    SHA-512:BADBC0490EA6B9934B83CB3FD3F73C5AEAB1C9FD01E05EAF9D2530260C61EED032C17D4A43631C52995AB868BD4B199B7DE900AF331ABE6678D277DF4DC7A5B0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// dllmain.cpp : Implementation of DllMain.....#include "stdafx.h"..#include "resource.h"..#include "SampleCOMPlugin_i.h"..#include "dllmain.h"..#include "dlldatax.h"..#include "PathCopyCopy_i.h"....#pragma warning(suppress: ALL_CPPCORECHECK_WARNINGS)..CSampleCOMPluginModule _AtlModule;....// Registers our COM object. Let's use the opportunity to register ourselves as a Path Copy Copy plugin...[[gsl::suppress(c.128)]]..HRESULT CSampleCOMPluginModule::DllRegisterServer( BOOL bRegTypeLib /*= TRUE*/ ) throw()..{.. HRESULT hRes = CAtlDllModuleT< CSampleCOMPluginModule >::DllRegisterServer(bRegTypeLib);.. if (SUCCEEDED(hRes)) {.. CComPtr<IPathCopyCopyContextMenuExt> cpPccExt;.. hRes = cpPccExt.CoCreateInstance(__uuidof(PathCopyCopyContextMenuExt));.. if (SUCCEEDED(hRes)) {.. cpPccExt->RegisterPlugin(__uuidof(SamplePathCopyCopyPlugin));.. }.. }.. return hRes;..}....// Unregisters our COM object. We will also remove our plugin from Path Copy

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\dllmain.h (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):570
                                                                                                                                                                                                                    Entropy (8bit):5.609754092573868
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:j/MMnuidT4es0ufkqAMjTkZXiqX+mnPrX6BSe86iSeil3:r7uiF4esnfkETkdrXrX6BSe86iSeil3
                                                                                                                                                                                                                    MD5:E3F57E9CD3B6B61FD4CF8E10FF8A508C
                                                                                                                                                                                                                    SHA1:B092937D6D2EE02B67DA9D0FA7CC18910BE4FA76
                                                                                                                                                                                                                    SHA-256:133648CD27B8F20D808665E2FC305A2FBE92605CC41E718515CD083CDA4A4A5B
                                                                                                                                                                                                                    SHA-512:F950AD409B6CCEEAF238A84DE75FC361288FFE97CA535F8B3FF91947AEADD2973F9FE646C7E4CD15853D1A1026358F63E9DBA1712FA8607A19CC5B6673BBE989
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// dllmain.h : Declaration of module class.....class CSampleCOMPluginModule : public CAtlDllModuleT< CSampleCOMPluginModule >..{..public :..#pragma warning(push)..#pragma warning(disable: ALL_CPPCORECHECK_WARNINGS)...DECLARE_LIBID(LIBID_SampleCOMPluginLib)...DECLARE_REGISTRY_APPID_RESOURCEID(IDR_SAMPLECOMPLUGIN, "{AB26800F-6F38-4A2A-8206-B4C60D52A783}")..#pragma warning(pop).... HRESULT DllRegisterServer(BOOL bRegTypeLib = TRUE) throw();.. HRESULT DllUnregisterServer(BOOL bUnRegTypeLib = TRUE) throw();..};....extern class CSampleCOMPluginModule _AtlModule;..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-23U3N.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):20620
                                                                                                                                                                                                                    Entropy (8bit):5.27804643348226
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:E/awT+ruU0yT7Mxi/Y/XjAfKWP/F/Y/XjAfDWi/fe/Y/XjAHdzJ++/Ae/Y/XjGH1:saMycjAfJejAfnNjyQj8dUBK
                                                                                                                                                                                                                    MD5:BCDD194F4FBE7FA312E997BB6CB0027A
                                                                                                                                                                                                                    SHA1:57B49B529EBB7821D1B33605426C237EB06D9AFB
                                                                                                                                                                                                                    SHA-256:7C28E77162A442C4FD65020F80CE30FCAB3F1403A22A43B104823DDB7ABFD0ED
                                                                                                                                                                                                                    SHA-512:E067EE64A6AC2421123FF7D12AD8658BD738A597F5CC21B13595E5B7FEC46FB01B700B71ADA481FF65C98D0FEAAF19969E5D779026C037EB3BB1EE532159DDFC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup Label="ProjectConfigurations">.. <ProjectConfiguration Include="Debug|Win32">.. <Configuration>Debug</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Debug|x64">.. <Configuration>Debug</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|Win32">.. <Configuration>Release</Configuration>.. <Platform>Win32</Platform>.. </ProjectConfiguration>.. <ProjectConfiguration Include="Release|x64">.. <Configuration>Release</Configuration>.. <Platform>x64</Platform>.. </ProjectConfiguration>.. </ItemGroup>.. <PropertyGroup Label="Globals">.. <ProjectGuid>{154058E7-2433-4FB5-89BC-9D5D5153C0F0}</ProjectGuid>.. <RootNamespace>SampleCOMPlugin</RootNamespac

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-3LAOT.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2964
                                                                                                                                                                                                                    Entropy (8bit):5.219096703625941
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:mnp5AmtqxgBvtt1Kpeba0mtBcEdkmotAwa/rmO5/tWc99I0nteD40:mp5AiBRa0AkyjmO5x99vwc0
                                                                                                                                                                                                                    MD5:931A93C36C2C8B7C43B829233A80ED01
                                                                                                                                                                                                                    SHA1:CFD44436D546FB8BED80E3ADE6019657CAEB6459
                                                                                                                                                                                                                    SHA-256:110093AFFFF206C03511B9E5B796E3E355F0CD1FD5B4E13195B83838DD88C14F
                                                                                                                                                                                                                    SHA-512:6744D730647E2F854BFADABE2EE07B9178E00CB4FC12AF43CE4F926074CB5BB9A4DB8A43643F63F32F664E9CC6E75E7C1F70D65DD5405FCD78B2F1EA85CEA33B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SamplePathCopyCopyPlugin.cpp : Implementation of CSamplePathCopyCopyPlugin....#include "stdafx.h"..#include "SamplePathCopyCopyPlugin.h"......// CSamplePathCopyCopyPlugin....// Method that must return the plugin description, displayed in the contextual menu...[[gsl::suppress(c.128), gsl::suppress(f.6)]]..STDMETHODIMP CSamplePathCopyCopyPlugin::get_Description(BSTR *p_ppDescription)..{.. if (p_ppDescription == nullptr) {.. return E_INVALIDARG;.. }.. *p_ppDescription = ::SysAllocString(L"Sample C++ COM Plugin");.. return S_OK;..}....// Method that can return a help text to be displayed in the status bar when the cursor is over the plugin's menu item...// It is legal to return NULL or an empty string if no help text can be provided...[[gsl::suppress(c.128), gsl::suppress(f.6)]]..STDMETHODIMP CSamplePathCopyCopyPlugin::get_HelpText(BSTR *p_ppHelpText)..{.. if (p_ppHelpText == nullptr) {.. return E_INVALIDARG;.. }.. *p_ppHelpText = ::SysAllocString(L"Th

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-5AGG7.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1824
                                                                                                                                                                                                                    Entropy (8bit):5.348731984609404
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:rT5puI18vtZF45N03tR6366x7pkLcwzliM6oe06QF7pJ/LvmBi/:XjuI18lCN4zG6K7pkLcwZHVe077pFLOs
                                                                                                                                                                                                                    MD5:FD4783B9F0D70CD73B1295D1DC5B9004
                                                                                                                                                                                                                    SHA1:6475085712EE6AA1230F2D4B730E3AB6129A78C1
                                                                                                                                                                                                                    SHA-256:1F98EF8C29048EB2A42466786BA059C0643B6DAE1F3C98E2C3F53C161DA2121D
                                                                                                                                                                                                                    SHA-512:BADBC0490EA6B9934B83CB3FD3F73C5AEAB1C9FD01E05EAF9D2530260C61EED032C17D4A43631C52995AB868BD4B199B7DE900AF331ABE6678D277DF4DC7A5B0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// dllmain.cpp : Implementation of DllMain.....#include "stdafx.h"..#include "resource.h"..#include "SampleCOMPlugin_i.h"..#include "dllmain.h"..#include "dlldatax.h"..#include "PathCopyCopy_i.h"....#pragma warning(suppress: ALL_CPPCORECHECK_WARNINGS)..CSampleCOMPluginModule _AtlModule;....// Registers our COM object. Let's use the opportunity to register ourselves as a Path Copy Copy plugin...[[gsl::suppress(c.128)]]..HRESULT CSampleCOMPluginModule::DllRegisterServer( BOOL bRegTypeLib /*= TRUE*/ ) throw()..{.. HRESULT hRes = CAtlDllModuleT< CSampleCOMPluginModule >::DllRegisterServer(bRegTypeLib);.. if (SUCCEEDED(hRes)) {.. CComPtr<IPathCopyCopyContextMenuExt> cpPccExt;.. hRes = cpPccExt.CoCreateInstance(__uuidof(PathCopyCopyContextMenuExt));.. if (SUCCEEDED(hRes)) {.. cpPccExt->RegisterPlugin(__uuidof(SamplePathCopyCopyPlugin));.. }.. }.. return hRes;..}....// Unregisters our COM object. We will also remove our plugin from Path Copy

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-6J4UG.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C++ source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):28004
                                                                                                                                                                                                                    Entropy (8bit):5.271496577583969
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:wPBsIANzNH66eEZjN1yS3GLANuxIWRNS3e6qnQyNzuvIwVsNI9XcNNOYONiT:wPUNzY65Zj+S3GcG+qDYvC7kM
                                                                                                                                                                                                                    MD5:8C20ADCA8AB2E0FD66C104173C40B776
                                                                                                                                                                                                                    SHA1:C59C5052F589263026B0A85BE3686CE3BE977145
                                                                                                                                                                                                                    SHA-256:C045E12D813DD5B78B31F56E2A4DA5B20FEAF5618C590E047001DEB2774E67FD
                                                                                                                                                                                                                    SHA-512:A4DF8CE1C8540E960C9BF44D5A6B1C58D308D4AB01E9EED9E7A3E188991F1A1F755AFADFBA5BAF46C5380FBC1F358D121A46BF8FC8A5FDD76B81938358F5D7A2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..../* this ALWAYS GENERATED file contains the definitions for the interfaces */...... /* File created by MIDL compiler version 8.01.0622 */../* at Mon Jan 18 22:14:07 2038.. */../* Compiler settings for src\PathCopyCopy.idl:.. Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.01.0622 .. protocol : all , ms_ext, c_ext, robust.. error checks: allocation ref bounds_check enum stub_data .. VC __declspec() decoration level: .. __declspec(uuid()), __declspec(selectany), __declspec(novtable).. DECLSPEC_UUID(), MIDL_INTERFACE()..*/../* @@MIDL_FILE_HEADING( ) */......../* verify that the <rpcndr.h> version is high enough to compile this file*/..#ifndef __REQUIRED_RPCNDR_H_VERSION__..#define __REQUIRED_RPCNDR_H_VERSION__ 500..#endif....#include "rpc.h"..#include "rpcndr.h"....#ifndef __RPCNDR_H_VERSION__..#error this stub requires an updated version of <rpcndr.h>..#endif /* __RPCNDR_H_VERSION__ */....#ifndef COM_NO_WINDOWS_H..#include "windows.h"..#include "ol

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-8QCHD.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):337
                                                                                                                                                                                                                    Entropy (8bit):5.343870624040308
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:2+bBEqp2yTM4b1qPSWmrFPy+muHLxLcmX6Gd+mk36GdS:lbP5t/5rFkkLpFX6wI6b
                                                                                                                                                                                                                    MD5:27B315F6123A00B59A76DDDC72949D07
                                                                                                                                                                                                                    SHA1:FBA98FD1F22153DFCF9407A76338B3DED215E558
                                                                                                                                                                                                                    SHA-256:1E54A98EC26FE4566DCA2C3FF6705296B8A36DF14A2CE637118BBDDDA6B11493
                                                                                                                                                                                                                    SHA-512:69254ABEE34CFC11D96D1D54951F46C540C47AD8D81477A58816DD76845462BB01857E2431366130B2B490FFB3C8765262302551CD50FE986D4D07A88013A186
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:#pragma once....#ifdef _MERGE_PROXYSTUB....extern "C" ..{..BOOL WINAPI PrxDllMain(HINSTANCE hInstance, DWORD dwReason, ...LPVOID lpReserved);..STDAPI PrxDllCanUnloadNow(void);..STDAPI PrxDllGetClassObject(REFCLSID rclsid, REFIID riid, LPVOID* ppv);..STDAPI PrxDllRegisterServer(void);..STDAPI PrxDllUnregisterServer(void);..}....#endif..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-E44AF.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2156
                                                                                                                                                                                                                    Entropy (8bit):5.150481199612763
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:mSlpuI18vimdPcd6Rx/Z/jnRsjDi1t6UqV6p69mI6G6p6o6h1mbFUuN7nwCOO6Kj:mCuI186QRjnRsDi7bWKgjjKNycyg0CTj
                                                                                                                                                                                                                    MD5:54B43BA8F7FE8B0D095C9480164B8EC9
                                                                                                                                                                                                                    SHA1:71FE358758DD9729FB53391EC06415B2E6D218ED
                                                                                                                                                                                                                    SHA-256:6F043605A459EC29BA7937E49EB25152D9DB4018C4BC562C230C2A4C04ED432E
                                                                                                                                                                                                                    SHA-512:022D6ADA60AB99EDF3489BA38B2482715B65E84C6BF1CE35D452142F37D390AC600F291FF7AF0D30979CE69F9EA9E2E7D8D973351B1CF514DF65199C16B57EB0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SampleCOMPlugin.cpp : Implementation of DLL Exports.......#include "stdafx.h"..#include "resource.h"..#include "SampleCOMPlugin_i.h"..#include "dllmain.h"..#include "dlldatax.h"....// Used to determine whether the DLL can be unloaded by OLE..STDAPI DllCanUnloadNow(void)..{..#ifdef _MERGE_PROXYSTUB.. const HRESULT hr = PrxDllCanUnloadNow();.. if (hr != S_OK).. return hr;..#endif.. return _AtlModule.DllCanUnloadNow();..}......// Returns a class factory to create an object of the requested type..STDAPI DllGetClassObject(REFCLSID rclsid, REFIID riid, LPVOID* ppv)..{..#ifdef _MERGE_PROXYSTUB.. if (PrxDllGetClassObject(rclsid, riid, ppv) == S_OK).. return S_OK;..#endif.. return _AtlModule.DllGetClassObject(rclsid, riid, ppv);..}......// DllRegisterServer - Adds entries to the system registry..STDAPI DllRegisterServer(void)..{.. // registers object, typelib and all interfaces in typelib.. HRESULT hr = _AtlModule.DllRegisterServer();..#ifdef _MERGE_PROXYST

