Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ultraddos.exe

Overview

General Information

Sample name:ultraddos.exe
Analysis ID:1468052
MD5:9d847ce73c7b1392348732f66790dc28
SHA1:1c3de96158925d938aabb6b0098f9db260895a3f
SHA256:5a000dfadc5854935e75024fc35aeaa461d8f9ac997730310fe19638006745ac
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ultraddos.exe (PID: 600 cmdline: "C:\Users\user\Desktop\ultraddos.exe" MD5: 9D847CE73C7B1392348732F66790DC28)
    • conhost.exe (PID: 5236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ultraddos.exe (PID: 3020 cmdline: "C:\Users\user\Desktop\ultraddos.exe" MD5: 9D847CE73C7B1392348732F66790DC28)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: ultraddos.exeAvira: detected
Antivirus detection for URL or domain
Source: https://www.google.com.com/search/q=i6002Avira URL Cloud: Label: malware
Source: https://www.google.com.com/search/q=Avira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: ultraddos.exeReversingLabs: Detection: 23%
Source: ultraddos.exeVirustotal: Detection: 35%Perma Link
Source: ultraddos.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936905781.00007FFE11EBD000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937323854.00007FFE130C4000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, _uuid.pyd.0.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: ultraddos.exe, 00000002.00000002.2936259396.00007FFDFF212000.00000002.00000001.01000000.00000014.sdmp, MSVCP140.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: ultraddos.exe, 00000002.00000002.2936456541.00007FFDFF2D5000.00000002.00000001.01000000.0000000C.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: ultraddos.exe, 00000002.00000002.2935422057.00007FFDFB54D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937017442.00007FFE11EDF000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: ultraddos.exe, 00000002.00000002.2936456541.00007FFDFF2D5000.00000002.00000001.01000000.0000000C.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: ultraddos.exe, 00000002.00000002.2935422057.00007FFDFB54D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ultraddos.exe, 00000000.00000003.1674824545.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937611502.00007FFE13311000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937231269.00007FFE12E13000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: ultraddos.exe, 00000002.00000002.2937108515.00007FFE126DD000.00000002.00000001.01000000.0000000A.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936721066.00007FFE10308000.00000002.00000001.01000000.00000015.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_tkinter.pdb source: ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936812638.00007FFE11519000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936905781.00007FFE11EBD000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: ultraddos.exe, 00000002.00000002.2937514383.00007FFE13231000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: ultraddos.exe, 00000002.00000002.2936620929.00007FFE10254000.00000002.00000001.01000000.0000000F.sdmp, pyexpat.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937412062.00007FFE13209000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: ultraddos.exe, 00000002.00000002.2935838522.00007FFDFB97C000.00000002.00000001.01000000.00000004.sdmp
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771BE1C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF61771BE1C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771BE1C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF61771BE1C
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI6002\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\Jump to behavior
Source: ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=dQw4w9WgXcQ equals www.youtube.com (Youtube)
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: imagez3How is clicking pictures going to cause anything...z+https://www.youtube.com/watch?v=dQw4w9WgXcQr equals www.youtube.com (Youtube)
Source: ultraddos.exe, 00000002.00000002.2933374643.0000015DDC7F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://aia.startssl.com/certs/ca.crt0
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://aia.startssl.com/certs/sca.code3.crt06
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://all-you-need-is-tech.blogspot.com/2013/01/improving-easygui-for-python.html
Source: ultraddos.exe, 00000002.00000002.2933087317.0000015DDC580000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ultraddos.exe, 00000000.00000003.1684222244.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1684222244.0000014EECABE000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://cffi.readthedocs.org
Source: ultraddos.exe, 00000000.00000003.1684222244.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1684222244.0000014EECABE000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: http://cffi.readthedocs.org/
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://crl.startssl.com/sca-code3.crl0#
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://crl.startssl.com/sfsca.crl0f
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digice
Source: ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675322419.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC03D000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2933374643.0000015DDC7F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: ultraddos.exe, 00000002.00000003.1737618506.0000015DDA038000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1737688974.0000015DDBC25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/pprint.html#pprint.pprint
Source: ultraddos.exe, 00000002.00000002.2932219341.0000015DDBF50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
Source: ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2930768699.0000015DD9644000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931324618.0000015DD9FD0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: ultraddos.exe, 00000002.00000002.2931324618.0000015DD9FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail
Source: ultraddos.exe, 00000002.00000003.1739506331.0000015DDC107000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: ultraddos.exe, 00000002.00000003.1739308419.0000015DDC152000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC174000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/
Source: ultraddos.exe, 00000002.00000002.2930768699.0000015DD96DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://infohoglobal_state.nmt.edu/tcc/help/
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: http://mail.python.org/pipermail/distutils-sig/
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://ocsp.startssl.com00
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://ocsp.startssl.com07
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: ultraddos.exe, 00000002.00000002.2932019631.0000015DDBDA0000.00000004.00001000.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2932086549.0000015DDBE20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: http://packages.python.org/altgraph
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931324618.0000015DDA049000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739726772.0000015DDA049000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pyparsing.wikispaces.com
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: http://pypi.python.org/pypi/altgraph
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: http://pypi.python.org/pypi/sphinx
Source: ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/23229091/2184122
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1737688974.0000015DDBC25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-
Source: tk.tcl.0.drString found in binary or memory: http://support.apple.com/kb/HT1343
Source: ultraddos.exe, 00000002.00000002.2933247156.0000015DDC6C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: ultraddos.exe, 00000000.00000003.1685915989.0000014EECAB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: ultraddos.exe, 00000000.00000003.1685915989.0000014EECAC6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1685915989.0000014EECAB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ultraddos.exe, 00000002.00000002.2932086549.0000015DDBE20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: ultraddos.exe, 00000002.00000003.1737711889.0000015DDBB3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: ultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: ultraddos.exe, 00000002.00000003.1737711889.0000015DDBB3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: ultraddos.exe, 00000002.00000003.1737711889.0000015DDBB3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pyinstaller.org/
Source: ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pyinstaller.org/support.html
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pythonware.com/products/pil/
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://www.startssl.com/0P
Source: ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drString found in binary or memory: http://www.startssl.com/policy0
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: ultraddos.exe, 00000002.00000002.2931324618.0000015DD9FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yahoo.com/
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://altgraph.readthedocs.io
Source: METADATA.0.drString found in binary or memory: https://altgraph.readthedocs.io/en/latest/
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
Source: ultraddos.exe, 00000002.00000002.2933181157.0000015DDC640000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://codecov.io/gh/pypa/setuptools
Source: ultraddos.exe, 00000002.00000002.2932019631.0000015DDBDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=z
Source: ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/naufraghi/tinyaes-py
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/psf/black
Source: ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyinstaller/pyinstaller
Source: ultraddos.exe, 00000000.00000003.1685915989.0000014EECAB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyinstaller/pyinstaller.
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: ultraddos.exe, 00000002.00000002.2932219341.0000015DDBF50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/setuptools
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/setuptools/issues
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/pypa/setuptools/workflows/tests/badge.svg
Source: ultraddos.exe, 00000002.00000002.2932900116.0000015DDC3D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-pillow/Pillow/
Source: ultraddos.exe, 00000002.00000003.1737711889.0000015DDBB3F000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/mypy/issues/3216
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/robertlugg/easygui
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/
Source: METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/issues
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/workflows/Lint/badge.svg
Source: ultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/ronaldoussoren/altgraph/workflows/Test/badge.svg
Source: ultraddos.exe, 00000002.00000002.2933212944.0000015DDC680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: ultraddos.exe, 00000000.00000003.1685915989.0000014EECAB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gnu.org/licenses/gpl-2.0.html
Source: ultraddos.exe, 00000000.00000003.1684222244.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1684222244.0000014EECABE000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://groups.google.com/forum/#
Source: ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: ultraddos.exe, 00000002.00000002.2933247156.0000015DDC6C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://img.shields.io/badge/code%20style-black-000000.svg
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2021-informational
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/setuptools.svg
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://img.shields.io/pypi/v/setuptools.svg
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://img.shields.io/readthedocs/setuptools/latest.svg
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://packaging.python.org/installing/
Source: ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyinstaller.readthedocs.io/
Source: ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyinstaller.readthedocs.io/en/v4.5.1/
Source: ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyinstaller.readthedocs.io/en/v4.5.1/CHANGES.html
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://pypi.org/project/setuptools
Source: ultraddos.exe, 00000002.00000002.2935838522.00007FFDFB97C000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2933407422.0000015DDC830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://setuptools.readthedocs.io
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://setuptools.readthedocs.io/
Source: ultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1737824982.0000015DDBB01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html#basic-resource-access
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://tidelift.com/badges/github/pypa/setuptools?style=flat
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://tidelift.com/security
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=readme
Source: ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: ultraddos.exe, 00000002.00000002.2933149183.0000015DDC600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: ultraddos.exe, 00000002.00000002.2933118820.0000015DDC5C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: ultraddos.exe, 00000002.00000002.2933212944.0000015DDC680000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsMIME-types
Source: ultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: cacert.pem.0.drString found in binary or memory: https://www.catcert.net/verarrel
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAC0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677947397.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1677587293.0000014EECAC5000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1682792845.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com.com/search/q=
Source: ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com.com/search/q=i6002
Source: ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2935612506.00007FFDFB644000.00000002.00000001.01000000.0000000B.sdmp, ultraddos.exe, 00000002.00000002.2936521017.00007FFDFF30A000.00000002.00000001.01000000.0000000C.sdmp, libssl-1_1.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: ultraddos.exe, 00000000.00000003.1683630972.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931490176.0000015DDB8B0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: ultraddos.exe, 00000002.00000002.2931293551.0000015DD9E90000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=dQw4w9WgXcQ
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/watch?v=dQw4w9WgXcQr
Source: ultraddos.exe, 00000002.00000002.2932019631.0000015DDBDA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/search?p=
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/search?p=z
Source: ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/search/?text=
Source: ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yandex.com/search/?text=)
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB005FD0 PostMessageW,SendMessageW,OpenClipboard,GetClipboardOwner,CloseClipboard,2_2_00007FFDFB005FD0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB02D430 OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00007FFDFB02D430
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE8C10 OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00007FFDFAFE8C10
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE8A40 GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,2_2_00007FFDFAFE8A40
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE8550 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GetLocaleInfoA,GlobalUnlock,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,CloseClipboard,2_2_00007FFDFAFE8550
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF6C10 ClientToScreen,GetSystemMetrics,GetAsyncKeyState,GetAsyncKeyState,TrackPopupMenu,GetCursorPos,WindowFromPoint,2_2_00007FFDFAFF6C10
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFFA8B0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,2_2_00007FFDFAFFA8B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177200F40_2_00007FF6177200F4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177054E00_2_00007FF6177054E0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771AF240_2_00007FF61771AF24
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771FE600_2_00007FF61771FE60
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177120C80_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617706D2D0_2_00007FF617706D2D
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177144500_2_00007FF617714450
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177198540_2_00007FF617719854
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177208680_2_00007FF617720868
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61770EC780_2_00007FF61770EC78
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177094800_2_00007FF617709480
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617716C840_2_00007FF617716C84
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771DFC00_2_00007FF61771DFC0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771E3EC0_2_00007FF61771E3EC
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177073EC0_2_00007FF6177073EC
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617708B800_2_00007FF617708B80
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61770E78C0_2_00007FF61770E78C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617712EFC0_2_00007FF617712EFC
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771AF240_2_00007FF61771AF24
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617718E480_2_00007FF617718E48
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617723A680_2_00007FF617723A68
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177076F80_2_00007FF6177076F8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617710AA00_2_00007FF617710AA0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617706EC40_2_00007FF617706EC4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177120C80_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61770EA100_2_00007FF61770EA10
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771BE1C0_2_00007FF61771BE1C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771FD7C0_2_00007FF61771FD7C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177120C82_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177200F42_2_00007FF6177200F4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617706D2D2_2_00007FF617706D2D
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177144502_2_00007FF617714450
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177198542_2_00007FF617719854
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177208682_2_00007FF617720868
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61770EC782_2_00007FF61770EC78
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177094802_2_00007FF617709480
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617716C842_2_00007FF617716C84
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177054E02_2_00007FF6177054E0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771DFC02_2_00007FF61771DFC0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771E3EC2_2_00007FF61771E3EC
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177073EC2_2_00007FF6177073EC
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617708B802_2_00007FF617708B80
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61770E78C2_2_00007FF61770E78C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617712EFC2_2_00007FF617712EFC
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771AF242_2_00007FF61771AF24