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-EQKN2.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                                                    Entropy (8bit):4.6597347749072195
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:jGmyXH+5AMRNT15eAOFm+yll+5FdllZ+sMKcaGIA0RQbyn:jGXXHJYx5fOE+yi5JlZ+4cWAoQu
                                                                                                                                                                                                                    MD5:62A6BF61C9FF2DCFC8F045D7EE18B8EF
                                                                                                                                                                                                                    SHA1:E550E6480C9797D92FDA60B6E237E663E6BC8A95
                                                                                                                                                                                                                    SHA-256:CD3160A239E00B33CAEC8F4F53EDEA73FE87497970685DAB0888494539E6F451
                                                                                                                                                                                                                    SHA-512:782F97FF2DF802F308774057EF49DF81553E7898566158CC06C45ED7181ADD559E9A1E63DB57E22C0403A482EB83B933025612CF7E196B2F55E0A21906B1B973
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// stdafx.cpp : source file that includes just the standard includes..// SampleCOMPlugin.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-FMV4H.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3177
                                                                                                                                                                                                                    Entropy (8bit):5.021816472747988
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:3QlZ4adKCWpT2tGbQcobQcRrRRw2D9NRrMbMtlEX9T:AzdU35QtQIw2D9NRr7tmX9T
                                                                                                                                                                                                                    MD5:6422143913B05A58F870C36E53878B12
                                                                                                                                                                                                                    SHA1:517931E9415FBFF62B70D1820968C0C9382B7C91
                                                                                                                                                                                                                    SHA-256:3B728CCDC2408F23F1E0BEC6312BE60EDD3C947CDAB6CA4A383C68501471726A
                                                                                                                                                                                                                    SHA-512:C66E56715B075E349B82BBC9275BD2B74FC8224899F7AA388EF57EEA880F18FA273B19D4FE3AB83E2D7A50EBAB7B22686C09C748B161FA58F0FE9B534CEC7984
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">.. <ItemGroup>.. <Filter Include="Source Files">.. <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>.. <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>.. </Filter>.. <Filter Include="Header Files">.. <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>.. <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>.. </Filter>.. <Filter Include="Resource Files">.. <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>.. <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav</Extensions>.. </Filter>.. <Filter Include="Generated Files">.. <UniqueIdentifier>{80e8232a-a09e-41a6-9d8e-f27e799dbf5e}</UniqueIdentifier>.. <SourceControlFiles>False</SourceControlFiles>.. </Filter>.. </ItemGroup>..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-G8NN9.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):452
                                                                                                                                                                                                                    Entropy (8bit):5.460673385520514
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:jKVUn+P1M431jmX+ILV5axsEvwToGN0ZAGEbA3zl9:mKo6431aXT/axsEvwThNqBQC
                                                                                                                                                                                                                    MD5:340FF67FAB0C54F4A8E711E2A100815B
                                                                                                                                                                                                                    SHA1:3989030FEEC7A62715CAD2AE2052DA0F5C3E81A7
                                                                                                                                                                                                                    SHA-256:372C633C73174F8D47D70B41D0BF0F7269E845DDD31BDEEA662B6DFC97E4F2C5
                                                                                                                                                                                                                    SHA-512:D0234386213493CEFB438BB2B9B63B49A1326925331675F60E8847CB17D8DBE47FBB1491D0B93F0487AA97DB776C8FABC07840081B7BF4CD012C1BF8C838D726
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// wrapper for dlldata.c....#ifdef _MERGE_PROXYSTUB // merge proxy stub DLL....#define REGISTER_PROXY_DLL //DllRegisterServer, etc.....#define _WIN32_WINNT 0x0600.//for WinNT 4.0 or Win95 with DCOM..#define USE_STUBLESS_PROXY.//defined only with MIDL switch /Oicf....#pragma comment(lib, "rpcns4.lib")..#pragma comment(lib, "rpcrt4.lib")....#define ENTRY_PREFIX.Prx....#include "dlldata.c"..#include "SampleCOMPlugin_p.c"....#endif //_MERGE_PROXYSTUB..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-HJHT8.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1418
                                                                                                                                                                                                                    Entropy (8bit):4.6646600611991405
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:Q6u3qiYCydaR3mGlNMP/Kge6KgeLTKtu2Pub:m39YdMmG/MP/Kge6KgeLTKtfGb
                                                                                                                                                                                                                    MD5:FC1B0ABA59D8928A4457BCA46222AE07
                                                                                                                                                                                                                    SHA1:E54ECAA52673FBDD4E100F1A3E9A0583E834A514
                                                                                                                                                                                                                    SHA-256:1941429201CF277465A2BA753DA9EC1C25BC360FFBA3856BB3FD461E8F20B11E
                                                                                                                                                                                                                    SHA-512:42E6B42593523505B70D0B6B75D0B82CE62CBBA9A578AFEE594E1A2793C4104525BF9F58A7BC983A04B210C23EF13B37BF47331484C1E3970CE7BE28147C5B8F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-I1DFT.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C++ source, ASCII text, with very long lines (472), with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2944
                                                                                                                                                                                                                    Entropy (8bit):5.394889452411585
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:GplZFkAx82NrI/e2NONRUSu2lXp2xj5Iilsn0cNgGgwJSuMgQ2Iz7yay3TnOY:GplUAx8cxVT1dZy6QeDDg2IXjOjr
                                                                                                                                                                                                                    MD5:93DAA8BA4EF94CA279651FDF445E5CF6
                                                                                                                                                                                                                    SHA1:46445D9EB2D0BA26F945144D2CA707F8EF5785DF
                                                                                                                                                                                                                    SHA-256:37CF309535B7E267E928E5449D6F804622F1CC3733D1A9149456BEA98F51A49D
                                                                                                                                                                                                                    SHA-512:DF946A5DFB99C3A94BB757621B812923D07D1E8FC46973B579C33AA5D032B8E1C391E32F770DC87BF249B576C265C8DB353A21506D8343C190B1868904CEC89A
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SamplePathCopyCopyPlugin.h : Declaration of the CSamplePathCopyCopyPlugin....#pragma once..#include "resource.h" // main symbols....#include "SampleCOMPlugin_i.h"..#include "PathCopyCopy_i.h"......#if defined(_WIN32_WCE) && !defined(_CE_DCOM) && !defined(_CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA)..#error "Single-threaded COM objects are not properly supported on Windows CE platform, such as the Windows Mobile platforms that do not include full DCOM support. Define _CE_ALLOW_SINGLE_THREADED_OBJECTS_IN_MTA to force ATL to support creating single-thread COM object's and allow use of it's single-threaded COM object implementations. The threading model in your rgs file was set to 'Free' as that is the only threading model supported in non DCOM Windows CE platforms."..#endif........// CSamplePathCopyCopyPlugin....class ATL_NO_VTABLE CSamplePathCopyCopyPlugin :...public CComObjectRootEx<CComSingleThreadModel>,...public CComCoClass<CSamplePathCopyCopyPlugin, &CLSID_SamplePathCopyCopyPl

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-IOHPQ.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):241
                                                                                                                                                                                                                    Entropy (8bit):5.106671820297012
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:a4nBQ8UUqAmBwL2Fsh525mXotn3otL/Fy:7nBQ8U3xBlFs/24X434DFy
                                                                                                                                                                                                                    MD5:2FB3287C765B0380C4A1B72E16E2896F
                                                                                                                                                                                                                    SHA1:D616B6A2E0C17F6AAFD5FFDFE53E3CD661F3ACCA
                                                                                                                                                                                                                    SHA-256:0A04A24A21CA89C66EAE935A4692B651351AEF7B495F852167B9954B988ED58B
                                                                                                                                                                                                                    SHA-512:EC2377052689D463E685602767E58CC9C92F67A7C228CC1174E3D8F78860E2805C14451D6D753685962063F755B14C227AA1F1CEAF235743B13C1C0DAF1F31AC
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:; SampleCOMPlugin.def : Declares the module parameters.....LIBRARY "SampleCOMPlugin.DLL"....EXPORTS...DllCanUnloadNow..PRIVATE...DllGetClassObject.PRIVATE...DllRegisterServer.PRIVATE...DllUnregisterServer.PRIVATE...DllInstall..PRIVATE..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-JB5H0.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):135
                                                                                                                                                                                                                    Entropy (8bit):4.7551583156643735
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:yeo0rVMF7ooV41WAPknjNkrVCsjkzVs09FK/AAr020Ycv:Fe7+1vkaCsP09F6Kr
                                                                                                                                                                                                                    MD5:DED1C620FB9C89D06E23B286D761F9E0
                                                                                                                                                                                                                    SHA1:6E1431D774C5F0ACE92900FA425195D534911EA6
                                                                                                                                                                                                                    SHA-256:69847FEEAACA47BBDF911BA19051F36EFCE37713391C87ECC69897025F955CEE
                                                                                                                                                                                                                    SHA-512:E2430B5F80716692107A5DB2346EDCEF0073D001DBAF52EEF9B73C0EBD895D74D800F0E72639A2C567415F9F3555D496DBE8BD758417C061AE8130C0674825D5
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:HKCR..{...NoRemove AppID...{....'%APPID%' = s 'SampleCOMPlugin'....'SampleCOMPlugin.DLL'....{.....val AppID = s '%APPID%'....}...}..}..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-L3Q4N.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):449
                                                                                                                                                                                                                    Entropy (8bit):4.974129346096939
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:TMVBdfiOjzsbRu9Td8oWRu9T3/ZQRu9TNNlxDYiUA+DHbxqF/BH3vf13/9KxO2z:TMHdN44iiiMNfp+D9ud3H13/sO2z
                                                                                                                                                                                                                    MD5:183995B7EE9302DDFE7E2E1BD7A80895
                                                                                                                                                                                                                    SHA1:BB83CF2683BC01F1B7F8D7BFF0874939B32C2FDD
                                                                                                                                                                                                                    SHA-256:A77C181415DE7795CAC790887DF859C8C3F9414D6683B1791F46E0745FC8BF9D
                                                                                                                                                                                                                    SHA-512:4CF302586A390DB485DC1C1075C27979B11A6B2141CF9DA61752DE91414845E985BF4605F5B43B810241B99D098D275CBD0788322AC49359DF2AEFDB178AB1C2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >.. <application xmlns="urn:schemas-microsoft-com:asm.v3">.. <windowsSettings xmlns:ws2="http://schemas.microsoft.com/SMI/2016/WindowsSettings">.. <ws2:longPathAware>true</ws2:longPathAware>.. </windowsSettings>.. </application>..</assembly>

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-OMNNI.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):570
                                                                                                                                                                                                                    Entropy (8bit):5.609754092573868
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:j/MMnuidT4es0ufkqAMjTkZXiqX+mnPrX6BSe86iSeil3:r7uiF4esnfkETkdrXrX6BSe86iSeil3
                                                                                                                                                                                                                    MD5:E3F57E9CD3B6B61FD4CF8E10FF8A508C
                                                                                                                                                                                                                    SHA1:B092937D6D2EE02B67DA9D0FA7CC18910BE4FA76
                                                                                                                                                                                                                    SHA-256:133648CD27B8F20D808665E2FC305A2FBE92605CC41E718515CD083CDA4A4A5B
                                                                                                                                                                                                                    SHA-512:F950AD409B6CCEEAF238A84DE75FC361288FFE97CA535F8B3FF91947AEADD2973F9FE646C7E4CD15853D1A1026358F63E9DBA1712FA8607A19CC5B6673BBE989
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// dllmain.h : Declaration of module class.....class CSampleCOMPluginModule : public CAtlDllModuleT< CSampleCOMPluginModule >..{..public :..#pragma warning(push)..#pragma warning(disable: ALL_CPPCORECHECK_WARNINGS)...DECLARE_LIBID(LIBID_SampleCOMPluginLib)...DECLARE_REGISTRY_APPID_RESOURCEID(IDR_SAMPLECOMPLUGIN, "{AB26800F-6F38-4A2A-8206-B4C60D52A783}")..#pragma warning(pop).... HRESULT DllRegisterServer(BOOL bRegTypeLib = TRUE) throw();.. HRESULT DllUnregisterServer(BOOL bUnRegTypeLib = TRUE) throw();..};....extern class CSampleCOMPluginModule _AtlModule;..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-RSQOI.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):647
                                                                                                                                                                                                                    Entropy (8bit):5.146422912494509
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:jG0/fS4gZS4pSdf2b1j58YAo9LWQWoRr9rk4z4xqRA9IlAwA34AGeuPIKIeAe0:FnF+Z57N7VTz4oAIldk4heuwWF0
                                                                                                                                                                                                                    MD5:4A8617A25504718E917EE9A1DE83ED87
                                                                                                                                                                                                                    SHA1:76083F10CBFFE82122E606860757FE036B76E1F4
                                                                                                                                                                                                                    SHA-256:FC2C34175070F436F4CEBD33AE570364F8553FD88AE6FBD9ADBA681B29AA9637
                                                                                                                                                                                                                    SHA-512:E8FCD973C5C73EE0A9C6FAD14D3263220AE019AB37F65ACC1403229F4C09EFBD1725F58FF90CBA9D383EC71F20C21BD38BCF69398BFBEA0176F9BBF1DD2DFB4E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// stdafx.h : include file for standard system include files,..// or project specific include files that are used frequently,..// but are changed infrequently....#pragma once....#ifndef STRICT..#define STRICT..#endif....#include "targetver.h"....#define _ATL_APARTMENT_THREADED..#define _ATL_NO_AUTOMATIC_NAMESPACE....#define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS.// some CString constructors will be explicit....#include "resource.h"..#include <atlbase.h>..#include <atlcom.h>..#include <atlctl.h>....using namespace ATL;....// Including this header allows us to suppress C++ Core Guideline warnings more easily..#include <CppCoreCheck\warnings.h>..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-S7SCF.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):547
                                                                                                                                                                                                                    Entropy (8bit):5.062205059934768
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:1PUyfSzTQ3TXgDjxQMncWnc2vncffXncbuj:1PUypDMPc4c2/cfvcba
                                                                                                                                                                                                                    MD5:640013478BAF87921756CF543942EABA
                                                                                                                                                                                                                    SHA1:2EFC93B7F145C7DE4D309BDD6CB76C9868608E6E
                                                                                                                                                                                                                    SHA-256:D4A7ABA4E25800A5B20D828633819ED5E5CB54724B8537A62C158547571E821D
                                                                                                                                                                                                                    SHA-512:1B82EAEB4505D41491A0EAD5C2F4FBBBAD308EB03AF973B0CAA917894BDB2DB9B92D6E9EC10EA770649BE0ADCFECF4A42E48F1049AFB1812DEEB34E03F0A4476
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview://{{NO_DEPENDENCIES}}..// Microsoft Visual C++ generated include file...// Used by SampleCOMPlugin.rc..//..#define IDS_PROJNAME 100..#define IDR_SAMPLECOMPLUGIN 101..#define IDR_SAMPLEPATHCOPYCOPYPLUGIN 102....// Next default values for new objects..// ..#ifdef APSTUDIO_INVOKED..#ifndef APSTUDIO_READONLY_SYMBOLS..#define _APS_NEXT_RESOURCE_VALUE 201..#define _APS_NEXT_COMMAND_VALUE 32768..#define _APS_NEXT_CONTROL_VALUE 201..#define _APS_NEXT_SYMED_VALUE 103..#endif..#endif..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-SL4C4.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3030
                                                                                                                                                                                                                    Entropy (8bit):4.659055200267223
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:fPnLIbFzP2SxRNzlX85odfNfQgo0MAVDBIyMlAJ9f8k:fPLWB9xRNRXyodf1TUAVd
                                                                                                                                                                                                                    MD5:925747AC8E45A6740D38BFB99AC21D16
                                                                                                                                                                                                                    SHA1:05C99F02E4527BFD0EC7B6E013874F069C1CB4EF
                                                                                                                                                                                                                    SHA-256:3519B1BDB3254635160E511301DFF051B8C63883DE95AC807907B721DD8E15C5
                                                                                                                                                                                                                    SHA-512:39BC849DA3FFF95C4B177989123B33587F0168D3E693C208BEAB5928DDA0EE6205862890F378C04DB7783461A58361BF8BCDC5ABAFF5DF7EF4599E9EDD12CF22
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// Microsoft Visual C++ generated resource script...//..#include "resource.h"....#define APSTUDIO_READONLY_SYMBOLS../////////////////////////////////////////////////////////////////////////////..//..// Generated from the TEXTINCLUDE 2 resource...//..#ifndef APSTUDIO_INVOKED..#include "targetver.h"..#endif..#include "winres.h"..../////////////////////////////////////////////////////////////////////////////..#undef APSTUDIO_READONLY_SYMBOLS..../////////////////////////////////////////////////////////////////////////////..// English (United States) resources....#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)..LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US..#pragma code_page(1252)....#ifdef APSTUDIO_INVOKED../////////////////////////////////////////////////////////////////////////////..//..// TEXTINCLUDE..//....1 TEXTINCLUDE ..BEGIN.. "resource.h\0"..END....2 TEXTINCLUDE ..BEGIN.. "#ifndef APSTUDIO_INVOKED\r\n".. "#include ""targetver.h""\r\n".. "#endif\r\n".. "#include "

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-SSDP7.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):753
                                                                                                                                                                                                                    Entropy (8bit):5.439706880442906
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:F2U3Prbk5Iu00Ta30k5Iu00TU3PhoiSUIu00TtLFk5YYP3P4YP3eWMmsH4HRsVVR:FbjbkWCG0kWC4IRChLFk5YY/AY/OH4Hw
                                                                                                                                                                                                                    MD5:5BEE0283BB9FBD51F4967246CE61E0CC
                                                                                                                                                                                                                    SHA1:F8CB26E1ECECA247860E1FA946F7B1A0F3EEA236
                                                                                                                                                                                                                    SHA-256:9B83192FC2D787228034C5C0947240512778AB9B16C8F2FF2F09A16C962DEB13
                                                                                                                                                                                                                    SHA-512:AE727E0C7572E13C67E9313194B2AAD91EE2E17BE079BCFAEAFCE314F009F5E9A7194262DF873138DA724719CBB7CD089AFE72A266CE6C555AB63F249F8C7ECA
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:HKCR..{...SampleCOMPlugin.SamplePathCopyCopyPlu.1 = s 'SamplePathCopyCopyPlugin Class'...{....CLSID = s '{50377643-61E1-4544-80D7-BF17140D8BFF}'...}...SampleCOMPlugin.SamplePathCopyCopyPlugi = s 'SamplePathCopyCopyPlugin Class'...{....CLSID = s '{50377643-61E1-4544-80D7-BF17140D8BFF}'....CurVer = s 'SampleCOMPlugin.SamplePathCopyCopyPlu.1'...}...NoRemove CLSID...{....ForceRemove {50377643-61E1-4544-80D7-BF17140D8BFF} = s 'SamplePathCopyCopyPlugin Class'....{.....ProgID = s 'SampleCOMPlugin.SamplePathCopyCopyPlu.1'.....VersionIndependentProgID = s 'SampleCOMPlugin.SamplePathCopyCopyPlugi'.....InprocServer32 = s '%MODULE%'.....{......val ThreadingModel = s 'Apartment'.....}.....'TypeLib' = s '{5EA2F6A2-8B00-4B14-81AF-39401CA26BA4}'....}...}..}..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\is-VS4IJ.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):805
                                                                                                                                                                                                                    Entropy (8bit):5.531881521751864
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:j0ADxXC3f61TPZXGlSgBJ8C5FcPnEnNMZHoAJ8Mq4uQ1v6q8wIu00T2q3kJ4BYM:goxa6NxAnBP5WsnGZIA5h1589CpkeCM
                                                                                                                                                                                                                    MD5:F9F6F7EF5730F4FA41CC757C8A9EDDF7
                                                                                                                                                                                                                    SHA1:7F3833E252C4BB21A0FC0CA1CD5C44D3155F7554
                                                                                                                                                                                                                    SHA-256:743D410337441D124D16CCD560E3D68897AF8B433F839AF9C701563B58DF6F05
                                                                                                                                                                                                                    SHA-512:AD3CE87D21650853486CD38C5988AD915D8F83953AF236D355B9C80DF8CEE739D7AB74DB3CD94AEFCABE01A11617F96918791038455538FCC1882B52C29B26B4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// SampleCOMPlugin.idl : IDL source for SampleCOMPlugin..//....// This file will be processed by the MIDL tool to..// produce the type library (SampleCOMPlugin.tlb) and marshalling code.....import "oaidl.idl";..import "ocidl.idl";....[...object,...uuid(AE980919-AA58-4387-8450-D2E17115B4C7),...helpstring("ISamplePathCopyCopyPlugin Interface"),...pointer_default(unique)..]..interface ISamplePathCopyCopyPlugin : IUnknown{..};..[...uuid(5EA2F6A2-8B00-4B14-81AF-39401CA26BA4),...version(1.0),...helpstring("SampleCOMPlugin 1.0 Type Library")..]..library SampleCOMPluginLib..{...importlib("stdole2.tlb");...[....uuid(50377643-61E1-4544-80D7-BF17140D8BFF),....helpstring("SamplePathCopyCopyPlugin Class")...]...coclass SamplePathCopyCopyPlugin...{....[default] interface ISamplePathCopyCopyPlugin;...};..};..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\resource.h (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):547
                                                                                                                                                                                                                    Entropy (8bit):5.062205059934768
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:1PUyfSzTQ3TXgDjxQMncWnc2vncffXncbuj:1PUypDMPc4c2/cfvcba
                                                                                                                                                                                                                    MD5:640013478BAF87921756CF543942EABA
                                                                                                                                                                                                                    SHA1:2EFC93B7F145C7DE4D309BDD6CB76C9868608E6E
                                                                                                                                                                                                                    SHA-256:D4A7ABA4E25800A5B20D828633819ED5E5CB54724B8537A62C158547571E821D
                                                                                                                                                                                                                    SHA-512:1B82EAEB4505D41491A0EAD5C2F4FBBBAD308EB03AF973B0CAA917894BDB2DB9B92D6E9EC10EA770649BE0ADCFECF4A42E48F1049AFB1812DEEB34E03F0A4476
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview://{{NO_DEPENDENCIES}}..// Microsoft Visual C++ generated include file...// Used by SampleCOMPlugin.rc..//..#define IDS_PROJNAME 100..#define IDR_SAMPLECOMPLUGIN 101..#define IDR_SAMPLEPATHCOPYCOPYPLUGIN 102....// Next default values for new objects..// ..#ifdef APSTUDIO_INVOKED..#ifndef APSTUDIO_READONLY_SYMBOLS..#define _APS_NEXT_RESOURCE_VALUE 201..#define _APS_NEXT_COMMAND_VALUE 32768..#define _APS_NEXT_CONTROL_VALUE 201..#define _APS_NEXT_SYMED_VALUE 103..#endif..#endif..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\stdafx.cpp (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):211
                                                                                                                                                                                                                    Entropy (8bit):4.6597347749072195
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6:jGmyXH+5AMRNT15eAOFm+yll+5FdllZ+sMKcaGIA0RQbyn:jGXXHJYx5fOE+yi5JlZ+4cWAoQu
                                                                                                                                                                                                                    MD5:62A6BF61C9FF2DCFC8F045D7EE18B8EF
                                                                                                                                                                                                                    SHA1:E550E6480C9797D92FDA60B6E237E663E6BC8A95
                                                                                                                                                                                                                    SHA-256:CD3160A239E00B33CAEC8F4F53EDEA73FE87497970685DAB0888494539E6F451
                                                                                                                                                                                                                    SHA-512:782F97FF2DF802F308774057EF49DF81553E7898566158CC06C45ED7181ADD559E9A1E63DB57E22C0403A482EB83B933025612CF7E196B2F55E0A21906B1B973
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// stdafx.cpp : source file that includes just the standard includes..// SampleCOMPlugin.pch will be the pre-compiled header..// stdafx.obj will contain the pre-compiled type information....#include "stdafx.h"..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\stdafx.h (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):647
                                                                                                                                                                                                                    Entropy (8bit):5.146422912494509
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12:jG0/fS4gZS4pSdf2b1j58YAo9LWQWoRr9rk4z4xqRA9IlAwA34AGeuPIKIeAe0:FnF+Z57N7VTz4oAIldk4heuwWF0
                                                                                                                                                                                                                    MD5:4A8617A25504718E917EE9A1DE83ED87
                                                                                                                                                                                                                    SHA1:76083F10CBFFE82122E606860757FE036B76E1F4
                                                                                                                                                                                                                    SHA-256:FC2C34175070F436F4CEBD33AE570364F8553FD88AE6FBD9ADBA681B29AA9637
                                                                                                                                                                                                                    SHA-512:E8FCD973C5C73EE0A9C6FAD14D3263220AE019AB37F65ACC1403229F4C09EFBD1725F58FF90CBA9D383EC71F20C21BD38BCF69398BFBEA0176F9BBF1DD2DFB4E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:// stdafx.h : include file for standard system include files,..// or project specific include files that are used frequently,..// but are changed infrequently....#pragma once....#ifndef STRICT..#define STRICT..#endif....#include "targetver.h"....#define _ATL_APARTMENT_THREADED..#define _ATL_NO_AUTOMATIC_NAMESPACE....#define _ATL_CSTRING_EXPLICIT_CONSTRUCTORS.// some CString constructors will be explicit....#include "resource.h"..#include <atlbase.h>..#include <atlcom.h>..#include <atlctl.h>....using namespace ATL;....// Including this header allows us to suppress C++ Core Guideline warnings more easily..#include <CppCoreCheck\warnings.h>..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\SampleCOMPlugin\targetver.h (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1418
                                                                                                                                                                                                                    Entropy (8bit):4.6646600611991405
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:Q6u3qiYCydaR3mGlNMP/Kge6KgeLTKtu2Pub:m39YdMmG/MP/Kge6KgeLTKtfGb
                                                                                                                                                                                                                    MD5:FC1B0ABA59D8928A4457BCA46222AE07
                                                                                                                                                                                                                    SHA1:E54ECAA52673FBDD4E100F1A3E9A0583E834A514
                                                                                                                                                                                                                    SHA-256:1941429201CF277465A2BA753DA9EC1C25BC360FFBA3856BB3FD461E8F20B11E
                                                                                                                                                                                                                    SHA-512:42E6B42593523505B70D0B6B75D0B82CE62CBBA9A578AFEE594E1A2793C4104525BF9F58A7BC983A04B210C23EF13B37BF47331484C1E3970CE7BE28147C5B8F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:..#pragma once....// The following macros define the minimum required platform. The minimum required platform..// is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run ..// your application. The macros work by enabling all features available on platform versions up to and ..// including the version specified.....// Modify the following defines if you have to target a platform prior to the ones specified below...// Refer to MSDN for the latest info on corresponding values for different platforms...#ifndef WINVER // Specifies that the minimum required platform is Windows Vista...#define WINVER 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32_WINNT // Specifies that the minimum required platform is Windows Vista...#define _WIN32_WINNT 0x0600 // Change this to the appropriate value to target other versions of Windows...#endif....#ifndef _WIN32

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Samples\Plugins\COM\C++\is-PRKBH.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1482
                                                                                                                                                                                                                    Entropy (8bit):5.55139058999107
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:pPEkkjNFPe50C6mAhE5R2I6Aa80a3n8ZhW:pPijNJ9WYEZsC
                                                                                                                                                                                                                    MD5:CA71DB195BA4E65F003EF298D92F4EDC
                                                                                                                                                                                                                    SHA1:A8B060A2C66DD493212FB7E4AECFA6450C6CCE88
                                                                                                                                                                                                                    SHA-256:118FA24E16CB49CC5F3321A2812AE499DD458D94A9F104FA21F190857D7476C1
                                                                                                                                                                                                                    SHA-512:51AD4A2A0C36EF916D9156C2B7169A2EE0DA4D09A18D003E9D38FBF35C4DB27F9AA0F42C05A3CA5CC00F3ACF1AC33403D0F4B657C668E0E711923D5A2DFD40AD
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:...Microsoft Visual Studio Solution File, Format Version 12.00..# Visual Studio Version 16..VisualStudioVersion = 16.0.29201.188..MinimumVisualStudioVersion = 10.0.40219.1..Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SampleCOMPlugin", "SampleCOMPlugin\SampleCOMPlugin.vcxproj", "{154058E7-2433-4FB5-89BC-9D5D5153C0F0}"..EndProject..Global...GlobalSection(SolutionConfigurationPlatforms) = preSolution....Debug|Win32 = Debug|Win32....Debug|x64 = Debug|x64....Release|Win32 = Release|Win32....Release|x64 = Release|x64...EndGlobalSection...GlobalSection(ProjectConfigurationPlatforms) = postSolution....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|Win32.ActiveCfg = Debug|Win32....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|Win32.Build.0 = Debug|Win32....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|x64.ActiveCfg = Debug|x64....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Debug|x64.Build.0 = Debug|x64....{154058E7-2433-4FB5-89BC-9D5D5153C0F0}.Release|Win32.ActiveCfg = Release|Win32....{15405