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771AF242_2_00007FF61771AF24
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617718E482_2_00007FF617718E48
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771FE602_2_00007FF61771FE60
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617723A682_2_00007FF617723A68
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177076F82_2_00007FF6177076F8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617710AA02_2_00007FF617710AA0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617706EC42_2_00007FF617706EC4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177120C82_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61770EA102_2_00007FF61770EA10
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771BE1C2_2_00007FF61771BE1C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771FD7C2_2_00007FF61771FD7C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFABA12C02_2_00007FFDFABA12C0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFABA18902_2_00007FFDFABA1890
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0AB3A02_2_00007FFDFB0AB3A0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0831D02_2_00007FFDFB0831D0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0A96FC2_2_00007FFDFB0A96FC
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFFD7502_2_00007FFDFAFFD750
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0808902_2_00007FFDFB080890
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0106202_2_00007FFDFB010620
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF44602_2_00007FFDFAFF4460
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0BA5202_2_00007FFDFB0BA520
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB05DB802_2_00007FFDFB05DB80
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0A5B802_2_00007FFDFB0A5B80
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB09FBD02_2_00007FFDFB09FBD0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB04DC202_2_00007FFDFB04DC20
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB01FC502_2_00007FFDFB01FC50
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFFFA202_2_00007FFDFAFFFA20
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFEF8F02_2_00007FFDFAFEF8F0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0219302_2_00007FFDFB021930
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF19502_2_00007FFDFAFF1950
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB035E702_2_00007FFDFB035E70
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB099EE02_2_00007FFDFB099EE0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB063F102_2_00007FFDFB063F10
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF1F502_2_00007FFDFAFF1F50
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB021E002_2_00007FFDFB021E00
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE3C602_2_00007FFDFAFE3C60
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB059CB02_2_00007FFDFB059CB0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0B7CA02_2_00007FFDFB0B7CA0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0B9CC02_2_00007FFDFB0B9CC0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB03FD102_2_00007FFDFB03FD10
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0BFD002_2_00007FFDFB0BFD00
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0913602_2_00007FFDFB091360
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0133902_2_00007FFDFB013390
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB03F3802_2_00007FFDFB03F380
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0633E02_2_00007FFDFB0633E0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF53F02_2_00007FFDFAFF53F0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0BD4002_2_00007FFDFB0BD400
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0692B02_2_00007FFDFB0692B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0812A32_2_00007FFDFB0812A3
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0251E02_2_00007FFDFB0251E0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0352302_2_00007FFDFB035230
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0592302_2_00007FFDFB059230
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0CB0D02_2_00007FFDFB0CB0D0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE10E02_2_00007FFDFAFE10E0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0B90E02_2_00007FFDFB0B90E0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0CD1302_2_00007FFDFB0CD130
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB05D1202_2_00007FFDFB05D120
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB08F8002_2_00007FFDFB08F800
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB01F5602_2_00007FFDFB01F560
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0535802_2_00007FFDFB053580
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB07B5B02_2_00007FFDFB07B5B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0BF5B02_2_00007FFDFB0BF5B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0B14602_2_00007FFDFB0B1460
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0D14B42_2_00007FFDFB0D14B4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF35002_2_00007FFDFAFF3500
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0495502_2_00007FFDFB049550
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB05CC3F2_2_00007FFDFB05CC3F
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF4C502_2_00007FFDFAFF4C50
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB084B302_2_00007FFDFB084B30
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0BEB302_2_00007FFDFB0BEB30
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0869602_2_00007FFDFB086960
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB08A9A02_2_00007FFDFB08A9A0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB088A302_2_00007FFDFB088A30
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB092A302_2_00007FFDFB092A30
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB05CA202_2_00007FFDFB05CA20
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE69402_2_00007FFDFAFE6940
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0949402_2_00007FFDFB094940
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFED0302_2_00007FFDFAFED030
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB04F0502_2_00007FFDFB04F050
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB052ED02_2_00007FFDFB052ED0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0BADB02_2_00007FFDFB0BADB0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB060DF02_2_00007FFDFB060DF0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE4E002_2_00007FFDFAFE4E00
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB054E302_2_00007FFDFB054E30
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB068C702_2_00007FFDFB068C70
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB054CD02_2_00007FFDFB054CD0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFECD002_2_00007FFDFAFECD00
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0061B02_2_00007FFDFB0061B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFEC2312_2_00007FFDFAFEC231
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE20902_2_00007FFDFAFE2090
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB01E1002_2_00007FFDFB01E100
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0CC7602_2_00007FFDFB0CC760
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0967802_2_00007FFDFB096780
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB05A7B02_2_00007FFDFB05A7B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB04A7B02_2_00007FFDFB04A7B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFEA8402_2_00007FFDFAFEA840
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB09A8402_2_00007FFDFB09A840
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF86C02_2_00007FFDFAFF86C0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB05E6C02_2_00007FFDFB05E6C0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFF06D02_2_00007FFDFAFF06D0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0845802_2_00007FFDFB084580
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0986302_2_00007FFDFB098630
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0926202_2_00007FFDFB092620
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0205302_2_00007FFDFB020530
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0605502_2_00007FFDFB060550
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB23B1702_2_00007FFDFB23B170
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB16395D2_2_00007FFDFB16395D
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB23A1A02_2_00007FFDFB23A1A0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB1FA8C02_2_00007FFDFB1FA8C0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB1BB0B02_2_00007FFDFB1BB0B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB21E7F02_2_00007FFDFB21E7F0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB1B50502_2_00007FFDFB1B5050
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB1BBE902_2_00007FFDFB1BBE90
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB1BA5A02_2_00007FFDFB1BA5A0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB28B4602_2_00007FFDFB28B460
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB1D93902_2_00007FFDFB1D9390
Source: C:\Users\user\Desktop\ultraddos.exeCode function: String function: 00007FFDFB0C7020 appears 53 times
Source: C:\Users\user\Desktop\ultraddos.exeCode function: String function: 00007FFDFB0D16CB appears 31 times
Source: C:\Users\user\Desktop\ultraddos.exeCode function: String function: 00007FF617701C70 appears 86 times
Source: C:\Users\user\Desktop\ultraddos.exeCode function: String function: 00007FFDFB237370 appears 171 times
Source: C:\Users\user\Desktop\ultraddos.exeCode function: String function: 00007FF617701CD0 appears 40 times
Source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1674824545.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1677338468.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1675502156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1673246227.0000014EECAB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1680111298.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython39.dll. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1679261321.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1679554613.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_tkinter.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametcl86.dllP vs ultraddos.exe
Source: ultraddos.exe, 00000000.00000003.1675322419.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs ultraddos.exe
Source: ultraddos.exeBinary or memory string: OriginalFilename vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2937179556.00007FFE126F4000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2936343315.00007FFDFF259000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2936175748.00007FFDFBA97000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython39.dll. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2935612506.00007FFDFB644000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2936959447.00007FFE11EC6000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2936847029.00007FFE1151F000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_tkinter.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2936521017.00007FFDFF30A000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibsslH vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2937357147.00007FFE130C7000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2936759421.00007FFE10310000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenametk86.dllP vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenametcl86.dllP vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2937269424.00007FFE12E16000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2937649107.00007FFE13317000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2937054669.00007FFE11EE5000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2936661541.00007FFE1025F000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2937552089.00007FFE1323D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs ultraddos.exe
Source: ultraddos.exe, 00000002.00000002.2937454143.00007FFE13213000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs ultraddos.exe
Source: classification engineClassification label: mal68.winEXE@4/976@0/0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617706270 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF617706270
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFEA020 CoCreateInstance,EnableWindow,CoTaskMemFree,CoTaskMemFree,2_2_00007FFDFAFEA020
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFAFE7BF0 GetModuleHandleW,FindResourceW,LoadResource,LockResource,memcpy,2_2_00007FFDFAFE7BF0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5236:120:WilError_03
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002Jump to behavior
Source: ultraddos.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ultraddos.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ultraddos.exeReversingLabs: Detection: 23%
Source: ultraddos.exeVirustotal: Detection: 35%
Source: ultraddos.exeString found in binary or memory: -help
Source: ultraddos.exeString found in binary or memory: -startline must be less than or equal to -endline
Source: C:\Users\user\Desktop\ultraddos.exeFile read: C:\Users\user\Desktop\ultraddos.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ultraddos.exe "C:\Users\user\Desktop\ultraddos.exe"
Source: C:\Users\user\Desktop\ultraddos.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ultraddos.exeProcess created: C:\Users\user\Desktop\ultraddos.exe "C:\Users\user\Desktop\ultraddos.exe"
Source: C:\Users\user\Desktop\ultraddos.exeProcess created: C:\Users\user\Desktop\ultraddos.exe "C:\Users\user\Desktop\ultraddos.exe"Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: tcl86t.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: tk86t.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: ultraddos.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ultraddos.exeStatic file information: File size 13137648 > 1048576
Source: ultraddos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ultraddos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ultraddos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ultraddos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ultraddos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ultraddos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: ultraddos.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: ultraddos.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb## source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdbMM source: ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936905781.00007FFE11EBD000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\select.pdb source: ultraddos.exe, 00000000.00000003.1680995113.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937323854.00007FFE130C4000.00000002.00000001.01000000.00000009.sdmp, select.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_uuid.pdb source: ultraddos.exe, 00000000.00000003.1677587293.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, _uuid.pyd.0.dr
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: ultraddos.exe, 00000002.00000002.2936259396.00007FFDFF212000.00000002.00000001.01000000.00000014.sdmp, MSVCP140.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: ultraddos.exe, 00000000.00000003.1676972295.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: ultraddos.exe, 00000002.00000002.2936456541.00007FFDFF2D5000.00000002.00000001.01000000.0000000C.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1l 24 Aug 2021built on: Thu Aug 26 18:34:57 2021 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: ultraddos.exe, 00000002.00000002.2935422057.00007FFDFB54D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_bz2.pdb source: ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937017442.00007FFE11EDF000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb?? source: ultraddos.exe, 00000002.00000002.2936456541.00007FFDFF2D5000.00000002.00000001.01000000.0000000C.sdmp, libssl-1_1.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_multiprocessing.pdb source: ultraddos.exe, 00000000.00000003.1675885131.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: ultraddos.exe, 00000002.00000002.2935422057.00007FFDFB54D000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\a01\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ultraddos.exe, 00000000.00000003.1674824545.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937611502.00007FFE13311000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_queue.pdb source: ultraddos.exe, 00000000.00000003.1677098391.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937231269.00007FFE12E13000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ssl.pdb source: ultraddos.exe, 00000002.00000002.2937108515.00007FFE126DD000.00000002.00000001.01000000.0000000A.sdmp, _ssl.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_hashlib.pdb source: ultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936721066.00007FFE10308000.00000002.00000001.01000000.00000015.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_tkinter.pdb source: ultraddos.exe, 00000000.00000003.1677483713.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936812638.00007FFE11519000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_lzma.pdb source: ultraddos.exe, 00000000.00000003.1675779720.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2936905781.00007FFE11EBD000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\_ctypes.pdb source: ultraddos.exe, 00000002.00000002.2937514383.00007FFE13231000.00000002.00000001.01000000.00000006.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\pyexpat.pdb source: ultraddos.exe, 00000002.00000002.2936620929.00007FFE10254000.00000002.00000001.01000000.0000000F.sdmp, pyexpat.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_socket.pdb source: ultraddos.exe, 00000000.00000003.1677194156.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2937412062.00007FFE13209000.00000002.00000001.01000000.00000008.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\_w\1\b\bin\amd64\_asyncio.pdb source: ultraddos.exe, 00000000.00000003.1674928507.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\unicodedata.pdb source: ultraddos.exe, 00000000.00000003.1682792845.0000014EECABF000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\_w\1\b\bin\amd64\python39.pdb source: ultraddos.exe, 00000002.00000002.2935838522.00007FFDFB97C000.00000002.00000001.01000000.00000004.sdmp
Source: ultraddos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ultraddos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ultraddos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ultraddos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ultraddos.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177060E0 MultiByteToWideChar,MultiByteToWideChar,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF6177060E0
Source: ultraddos.exeStatic PE information: section name: _RDATA
Source: MSVCP140.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: _imaging.cp39-win_amd64.pyd.0.drStatic PE information: section name: _RDATA
Source: _webp.cp39-win_amd64.pyd.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC4F44 push 6FFDC5CAh; ret 2_2_00007FFDFACC4F4A
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC7679 push 6FFDC5D5h; iretd 2_2_00007FFDFACC767F
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC4A94 push 6FFDC5D5h; iretd 2_2_00007FFDFACC4A9A
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC73CB push 60F5C5F1h; iretd 2_2_00007FFDFACC73D3
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC4F90 push 6FFDC5C3h; iretd 2_2_00007FFDFACC4F96
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC7929 push 6FFDC5CAh; ret 2_2_00007FFDFACC792F
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC45E6 push 60F5C5F1h; iretd 2_2_00007FFDFACC45EE
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFACC7975 push 6FFDC5C3h; iretd 2_2_00007FFDFACC797B

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\ultraddos.exeProcess created: "C:\Users\user\Desktop\ultraddos.exe"
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\tk86t.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\select.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\MSVCP140.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl86t.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI6002\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB002D90 IsIconic,IsZoomed,AdjustWindowRectEx,SendMessageW,SendMessageW,GetSystemMetrics,MoveWindow,GetWindowRect,GetClientRect,MoveWindow,GetWindowRect,MoveWindow,DrawMenuBar,2_2_00007FFDFB002D90
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617704430 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF617704430
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imagingtk.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\python39.dllJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_webp.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\select.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_cffi_backend.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_tkinter.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imaging.cp39-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI6002\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\ultraddos.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-15697
Source: C:\Users\user\Desktop\ultraddos.exeAPI coverage: 5.6 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771BE1C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF61771BE1C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF6177120C8 _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,2_2_00007FF6177120C8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771BE1C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,2_2_00007FF61771BE1C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB289800 GetModuleHandleW,GetProcAddress,GetVersionExW,GetSystemInfo,wsprintfA,memmove,2_2_00007FFDFB289800
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI6002\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeFile opened: C:\Users\user\Jump to behavior
Source: ultraddos.exe, 00000002.00000003.1737618506.0000015DDA038000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931324618.0000015DDA049000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739726772.0000015DDA049000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWuals%SystemRoot%\system32\mswsock.dllo
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771551C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61771551C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177060E0 MultiByteToWideChar,MultiByteToWideChar,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF6177060E0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771D928 GetProcessHeap,0_2_00007FF61771D928
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61770A4C4 SetUnhandledExceptionFilter,0_2_00007FF61770A4C4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF617709D18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF617709D18
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61771551C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61771551C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61770A31C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF61770A31C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61770A4C4 SetUnhandledExceptionFilter,2_2_00007FF61770A4C4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF617709D18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF617709D18
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61771551C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF61771551C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FF61770A31C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF61770A31C
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFABA3310 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFABA3310
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFABA34F8 SetUnhandledExceptionFilter,2_2_00007FFDFABA34F8
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFABA2994 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFABA2994
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0D12F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDFB0D12F0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB0D0874 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDFB0D0874
Source: C:\Users\user\Desktop\ultraddos.exeProcess created: C:\Users\user\Desktop\ultraddos.exe "C:\Users\user\Desktop\ultraddos.exe"Jump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177238B0 cpuid 0_2_00007FF6177238B0
Source: C:\Users\user\Desktop\ultraddos.exeCode function: InitCommonControlsEx,RegisterClassW,GetKeyboardLayout,GetLocaleInfoW,TranslateCharsetInfo,2_2_00007FFDFB005370
Source: C:\Users\user\Desktop\ultraddos.exeCode function: OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GetLocaleInfoA,GlobalUnlock,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,CloseClipboard,2_2_00007FFDFAFE8550
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tk VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\_tkinter.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imaging.cp39-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeQueries volume information: C:\Users\user\Desktop\ultraddos.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF61770A204 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF61770A204
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 0_2_00007FF6177200F4 _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6177200F4
Source: C:\Users\user\Desktop\ultraddos.exeCode function: 2_2_00007FFDFB005250 GetModuleHandleW,GetProcAddress,GetVersionExW,2_2_00007FFDFB005250
Source: C:\Users\user\Desktop\ultraddos.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		11
Process Injection		21
Input Capture		2
System Time Discovery		Remote Services21
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
Application Window Discovery		SMB/Windows Admin Shares3
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS2
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets35
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ultraddos.exe24%ReversingLabsWin64.Trojan.Generic
ultraddos.exe36%VirustotalBrowse
ultraddos.exe100%AviraTR/Agent.jjmxv