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Schemas\PipelinePluginCollection.xsd (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1469
                                                                                                                                                                                                                    Entropy (8bit):4.922761878676519
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:Jd5OkLQ+xOkLQiqYtQyAQjY1Q+Xi4CLQ0nDYrLQ0jJQ0fSQ0nDY1Q0ji1I9QFskg:3wi4Cb+diz/ErL0Eti1ISFskMW8Bx
                                                                                                                                                                                                                    MD5:B97C4CE3E190ABD705029CAC1CE7E868
                                                                                                                                                                                                                    SHA1:01857E7B8906F03C3B2FD0CD1E8B24335AE5206D
                                                                                                                                                                                                                    SHA-256:1FD1D443EC1BD77E295A0EAD9535C1E7F03ACA60FFE5F1E0BE9CA33F6C5F18DD
                                                                                                                                                                                                                    SHA-512:50334974123E8E47E62EF0A4B2C5566CC155982FBBA9E505DCB880528929F0B2E9B1379A58806DA6568B6B0B348964E8E449F225952004A5C8A407401347888C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<xs:schema xmlns:tns="http://pathcopycopy.codeplex.com/xsd/PipelinePlugins/V1" elementFormDefault="qualified" targetNamespace="http://pathcopycopy.codeplex.com/xsd/PipelinePlugins/V1" xmlns:xs="http://www.w3.org/2001/XMLSchema">.. <xs:element name="PipelinePluginCollection" nillable="true" type="tns:PipelinePluginCollection" />.. <xs:complexType name="PipelinePluginCollection">.. <xs:sequence>.. <xs:element minOccurs="0" maxOccurs="1" name="Plugins" type="tns:ArrayOfPipelinePluginInfo" />.. </xs:sequence>.. </xs:complexType>.. <xs:complexType name="ArrayOfPipelinePluginInfo">.. <xs:sequence>.. <xs:element minOccurs="0" maxOccurs="unbounded" name="PipelinePluginInfo" nillable="true" type="tns:PipelinePluginInfo" />.. </xs:sequence>.. </xs:complexType>.. <xs:complexType name="PipelinePluginInfo">.. <xs:sequence>.. <xs:element minOccurs="0" maxOccurs="1" name="Id" type="xs:string" />.. <xs:element minOccur

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Schemas\is-DSJPB.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1469
                                                                                                                                                                                                                    Entropy (8bit):4.922761878676519
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:Jd5OkLQ+xOkLQiqYtQyAQjY1Q+Xi4CLQ0nDYrLQ0jJQ0fSQ0nDY1Q0ji1I9QFskg:3wi4Cb+diz/ErL0Eti1ISFskMW8Bx
                                                                                                                                                                                                                    MD5:B97C4CE3E190ABD705029CAC1CE7E868
                                                                                                                                                                                                                    SHA1:01857E7B8906F03C3B2FD0CD1E8B24335AE5206D
                                                                                                                                                                                                                    SHA-256:1FD1D443EC1BD77E295A0EAD9535C1E7F03ACA60FFE5F1E0BE9CA33F6C5F18DD
                                                                                                                                                                                                                    SHA-512:50334974123E8E47E62EF0A4B2C5566CC155982FBBA9E505DCB880528929F0B2E9B1379A58806DA6568B6B0B348964E8E449F225952004A5C8A407401347888C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<xs:schema xmlns:tns="http://pathcopycopy.codeplex.com/xsd/PipelinePlugins/V1" elementFormDefault="qualified" targetNamespace="http://pathcopycopy.codeplex.com/xsd/PipelinePlugins/V1" xmlns:xs="http://www.w3.org/2001/XMLSchema">.. <xs:element name="PipelinePluginCollection" nillable="true" type="tns:PipelinePluginCollection" />.. <xs:complexType name="PipelinePluginCollection">.. <xs:sequence>.. <xs:element minOccurs="0" maxOccurs="1" name="Plugins" type="tns:ArrayOfPipelinePluginInfo" />.. </xs:sequence>.. </xs:complexType>.. <xs:complexType name="ArrayOfPipelinePluginInfo">.. <xs:sequence>.. <xs:element minOccurs="0" maxOccurs="unbounded" name="PipelinePluginInfo" nillable="true" type="tns:PipelinePluginInfo" />.. </xs:sequence>.. </xs:complexType>.. <xs:complexType name="PipelinePluginInfo">.. <xs:sequence>.. <xs:element minOccurs="0" maxOccurs="1" name="Id" type="xs:string" />.. <xs:element minOccur

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Type Libraries\Win32\PathCopyCopy.tlb (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.893957498880871
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:bfyTNyTAnx8DcUqShKXJEM+60rulArEJRMJZrY/5PqVxq14bd72:LLOD1ShKXAbrulArE3MA5Gy4F2
                                                                                                                                                                                                                    MD5:FBEC7B2A00F1BD3E29E4051ED78AA6BC
                                                                                                                                                                                                                    SHA1:A76BEE648B7ECD21523A37E9F16D265AD3342FA9
                                                                                                                                                                                                                    SHA-256:7D03D0256D3B36FC02A8AFB11745102D838ED0F5FF4F0B1A6F9C7D2193CCA024
                                                                                                                                                                                                                    SHA-512:9C4886E681B7E7812BFE7B5C838C304E91FD7BFDB3087A306AFF7D25AECD2D2B5BE12F90B67305424F906E7E91F26CCE925495C99A6EF8652D2EC7649F457095
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................A...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%"..........................................`............... .......................................#"..........................................x.......D.......D.......................................#"..X...............................................l.......l.......................................%"..................................................0.......@.......................................#"..................................................T.......`.......................................%"..................................................x............................... ...............#"..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Type Libraries\Win32\is-VU3KM.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.893957498880871
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:bfyTNyTAnx8DcUqShKXJEM+60rulArEJRMJZrY/5PqVxq14bd72:LLOD1ShKXAbrulArE3MA5Gy4F2
                                                                                                                                                                                                                    MD5:FBEC7B2A00F1BD3E29E4051ED78AA6BC
                                                                                                                                                                                                                    SHA1:A76BEE648B7ECD21523A37E9F16D265AD3342FA9
                                                                                                                                                                                                                    SHA-256:7D03D0256D3B36FC02A8AFB11745102D838ED0F5FF4F0B1A6F9C7D2193CCA024
                                                                                                                                                                                                                    SHA-512:9C4886E681B7E7812BFE7B5C838C304E91FD7BFDB3087A306AFF7D25AECD2D2B5BE12F90B67305424F906E7E91F26CCE925495C99A6EF8652D2EC7649F457095
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................A...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%"..........................................`............... .......................................#"..........................................x.......D.......D.......................................#"..X...............................................l.......l.......................................%"..................................................0.......@.......................................#"..................................................T.......`.......................................%"..................................................x............................... ...............#"..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Type Libraries\x64\PathCopyCopy.tlb (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.889546219458058
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:Jfy7hCTAnx8DmUqShKXJEM+60rulArEJRMJZrY/5PqVxq1UMmRR7+:pwCOd1ShKXAbrulArE3MA5GyUB+
                                                                                                                                                                                                                    MD5:EB316F8AF0011883B82EA6D3D4B4E74C
                                                                                                                                                                                                                    SHA1:DCA46B64FE196C42F652863E0659091E990D6759
                                                                                                                                                                                                                    SHA-256:17695B18CEB570C6BB30F4F472C524DC1EE95596C1B7D4A6D3C432BE0141B906
                                                                                                                                                                                                                    SHA-512:DE766B1FFEC3DF1F4A09C3E1F6FA358DA11608FB4C00FCA7CCA3EB6FFA82D4B83FBD8F32C3922DB9C23345AC9225F17EF74A80CB1AB715379F1E379B331475B2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................C...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%B..........................................`............... .......................................#B..........................................x.......D.......D.................8.....................#B..X...............................................l.......l.................(.....................%B..................................................0.......@.......................................#B..................................................T.......`.......................................%B..................................................x............................... ...............#B..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\Type Libraries\x64\is-RNPTK.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7512
                                                                                                                                                                                                                    Entropy (8bit):4.889546219458058
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:Jfy7hCTAnx8DmUqShKXJEM+60rulArEJRMJZrY/5PqVxq1UMmRR7+:pwCOd1ShKXAbrulArE3MA5GyUB+
                                                                                                                                                                                                                    MD5:EB316F8AF0011883B82EA6D3D4B4E74C
                                                                                                                                                                                                                    SHA1:DCA46B64FE196C42F652863E0659091E990D6759
                                                                                                                                                                                                                    SHA-256:17695B18CEB570C6BB30F4F472C524DC1EE95596C1B7D4A6D3C432BE0141B906
                                                                                                                                                                                                                    SHA-512:DE766B1FFEC3DF1F4A09C3E1F6FA358DA11608FB4C00FCA7CCA3EB6FFA82D4B83FBD8F32C3922DB9C23345AC9225F17EF74A80CB1AB715379F1E379B331475B2
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MSFT................C...........................+...u............... ...................d.......,...........X....... ...........p...L...............<...........@...................0...........................<...............\...............\...................................X...........................T...T...............$...........................................%B..........................................`............... .......................................#B..........................................x.......D.......D.................8.....................#B..X...............................................l.......l.................(.....................%B..................................................0.......@.......................................#B..................................................T.......`.......................................%B..................................................x............................... ...............#B..............................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\fr-CA\PathCopyCopySettings.resources.dll (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):96768
                                                                                                                                                                                                                    Entropy (8bit):5.249504129645005
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:yDGMJefDPyih/aPwQ4VPZYfssqlEJpB9aHlgylgLZ:SefDNhiBfXpB9aHlgylgLZ
                                                                                                                                                                                                                    MD5:BE5C8458547984AA7186587CF07DF045
                                                                                                                                                                                                                    SHA1:834E41A485734D955B320FDFA56D543CDA0A0C0B
                                                                                                                                                                                                                    SHA-256:10259C9885F18828649D28BC8325D5DD2B6ED938289381DD011453F933F32AA6
                                                                                                                                                                                                                    SHA-512:1653408B667D61C9558548E5BB59CBCB3E08B30BF551D837AD913B1B5D204AD69773428080134DB41A34498633A974F6B5044D748EC583760BEE6E43411EF733
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*a...........!.....p............... ........... ....................................@....................................W.......X............................................................................ ............... ..H............text...$n... ...p.................. ..`.rsrc...X............r..............@..@.reloc...............x..............@..B........................H......................P ...b..........................................c9.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....d.......PADPADP....4.0....?...".t.w....)..\.....I.....$..L...E......e...,.U.<...oR..9...q..6'.e.}..|......p.ad..r...........k.{.qV.$5T....6..^Kt.%......-....Q..O9N..0.9....I..R#.e.q......I..<..W...<.....>.....5.....Q.{.Jg..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\fr-CA\is-G2954.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):96768
                                                                                                                                                                                                                    Entropy (8bit):5.249504129645005
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:yDGMJefDPyih/aPwQ4VPZYfssqlEJpB9aHlgylgLZ:SefDNhiBfXpB9aHlgylgLZ
                                                                                                                                                                                                                    MD5:BE5C8458547984AA7186587CF07DF045
                                                                                                                                                                                                                    SHA1:834E41A485734D955B320FDFA56D543CDA0A0C0B
                                                                                                                                                                                                                    SHA-256:10259C9885F18828649D28BC8325D5DD2B6ED938289381DD011453F933F32AA6
                                                                                                                                                                                                                    SHA-512:1653408B667D61C9558548E5BB59CBCB3E08B30BF551D837AD913B1B5D204AD69773428080134DB41A34498633A974F6B5044D748EC583760BEE6E43411EF733
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*a...........!.....p............... ........... ....................................@....................................W.......X............................................................................ ............... ..H............text...$n... ...p.................. ..`.rsrc...X............r..............@..@.reloc...............x..............@..B........................H......................P ...b..........................................c9.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....d.......PADPADP....4.0....?...".t.w....)..\.....I.....$..L...E......e...,.U.<...oR..9...q..6'.e.}..|......p.ad..r...........k.{.qV.$5T....6..^Kt.%......-....Q..O9N..0.9....I..R#.e.q......I..<..W...<.....>.....5.....Q.{.Jg..

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-33810.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):7680
                                                                                                                                                                                                                    Entropy (8bit):3.4158498816307814
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:vWR4dYlqNGmyyroodoOmqmyxJ5myAmyFeT6zs+lHPN55WnNkx:vq4dYlqNGsldoOmq1J5EZbs+Fm
                                                                                                                                                                                                                    MD5:3B6BF104D09CE175F29B748BFE4754FB
                                                                                                                                                                                                                    SHA1:E95BD922045D6DC064A5487CD10A0C5D8BDC3739
                                                                                                                                                                                                                    SHA-256:289C2F400C60A38AA53E92E0C0790CD15A382E168978D67B256AF530D8783ACF
                                                                                                                                                                                                                    SHA-512:E1E88EEEC382530218DAC214D6F556C7936C6EB679804EE3EC7C5D99ADE016792FD29A27E756012C8CC7A9960610B0BE8E95037BB6F3DA5C1130B25FE3C2824B
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=h..y...y...y.../|~.x...y...x.../|..x...Richy...........PE..L.....*a...........!.........................................................@............@.......................................... ..................................p............................................................................rdata..h...........................@..@.rsrc........ ......................@..@......*a............p...p.........*a..........................*a........T.................*a....................RSDS.ne...I..;.2.%....C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_fr.pdb........................GCTL....p....rdata..p........rdata$zzzdbg.... ..0....rsrc$01....0!..P....rsrc$02....................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-361M8.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):217600
                                                                                                                                                                                                                    Entropy (8bit):6.510638237498988
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3072:C5xoPN0KCidGDeOGEl8hWmbSbZ/iN5wtCNi9ncZSR6qEsQ9eXbMOAg0Fuj1yzDmH:C3INDGjGe1ZSMCuaSMeTAOhocK
                                                                                                                                                                                                                    MD5:068F091BF86B8730330B65C4D7085D5B
                                                                                                                                                                                                                    SHA1:83D10490EB96A7E66D4192AA4A4CFF3969E6BA03
                                                                                                                                                                                                                    SHA-256:EC0EBF839F7EF00061440CE61781C78BD71C1C10E22E19723CCB6937FC379E3C
                                                                                                                                                                                                                    SHA-512:56F6609E9435DE806E02725877EA001C47ED770963E50A4E6F69BC223F3085569D796FF8C0D0B63BAA137ECE07BAC48C117AD484944ABD1710B3A64AF710D0B0
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(.j|F.j|F.j|F.1.E.g|F.1.C..|F.1.B.||F.8.B.{|F.8.E.~|F.8.C.!|F.1.G.i|F.j|G.=|F.<.O.h|F.<...k|F.j|..k|F.<.D.k|F.Richj|F.........PE..L.....*a.................8...&...............P....@.......................................@..................................(..(....P.......................`......,...p...............................@............P..4............................text....7.......8.................. ..`.rdata.......P.......<..............@..@.data...H....0......................@....rsrc........P.......,..............@..@.reloc.......`... ...2..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-42UMT.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1178
                                                                                                                                                                                                                    Entropy (8bit):5.096530357159641
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:ODkugarjVJHoH0yE3gtwF7q1h69QH9sUv4pOk4/+wJ3oqmFh:ODzRdJglQEZoQH9s5XyJ3otFh
                                                                                                                                                                                                                    MD5:3567C6B611A2758F4D5899030321B31D
                                                                                                                                                                                                                    SHA1:1B2FE8B1D1FCBDCCCAD138A06F108427DD3E7FCD
                                                                                                                                                                                                                    SHA-256:722575C3842E8B69142EB06066CD8B9160061E2C3E154EB198980B0CDAF94200
                                                                                                                                                                                                                    SHA-512:B686B004F4FCA881C600BAC519A1564A3AFD8BD5FE5BF661A79B3D78A2F2E35D5BCA102CAC84C7D89EF77A0C1834C9B2E75486FB4C18F988B31EB6B334997835
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Copyright (c) 2015 Microsoft Corporation. All rights reserved. .. ..This code is licensed under the MIT License (MIT). ....Permission is hereby granted, free of charge, to any person obtaining a copy ..of this software and associated documentation files (the "Software"), to deal ..in the Software without restriction, including without limitation the rights ..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies ..of the Software, and to permit persons to whom the Software is furnished to do ..so, subject to the following conditions: ....The above copyright notice and this permission notice shall be included in all ..copies or substantial portions of the Software. ....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OT