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI6002\MSVCP140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imaging.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imagingtk.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_webp.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_cffi_backend.cp39-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_tkinter.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\_uuid.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\python39.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\tcl86t.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\tk86t.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI6002\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
http://www.apache.org/licenses/0%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe
https://python.org/dev/peps/pep-0263/0%Avira URL Cloudsafe
https://img.shields.io/pypi/pyversions/setuptools.svg0%Avira URL Cloudsafe
https://img.shields.io/pypi/v/setuptools.svg0%Avira URL Cloudsafe
https://cloud.google.com/appengine/docs/standard/runtimes0%Avira URL Cloudsafe
https://www.google.com.com/search/q=i6002100%Avira URL Cloudmalware
https://tidelift.com/security0%Avira URL Cloudsafe
https://tools.ietf.org/html/rfc2388#section-4.40%Avira URL Cloudsafe
https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white0%Avira URL Cloudsafe
https://cloud.google.com/appengine/docs/standard/runtimes0%VirustotalBrowse
http://crl.startssl.com/sfsca.crl0f0%Avira URL Cloudsafe
https://img.shields.io/pypi/pyversions/setuptools.svg0%VirustotalBrowse
https://img.shields.io/pypi/v/setuptools.svg0%VirustotalBrowse
http://stackoverflow.com/a/23229091/21841220%Avira URL Cloudsafe
https://tools.ietf.org/html/rfc2388#section-4.40%VirustotalBrowse
http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-0%Avira URL Cloudsafe
https://tidelift.com/security0%VirustotalBrowse
http://crl.startssl.com/sfsca.crl0f0%VirustotalBrowse
https://github.com/pypa/packaging0%Avira URL Cloudsafe
https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=white0%VirustotalBrowse
https://github.com/pypa/setuptools0%Avira URL Cloudsafe
http://crl.startssl.com/sca-code3.crl0#0%Avira URL Cloudsafe
https://python.org/dev/peps/pep-0263/0%VirustotalBrowse
http://stackoverflow.com/a/23229091/21841220%VirustotalBrowse
https://pypi.org/project/setuptools0%Avira URL Cloudsafe
https://yahoo.com/search?p=z0%Avira URL Cloudsafe
https://github.com/pypa/setuptools/workflows/tests/badge.svg0%Avira URL Cloudsafe
http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-0%VirustotalBrowse
https://github.com/pypa/setuptools0%VirustotalBrowse
https://blog.jaraco.com/skeleton0%Avira URL Cloudsafe
http://crl.startssl.com/sca-code3.crl0#0%VirustotalBrowse
http://curl.haxx.se/rfc/cookie_spec.html0%Avira URL Cloudsafe
https://github.com/pypa/packaging0%VirustotalBrowse
https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md0%Avira URL Cloudsafe
https://pypi.org/project/setuptools0%VirustotalBrowse
http://cffi.readthedocs.org/0%Avira URL Cloudsafe
https://blog.jaraco.com/skeleton0%VirustotalBrowse
https://github.com/pypa/setuptools/workflows/tests/badge.svg0%VirustotalBrowse
http://pypi.python.org/pypi/altgraph0%Avira URL Cloudsafe
http://curl.haxx.se/rfc/cookie_spec.html0%VirustotalBrowse
https://github.com/robertlugg/easygui0%Avira URL Cloudsafe
http://json.org0%Avira URL Cloudsafe
https://yahoo.com/search?p=z0%VirustotalBrowse
https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%220%Avira URL Cloudsafe
https://httpbin.org/get0%Avira URL Cloudsafe
http://httpbin.org/0%Avira URL Cloudsafe
https://github.com/python-pillow/Pillow/0%Avira URL Cloudsafe
https://httpbin.org/get1%VirustotalBrowse
http://json.org0%VirustotalBrowse
http://httpbin.org/1%VirustotalBrowse
https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md0%VirustotalBrowse
https://duckduckgo.com/?q=0%Avira URL Cloudsafe
http://cffi.readthedocs.org/0%VirustotalBrowse
https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%220%VirustotalBrowse
https://altgraph.readthedocs.io0%Avira URL Cloudsafe
https://httpbin.org/0%Avira URL Cloudsafe
https://codecov.io/gh/pypa/setuptools0%Avira URL Cloudsafe
http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%Avira URL Cloudsafe
https://github.com/robertlugg/easygui0%VirustotalBrowse
http://www.startssl.com/policy00%Avira URL Cloudsafe
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l5350%Avira URL Cloudsafe
http://pypi.python.org/pypi/altgraph0%VirustotalBrowse
http://mail.python.org/pipermail/distutils-sig/0%Avira URL Cloudsafe
https://groups.google.com/forum/#0%Avira URL Cloudsafe
http://all-you-need-is-tech.blogspot.com/2013/01/improving-easygui-for-python.html0%Avira URL Cloudsafe
https://setuptools.readthedocs.io/en/latest/pkg_resources.html#basic-resource-access0%Avira URL Cloudsafe
http://github.com/ActiveState/appdirs0%Avira URL Cloudsafe
https://github.com/ronaldoussoren/altgraph/workflows/Lint/badge.svg0%Avira URL Cloudsafe
https://wiki.debian.org/XDGBaseDirectorySpecification#state0%Avira URL Cloudsafe
https://www.catcert.net/verarrel0%Avira URL Cloudsafe
http://wwwsearch.sf.net/):0%Avira URL Cloudsafe
https://www.google.com.com/search/q=100%Avira URL Cloudmalware
http://tools.ietf.org/html/rfc6125#section-6.4.30%Avira URL Cloudsafe
https://github.com/ronaldoussoren/altgraph/workflows/Test/badge.svg0%Avira URL Cloudsafe
https://setuptools.readthedocs.io/0%Avira URL Cloudsafe
http://cffi.readthedocs.org0%Avira URL Cloudsafe
http://www.startssl.com/0P0%Avira URL Cloudsafe
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm0%Avira URL Cloudsafe
http://bugs.python.org/issue23606)0%Avira URL Cloudsafe
https://packaging.python.org/installing/0%Avira URL Cloudsafe
http://google.com/0%Avira URL Cloudsafe
https://gnu.org/licenses/gpl-2.0.html0%Avira URL Cloudsafe
https://github.com/ronaldoussoren/altgraph0%Avira URL Cloudsafe
https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
https://github.com/naufraghi/tinyaes-py0%Avira URL Cloudsafe
https://www.youtube.com/watch?v=dQw4w9WgXcQr0%Avira URL Cloudsafe
http://.../back.jpeg0%Avira URL Cloudsafe
https://github.com/psf/black0%Avira URL Cloudsafe
https://www.python.org/download/releases/2.3/mro/.0%Avira URL Cloudsafe
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy0%Avira URL Cloudsafe
http://www.pythonware.com/products/pil/0%Avira URL Cloudsafe
https://httpbin.org/post0%Avira URL Cloudsafe
https://github.com/pyinstaller/pyinstaller0%Avira URL Cloudsafe
https://github.com/Ousret/charset_normalizer0%Avira URL Cloudsafe
https://github.com/ronaldoussoren/altgraph/issues0%Avira URL Cloudsafe
https://github.com/urllib3/urllib3/issues/4970%Avira URL Cloudsafe
https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referral0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://cloud.google.com/appengine/docs/standard/runtimesultraddos.exe, 00000002.00000002.2933181157.0000015DDC640000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://img.shields.io/pypi/pyversions/setuptools.svgultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://img.shields.io/pypi/v/setuptools.svgultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.google.com.com/search/q=i6002ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: malware
unknown
https://python.org/dev/peps/pep-0263/ultraddos.exe, 00000002.00000002.2935838522.00007FFDFB97C000.00000002.00000001.01000000.00000004.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://tidelift.com/securityultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://tools.ietf.org/html/rfc2388#section-4.4ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://img.shields.io/codecov/c/github/pypa/setuptools/master.svg?logo=codecov&logoColor=whiteultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.startssl.com/sfsca.crl0fultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://stackoverflow.com/a/23229091/2184122ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1737688974.0000015DDBC25000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/pypa/packagingultraddos.exe, 00000002.00000002.2932219341.0000015DDBF50000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/pypa/setuptoolsultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://crl.startssl.com/sca-code3.crl0#ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://pypi.org/project/setuptoolsultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://yahoo.com/search?p=zultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/pypa/setuptools/workflows/tests/badge.svgultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://blog.jaraco.com/skeletonultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://curl.haxx.se/rfc/cookie_spec.htmlultraddos.exe, 00000002.00000002.2932282610.0000015DDC03D000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2933374643.0000015DDC7F0000.00000004.00001000.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://cffi.readthedocs.org/ultraddos.exe, 00000000.00000003.1684222244.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1684222244.0000014EECABE000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://pypi.python.org/pypi/altgraphultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/robertlugg/easyguiultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://json.orgultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/pypa/setuptools/actions?query=workflow%3A%22tests%22ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/getultraddos.exe, 00000002.00000002.2933247156.0000015DDC6C0000.00000004.00001000.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://httpbin.org/ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://github.com/python-pillow/Pillow/ultraddos.exe, 00000002.00000002.2932900116.0000015DDC3D0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://duckduckgo.com/?q=ultraddos.exe, 00000002.00000002.2932019631.0000015DDBDA0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://altgraph.readthedocs.ioultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://codecov.io/gh/pypa/setuptoolsultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlultraddos.exe, 00000002.00000003.1737711889.0000015DDBB3F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.startssl.com/policy0ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • Avira URL Cloud: safe
unknown
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535ultraddos.exe, 00000002.00000003.1739308419.0000015DDC152000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC174000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://mail.python.org/pipermail/distutils-sig/ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
https://groups.google.com/forum/#ultraddos.exe, 00000000.00000003.1684222244.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1684222244.0000014EECABE000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
  • Avira URL Cloud: safe
unknown
http://all-you-need-is-tech.blogspot.com/2013/01/improving-easygui-for-python.htmlultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://setuptools.readthedocs.io/en/latest/pkg_resources.html#basic-resource-accessultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1737824982.0000015DDBB01000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://github.com/ActiveState/appdirsultraddos.exe, 00000002.00000002.2932219341.0000015DDBF50000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/ronaldoussoren/altgraph/workflows/Lint/badge.svgultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
https://wiki.debian.org/XDGBaseDirectorySpecification#stateultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.catcert.net/verarrelcacert.pem.0.drfalse
  • Avira URL Cloud: safe
unknown
http://wwwsearch.sf.net/):ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.google.com.com/search/q=ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: malware
unknown
http://tools.ietf.org/html/rfc6125#section-6.4.3ultraddos.exe, 00000002.00000002.2933247156.0000015DDC6C0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/ronaldoussoren/altgraph/workflows/Test/badge.svgultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
http://www.startssl.com/0Pultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • Avira URL Cloud: safe
unknown
https://setuptools.readthedocs.io/ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
http://cffi.readthedocs.orgultraddos.exe, 00000000.00000003.1684222244.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1684222244.0000014EECABE000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
  • Avira URL Cloud: safe
unknown
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmultraddos.exe, 00000002.00000003.1737711889.0000015DDBB3F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://bugs.python.org/issue23606)ultraddos.exe, 00000002.00000002.2933087317.0000015DDC580000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://packaging.python.org/installing/ultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
http://google.com/ultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2930768699.0000015DD9644000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931324618.0000015DD9FD0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2931684909.0000015DDBA50000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://gnu.org/licenses/gpl-2.0.htmlultraddos.exe, 00000000.00000003.1685915989.0000014EECAB9000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/ronaldoussoren/altgraphultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
https://mahler:8092/site-updates.pyultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/naufraghi/tinyaes-pyultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.youtube.com/watch?v=dQw4w9WgXcQrultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://.../back.jpegultraddos.exe, 00000002.00000002.2933374643.0000015DDC7F0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/psf/blackultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
https://www.python.org/download/releases/2.3/mro/.ultraddos.exe, 00000002.00000002.2931293551.0000015DD9E90000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
  • Avira URL Cloud: safe
unknown
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyultraddos.exe, 00000002.00000002.2933149183.0000015DDC600000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.pythonware.com/products/pil/ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://httpbin.org/postultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/pyinstaller/pyinstallerultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/Ousret/charset_normalizerultraddos.exe, 00000002.00000002.2931324618.0000015DDA034000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/ronaldoussoren/altgraph/issuesMETADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
https://github.com/urllib3/urllib3/issues/497ultraddos.exe, 00000002.00000002.2933212944.0000015DDC680000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://tidelift.com/subscription/pkg/pypi-setuptools?utm_source=pypi-setuptools&utm_medium=referralultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
http://packages.python.org/altgraphultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
http://aia.startssl.com/certs/sca.code3.crt06ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • Avira URL Cloud: safe
unknown
http://infohoglobal_state.nmt.edu/tcc/help/ultraddos.exe, 00000002.00000002.2930768699.0000015DD96DB000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://yahoo.com/ultraddos.exe, 00000002.00000002.2931324618.0000015DD9FD0000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6ultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • URL Reputation: safe
unknown
https://w3c.github.io/html/sec-forms.html#multipart-form-dataultraddos.exe, 00000002.00000002.2931684909.0000015DDBAA2000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://pypi.python.org/pypi/sphinxultraddos.exe, 00000000.00000003.1683274469.0000014EECABB000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
https://pyinstaller.readthedocs.io/en/v4.5.1/CHANGES.htmlultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/pypa/setuptools/issuesultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
https://img.shields.io/badge/code%20style-black-000000.svgultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
http://www.iana.org/time-zones/repository/tz-link.htmlultraddos.exe, 00000002.00000003.1737711889.0000015DDBB3F000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://requests.readthedocs.ioultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2933407422.0000015DDC830000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://crl4.digiceultraddos.exe, 00000000.00000003.1675660597.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1675038380.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://pyinstaller.readthedocs.io/en/v4.5.1/ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.youtube.com/watch?v=dQw4w9WgXcQultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://yandex.com/search/?text=ultraddos.exe, 00000002.00000002.2932962156.0000015DDC450000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://yandex.com/search/?text=)ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.apache.org/licenses/LICENSE-2.0ultraddos.exe, 00000000.00000003.1685915989.0000014EECAC6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1685915989.0000014EECAB9000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://altgraph.readthedocs.io/en/latest/METADATA.0.drfalse
  • Avira URL Cloud: safe
unknown
https://setuptools.readthedocs.ioultraddos.exe, 00000000.00000003.1687225659.0000014EECABC000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
  • Avira URL Cloud: safe
unknown
https://pyinstaller.readthedocs.io/ultraddos.exe, 00000000.00000003.1686488185.0000014EECABC000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.orgultraddos.exe, 00000002.00000002.2932282610.0000015DDC0A6000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1739308419.0000015DDC085000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.apache.org/licenses/ultraddos.exe, 00000000.00000003.1685915989.0000014EECAB9000.00000004.00000020.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://yahoo.com/search?p=ultraddos.exe, 00000002.00000002.2932019631.0000015DDBDA0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://ocsp.thawte.com0ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1678836564.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • URL Reputation: safe
unknown
https://www.python.org/ultraddos.exe, 00000002.00000002.2932282610.0000015DDC0F7000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsultraddos.exe, 00000002.00000002.2933118820.0000015DDC5C0000.00000004.00001000.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://ocsp.startssl.com07ultraddos.exe, 00000000.00000003.1681997794.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000000.00000003.1681254666.0000014EECAB8000.00000004.00000020.00020000.00000000.sdmp, tcl86t.dll.0.drfalse
  • Avira URL Cloud: safe
unknown
http://docs.python.org/3/library/pprint.html#pprint.pprintultraddos.exe, 00000002.00000003.1737618506.0000015DDA038000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000002.2932282610.0000015DDBFD0000.00000004.00000020.00020000.00000000.sdmp, ultraddos.exe, 00000002.00000003.1737688974.0000015DDBC25000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1468052
Start date and time:2024-07-05 09:29:09 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:7
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:ultraddos.exe
Detection:MAL
Classification:mal68.winEXE@4/976@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 78%
  • Number of executed functions: 130
  • Number of non-executed functions: 137
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing disassembly code.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Local\Temp\_MEI6002\MSVCP140.dllSetup.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
    psqlodbc-setup.exeGet hashmaliciousPrivateLoaderBrowse
      psqlodbc-setup.exeGet hashmaliciousPrivateLoaderBrowse
        https://github.com/angryip/ipscan/releases/download/3.9.1/ipscan-3.9.1-setup.exeGet hashmaliciousUnknownBrowse
          RemotePCHost.exeGet hashmaliciousUnknownBrowse
            RemotePC.exeGet hashmaliciousUnknownBrowse
              RemotePC.exeGet hashmaliciousUnknownBrowse
                TLauncher-2.82-Installer-0.8.exeGet hashmaliciousUnknownBrowse
                  5D443dbiIw.exeGet hashmaliciousDCRat, zgRATBrowse
                    zulu8.74.0.17-ca-jdk8.0.392-win_x64.msiGet hashmaliciousUnknownBrowse
                      C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imaging.cp39-win_amd64.pydmminqm4qRr.exeGet hashmaliciousUnknownBrowse
                        main.exeGet hashmaliciousUnknownBrowse
                          XSvPlzgmSh.exeGet hashmaliciousUnknownBrowse

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Temp\_MEI6002\MSVCP140.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):627992
                            Entropy (8bit):6.360523442335369
                            Encrypted:false
                            SSDEEP:12288:dO93oUW7jh6DN0RUhsduQjqDZ6X/t5mTOKGmJ7DseBiltBMQEKZm+jWodEEVoFt:s3oUW7jh6DN0RUhsduQjqDZ6X/t5mTOo
                            MD5:C1B066F9E3E2F3A6785161A8C7E0346A
                            SHA1:8B3B943E79C40BC81FDAC1E038A276D034BBE812
                            SHA-256:99E3E25CDA404283FBD96B25B7683A8D213E7954674ADEFA2279123A8D0701FD
                            SHA-512:36F9E6C86AFBD80375295238B67E4F472EB86FCB84A590D8DBA928D4E7A502D4F903971827FDC331353E5B3D06616664450759432FDC8D304A56E7DACB84B728
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Joe Sandbox View:
                            • Filename: Setup.exe, Detection: malicious, Browse
                            • Filename: psqlodbc-setup.exe, Detection: malicious, Browse
                            • Filename: psqlodbc-setup.exe, Detection: malicious, Browse
                            • Filename: , Detection: malicious, Browse
                            • Filename: RemotePCHost.exe, Detection: malicious, Browse
                            • Filename: RemotePC.exe, Detection: malicious, Browse
                            • Filename: RemotePC.exe, Detection: malicious, Browse
                            • Filename: TLauncher-2.82-Installer-0.8.exe, Detection: malicious, Browse
                            • Filename: 5D443dbiIw.exe, Detection: malicious, Browse
                            • Filename: zulu8.74.0.17-ca-jdk8.0.392-win_x64.msi, Detection: malicious, Browse
                            Reputation:moderate, very likely benign file
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`..r$..!$..!$..!.O.!&..!-.|!2..!v.. '..!$..!...!v.. '..!v.. o..!v.. j..!v.. %..!v..!%..!v.. %..!Rich$..!................PE..d.....0].........." .........`...... ...............................................T.....`A............................................h....................0..t@...T...A..............8............................................ ..........@....................text...<........................... ..`.rdata..<.... ......................@..@.data....;..........................@....pdata..t@...0...B..................@..@.didat..h............B..............@....rsrc................D..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imaging.cp39-win_amd64.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):3213312
                            Entropy (8bit):6.525893665861207
                            Encrypted:false
                            SSDEEP:49152:YC8DzPi1g+KiF644HPMe1vaqRQmDKUXTCNOc1c4TTYf:3TKiOMcCNR
                            MD5:DEBF6081D5D4EA62C1A18CDDE89A99A3
                            SHA1:ACEF2C0248ECB004DFB47FDB6942653BD8041865
                            SHA-256:439E81562020D337965BB6F5D71AC7EFBF43CAC6FEF67B092C17D52A798BF2F0
                            SHA-512:52C99B0245A77E8EA829EB0942A164CFD03230F721E476A184D9FCB5DF227EE22DD6CADC22E3D9B70C47B09DDA38EA4BE4F42BE50955D86A530F9FFDEAB9C5A2
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Joe Sandbox View:
                            • Filename: mminqm4qRr.exe, Detection: malicious, Browse
                            • Filename: main.exe, Detection: malicious, Browse
                            • Filename: XSvPlzgmSh.exe, Detection: malicious, Browse
                            Reputation:low
                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........x.^...^...^...W...N.......Z....-.Z.......J.......V.......[.......\...J...Y...^...J.......V...^...E.......W.......j......................._......_......._...Rich^...........................PE..d...L.0a.........." .....x$...................................................1...........`.........................................../.p...0./.,....P1.......0.$8...........`1.(... /-.............................@/-...............$..............................text...\w$......x$................. ..`.rdata.......$......|$.............@..@.data........0/......./.............@....pdata..$8....0..:..../.............@..@_RDATA.. ....@1.......0.............@..@.rsrc........P1.......0.............@..@.reloc..(....`1.......0.............@..B........................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_imagingtk.cp39-win_amd64.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):15360
                            Entropy (8bit):5.114505303020476
                            Encrypted:false
                            SSDEEP:384:49JizN1vlPKPK1kro+HbBEX0vEe+UTVK:49JMvlPKPK1k8+tEX0vNPTo
                            MD5:91F3A1519BDF3887C43B2BA658E1820C
                            SHA1:4D75D9D722C034599C18F3FE4D0A1C5203A7421F
                            SHA-256:1C0CE51D23F95A5C38D1FA007869238D6B44304E8C857257A4705E62ABEA6467
                            SHA-512:F5C2135FCD564E24EAA501667564926465513E295F7D761A77A447C6AC5708E976CDE4AF1280CAF755D72874C2B453E172E7A45E85C1885DD18B124A9DCC88FB
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=...\..\..\..$...\.4..\.4..\.4..\.4..\.})..\..7..\..\..\.m5..\.m5..\.m5...\.m5..\.Rich.\.........................PE..d...:.0a.........." ........."............................................................`.........................................`8..d....8.......`.......P...............p..(....2.............................. 2...............0..x............................text............................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\PIL\_webp.cp39-win_amd64.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):552960
                            Entropy (8bit):6.623912320972049
                            Encrypted:false
                            SSDEEP:12288:BBunuvz8JZxKjvFTfz3zvnXj/zXzvgSx3hXxfKKLOYE7m:Bf7kxKjtTfz3zvnXj/zXzvnKKSn7m
                            MD5:4E6EF44D9256AF503F06CB73B601E90A
                            SHA1:920B96DA9DE475A1592DC1BD44EF47224EE96E90
                            SHA-256:DA8D1327EF7F2040E439F9C52BC36C98C0E29FF0282912B9BD2EC825D8956712
                            SHA-512:11068C41E96657305F98352AAC97E923D0290F3C2A1628B9E840A7B8EC5574A2FA394F61C23F5F973B3F1A160BF7B1275DC5448F76D24636DD587B8D380B01D5
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|5...[...[...[..e....[.uZ...[..vZ...[.u^...[.u_...[.uX...[.ThZ...[...Z..[.Dt_..[.DtS...[.Dt[...[.Dt....[.DtY...[.Rich..[.........PE..d...9.0a.........." .................w....................................................`.............................................X....................p...K..................`................................................................................text...C........................... ..`.rdata...g.......h..................@..@.data....0...0......................@....pdata...K...p...L..................@..@_RDATA.. ............j..............@..@.rsrc................l..............@..@.reloc...............n..............@..B................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\VCRUNTIME140.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):97160
                            Entropy (8bit):6.422776154074499
                            Encrypted:false
                            SSDEEP:1536:yDHLG4SsAzAvadZw+1Hcx8uIYNUzUnHg4becbK/zJrCT:yDrfZ+jPYNznHg4becbK/Fr
                            MD5:11D9AC94E8CB17BD23DEA89F8E757F18
                            SHA1:D4FB80A512486821AD320C4FD67ABCAE63005158
                            SHA-256:E1D6F78A72836EA120BD27A33AE89CBDC3F3CA7D9D0231AAA3AAC91996D2FA4E
                            SHA-512:AA6AFD6BEA27F554E3646152D8C4F96F7BCAAA4933F8B7C04346E410F93F23CFA6D29362FD5D51CCBB8B6223E094CD89E351F072AD0517553703F5BF9DE28778
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Reputation:moderate, very likely benign file
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*..qn.."n.."n.."...#l.."g.."e.."n.."B.."<..#c.."<..#~.."<..#q.."<..#o.."<.g"o.."<..#o.."Richn.."................PE..d....(.`.........." .........`......p.....................................................`A.........................................B..4....J...............p..X....X...#..........h,..T............................,..8............................................text............................... ..`.rdata...@.......B..................@..@.data...@....`.......@..............@....pdata..X....p.......D..............@..@_RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_asyncio.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):65256
                            Entropy (8bit):5.947146092578557
                            Encrypted:false
                            SSDEEP:768:eKMg5KvjSGhtDwdt9psnqRTRWqJ7J8j+Ba36oWeU9MhI8YnsRjDG4yjK5ShHP:ejv+GbWpWmk6oWezhI8YnwVyjK5KP
                            MD5:3510357B9885A59B08FA557E3BAED3CE
                            SHA1:3C3289172FABB46CD4839532D7E41087F8FFEA29
                            SHA-256:3AD5F4BD4361DF0C077122A91D180DCF9B68B0249FC6B39EDDA5DD4ECE6F23F1
                            SHA-512:86AFB38825270F3A65240955432EBC85874EE3E44A1AED564E5160F79FB58162FE2B841DD6E542F942499CFE66C78A264CC3CD7CA13285DB0B6CA81D0ED7EC31
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}..}...}...}.......}......}......}......}......}..s....}.......}...}..D}..s....}..s....}..s....}..s....}..Rich.}..........PE..d...O>-a.........." .....`................................................... ......5X....`.............................................P.......d...................................@v..T............................v..8............p..0............................text....^.......`.................. ..`.rdata...J...p...L...d..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_bz2.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):86760
                            Entropy (8bit):6.4230860471078755
                            Encrypted:false
                            SSDEEP:1536:26r9z7HMjxuqMfXA5eogNEkqpltT88tOHiy387pI8MVJZyyD:26RzI7M45HkEkqpl68sHiy3GpI8MV1D
                            MD5:124678D21D4B747EC6F1E77357393DD6
                            SHA1:DBFB53C40D68EBA436934B01EBE4F8EE925E1F8E
                            SHA-256:9483C4853CA1DA3C5B2310DBDD3B835A44DF6066620278AA96B2E665C4B4E86B
                            SHA-512:2882779B88ED48AF1E27C2BC212DDC7E4187D26A28A90655CEF98DD44BC07CC93DA5BCE2442AF26D7825639590B1E2B78BF619D50736D67164726A342BE348FA
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G .>.A.m.A.m.A.m.9<m.A.mQ4.l.A.me.Rm.A.mQ4.l.A.mQ4.l.A.mQ4.l.A.m.4.l.A.m.*.l.A.m.A.mcA.m.4.l.A.m.4.l.A.m.4Pm.A.m.4.l.A.mRich.A.m........................PE..d...d>-a.........." .........f............................................................`..........................................'..H...X'.......`.......P..4....6.......p...... ...T...............................8...............@............................text............................... ..`.rdata..8C.......D..................@..@.data........@......................@....pdata..4....P....... ..............@..@.rsrc........`.......*..............@..@.reloc.......p.......4..............@..B........................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_cffi_backend.cp39-win_amd64.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):183296
                            Entropy (8bit):6.125308349765744
                            Encrypted:false
                            SSDEEP:3072:pkk6oUvIdnqoy81LPxECiORwqP7KcTHoSTL9KPMhwG6wdZVOmU:ik6+nq8LPaC/wqTKyHoSTL8PewTo7zU
                            MD5:51740B093592AF2FBEB5D675AF5EDC73
                            SHA1:5918E99A8C64C5ABB915E7A998136AB514B828F3
                            SHA-256:83ED202214D28D14125FDB760B7C6439F79C59C02BB3A39E7812F8D622C97ADA
                            SHA-512:877028A87653E4F46434F874018B400439456C9255DA7D5E8919579A0BD2DCDC11974710089A671B9D7AA651DDF670CCAACAB7612CE23876B44F13C73E4866F7
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........dK..7K..7K..7B.~7G..7...6I..7..*7O..7...6@..7...6C..7...6H..7...6O..7...6H..7K..7...7...6O..7B.x7J..7...6J..7...7J..7...6J..7RichK..7................PE..d.....`.........." .........Z......d........................................@............`.........................................P...h............ ..........T............0......@...............................`................................................text...c........................... ..`.rdata...t.......v..................@..@.data...(....0......................@....pdata..T...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_ctypes.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):126696
                            Entropy (8bit):5.92868304850829
                            Encrypted:false
                            SSDEEP:3072:7sO10M2JpWk4bwqTE72danzifrZewqVlI8BPak:Ii0Moqds2TfrZ5qV2k
                            MD5:7AB242D7C026DAD5E5837B4579BD4EDA
                            SHA1:B3FF01B8B3DA2B3A9C37BFFFAFC4FB9EE957CC0F
                            SHA-256:1548506345D220D68E9089B9A68B42A9D796141EB6236E600283951CB206EAA1
                            SHA-512:1DD09CF14C87F60B42E5E56D0104154513902C9BFA23EEF76A92F4A96C2356B2812DD6EEE5E9A74D5ED078ADE5F8F6D1F1B01961D7EFADFEBB543D71C2D31A30
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......XP...1a..1a..1a..I..1a.ND`..1a.NDd..1a.NDe..1a.NDb..1a..D`..1a..Ze..1a..Z`..1a..X`..1a..1`..1a..Dl..1a..Da..1a..D...1a..Dc..1a.Rich.1a.................PE..d...`>-a.........." .................^....................................................`.........................................@e.......e..........................................T........................... ...8............................................text............................... ..`.rdata..Bq.......r..................@..@.data...D?.......:...v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_decimal.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):273640