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-79DGJ.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):749056
                                                                                                                                                                                                                    Entropy (8bit):6.588208106692203
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:12288:9FJunw/e0IrGttWWNqpZS1fzNRDzae5Y3Cay0bXAJiCuboJbobil+YM2RV4a:9FJuaIr4gWNh1fzNRDzae5Y3lwuby1DX
                                                                                                                                                                                                                    MD5:227E2B076D1DFEC0395580F48CE1A577
                                                                                                                                                                                                                    SHA1:5183A54EBB8B923D30B2A5EC578CCD5DF9EF681D
                                                                                                                                                                                                                    SHA-256:D37F906DDCB1C40407112790FEF5A59D83D3B6A20DE7FB8F3CA0827F315E303D
                                                                                                                                                                                                                    SHA-512:B29130BCFB42CBB86C3498E063B9E751E6ACBFEC89BB067241CAD619C2F49C1002CE169A5E76F064F49D69520910F1F2F2F7951E81F2E3CA582D3650FB8DAF1C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@..........._......_.....V......V......V...U.._......_............R......R...5..R......R.z...........R......Rich...........PE..L.....*a...........!......................................................................@..........................t..h...8v..........06...................@...m......T...............................@...............l............................text....~.......................... ..`.orpc............................... ..`.rdata..............................@..@.data....e.......V...r..............@....rsrc...06.......8..................@..@.reloc...m...@...n..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-BO877.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):219136
                                                                                                                                                                                                                    Entropy (8bit):6.53560340769448
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:2XxdYlF42aEXO6CJyBxmh6mP+AOtZeiC:gAF42aEXO+Hm2oiC
                                                                                                                                                                                                                    MD5:EBE7DC37F77E2EFD9D50151397B4A206
                                                                                                                                                                                                                    SHA1:1C052EC152E3689AE07F524EAFAD79AA1B54A0E6
                                                                                                                                                                                                                    SHA-256:545C0071C286974BE7CA3019BFEC3DF8B61CAE91A9D35D01FA8790960CDE674D
                                                                                                                                                                                                                    SHA-512:764E05D1A690EAE1490FAAC9EDC262DAFB18C9E19D27417975D647FC912D6AC166B39EB295CA8AAA84E92E0D7ED887BE0DB401FA68D0C5ABD6D5DDAE3FAD2722
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@..o...o...o....-..o....+.co....*..o....*..o....-..o....+..o..../..o...o/..o....'..o......o...o...o....,..o..Rich.o..................PE..L.....*a.................8...,......1........P....@.......................................@.................................x+..P....`..x....................p..0.......p...................@...........@............P..T............................text....7.......8.................. ..`.rdata.......P.......<..............@..@.data...L....@....... ..............@....rsrc...x....`.......0..............@..@.reloc..0....p... ...8..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-CAKIT.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):2751
                                                                                                                                                                                                                    Entropy (8bit):4.467321778834221
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:z9OvpbOF2EfEQIfFfy6GpDEqCJ59WXx9USCJwM930nO9X9F+D5mYktKvU2HgR2Y4:z9OJOF2EEQAFK6iFCAXx9TCCM0O9tADJ
                                                                                                                                                                                                                    MD5:F147C0098E52F132DFB35395E728F31F
                                                                                                                                                                                                                    SHA1:3C4F8B490258B2B1DB2357D52A5AA2278704033D
                                                                                                                                                                                                                    SHA-256:726314D2960985E7C45B7422DB7A698B8A1597786BB9D55755A10E001E111EE3
                                                                                                                                                                                                                    SHA-512:53977CE269344CD1CB7BB3E13058DA1238F6F73C0D3F2B4CEC227F5C2C90FACECF9ADB409B41933098DAD9EDFB47B1C9277FCC53D7F3570A0BD83739C9ABE336
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Microsoft Public License (Ms-PL)....This license governs use of the accompanying software. If you use the software, you..accept this license. If you do not accept the license, do not use the software.....1. Definitions....The terms "reproduce," "reproduction," "derivative works," and "distribution" have the..same meaning here as under U.S. copyright law.....A "contribution" is the original software, or any additions or changes to the software.....A "contributor" is any person that distributes its contribution under this license....."Licensed patents" are a contributor's patent claims that read directly on its contribution.....2. Grant of Rights....(A) Copyright Grant- Subject to the terms of this license, including the license conditions.. and limitations in section 3, each contributor grants you a non-exclusive, worldwide,.. royalty-free copyright license to reproduce its contribution, prepare derivative works.. of its contribution, and distribute its contribution or any deri

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-EB7E3.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3203856
                                                                                                                                                                                                                    Entropy (8bit):6.334153073620237
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:KEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TYc:a92bz2Eb6pd7B6bAGx7s333TX
                                                                                                                                                                                                                    MD5:E45F712F1BB2F77DBF445F2EBE2E827C
                                                                                                                                                                                                                    SHA1:96534E09FADC6DE08B5514B77FD84BECA45CFAB5
                                                                                                                                                                                                                    SHA-256:A7819C5BF97A4D627562D4B2FEE22E26812715DDB23289F32ECCAC624A28FEC1
                                                                                                                                                                                                                    SHA-512:712589C63827A7E690DCF61EBB37165AE3C5EFF2623A5803D34FB3F40F7DB2C452FE4DE1A39EB73FD323826B5F48AEACA15EF84B3D6D375F72F8C05FDA4D342D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1.....Lp1...@......@....................-......p-.29....-...............0..%....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-FKITH.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):11541
                                                                                                                                                                                                                    Entropy (8bit):4.478395466448789
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:ff9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8MHfH2:9Ou9b01DY/rGBt+dc+aclkT8MH+
                                                                                                                                                                                                                    MD5:709B849FBED7C1D770661ED722B50B28
                                                                                                                                                                                                                    SHA1:CF3EB360CD5EE4D826CD7824DF217C968946D429
                                                                                                                                                                                                                    SHA-256:721165BEEA647F4410CAFC1E68BBCB558801AA23108C86E224213929844D49E8
                                                                                                                                                                                                                    SHA-512:BDF77281946C29E7E11F09FA4BC09E4F367035EDB16D1FEC5ABCCA542B6DDFB547D2A1A916CB96D02AFA80FB0529CC5A11A658C0E9848FB3993322816138D5D4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview: Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or (

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-KBNV1.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1101
                                                                                                                                                                                                                    Entropy (8bit):5.156875998333765
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:7qtshrzJHkH0yw3gt3DQJq1hBE9QHbsUv4fOk4/+8/3oqaFN:7ushHJMlUE/BGQHbs5JK/3oDFN
                                                                                                                                                                                                                    MD5:BCE478F6FCDBAF1BE460D9905324DE03
                                                                                                                                                                                                                    SHA1:1945B5B5A4EF682E2C5FC9E150BFE82F104E481A
                                                                                                                                                                                                                    SHA-256:E037FDC22878939A48300B07CB5202AD43AD0CCA8E8EE0BA760DF99071A76B84
                                                                                                                                                                                                                    SHA-512:F6E0099DF086F955727E6D0524F773EBC678F2B4D283F1B78ACABB7827D624B4B0B9FB94E06C1EE860706207A55C540873BF4D53DA9EA3D6260631FE805C1FE3
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:MIT License....Copyright (c) 2008-2021 Charles Lechasseur....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARIS

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-LE0PK.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                                                                    Entropy (8bit):3.554942055582771
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:yZMbzW/s/RlD1ls8nDH3LHaeCLZ7CHGdTYHPLGULu6dLMSL0D1e/WeseD5RuqS:NbC/s/08n7iLZ7CHdLGIHLfLYCZvx
                                                                                                                                                                                                                    MD5:66365CC20269449F012AD06146E06A70
                                                                                                                                                                                                                    SHA1:38E39C296F95E08A5BD32DAC0985ADDE5A1DAE35
                                                                                                                                                                                                                    SHA-256:B0898AE6B0171CF80169179448E9D5A02C2ABF4E9A4032BF57B1577797898D21
                                                                                                                                                                                                                    SHA-512:3A7AE2717D5E61AB9BFDDF42911535E3971047C380A97A281974E189D2C54994A92FEBB4744BA8271F9BA96CBCD837341595E949EC6072CEDFCB1A9925C20467
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=h..y...y...y.../|~.x...y...x.../|..x...Richy...........PE..L.....*a...........!.........................................................@............@.......................................... ..h...............................p............................................................................rdata..h...........................@..@.rsrc...h.... ......................@..@......*a............p...p.........*a..........................*a........T.................*a....................RSDS.)|.>\.H..PCv......C:\Users\Charles Lechasseur\Documents\E\Projects\plex\pathcopycopy\bin\Win32\Release\PathCopyCopyLocalization_en.pdb........................GCTL....p....rdata..p........rdata$zzzdbg.... ..0....rsrc$01....0!..8....rsrc$02....................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-PNPEC.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):965632
                                                                                                                                                                                                                    Entropy (8bit):6.378136851925327
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24576:i1nGF8OgO0JrIHeFiN8qTKAgKQMerA/wDAOy:iYF8VO0J4qiN8qTKPKv4A/
                                                                                                                                                                                                                    MD5:2491C5BEDD42859749DC74E09649AF2B
                                                                                                                                                                                                                    SHA1:C2F96A4CD78A0F3C25211135E4039A16840D752C
                                                                                                                                                                                                                    SHA-256:DA59B47F42A9031DE4A479D7E24BC4DA570F7187CFB9CA1EEDEA7269C943582B
                                                                                                                                                                                                                    SHA-512:E7AA6E1FC580031EA75DCE63F1E305F95E9075FBC5997B16D6B6696F7D5B8FBEC48AFA8DA79083D028DC6E628F7CAA05134470F5896BAC752F7B6D20A6EB24E4
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9.\.W.\.W.\.W...T.V.W...R..W...S.S.W...T.V.W...R...W...S.H.W...V.E.W.\.V...W...S.^.W...R.m.W...W.].W....].W.\...].W...U.].W.Rich\.W.................PE..d.....*a.........." ................t........................................0............`.............................................h...............06...@...v..............`....(..T....................*..(....(..8............... ............................text...<........................... ..`.orpc............................... ..`.rdata..D...........................@..@.data............f..................@....pdata...v...@...x..................@..@_RDATA...............f..............@..@.rsrc...06.......8...h..............@..@.reloc..`...........................@..B........................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-Q66AU.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):23582
                                                                                                                                                                                                                    Entropy (8bit):4.9525005145406436
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:g7MHgzvK9na8EZ6SM7LZRdW2i0NiFA/b2C1A0wqTHcaQnSUMudhVnQGEQyzT84:gQHgzvKBa8IfkiA/bv1t37tBiQwy/84
                                                                                                                                                                                                                    MD5:0582795327B1823FFCCAC85AC5540840
                                                                                                                                                                                                                    SHA1:D81844CE9FEC3248B03A868A0B7448E3258E96D0
                                                                                                                                                                                                                    SHA-256:E64B59577D7724A9AA26BAE92C337890CE786B144EC1DACE9F13DEE286BF3E8C
                                                                                                                                                                                                                    SHA-512:FB082C66B18B93DDB6520158B0CB497D2D967639B9A622254972AB533F6C8D3F6A5360DB9784E7461FACD2209E8AC726F2B4BE793131A761FC1A72728B38FC0E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Version 20.0 (2021-08-28)..-------------------------..- Now requires Windows 7 SP1 at a minimum..- Now requires .NET Framework 4.8 at a minimum; installer will offer to download and install it..- Paths are now copied in alphabetical order (case-insensitively) [https://github.com/clechasseur/pathcopycopy/issues/129]..- Fixed data error when associating icons to commands in the Settings application [https://github.com/clechasseur/pathcopycopy/issues/132]..- Fixed icon scaling when using bigger icons for commands [https://github.com/clechasseur/pathcopycopy/issues/133]..- Fixed non-working paths copied when following symlink paths [https://github.com/clechasseur/pathcopycopy/issues/127]..- Fixed copying of .url paths on recent Windows 10 OSes [https://github.com/clechasseur/pathcopycopy/issues/128]..- Fixed crash when clicking in Icon column header [https://github.com/clechasseur/pathcopycopy/issues/142]..- New custom command element to display command when files and/or folders are select

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-T30I4.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):502784
                                                                                                                                                                                                                    Entropy (8bit):5.634701707176868
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:j4JXHv6ACs5+9BOunum/1XG2vVxxv23QJdhWLh:j4pHv+s5w0uksVjv2Gdhu
                                                                                                                                                                                                                    MD5:55385A5A0043FCF1BC13FAB3F8D7D488
                                                                                                                                                                                                                    SHA1:A23FA7C31EF93B123B5E982921BC395E539EBB00
                                                                                                                                                                                                                    SHA-256:125A961BFCE7EE4232765631D94E7C2D343CC9BE71B0BDAAEAC60F99D3D26D36
                                                                                                                                                                                                                    SHA-512:ED002CC03A13D3D48B843FF058A7F0A673B75BF3D24CA536A77EE876C6FBD80DB8135516A3684B8878A18712034782EB41A2B4D168A6FB55BFF7D673CA9A1C42
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*a.........."...0.................. ........@.. ....................................`....................................O.................................................................................... ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......<P..............(!..h............................................0..v.......s.......(....&.{%.....E................+..(y...+..(y...+.(w...(y...+.(w...(y...( ....(!...s......o......("...- .(#.....($.....o%...($.....o&......,..o'.....{&...,P.r...p..s(.......-.....s........s.....o....&....&......,...o'......,...o'.....rO..p..s(.......-..m.{'...-.s~...(|...s........o....,.(....(.......()...&.6....,...o'....s-.......(*.......,...o'......,...o'....*...X....`.1...........