                            Entropy (8bit):6.530427115297591
                            Encrypted:false
                            SSDEEP:6144:IY4OuLMJ+KIndu0gDzld/hM4rmOliSOkM8jbs9qWMa3pLW1Ay/+FSTNrOJ:I2uwJ+9dCFl5Mom4r2
                            MD5:BB70FC3EB76B6801ED7228B6869017B2
                            SHA1:FE76CDF1D8EAB706A9E748404C09B8841F13D923
                            SHA-256:831E4CE99F469FA94567482444AF492891B7BF327853E92DD4BB2CE092021E74
                            SHA-512:0C17324718E803C861FC58C4584C8D1421E097F7EF4A23B247F9E2448C1460D2C67EAC3EF76DA02195A07E2D391A39F0DB1D4D8D3AC163CA488F05424E750944
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>..P..P..P.....P...Q..P...U..P...T..P...S..P.Q.Q..P...Q..P..Q...P.Q.S..P.Q.]..P.Q.P..P.Q...P.Q.R..P.Rich.P.................PE..d...S>-a.........." .........J......P........................................@...........`.........................................@...P............ ..........p,...........0..`...`...T...............................8...............(............................text...~........................... ..`.rdata..|...........................@..@.data...X*.......$..................@....pdata..p,..........................@..@.rsrc........ ......................@..@.reloc..`....0......................@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_hashlib.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):66280
                            Entropy (8bit):6.061691735957611
                            Encrypted:false
                            SSDEEP:768:Uyz+AYBOAMfR5UUtgx56xDzyDcp0syKZ8te7POCyhI8YIvDG4yU5hH97:NfrTgz2iW9it4OCyhI8YIJyUDl
                            MD5:AE32A39887D7516223C1E7FFDC3B6911
                            SHA1:94B9055C584DF9AFB291B3917FF3D972B3CD2492
                            SHA-256:7936413BC24307F01B90CAC2D2CC19F38264D396C1AB8EDA180ABBA2F77162EB
                            SHA-512:1F17AF61C917FE373F0A40F06CE2B42041447F9E314B2F003B9BD62DF87C121467D14CE3F8E778D3447C4869BF381C58600C1E11656EBDA6139E6196262AE17E
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J.................m.....\.......\.......\.......\.....................X......................................Rich............................PE..d...e>-a.........." .....d..........TC.......................................0......BR....`.............................................P.................................... ..........T...........................P...8............................................text....b.......d.................. ..`.rdata...S.......T...h..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_lzma.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):163048
                            Entropy (8bit):6.772117479364759
                            Encrypted:false
                            SSDEEP:3072:4aV4EP3esMbwjQneCJP8dTGDEiznfo9mNoXldfir3pI8D1WGZ:4aV4EP3nMKQZ+0DEUwYOXer3OGZ
                            MD5:A77C9A75ED7D9F455E896B8FB09B494C
                            SHA1:C85D30BF602D8671F6F446CDABA98DE99793E481
                            SHA-256:4797AAF192EB56B32CA4FEBD1FAD5BE9E01A24E42BF6AF2D04FCDF74C8D36FA5
                            SHA-512:4D6D93AA0347C49D3F683EE7BC91A3C570C60126C534060654891FAD0391321E09B292C9386FB99F6EA2C2ECA032889841FCE3CAB8957BB489760DAAC6F79E71
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h.h.h..u..h....h....h....h....h.+..h...h.h..h.+..h.+..h.+....h.+..h.Rich.h.................PE..d....>-a.........." .....|..........43....................................................`.........................................p7..L....7..x............`.......`..........4...x...T..............................8...............8............................text....z.......|.................. ..`.rdata..............................@..@.data........P.......4..............@....pdata.......`.......<..............@..@.rsrc................T..............@..@.reloc..4............^..............@..B........................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_multiprocessing.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):30440
                            Entropy (8bit):6.055312015115334
                            Encrypted:false
                            SSDEEP:768:jOc5AvxtFza4Cp7gcaxI8AtY6DG4yrhHO:zAv7la4Cp7gtxI8AtY+yRO
                            MD5:090756C9D9317A92830E81A0493A1767
                            SHA1:46BDDB440E049DC8294A6BECBD839239DF62E31A
                            SHA-256:A55C37779772A36BFB5811CC349DCDC2429EF1FBAB40FE4CFEA9D7FCD23173AB
                            SHA-512:19E7CDDE87E043BD8E6658FDD6E573BFE6D50F6975D974365A41B8657C46200212AB53BC2E88685EBB4D3B88EE66C0706E07D7D67F16006505F38263DC02AF12
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)"..HL..HL..HL..0...HL..=M..HL..=I..HL..=H..HL..=O..HL..=M..HL..#M..HL..HM..HL..=A..HL..=L..HL..=...HL..=N..HL.Rich.HL.........................PE..d...S>-a.........." ....."...:......T...............................................>W....`..........................................Q..`...0R..x............p.......Z...............C..T............................C..8............@...............................text...s .......".................. ..`.rdata..t....@.......&..............@..@.data...x....`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_overlapped.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):46312
                            Entropy (8bit):6.1227030013146075
                            Encrypted:false
                            SSDEEP:768:11zGue9C1WOcUanIvyOVoYjEe0PhXjx1wSS9c9I8tt2kDG4y64hHj:DqbxIvGhXjx6PS9I8tt2oy/j
                            MD5:22AC38D86314E8BC4A6F7932223F3594
                            SHA1:9582DC938C3CDA04628B14F1B2CC87F56796A2E6
                            SHA-256:FD9E9467E1353F9DC02143481085F2440F25286D0A4630AA8B1D8919CBB50B8F
                            SHA-512:F02A59BD75A8E8D16E12FDDEA0F902C9EC2331042FE97CC53D1F730AF61CFC75E6456728D68B65B2F3464ADE058EA31B08C1248410BA21378605AD534D42D27B
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I...'...'...'.......'..&...'.."...'..#...'..$...'...&...'...!...'...&...'...&...'...*...'...'...'.......'...%...'.Rich..'.................PE..d...U>-a.........." .....B...X......T................................................p....`......................................... ...X...x....................................... g..T............................g..8............`...............................text....A.......B.................. ..`.rdata...5...`...6...F..............@..@.data...p............|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_queue.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):29416
                            Entropy (8bit):6.116826137213694
                            Encrypted:false
                            SSDEEP:384:vYc3ZiJOXiUi3Q2hv6P6rglvby3njszCcglI8mUjDG4y8mcL5O8hHA:0OXQ3I6rgleAylI8mUjDG4yjAO8hHA
                            MD5:E64538868D97697D62862B52DF32D81B
                            SHA1:2279C5430032AD75338BAB3AA28EB554ECD4CD45
                            SHA-256:B0BD6330C525B4C64D036D29A3733582928E089D99909500E8564AE139459C5F
                            SHA-512:8544F5DF6D621A5FF2CA26DA65B49F57E19C60B4177A678A00A5FEB130BF0902F780B707845B5A4DD9F12DDB673B462F77190E71CBE358DB385941F0F38E4996
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q..}...}...}.......}......}......}......}......}..s....}.......}...}..}..s....}..s....}..s....}..s....}..Rich.}..........PE..d...U>-a.........." .........:............................................................`..........................................D..L...LD..d....p.......`..0....V..............03..T............................3..8............0..@............................text............................... ..`.rdata.......0......."..............@..@.data... ....P.......@..............@....pdata..0....`.......F..............@..@.rsrc........p.......J..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_socket.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):80616
                            Entropy (8bit):6.1247513577471215
                            Encrypted:false
                            SSDEEP:1536:NBM6HuD4Zb7hmyAM9/s+m+p+nUivSrpZZ3lI8BwDyjgs:YeBHAM9/sb+pYNSrb1lI8Bwps
                            MD5:4B2F1FAAB9E55A65AFA05F407C92CAB4
                            SHA1:1E5091B09FC0305CF29EC2E715088E7F46CCBBD4
                            SHA-256:241DB349093604AB25405402BA8C4212016657C7E6A10EDD3110ABEB1CC2E1BA
                            SHA-512:68070DB39CD14841BCD49DB1ACF19806B0AA4B4AC4C56518B3A3BADDAAC1CD533F0B3EF70A378F53D65C0D6C0F745A6102B63303EA7978C79F688C787EFE9CC3
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[...:...:...:...Bg..:...O...:...O..:...O..:...O...:..sO...:...Q...:...:..|:..sO...:..sO...:..sO...:..sO...:..Rich.:..........................PE..d...p>-a.........." .....z..........d(.......................................`.......~....`.............................................P...`........@.......0..t............P..........T...........................P...8............................................text....y.......z.................. ..`.rdata..Lz.......|...~..............@..@.data...(...........................@....pdata..t....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_ssl.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):155368
                            Entropy (8bit):5.923356278223323
                            Encrypted:false
                            SSDEEP:3072:d+WZiO1vJpfdaywIj2jmN109OV0hVEykq7SOH70NmHh4kwooSLteSdN1LpI8M7KY:deO1vJpfknIjd6VhVJ7S4DthN1LnY
                            MD5:6F52439450AD38BF940EEF2B662E4234
                            SHA1:3DEA643FAC7E10CAE16C6976982A626DD59FF64A
                            SHA-256:31C95AF04A76D3BADBDD3970D9B4C6B9A72278E69D0D850A4710F1D9A01618D7
                            SHA-512:FDD97E04F4A7B1814C2F904029DFB5CDFCD8A125FCE884DCD6FDB09FB8A691963192192F22CF4E9D79DD2598CF097A8764AEEC7A79E70A9795250C8EF0024474
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H.x&..x&..x&......x&...'..x&...#..x&..."..x&...%..x&.%.'..x&...'..x&...'..x&..x'..y&.%.+..x&.%.&..x&.%...x&.%.$..x&.Rich.x&.........................PE..d...{>-a.........." .........................................................p............`.............................................d............P.......@.......B.......`..........T...............................8............................................text............................... ..`.rdata..X...........................@..@.data... n.......h..................@....pdata.......@....... ..............@..@.rsrc........P.......*..............@..@.reloc.......`.......4..............@..B........................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_tkinter.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):65768
                            Entropy (8bit):6.087199215332494
                            Encrypted:false
                            SSDEEP:1536:r5HtIgzle5dDjPPex6hc10DyOS/hI8YS+y7q:r5+gzl81exFyDyOihI8YSlq
                            MD5:CEBD6A4F8E0F98E61F4E9FA89520C6B3
                            SHA1:F7726A7680C9968645B7B42BEF82A0F0B2AB13E6
                            SHA-256:CEA57BB0F8C71C526E8BF799C3B53264B2405ED954122498F92E29735DDE2901
                            SHA-512:907E2EB58143FBFB5F8F3A8E955A97AA78123F9AF84F5A03A2F03FDB810B476E6CB0AB29B6E1A99D33D11AAE2663A3C24F8832DC89F31FDE5813D96662182260
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L3...R.G.R.G.R.G.*.G.R.GZ'.F.R.GZ'.F.R.GZ'.F.R.GZ'.F.R.G.'.F.R.G.9.F.R.Gd:.F.R.G.R.G.R.G.'.F.R.G.'.F.R.G.'sG.R.G.'.F.R.GRich.R.G................PE..d...q>-a.........." .....z...l............................................... ......7H....`.........................................@...P.......................................$......T...........................0...8............................................text....x.......z.................. ..`.rdata...D.......F...~..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\_uuid.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):23784
                            Entropy (8bit):6.114269763513959
                            Encrypted:false
                            SSDEEP:384:rTcuByPxnS9essot0pzCs9pI8DwQDG4y8mavshHfei:rwS9ia0pp9pI8DwQDG4yj1hHfv
                            MD5:4B12242F880989CB909246C19616E82F
                            SHA1:DF1C6459959B040BABF21C2EC2EE765CE6103086
                            SHA-256:02E05C2DC07B699FB7E6178526D6F32127E8D9B7AED0720446D186824D4FD1DB
                            SHA-512:2B3DF39D886981FA123420C256A97CE075A4F7C6728A4F0E15615B9B7F3F0BAD6CBBF46C4D417AFA25AB8CDF50303A1209677827ED4877494CFAC8F6494D263E
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f<I."]'."]'."]'.+%.. ]'.p(&. ]'.p(".)]'.p(#.*]'.p($.!]'..(&. ]'.66&.']'."]&..]'..(/.#]'..('.#]'..(..#]'..(%.#]'.Rich"]'.........................PE..d...^>-a.........." .........*......t...............................................x.....`.........................................P:..L....:..x....p.......`..|....@..........<...L2..T............................2..8............0..p............................text............................... ..`.rdata..|....0......................@..@.data........P......................@....pdata..|....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..<............>..............@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info\INSTALLER