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\is-UJC4A.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):275968
                                                                                                                                                                                                                    Entropy (8bit):6.292217574316531
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:su6D4MKxxIC9Xs64TOJuVAiQohT4xyPs:MD4MOx98bTO8A7oO
                                                                                                                                                                                                                    MD5:98A81DDF63DBBC605ABEABABC035AE76
                                                                                                                                                                                                                    SHA1:EC1B900F4DF25DE6CD435755584BA05E489AB411
                                                                                                                                                                                                                    SHA-256:D98805632D58A80057EEC41161B5A3E1CFD5161F56912DE2135A7C2C13CE9372
                                                                                                                                                                                                                    SHA-512:41D84D273DD0B9EF89552B135F49804958D81BF94EC6AB64A0F131467E42E6C6F0800CA6F7C03138A47A735E17B992C616A45E460EF5A13CAFE343E9C8567D3D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D..f*.f*.f*...).f*.....f*.../..f*.....f*...).f*.../..f*...+.f*.f+..f*...#.f*.....f*.f..f*...(.f*.Rich.f*.........................PE..d.....*a..........".................(..........@..........................................`.....................................................P....p..x....0...$.....................p.......................(...`...8............................................text............................... ..`.rdata..,8.......:..................@..@.data...L-..........................@....pdata...$...0...&..................@..@_RDATA.......`......."..............@..@.rsrc...x....p.......$..............@..@.reloc...............,..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\unins000.dat

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:InnoSetup Log 64-bit Path Copy Copy {3C01F274-867C-4D1D-BE8C-CB488C31B0C9}, version 0x418, 34001 bytes, 936905\37\user, C:\Program Files\Path Copy Copy\376\377\37
                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                    Size (bytes):34001
                                                                                                                                                                                                                    Entropy (8bit):4.071255190613431
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:384:OFUji8H3JEl/S/cjS49g9d9F9S9l9Gkqczcf4zOv5bPIOiymRr00ZCvW+CQKFnaA:OYvcjS4mj3s7kkqSnzAbkpRr0eV
                                                                                                                                                                                                                    MD5:A6D8B3BF7225D94CA5F8E4C129FD3C2A
                                                                                                                                                                                                                    SHA1:37386E96BE7F0C9D34E6EE272A04E1CDD4320FDA
                                                                                                                                                                                                                    SHA-256:D4771D86D0C25F45EF402861D66E74A31E0526DC2A92EE9419B2C9AC1F3D9268
                                                                                                                                                                                                                    SHA-512:CFD37FAFF93767C48D370463E31B3A26ACB227C537A56ED725AA629855AF439C64AED5B62553168D4215672FEAB6984761E0CAD8903EAFE634A50530F5D5BD1C
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Inno Setup Uninstall Log (b) 64-bit.............................{3C01F274-867C-4D1D-BE8C-CB488C31B0C9}..........................................................................................Path Copy Copy......................................................................................................................X......................................................................................................................N0.G.........J.k...............9.3.6.9.0.5......f.r.o.n.t.d.e.s.k......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.a.t.h. .C.o.p.y. .C.o.p.y....................... ......L.......IFPS....)...;....................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TINPUTOPTIONWIZARDPAGE....TINPUTOPTIONWIZARDPAGE...

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\unins000.exe (copy)

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3203856
                                                                                                                                                                                                                    Entropy (8bit):6.334153073620237
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:KEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TYc:a92bz2Eb6pd7B6bAGx7s333TX
                                                                                                                                                                                                                    MD5:E45F712F1BB2F77DBF445F2EBE2E827C
                                                                                                                                                                                                                    SHA1:96534E09FADC6DE08B5514B77FD84BECA45CFAB5
                                                                                                                                                                                                                    SHA-256:A7819C5BF97A4D627562D4B2FEE22E26812715DDB23289F32ECCAC624A28FEC1
                                                                                                                                                                                                                    SHA-512:712589C63827A7E690DCF61EBB37165AE3C5EFF2623A5803D34FB3F40F7DB2C452FE4DE1A39EB73FD323826B5F48AEACA15EF84B3D6D375F72F8C05FDA4D342D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1.....Lp1...@......@....................-......p-.29....-...............0..%....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                    C:\Program Files\Path Copy Copy\unins000.msg

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):24097
                                                                                                                                                                                                                    Entropy (8bit):3.2749730459064845
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:192:b1EjNSCkf3SCqsTr6CCPanAG1tznL7VF+Iqfc51U5YQDztXfbKJG/Bfvo:b1EK6CHr6fSX+7Q1U5YQDztB/B3o
                                                                                                                                                                                                                    MD5:313D0CC5D1A64D2565E35937991775A6
                                                                                                                                                                                                                    SHA1:B8ACB11878C485865C9E4679248E53B83A8F3AD4
                                                                                                                                                                                                                    SHA-256:5ED0233C0922E9F20307315E24B4F33C3D56AB9F42B2F75AE91E7A27FD313B66
                                                                                                                                                                                                                    SHA-512:7C2DB4A3A4A8DF09F8119A7BA4CA9EBFE562F0A34D431928344E21A5853931EEFBFD910DC4026C6788AC22423BBB125F2B700326D8A1D82B134E2B486C3D0684
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Inno Setup Messages (6.0.0) (u)......................................]..+..... .C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                                                                                                                    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path Copy Copy\Path Copy Copy Settings.lnk

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Feb 7 14:12:23 2024, mtime=Wed Feb 7 14:12:23 2024, atime=Sat Aug 28 20:38:18 2021, length=502784, window=hide
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1035
                                                                                                                                                                                                                    Entropy (8bit):4.556927793726191
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:8moWMdq89XhyA5H1XdIPqdIUxJ1JX7q1m:8mGdq83R5HhdIPqdIsJ1JLG
                                                                                                                                                                                                                    MD5:04219C1212EE5B2C1F216A6525B69526
                                                                                                                                                                                                                    SHA1:7ADC069A58C000E854ECA788356267A01E989A31
                                                                                                                                                                                                                    SHA-256:E42AA0F70F5ABC35B71EACA2AB0A13F890C75F1D1F78FF4A851AEC99F5CCDDB4
                                                                                                                                                                                                                    SHA-512:301719EFC1E7BC2B15459A7A95A86654423D8704E1968CF9D31307FA2FEEB0A22AE664BE076E3294E98C74587FDD4DECC17E6A44A83E85124924BDB54DBA8654
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:L..................F.... ...0.p..Y...vu..Y...A..U................................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.IEW.>....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....f.1.....GX.y..PATHCO~1..N......GX.yGX.y............................C.P.a.t.h. .C.o.p.y. .C.o.p.y.....~.2......S. .PATHCO~1.EXE..b......GX.yGX.y..............................P.a.t.h.C.o.p.y.C.o.p.y.S.e.t.t.i.n.g.s...e.x.e.......g...............-.......f...........lq.y.....C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe..G.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.a.t.h. .C.o.p.y. .C.o.p.y.\.P.a.t.h.C.o.p.y.C.o.p.y.S.e.t.t.i.n.g.s...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.P.a.t.h. .C.o.p.y. .C.o.p.y.`.......X.......936905...........hT..CrF.f4... ..../Tc...,......hT..CrF.f4... ..../Tc...,..............>...1SPSU(L.y.9K....-.........................................9...1SPS..mD..pH.H@..=x.....h.

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PathCopyCopySettings.exe.log

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe
                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):1281
                                                                                                                                                                                                                    Entropy (8bit):5.370111951859942
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                                                                                                                                                                                                                    MD5:12C61586CD59AA6F2A21DF30501F71BD
                                                                                                                                                                                                                    SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                                                                                                                                                                                                                    SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                                                                                                                                                                                                                    SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\PathCopyCopy20.0.exe
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                    Size (bytes):3203856
                                                                                                                                                                                                                    Entropy (8bit):6.334153073620237
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:49152:KEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TYc:a92bz2Eb6pd7B6bAGx7s333TX
                                                                                                                                                                                                                    MD5:E45F712F1BB2F77DBF445F2EBE2E827C
                                                                                                                                                                                                                    SHA1:96534E09FADC6DE08B5514B77FD84BECA45CFAB5
                                                                                                                                                                                                                    SHA-256:A7819C5BF97A4D627562D4B2FEE22E26812715DDB23289F32ECCAC624A28FEC1
                                                                                                                                                                                                                    SHA-512:712589C63827A7E690DCF61EBB37165AE3C5EFF2623A5803D34FB3F40F7DB2C452FE4DE1A39EB73FD323826B5F48AEACA15EF84B3D6D375F72F8C05FDA4D342D
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                                                    Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1.....Lp1...@......@....................-......p-.29....-...............0..%....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-TJ7N7.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):6144
                                                                                                                                                                                                                    Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                    MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                    SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                    SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                    SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Entropy (8bit):7.682010226986513
                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                                    • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                    • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                    • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                    File name:PathCopyCopy20.0.exe
                                                                                                                                                                                                                    File size:2'492'160 bytes
                                                                                                                                                                                                                    MD5:77b6af6ca0463c866d60a2fdc3dd7010
                                                                                                                                                                                                                    SHA1:62bc4583d346021411dc7a7d04880123682da2de
                                                                                                                                                                                                                    SHA256:1cd49bdd01d4543a3022a09bc4f638a6faa1637f5aa1664e2c456a02c42dc3e1
                                                                                                                                                                                                                    SHA512:bb8fa4a0842babd8967689f4b2c4ccb385795d9fe58a2c671ab8045d621507432c7fb3faf3b7c2014fb46b8c64e0abf330ac8fc13cfab471021effff104b09a2
                                                                                                                                                                                                                    SSDEEP:24576:N4nXubIQGyxbPV0db26WGeLILZDqJpQieVh9O8Fki4ir5WBgI9+3ttctJRFRVGLf:Nqe3f6eKDkcIKx569+3ttctJRrAm0VP
                                                                                                                                                                                                                    TLSH:5DB5E13BF268A13EC45A1B3245B39260987BBA55A81A8C1F07FC384DCF765701E3F656
                                                                                                                                                                                                                    File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                    Icon Hash:0c0c2d33ceec80aa

                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Entrypoint:0x4b5eec
                                                                                                                                                                                                                    Entrypoint Section:.itext
                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                    Time Stamp:0x60B88E27 [Thu Jun 3 08:09:11 2021 UTC]
                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                    OS Version Major:6
                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                    File Version Major:6
                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                    Subsystem Version Major:6
                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                    Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                    Signature Valid:true
                                                                                                                                                                                                                    Signature Issuer:CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
                                                                                                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                    Error Number:0
                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                    • 14/12/2020 09:57:11 14/12/2021 09:57:11
                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                    • E=shiftingbeard@gmx.com, CN="Open Source Developer, Charles Lechasseur", O=Open Source Developer, S=Quebec, C=CA
                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                    Thumbprint MD5:B3ECF06DA07F96EA540C44B4CAC2172F
                                                                                                                                                                                                                    Thumbprint SHA-1:4A64E49AA58F1097EA3A42C2D9287CABE78B4961
                                                                                                                                                                                                                    Thumbprint SHA-256:8BCDB855308D486A24C9550D7C988EA231D274F813FED378D943D66404216DF0
                                                                                                                                                                                                                    Serial:5D50DA6CA4BC60561617B20D3C77E787

                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                    add esp, FFFFFFA4h
                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                    mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                    mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                    mov eax, 004B10F0h
                                                                                                                                                                                                                    call 00007EFD18CFD505h
                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    push 004B65E2h
                                                                                                                                                                                                                    push dword ptr fs:[eax]
                                                                                                                                                                                                                    mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                    xor edx, edx
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    push 004B659Eh
                                                                                                                                                                                                                    push dword ptr fs:[edx]
                                                                                                                                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                    mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                    call 00007EFD18D9FC2Fh
                                                                                                                                                                                                                    call 00007EFD18D9F782h
                                                                                                                                                                                                                    lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                    call 00007EFD18D12F78h
                                                                                                                                                                                                                    mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                    mov eax, 004C1D84h
                                                                                                                                                                                                                    call 00007EFD18CF80F7h
                                                                                                                                                                                                                    push 00000002h
                                                                                                                                                                                                                    push 00000000h
                                                                                                                                                                                                                    push 00000001h
                                                                                                                                                                                                                    mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                    mov dl, 01h
                                                                                                                                                                                                                    mov eax, dword ptr [004237A4h]
                                                                                                                                                                                                                    call 00007EFD18D13FDFh
                                                                                                                                                                                                                    mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                    xor edx, edx
                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                    push 004B654Ah
                                                                                                                                                                                                                    push dword ptr fs:[edx]
                                                                                                                                                                                                                    mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                    call 00007EFD18D9FCB7h
                                                                                                                                                                                                                    mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                    mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                    cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                    jne 00007EFD18DA629Ah
                                                                                                                                                                                                                    mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                    mov edx, 00000028h
                                                                                                                                                                                                                    call 00007EFD18D148D4h
                                                                                                                                                                                                                    mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x10e00.rsrc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x25e1f00x2510
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                    .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                    .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .rsrc0xc70000x10e000x10e007e69448dc7177702f0f2a730bd09c5a3False0.18972800925925926data3.7147920122978357IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                    RT_ICON0xc76780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                                                                                                                                                                                    RT_ICON0xc80e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                                                                                                                                                                                    RT_ICON0xc87480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                                                                                                                                                                                    RT_ICON0xc8a300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                                                                                                                                                                                    RT_ICON0xc8b580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                                                                                                                                                                                    RT_ICON0xca1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                                                                                                                                                                                    RT_ICON0xcb0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                                                                                                                                                                                    RT_ICON0xcb8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                                                                                                                                                                                    RT_ICON0xcbe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                                                                                                                                                                                    RT_ICON0xcd1200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                                                                                                                                                                                    RT_ICON0xd13480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                                                                                                                                                                                    RT_ICON0xd38f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                                                                                                                                                                                    RT_ICON0xd49980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                                                                                                                                    RT_STRING0xd4e000x360data0.34375
                                                                                                                                                                                                                    RT_STRING0xd51600x260data0.3256578947368421
                                                                                                                                                                                                                    RT_STRING0xd53c00x45cdata0.4068100358422939
                                                                                                                                                                                                                    RT_STRING0xd581c0x40cdata0.3754826254826255
                                                                                                                                                                                                                    RT_STRING0xd5c280x2d4data0.39226519337016574
                                                                                                                                                                                                                    RT_STRING0xd5efc0xb8data0.6467391304347826
                                                                                                                                                                                                                    RT_STRING0xd5fb40x9cdata0.6410256410256411
                                                                                                                                                                                                                    RT_STRING0xd60500x374data0.4230769230769231
                                                                                                                                                                                                                    RT_STRING0xd63c40x398data0.3358695652173913
                                                                                                                                                                                                                    RT_STRING0xd675c0x368data0.3795871559633027
                                                                                                                                                                                                                    RT_STRING0xd6ac40x2a4data0.4275147928994083
                                                                                                                                                                                                                    RT_RCDATA0xd6d680x10data1.5
                                                                                                                                                                                                                    RT_RCDATA0xd6d780x2c4data0.6384180790960452
                                                                                                                                                                                                                    RT_RCDATA0xd703c0x2cdata1.2045454545454546
                                                                                                                                                                                                                    RT_GROUP_ICON0xd70680xbcdataEnglishUnited States0.6170212765957447
                                                                                                                                                                                                                    RT_VERSION0xd71240x584dataEnglishUnited States0.32082152974504247
                                                                                                                                                                                                                    RT_MANIFEST0xd76a80x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                    kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                    comctl32.dllInitCommonControls
                                                                                                                                                                                                                    version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                    user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                    oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                    netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                    advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                    Exports

                                                                                                                                                                                                                    NameOrdinalAddress
                                                                                                                                                                                                                    TMethodImplementationIntercept30x454060
                                                                                                                                                                                                                    __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                    dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.576508045 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.576553106 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.576670885 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.603846073 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.603868961 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.818152905 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.818301916 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.823370934 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.823385954 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.823713064 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.874480009 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.955777884 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.997906923 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059209108 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059278965 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059312105 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059323072 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059336901 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059367895 CET44349708185.199.109.133192.168.2.7
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059381008 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.059407949 CET49708443192.168.2.7185.199.109.133
                                                                                                                                                                                                                    Feb 7, 2024 14:29:19.075401068 CET49708443192.168.2.7185.199.109.133

                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.444377899 CET6286853192.168.2.71.1.1.1
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.561917067 CET53628681.1.1.1192.168.2.7

                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.444377899 CET192.168.2.71.1.1.10x8deeStandard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.561917067 CET1.1.1.1192.168.2.70x8deeNo error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.561917067 CET1.1.1.1192.168.2.70x8deeNo error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.561917067 CET1.1.1.1192.168.2.70x8deeNo error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Feb 7, 2024 14:29:18.561917067 CET1.1.1.1192.168.2.70x8deeNo error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false

                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                    • raw.githubusercontent.com

                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    0192.168.2.749708185.199.109.1334433260C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-02-07 13:29:18 UTC121OUTGET /clechasseur/pcc-updates/master/UpdateInfo2.xml HTTP/1.1
                                                                                                                                                                                                                    Host: raw.githubusercontent.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    2024-02-07 13:29:19 UTC898INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Content-Length: 3447
                                                                                                                                                                                                                    Cache-Control: max-age=300
                                                                                                                                                                                                                    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                    ETag: "def54a5e24fb59abfeee1118f5876eb9a58af23a667f511b4bfa569701835c5f"
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                    X-Frame-Options: deny
                                                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                    X-GitHub-Request-Id: 4ADE:395C:356444:3F9FEC:65C34C20
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    Date: Wed, 07 Feb 2024 13:29:19 GMT
                                                                                                                                                                                                                    Via: 1.1 varnish
                                                                                                                                                                                                                    X-Served-By: cache-pdk-kfty2130030-PDK
                                                                                                                                                                                                                    X-Cache: HIT
                                                                                                                                                                                                                    X-Cache-Hits: 1
                                                                                                                                                                                                                    X-Timer: S1707312559.010899,VS0,VE1
                                                                                                                                                                                                                    Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                    X-Fastly-Request-ID: 0f70d68af10fead6b31349d20fd5c9129071acf3
                                                                                                                                                                                                                    Expires: Wed, 07 Feb 2024 13:34:19 GMT
                                                                                                                                                                                                                    Source-Age: 192
                                                                                                                                                                                                                    2024-02-07 13:29:19 UTC1378INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 53 6f 66 74 77 61 72 65 55 70 64 61 74 65 43 6f 6c 6c 65 63 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 70 61 74 68 63 6f 70 79 63 6f 70 79 2e 63 6f 64 65 70 6c 65 78 2e 63 6f 6d 2f 78 73 64 2f 53 6f 66 74 77 61 72 65 55 70 64 61 74 65 2f 56 32 22 0a 20 20 20 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 0a 20 20 20 20 78 73 69 3a 73 63 68 65 6d 61 4c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 3a 2f 2f 70 61 74 68 63 6f 70 79 63 6f 70 79 2e 63 6f 64 65 70 6c 65 78 2e 63 6f 6d 2f 78 73 64 2f 53 6f 66 74 77 61 72 65
                                                                                                                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><SoftwareUpdateCollection xmlns="http://pathcopycopy.codeplex.com/xsd/SoftwareUpdate/V2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pathcopycopy.codeplex.com/xsd/Software
                                                                                                                                                                                                                    2024-02-07 13:29:19 UTC1378INData Raw: 20 20 20 20 20 20 20 3c 56 65 72 73 69 6f 6e 3e 31 39 2e 30 2e 30 2e 30 3c 2f 56 65 72 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 65 71 75 69 72 65 64 57 69 6e 64 6f 77 73 56 65 72 73 69 6f 6e 3e 36 2e 30 2e 30 2e 30 3c 2f 52 65 71 75 69 72 65 64 57 69 6e 64 6f 77 73 56 65 72 73 69 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 49 6e 73 74 61 6c 6c 53 6f 75 72 63 65 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 72 69 6e 67 3e 49 6e 6e 6f 3c 2f 73 74 72 69 6e 67 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 49 6e 73 74 61 6c 6c 53 6f 75 72 63 65 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4e 61 6d 65 3e 31 39 2e 30 3c 2f 4e 61 6d 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 55 72 6c 3e 68 74 74 70 73 3a 2f
                                                                                                                                                                                                                    Data Ascii: <Version>19.0.0.0</Version> <RequiredWindowsVersion>6.0.0.0</RequiredWindowsVersion> <InstallSources> <string>Inno</string> </InstallSources> <Name>19.0</Name> <Url>https:/
                                                                                                                                                                                                                    2024-02-07 13:29:19 UTC691INData Raw: 20 20 3c 52 65 6c 65 61 73 65 4e 6f 74 65 73 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 72 69 6e 67 3e 3c 21 5b 43 44 41 54 41 5b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 4e 65 77 20 6d 69 6e 6f 72 20 72 65 6c 65 61 73 65 20 77 69 74 68 20 69 6d 70 72 6f 76 65 6d 65 6e 74 73 20 61 6e 64 20 62 75 67 20 66 69 78 65 73 2c 20 6d 6f 73 74 20 6e 6f 74 61 62 6c 79 3a 3c 2f 70 3e 0a 09 09 09 09 3c 75 6c 3e 0a 09 09 09 09 20 20 3c 6c 69 3e 4e 65 77 20 70 72 65 76 69 65 77 20 62 6f 78 20 77 68 65 6e 20 65 64 69 74 69 6e 67 20 63 75 73 74 6f 6d 20 63 6f 6d 6d 61 6e 64 73 3c 2f 6c 69 3e 0a 09 09 09 09 20 20 3c 6c 69 3e 44 69 61 6c 6f 67 73 20 75 73 65 64 20 74 6f 20 65 64 69 74 20 63 75 73 74 6f 6d 20 63 6f 6d 6d 61 6e 64 73 20
                                                                                                                                                                                                                    Data Ascii: <ReleaseNotes> <string><![CDATA[ <p>New minor release with improvements and bug fixes, most notably:</p><ul> <li>New preview box when editing custom commands</li> <li>Dialogs used to edit custom commands


                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                    Start time:14:28:35
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\PathCopyCopy20.0.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\PathCopyCopy20.0.exe
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    File size:2'492'160 bytes
                                                                                                                                                                                                                    MD5 hash:77B6AF6CA0463C866D60A2FDC3DD7010
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                    Start time:14:28:36
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Users\user~1\AppData\Local\Temp\is-5RK7F.tmp\PathCopyCopy20.0.tmp" /SL5="$20400,1627748,831488,C:\Users\user\Desktop\PathCopyCopy20.0.exe"
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    File size:3'203'856 bytes
                                                                                                                                                                                                                    MD5 hash:E45F712F1BB2F77DBF445F2EBE2E827C
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                    • Detection: 3%, ReversingLabs
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                    Start time:16:12:24
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC32.dll
                                                                                                                                                                                                                    Imagebase:0xa50000
                                                                                                                                                                                                                    File size:20'992 bytes
                                                                                                                                                                                                                    MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                    Start time:16:12:24
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:C:\Windows\system32\regsvr32.exe" /s /n /i "C:\Program Files\Path Copy Copy\PCC64.dll
                                                                                                                                                                                                                    Imagebase:0x7ff6db910000
                                                                                                                                                                                                                    File size:25'088 bytes
                                                                                                                                                                                                                    MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                    Start time:16:12:24
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisions
                                                                                                                                                                                                                    Imagebase:0x7ff733a30000
                                                                                                                                                                                                                    File size:71'680 bytes
                                                                                                                                                                                                                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                    Start time:16:12:25
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"rundll32.exe" "C:\Program Files\Path Copy Copy\PCC32.dll",ApplyGlobalRevisions
                                                                                                                                                                                                                    Imagebase:0x50000
                                                                                                                                                                                                                    File size:61'440 bytes
                                                                                                                                                                                                                    MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                    Start time:16:12:25
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"rundll32.exe" "C:\Program Files\Path Copy Copy\PCC64.dll",ApplyGlobalRevisions
                                                                                                                                                                                                                    Imagebase:0x7ff733a30000
                                                                                                                                                                                                                    File size:71'680 bytes
                                                                                                                                                                                                                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    General