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):1.5
                            Encrypted:false
                            SSDEEP:3:Mn:M
                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                            Malicious:false
                            Preview:pip.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info\LICENSE

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1002
                            Entropy (8bit):5.178870450986544
                            Encrypted:false
                            SSDEEP:24:wy+rmJHcwH0MP3gt99QHOsUv4eOk4/+/m3oqMSFJ:9+aJ8YHvEnQHOs5exm3oEFJ
                            MD5:3590EB8D695BDCEA3BA57E74ADF8A4ED
                            SHA1:5B3C3863D521CF35E75E36A22E5EC4A80C93C528
                            SHA-256:6C194D6DB0C64D45535D10C95142B9B0CDA7B7DCC7F1DDEE302B3D536F3DBE46
                            SHA-512:405E4F136E282352DF9FC60C2CE126E26A344DD63F92AAB0E77DE60694BD155A13CF41C13E88C00FB95032A90526AD32C9E4B7D53CA352E03C3882ED648821F0
                            Malicious:false
                            Preview:Copyright (c) 2004 Istvan Albert unless otherwise noted..Copyright (c) 2006-2010 Bob Ippolito.Copyright (2) 2010-2020 Ronald Oussoren, et. al...Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS.IN THE SOFTWARE

                            C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info\METADATA

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7221
                            Entropy (8bit):4.9307261309791395
                            Encrypted:false
                            SSDEEP:96:D4fEqzwjaaYxmPktW13ieOGZND9wSNEd+KezAYx09zB5KENViyh5YZXc9Me6WEFl:hq08GZNtyui9KUQHDyKtZB
                            MD5:6CC13052FD94000C7D33837690FDC307
                            SHA1:8B0A3C095FB607F7C4B31313D4E24D1F54DDDCBE
                            SHA-256:177364F7304A48C8A2DE436BFC9BB8B22DF8FBE668B9DFD4307147B194FACADF
                            SHA-512:18D4FE8FEAFC5CB4609AAE5D62240CEC955D617036EA81AE46EE0E86D4CA6F6E4ACA29F0818DDF2CDD20E4FFD67B73028DFFB44D9F9BAC53DAB0EF8C66958E30
                            Malicious:false
                            Preview:Metadata-Version: 2.1.Name: altgraph.Version: 0.17.2.Summary: Python graph (network) package.Home-page: https://altgraph.readthedocs.io.Author: Ronald Oussoren.Author-email: ronaldoussoren@mac.com.Maintainer: Ronald Oussoren.Maintainer-email: ronaldoussoren@mac.com.License: MIT.Download-URL: http://pypi.python.org/pypi/altgraph.Keywords: graph.Platform: any.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Class

                            C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info\RECORD

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:CSV text
                            Category:dropped
                            Size (bytes):1459
                            Entropy (8bit):5.809001324595799
                            Encrypted:false
                            SSDEEP:24:1n/2zDihv5MYDoy1gFsllrIhikh39+SWo4bd4EUbR4w1+cWcRG2lkLnTcDsIKIC9:1nuXihyY0y1gWllriHh39+7oI4NbKw1q
                            MD5:BD7E4CF8E799631A192EBFE4E60D8DF4
                            SHA1:8810057CDC69994E5549D2FBAA84475CE1107BF3
                            SHA-256:3DE027C34C53316ABCE5C4D6D8BFD684B1B5B18494CA5517A7DF33E36F0F0ACD
                            SHA-512:21335793876F687B2505D81B2C3E6209A87AF76983BEBA1320DBC69669F32787A87947471967D38CCE24E228A9DEC19FBEE88246FB82C3C95CF42F36A30B10FA
                            Malicious:false
                            Preview:altgraph-0.17.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..altgraph-0.17.2.dist-info/LICENSE,sha256=bBlNbbDGTUVTXRDJUUK5sM2nt9zH8d3uMCs9U289vkY,1002..altgraph-0.17.2.dist-info/METADATA,sha256=F3Nk9zBKSMii3kNr_Ju4si34--Zoud_UMHFHsZT6yt8,7221..altgraph-0.17.2.dist-info/RECORD,,..altgraph-0.17.2.dist-info/WHEEL,sha256=Z-nyYpwrcSqxfdux5Mbn_DQ525iP7J2DG3JgGvOYyTQ,110..altgraph-0.17.2.dist-info/top_level.txt,sha256=HEBeRWf5ItVPc7Y9hW7hGlrLXZjPoL4by6CAhBV_BwA,9..altgraph-0.17.2.dist-info/zip-safe,sha256=AbpHGcgLb-kRsJGnwFEktk7uzpZOCcBY74-YBdrKVGs,1..altgraph/Dot.py,sha256=fHS-GozpcEKyWxW2v110JaFMS68iIc0oYFlFDuNQgOQ,9901..altgraph/Graph.py,sha256=6b6fSHLA5QSqMDnSHIO7_WJnBYIdq3K5Bt8VipRODwg,20788..altgraph/GraphAlgo.py,sha256=Uu9aTjSKWi38iQ_e9ZrwCnzQaI1WWFDhJ6kfmu0jxAA,5645..altgraph/GraphStat.py,sha256=vj3VqCOkzpAKggxVFLE_AlMIfPm1WN17DX4rbZjXAx4,1890..altgraph/GraphUtil.py,sha256=1T4DJc2bJn6EIU_Ct4m0oiKlXWkXvqcXE8CGL2K9en8,3990..altgraph/ObjectGraph.py,sha256=o7f

                            C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info\WHEEL

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):110
                            Entropy (8bit):4.816968543485036
                            Encrypted:false
                            SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCf7irO5S:RtBMwlViQWBBwt
                            MD5:5BBA2AABC4A5D75E954C7EDF9834DE0A
                            SHA1:407755EDC93510D5F7556ECDD1E7CB42F9357D8F
                            SHA-256:67E9F2629C2B712AB17DDBB1E4C6E7FC3439DB988FEC9D831B72601AF398C934
                            SHA-512:803B1181918FB2D93D2D2715D96E087E9333647C4A4A405D4FAD9DEDE0B77C8E3BCD5CAC7F3A426C60715202E2ECEBCD3EE9E066B2233A814A9A821D23BE88D0
                            Malicious:false
                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py2-none-any.Tag: py3-none-any..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info\top_level.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9
                            Entropy (8bit):2.94770277922009
                            Encrypted:false
                            SSDEEP:3:gRUEv:gee
                            MD5:BEB0CA64AA7DD6722F65930793F447D5
                            SHA1:9BBA1BCE17FB25BDC9E6AA7AD8077999422EFD86
                            SHA-256:1C405E4567F922D54F73B63D856EE11A5ACB5D98CFA0BE1BCBA08084157F0700
                            SHA-512:BC4C40BCC527A9E40A934B6B594278A89625C9142795582C223E227A2D6ECCEB3233F10AA790E87D44171207AC0FEAC09581BD63C71937F97BB8F07E8CC88F30
                            Malicious:false
                            Preview:altgraph.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\altgraph-0.17.2.dist-info\zip-safe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:v:v
                            MD5:68B329DA9893E34099C7D8AD5CB9C940
                            SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                            SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                            SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                            Malicious:false
                            Preview:.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\base_library.zip

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                            Category:dropped
                            Size (bytes):782710
                            Entropy (8bit):5.473640624574239
                            Encrypted:false
                            SSDEEP:12288:9iK736pJn3DyEdpHNPQcosQNRs54PK4ItgjkVwHLfVEXuJEiS/SCn:wK738OCQcosQNRs54PK4ItDVwHLfVEXb
                            MD5:C2C39A352A50E216E45A07748FB7F8C5
                            SHA1:402E720BE0212198CDFE659F3061795CAC169D7F
                            SHA-256:AB34FB921A79E9B635D5DD17F3C1B24456D07E4165DEFDB3C1D047EFF0EFDB48
                            SHA-512:FB44205528DAB11A33FEA4C60783D56ECD04F5C02076E9900DC99AF5089B56A65B5A8668E92B910479CEB7C822731887810E6E4292787FE7181DDB2060B197C3
                            Malicious:false
                            Preview:PK..........!.\..............._bootlocale.pyca.......C.O.o..v.....................@....x...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nHz.e.j...W.n2..e.yh......e.e.d...rZd.d.d...Z.n.d.d.d...Z.Y.n.0.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.J...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin..r....

                            C:\Users\user\AppData\Local\Temp\_MEI6002\certifi\cacert.pem

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):265969
                            Entropy (8bit):6.049676636264945
                            Encrypted:false
                            SSDEEP:6144:fW1H7M8f9Z0mNplX4XCRrcMFADwYCuMsligT/Q5MS/:fWN7vZLNLqCRrctb65Mi
                            MD5:EA4EE2AF66C4C57B8A275867E9DC07CD
                            SHA1:D904976736E6DB3C69C304E96172234078242331
                            SHA-256:FA883829EBB8CD2A602F9B21C1F85DE24CF47949D520BCEB1828B4CD1CB6906C
                            SHA-512:4114105F63E72B54E506D06168B102A9130263576200FB21532140C0E9936149259879AC30A8B78F15AE7CB0B59B043DB5154091312DA731AC16E67E6314C412
                            Malicious:false
                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                            C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info\INSTALLER

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):1.5
                            Encrypted:false
                            SSDEEP:3:Mn:M
                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                            Malicious:false
                            Preview:pip.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info\LICENSE

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1320
                            Entropy (8bit):4.935991038897493
                            Encrypted:false
                            SSDEEP:24:A/4y0e/M/YL+4JNOG0yPcgte01h/Y9QHY6sUv4fxHOk4/+n0p3oqiFw:00e0/YL3JNOGlPcENSQHY6s5fPOp3o5u
                            MD5:DF848F212D07F5BAFD416F76B3FB6F2A
                            SHA1:FAF3B19E6B98FEE291F08961E158D932309080A4
                            SHA-256:7AC11950E72DF5B45C51716A7B22E7BB34B324D67F065E2938152DD472C4815F
                            SHA-512:D2B298E07C012CA96CB8F16C875CCD55B23324DBF7670125A78F62E8AB32FAAD7EEAA363562B78BAF6D41F22EB156702B79B8EC4C06BFA56EAC9964F49935643
                            Malicious:false
                            Preview:..Except when otherwise stated (look for LICENSE files in directories or..information at the beginning of each file) all software and..documentation is licensed as follows: .... The MIT License.... Permission is hereby granted, free of charge, to any person .. obtaining a copy of this software and associated documentation .. files (the "Software"), to deal in the Software without .. restriction, including without limitation the rights to use, .. copy, modify, merge, publish, distribute, sublicense, and/or .. sell copies of the Software, and to permit persons to whom the .. Software is furnished to do so, subject to the following conditions:.... The above copyright notice and this permission notice shall be included .. in all copies or substantial portions of the Software..... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS .. OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, .. FITNESS FOR A PARTIC