                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                    Start time:16:12:30
                                                                                                                                                                                                                    Start date:07/02/2024
                                                                                                                                                                                                                    Path:C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:"C:\Program Files\Path Copy Copy\PathCopyCopySettings.exe" /frompcc /bitness:x64 /updatecheck
                                                                                                                                                                                                                    Imagebase:0x1fa87140000
                                                                                                                                                                                                                    File size:502'784 bytes
                                                                                                                                                                                                                    MD5 hash:55385A5A0043FCF1BC13FAB3F8D7D488
                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                      Function 00007FFAAC3659D1 Relevance: 1.0, Instructions: 974COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 82ecf3932ab50378d72de05207ae7bcc84b1cf8d49dd92f8472b54af581fdeb3
                                                                                                                                                                                                                      • Instruction ID: b71d5e8372731fb44aec50b0538c804398f06bd72882ff5b71fd9e149485296d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82ecf3932ab50378d72de05207ae7bcc84b1cf8d49dd92f8472b54af581fdeb3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1624D34619E09CFEB94EB29C494EAAB7E1FF59300B4445B9E04FC75A2DE29EC44CB50
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC362339 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                      • API String ID: 0-336475711
                                                                                                                                                                                                                      • Opcode ID: ab6d508b4d872777302710459a624ba34f84502728db8af4c003ea83691e678a
                                                                                                                                                                                                                      • Instruction ID: c83f3536b687c985d44f9d6768dbac86dee4f95558b0bd55bd3b3aaf932f3ffd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab6d508b4d872777302710459a624ba34f84502728db8af4c003ea83691e678a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BB15770A0DF498FE7599B2C8455A7AF7D0EF46310F1181BEE48EC3193ED29E8468391
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC36193A Relevance: .4, Instructions: 444COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e75098223939406cb39138b6454aea25c85736fb5ab725c2b79ba7f55d9ab60b
                                                                                                                                                                                                                      • Instruction ID: 7a1419e9c0a7ac28e02346ead42368e701aba61c82bbbb82baf557254ad6c47f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e75098223939406cb39138b6454aea25c85736fb5ab725c2b79ba7f55d9ab60b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37D1F631A0DE49CFEB98EB2CC455A7AB7E1FF56300B0441A9D14EC72A6DE24EC46C791
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC365A35 Relevance: .4, Instructions: 385COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: d9af5bea22e9b0a3121c34c86b8de91842fb2ef1e99331fcb08eb01450d0a168
                                                                                                                                                                                                                      • Instruction ID: aa0d2f025615702916e5913a9f0184d5bb9d841fa3a42a30d29ccaaaf65ef4c8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9af5bea22e9b0a3121c34c86b8de91842fb2ef1e99331fcb08eb01450d0a168
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68D12D30619D09CFEE94EB2CC094F69B7E2FF59300B5545B9E04ECB6A2DA29EC45CB41
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3633DB Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3d3ccf52911721be637b6845b8a2b12bf41c78417737d5e229d610c956c31379
                                                                                                                                                                                                                      • Instruction ID: 46891c6322f8582e0b07b86a39a9af8d773df80bf07502616900ab4e3c61214e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d3ccf52911721be637b6845b8a2b12bf41c78417737d5e229d610c956c31379
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DA17230A09A4D8FEB94EB68C455ABAB7E1FF59310F1440B9D40ED7292DE39EC46C790
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3612AD Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5b0fe27e853dfc1e291b2b2e213b7a0f819ec6715a043197a84b937eab78f133
                                                                                                                                                                                                                      • Instruction ID: 477c7f2f43d1217b960a7b9ff3a3eb08621123439d0122477c73c51bb7f178de
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b0fe27e853dfc1e291b2b2e213b7a0f819ec6715a043197a84b937eab78f133
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A711321E09E498FFB94E76890566BEFBE1EF8A340F44817AD14ED32C2DD299C0643D1
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC36488F Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 17ad4df0f557129a12055ed4a80fb2cfd5dbd764dd4fce33345c9d0063c22e3c
                                                                                                                                                                                                                      • Instruction ID: b7f8cffc2a2e4d03f7686932d5c380b296b0a363a1c21d44acaaa7d6876b3c45
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17ad4df0f557129a12055ed4a80fb2cfd5dbd764dd4fce33345c9d0063c22e3c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B711462E0EE9A9FF3A5D768482556AFBD1EF43210B0980BAC04DD7293FD19DC0A43D1
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC360A68 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a661006de3925541095d1e795ecdb4a5a053db9a0f0723f4fe5cf49a6d6bc8e4
                                                                                                                                                                                                                      • Instruction ID: 8ddf54b07075b11ab037dfac21ff8db0f58e3e0540e2a106b5cffba9692be91b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a661006de3925541095d1e795ecdb4a5a053db9a0f0723f4fe5cf49a6d6bc8e4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39616921A1DE8A8FF795D738C055E76F7E1EF55200B54C2BAC04EC71A6DE2DE8498390
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361EC0 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: df45617fd3fe2479cd0a85331c7880e09ba9c87060fda6f6336d3ee316771983
                                                                                                                                                                                                                      • Instruction ID: 85b9a0e254b763820ba8ac336979787b1a691a32b5718f9e96434336c8e38109
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df45617fd3fe2479cd0a85331c7880e09ba9c87060fda6f6336d3ee316771983
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33414721A1DE4A8FE755E738C050E77F7E1EF96210B44C6BAD04FC71A6DE29E8098390
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361000 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bb227e302388a82d3ac5818a2b754806beed7ff1634ef02b90be83c66b40eadb
                                                                                                                                                                                                                      • Instruction ID: 84e89dcb8c7bbc3ae24d3dda7c515916615f7e169254ab82e78259615e715f7d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb227e302388a82d3ac5818a2b754806beed7ff1634ef02b90be83c66b40eadb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD41F521A19E4A8FE754E728C054E77F3E1EF95310B54C679D04FC7196DE29E8498390
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361020 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: ac3804e6a8e0190b2f843435645b25f4875ece8a202cdbd08b721a76ead14cc5
                                                                                                                                                                                                                      • Instruction ID: 0ba78953f34e7989474643cc1564234c1e6b7ca898133953bfeb2f5cf58955b9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac3804e6a8e0190b2f843435645b25f4875ece8a202cdbd08b721a76ead14cc5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE410B30608D488FEBA4EB1CD448F66F7E1EF99311B1545A9E44EC72B2CA65EC85CB40
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361018 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6543419c7ae119b4fbb87bc475ac8592e106ff94778a7e94e1df48eeb72f03ab
                                                                                                                                                                                                                      • Instruction ID: ba703c69aed7d62cf55ea94767905d6f31162c6da9d5c1b0e52fd6a193b05ccf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6543419c7ae119b4fbb87bc475ac8592e106ff94778a7e94e1df48eeb72f03ab
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E31D631609E488FEB94EB2CD449BA6F7E0EF59310F1545FAD44EC71A2CA65EC85C780
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3621D5 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: ad0f6aeab8e97c515128cc1e072924012c731fc7b3e6ca9d2110dfa89e4cb871
                                                                                                                                                                                                                      • Instruction ID: 581573685c415c91f440e2f59dca9b34a2f7a3f989be65d6cb2617f1b9363de7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad0f6aeab8e97c515128cc1e072924012c731fc7b3e6ca9d2110dfa89e4cb871
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A41A271909A49CFEF88DF1888519B9BBE1FF56301B0540AAE44DD7192CA39D908C751
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361854 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 86e880ed7f2bee42ec9c6040cdc3e35b5b8311e323cf4d962351a4c231d8752d
                                                                                                                                                                                                                      • Instruction ID: 98653ba40be81e5fb1199249f3c77e1f93ccb2eab635047796a2bca89795da5c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86e880ed7f2bee42ec9c6040cdc3e35b5b8311e323cf4d962351a4c231d8752d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC21F143B1EECE8FF395A66C68665B6BBD0DB5A260B1481FBD04DC7287DC049C0983D1
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361790 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2d0f0c88039d82c48b7fe39ea392e2c4423654bb16d22e76bfd06b327fa30e3e
                                                                                                                                                                                                                      • Instruction ID: e9eb3c4b961fada05e5f5e324232b0bd56d30b9801cf335ca0081a48972bb2d2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d0f0c88039d82c48b7fe39ea392e2c4423654bb16d22e76bfd06b327fa30e3e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7311A624CF6D25FE30753701C668E2BFA8894322571E81E7D498CB5A3C50D9A5BC3A2
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3612BA Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 877366a88035df033447a2cc908116b6bc5bb7467383f67ecdeb3f0a02ccbaf7
                                                                                                                                                                                                                      • Instruction ID: 0236299ab066f35d94c8896e8b65bd314902e4c8b7920c6548d888889bd7d48d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 877366a88035df033447a2cc908116b6bc5bb7467383f67ecdeb3f0a02ccbaf7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D21D522A0EFD98FE752976C98545EABFA0EF57321B0842F7C089D7193DD189C0983D5
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC364B99 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4ae2729770e144345a20ad2af92e8b0ef322c5cc52a54dce6aaea75069503c16
                                                                                                                                                                                                                      • Instruction ID: 2eea7cca27b4b872a8d5c8b794a597bc1c2bd272919c23d95e9da935b245ae2c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ae2729770e144345a20ad2af92e8b0ef322c5cc52a54dce6aaea75069503c16
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC310A6290EB8A5FE782A778445A5A9BFE0EF17210B0644FBD089C71E3E91C4D4EC751
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC36675E Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 978e3b1a952d80323f22fa8b9ece6bd514ab34253d2d091653647a264ec6fb57
                                                                                                                                                                                                                      • Instruction ID: 3d948025e51a06d321922cbe7655e64eaa9fcc664e35167ab4490c52b6b3f976
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 978e3b1a952d80323f22fa8b9ece6bd514ab34253d2d091653647a264ec6fb57
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7521056460EF865FF796933944659A7FFF1EF4711071980FAC08ACB1A6D92CC84A8381
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC362C81 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6a11d0f646fe1489e213aca16bc48bf8295c3503b7ebd355138b2131c6341bb6
                                                                                                                                                                                                                      • Instruction ID: 53cae4ee381fe897523264cfcec4ad69e139f86da40dd98728386e4fe3413123
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a11d0f646fe1489e213aca16bc48bf8295c3503b7ebd355138b2131c6341bb6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC31EA7151EB868FE756EB748456A96FFE0EF42320B0584FEC08ACB0F2D52D944A8750
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC360698 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 66edc602a8132b0ef43bdd24400f5a429ebf4ed12985bfdb6cffb044ccbe8638
                                                                                                                                                                                                                      • Instruction ID: 8906dfd85b72dff53a2dcc798e2c4e38ca693d755bd975bc1d2dfc0452523e07
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66edc602a8132b0ef43bdd24400f5a429ebf4ed12985bfdb6cffb044ccbe8638
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A931F53051EB869FE756EB34845AE56FBE0EF42320B0584FEC08AC71B2D92D984B8750
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC366901 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5606afec000be6de65ac591a91031a4d7f9b3d24515abad83d4b7373832aa1de
                                                                                                                                                                                                                      • Instruction ID: a180918cdcd3f707be24d4efd9311931b9c50e556c612007ccf8d1c61cc673c8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5606afec000be6de65ac591a91031a4d7f9b3d24515abad83d4b7373832aa1de
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A321FB25D0EF868FF7A58B264854A62EFF0DF4659070881BDC48EC7192D42CDD4D4BE1
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3612FA Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a804398b1c6175de22769a0e2a467fd5ff6c3aa27467970677bcbf90c2cc3c20
                                                                                                                                                                                                                      • Instruction ID: 39045a16c8a72735e51d93034bea9bb5ef5335bddc1d2491a09d59c656bcff6a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a804398b1c6175de22769a0e2a467fd5ff6c3aa27467970677bcbf90c2cc3c20
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0111B43290EF994FE756A76894606EABFA1EF47320F0842E7C049D7293DD14AC0883D5
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC366864 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 62686b36e04dcabbe5417eeb869637e816a07007d7acc10da8a9e0df292bb93c
                                                                                                                                                                                                                      • Instruction ID: cfe491bf9ac60beebc1bf977b2e3ff37c1cc402060a3f312cb9642d2df4763fc
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62686b36e04dcabbe5417eeb869637e816a07007d7acc10da8a9e0df292bb93c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B11C415F0BE1B4BF6E5933E5415A76E1F1EF85290B8481BAC80DC3295ED2CEC4942D0
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC362D7F Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 48a71f8733634ff2b1690369ed03b7beab242ff7b12e5338ba53985330020dea
                                                                                                                                                                                                                      • Instruction ID: 6bf4ab2c22ec62ff7807de4ce138ab05278f6800dd83f7d660eac2d75a28c9f1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48a71f8733634ff2b1690369ed03b7beab242ff7b12e5338ba53985330020dea
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C21DE7061AB868FEB86AB34C055D96F7E1FF4631035485BDC08BC71A6DA2DE80AC740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3613AE Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 728bf0cb2604da274d71890588762a718474615dda4044edb0aebb0ed396dae7
                                                                                                                                                                                                                      • Instruction ID: a21c905adf083bb00c88d2ea20a487c92bf47682c28fbdf3e43cfb42ade88aed
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 728bf0cb2604da274d71890588762a718474615dda4044edb0aebb0ed396dae7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2911B162E19D5A8FF799A778840A7BDB2E1EF59640F084079D40ED32D2DE2E98064380
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361466 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 45a45a4e72cbd78144e228d0e8893bc66e475cadfe57b172cf7087934a4f8ee5
                                                                                                                                                                                                                      • Instruction ID: 424d1d6a008b70c4c84f66e9126ef64abed57c9178267d555d7b7fe7f958b736
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45a45a4e72cbd78144e228d0e8893bc66e475cadfe57b172cf7087934a4f8ee5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E118F21E1EE5ACFFB96D76854526BEF6E1EF46250F48817AD50EC3182DD18980943E0
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC362E66 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e9e2a96313d935d7bfe53f5ecc8e810657b89d16963d67cf5d8192f465f3156e
                                                                                                                                                                                                                      • Instruction ID: 5f8cea3a316ae500373d89bd75fe7951698e83ab699715a3c667315d005aacac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9e2a96313d935d7bfe53f5ecc8e810657b89d16963d67cf5d8192f465f3156e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A012221A0AE0B8BF7A5D3695404A72E1D0EF45310B06C0BAC80DCB191ED2EDC8943D0
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3638C3 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bb68ac44356f27a045564bbd991820fa160051eb70acccab16b6d398c1e71a43
                                                                                                                                                                                                                      • Instruction ID: 6eb7f5ed0742102d98bbd0de811fc6ff75a5898fd1edb60e72265c6959f150d2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb68ac44356f27a045564bbd991820fa160051eb70acccab16b6d398c1e71a43
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9F06D20309B498FD782FB3CD45A9997BE1FF8926034581EAD04BCB1B6D91C8C468700
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC361621 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4ba929c6d43141d72fbc9a05488db930b1a065519223e179eba7c475c3049508
                                                                                                                                                                                                                      • Instruction ID: 6acc1deefa9a53079d9baf5ef6612f9b602b2cfa3aeab1bf642284486f4f9ced
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ba929c6d43141d72fbc9a05488db930b1a065519223e179eba7c475c3049508
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEE07D3550CE8C8BD790AB5CBC015D5BBA0FBC3304F00019AE14CC3181DA229405C3E2
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC365914 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 51b0e949252dbb8eb5027088581529d04cb644caf809be907abcd02a626e992b
                                                                                                                                                                                                                      • Instruction ID: a6f296cf5f17e8f63d3916f61125210f1fe0f1d301c395439423040366c1770f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51b0e949252dbb8eb5027088581529d04cb644caf809be907abcd02a626e992b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2C04C117598191BEA94665C75053D551C6D7CC361F545176E40DC338AD8998CC203D1
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC362D5B Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 88374b6b9cea32879b8cf2cb4bf7a03185bc58bea11223f7d02f1c18ca650eea
                                                                                                                                                                                                                      • Instruction ID: 245a526969fbd2a9cd7fdef815290ece1e0ed6c44b114c30195cc00f8a3a5352
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88374b6b9cea32879b8cf2cb4bf7a03185bc58bea11223f7d02f1c18ca650eea
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51D0A731218B854FE356DA348414D9277F0AF5510030485BDC0CBC31B6D91CA80E8740
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3637D4 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 05430536f0ddee43e087194ca12b6f0746bb21598080afc4067c30782dfb88a9
                                                                                                                                                                                                                      • Instruction ID: c4d81d812247214a05ae419f89bf195fa449d9a938632647b01ba25222986831
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05430536f0ddee43e087194ca12b6f0746bb21598080afc4067c30782dfb88a9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07C01296C4FDAE8BA1E1521C1415162D5809B1569070585E1C84CC7594D500CC0C05E1
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC362E19 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: ecacfde5f2083e9079b374108b03ce3d87d5bc22c2987dfbce0e5f65ddc81144
                                                                                                                                                                                                                      • Instruction ID: 8dc5f026e3c5d9429c7678801b9f64f955ed1fb70123bfd4db822f23c55a2d7e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ecacfde5f2083e9079b374108b03ce3d87d5bc22c2987dfbce0e5f65ddc81144
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1B09212A99A1A0BCA44A1B8B4418D6B2A0EB942207805936D94BC2159EC6EA9824380
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                      Function 00007FFAAC36400D Relevance: 7.6, Strings: 6, Instructions: 129COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: (_!$H`!$P^!$s2^I${2^I$^!
                                                                                                                                                                                                                      • API String ID: 0-1117895122
                                                                                                                                                                                                                      • Opcode ID: f2c604d50a0f5ac4a936d7f2967b739c9dacee9ebebdb5462523cf7699eec06e
                                                                                                                                                                                                                      • Instruction ID: da24cb12c110c93fc973d630f2b59685c47917502606a79ee3c44dd99dd90c16
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2c604d50a0f5ac4a936d7f2967b739c9dacee9ebebdb5462523cf7699eec06e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9418553D0FAD19FF3568B6858654B6EFA0AF6321074880FAD0C80A8D7F819D98C83D5
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                      Function 00007FFAAC3601FB Relevance: 6.4, Strings: 5, Instructions: 172COMMON
                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000013.00000002.1597082390.00007FFAAC360000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC360000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_19_2_7ffaac360000_PathCopyCopySettings.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 0Q!$@J"$p@6$x."$P!
                                                                                                                                                                                                                      • API String ID: 0-4024469085
                                                                                                                                                                                                                      • Opcode ID: 40a6b96b917d4319b5bb0d0edafc5ddc7d30a460b457016c7f53dafed98ce67f
                                                                                                                                                                                                                      • Instruction ID: 943ab35bf112d25ce9f641e8001a89dbdc4deb9dad8241dd3753aff8e0b5e062
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40a6b96b917d4319b5bb0d0edafc5ddc7d30a460b457016c7f53dafed98ce67f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B551B1A390FAC29FF3565BA84856565FF90FF2324079880FAD0CC4A097E819EC4C87D9
                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                      Uniqueness Score: -1.00%