                            C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info\METADATA

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1191
                            Entropy (8bit):4.889338490395058
                            Encrypted:false
                            SSDEEP:24:Dl1aZMQD9cXTHZftDZftOKW0ZftWZft2Zft2ZftDZftYZftRTZft90Zft7neZftm:Dl1aZMQsljwiaa6DYxLixsxHQ3MZQVh
                            MD5:C4A9FF8581D1FB2335ED843068329740
                            SHA1:DBEED00B6CE1A792298D95A0616E7AA3491F2728
                            SHA-256:88044FFF7FB38A35AEDB031318BC418CEBE12DAB976D76EE74C6EF09468F2AB2
                            SHA-512:9F50FC29239E3461DBC34D8F44DF7B36DE1DED876766FB4313386A22B88BFA59AEF422E6BBA4A41A64CFBB84A9418E86CFDFA17E7F2AE0487FB34FD251956948
                            Malicious:false
                            Preview:Metadata-Version: 2.1.Name: cffi.Version: 1.14.6.Summary: Foreign Function Interface for Python calling C code..Home-page: http://cffi.readthedocs.org.Author: Armin Rigo, Maciej Fijalkowski.Author-email: python-cffi@googlegroups.com.License: MIT.Platform: UNKNOWN.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 2.Classifier: Programming Language :: Python :: 2.6.Classifier: Programming Language :: Python :: 2.7.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.2.Classifier: Programming Language :: Python :: 3.3.Classifier: Programming Language :: Python :: 3.4.Classifier: Programming Language :: Python :: 3.5.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Classifier: License :: OSI Approved :: MIT License.Requires-Dist: pycparser...CFFI.====..Foreign Function

                            C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info\RECORD

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:CSV text
                            Category:dropped
                            Size (bytes):2884
                            Entropy (8bit):5.802676840504012
                            Encrypted:false
                            SSDEEP:48:gEDjnuXv6fp+EUpS2L2NlfQOk+bGDw/8u1XV+np0tv/bHHzsX4MFaV3Gu:gEmXINw4QU7/8u1XV+p8v/bnz2TFaV3V
                            MD5:DFDA70548C8E7FCAAD3F28514D14F0FC
                            SHA1:050540C3695509A89A86F79E693A8DCB3B02E78B
                            SHA-256:8FB73BA63A1660DD5C12B358BC9C95C509E3A08179CD3BAA4F92FD4B38C9624B
                            SHA-512:583448D628C6CE90D1D2BE70D1CDC6C8F52327BDB13ADFF5AA9B2533409B231E964C9D67BA39173B05FFD1331EFE52B29CC16D8A55453C45A7F19BF9F3BC8F61
                            Malicious:false
                            Preview:_cffi_backend.cp39-win_amd64.pyd,sha256=g-0gIhTSjRQSX9t2C3xkOfecWcArs6OeeBL41iLJeto,183296..cffi-1.14.6.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cffi-1.14.6.dist-info/LICENSE,sha256=esEZUOct9bRcUXFqeyLnuzSzJNZ_Bl4pOBUt1HLEgV8,1320..cffi-1.14.6.dist-info/METADATA,sha256=iARP_3-zijWu2wMTGLxBjOvhLauXbXbudMbvCUaPKrI,1191..cffi-1.14.6.dist-info/RECORD,,..cffi-1.14.6.dist-info/WHEEL,sha256=jr7ubY0Lkz_yXH9FfFe9PTtLhGOsf62dZkNvTYrJINE,100..cffi-1.14.6.dist-info/entry_points.txt,sha256=Q9f5C9IpjYxo0d2PK9eUcnkgxHc9pHWwjEMaANPKNCI,76..cffi-1.14.6.dist-info/top_level.txt,sha256=rE7WR3rZfNKxWI9-jn6hsHCAl7MDkB-FmuQbxWjFehQ,19..cffi/__init__.py,sha256=mPnPU823V2y9fzXsnm_A9UrnX9xQ1MbonbJLTlSIJY4,527..cffi/__pycache__/__init__.cpython-39.pyc,,..cffi/__pycache__/api.cpython-39.pyc,,..cffi/__pycache__/backend_ctypes.cpython-39.pyc,,..cffi/__pycache__/cffi_opcode.cpython-39.pyc,,..cffi/__pycache__/commontypes.cpython-39.pyc,,..cffi/__pycache__/cparser.cpython-39.pyc,,..cff

                            C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info\WHEEL

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):100
                            Entropy (8bit):5.060078225325273
                            Encrypted:false
                            SSDEEP:3:RtEeX7MWcSlViHoKKjP+tkKcgaD6EILn:RtBMwlViQWKzD6hLn
                            MD5:9574495B62F8ECE023A62695325B0AF0
                            SHA1:610ACE9701B5E3357BA1ACD8997E5AC14DB92823
                            SHA-256:8EBEEE6D8D0B933FF25C7F457C57BD3D3B4B8463AC7FAD9D66436F4D8AC920D1
                            SHA-512:D4A8F35BF4A1FCEB30C1DEB2225A76413B6FEAED9D41474E6BF674BE6B23821A5193FE119364257A94B7153E78E461C6F5E13A1489B7B4645B4A26BA36C99B14
                            Malicious:false
                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: false.Tag: cp39-cp39-win_amd64..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info\entry_points.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):76
                            Entropy (8bit):4.315453547119663
                            Encrypted:false
                            SSDEEP:3:+Mlc3yMnJpoDRQlY3HnJz:+MyyMnJpORQaJz
                            MD5:5ABE3588FDA16B05DF44A5C5ECCA34DF
                            SHA1:85585480C856EB45360935F59C8C24F519959F72
                            SHA-256:43D7F90BD2298D8C68D1DD8F2BD794727920C4773DA475B08C431A00D3CA3422
                            SHA-512:BDD2234096710840E7BC065994FF2A6AEBCB78EED43021802679405B189AB2A14230432134D39DE30F11F5F7EB167494042F7C732D63CC3E039376935948972E
                            Malicious:false
                            Preview:[distutils.setup_keywords].cffi_modules = cffi.setuptools_ext:cffi_modules..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\cffi-1.14.6.dist-info\top_level.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):19
                            Entropy (8bit):3.260828171224456
                            Encrypted:false
                            SSDEEP:3:xvcDQvn:x5n
                            MD5:67EA4A90C355E59A4EB7026E12E6AA43
                            SHA1:5A38C6F6B4BA1CF98F2377DB77F55A568089D94C
                            SHA-256:AC4ED6477AD97CD2B1588F7E8E7EA1B0708097B303901F859AE41BC568C57A14
                            SHA-512:D3FFAFF727C7B534E3DFB0FE8D93011C0B1AD5F4731F7B01B2247AF5A01ED52095234ADF046B6F843CB1A45692E55125F544848B5AE31923150185DB8DA63A0A
                            Malicious:false
                            Preview:_cffi_backend.cffi.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\libcrypto-1_1.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):3429624
                            Entropy (8bit):6.093870626224665
                            Encrypted:false
                            SSDEEP:49152:6uTKuk2i4IU6ixsOjPWJJrf129Pr1+leV6E3AH/vgpdbZ/NPL0asQa1CPwDv3uF3:6XH+n9Z+1obZ/10asv1CPwDv3uFfJLx
                            MD5:63C4F445B6998E63A1414F5765C18217
                            SHA1:8C1AC1B4290B122E62F706F7434517077974F40E
                            SHA-256:664C3E52F914E351BB8A66CE2465EE0D40ACAB1D2A6B3167AE6ACF6F1D1724D2
                            SHA-512:AA7BDB3C5BC8AEEFBAD70D785F2468ACBB88EF6E6CAC175DA765647030734453A2836F9658DC7CE33F6FFF0DE85CB701C825EF5C04018D79FA1953C8EF946AFD
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;.>y..P*..P*..P*v..*m.P*-.Q+}.P*-.U+t.P*-.T+w.P*-.S+{.P*k.Q+t.P*..Q*..P*).S+b.P*).T+..P*).P+~.P*).*~.P*).R+~.P*Rich..P*........PE..d.....'a.........." ......$...................................................4.......4...`.........................................@Q/..h....4.@....@4.|....@2......84......P4..O....,.8...........................P.,.8.............4..............................text...4.$.......$................. ..`.rdata..V.....$.......$.............@..@.data....z....1..,....1.............@....pdata.. ....@2.......1.............@..@.idata..^#....4..$....3.............@..@.00cfg..Q....04.......3.............@..@.rsrc...|....@4.......3.............@..@.reloc...x...P4..z....3.............@..B................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\libffi-7.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):32792
                            Entropy (8bit):6.3566777719925565
                            Encrypted:false
                            SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                            MD5:EEF7981412BE8EA459064D3090F4B3AA
                            SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                            SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                            SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\libssl-1_1.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):695032
                            Entropy (8bit):5.528361289023932
                            Encrypted:false
                            SSDEEP:12288:EwIGh2Hjnl6uk51iNXuAX7TBElV57sldbeMR29XxSNreSZYrRnU2lvzsT:Uk51iNZyMR+keSZ6U2lvzsT
                            MD5:BD857F444EBBF147A8FCD1215EFE79FC
                            SHA1:1550E0D241C27F41C63F197B1BD669591A20C15B
                            SHA-256:B7C0E42C1A60A2A062B899C8D4EBD0C50EF956177BA21785CE07C517C143AEAF
                            SHA-512:2B85C1521EDEADF7E118610D6546FAFBBAD43C288A7F0F9D38D97C4423A541DFAC686634CDE956812916830FBB4AAD8351A23D95CD490C4A5C0F628244D30F0A
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&v..G.^.G.^.G.^.?.^.G.^.2._.G.^.,._.G.^.2._.G.^.2._.G.^.2._.G.^.2._.G.^.G.^HF.^.2._.G.^.2._.G.^.2.^.G.^.2._.G.^Rich.G.^........................PE..d.....'a.........." .....8...L......<.....................................................`.........................................p+...N..HE..........s........K...~..........l.......8...............................8............0..H............................text....6.......8.................. ..`.rdata..z)...P...*...<..............@..@.data...QM.......D...f..............@....pdata...T.......V..................@..@.idata..PW...0...X..................@..@.00cfg..Q............X..............@..@.rsrc...s............Z..............@..@.reloc..]............b..............@..B................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyexpat.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):204008
                            Entropy (8bit):6.323651054294958
                            Encrypted:false
                            SSDEEP:6144:p+xM8Or2rtNSC77HnjHkiKyeRjqaLWv6m:0IrijeHEv3
                            MD5:801D35409FEC61CE6852E3540889C9C7
                            SHA1:A3C7E44433EBFEF5359D12B9AC2F64782CCFF3E9
                            SHA-256:AB0814B19FD6B10D2729A907CF449F8A858A42B3F1288FB1C93B62950059295D
                            SHA-512:D1F81469D1407B42C7AA207013C79D393ED8F598C9CF1F9D2BF3419FF82C2CD4817A5360D0AF963BFD45D28F8ADCEDEB54701D56B06F4C0F96DAA92DFEC755D0
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ab..%..J%..J%..J,{:J)..Jwv.K'..Jwv.K)..Jwv.K-..Jwv.K&..J.v.K'..J1h.K&..J%..JQ..J.v.K!..J.v.K$..J.vVJ$..J.v.K$..JRich%..J................PE..d...a>-a.........." ................d........................................0......@W....`.........................................0...P.................................... .......V..T............................V..8............@...............................text....,.......................... ..`.rdata..*....@.......2..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info\COPYING.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):30633
                            Entropy (8bit):4.688010115276433
                            Encrypted:false
                            SSDEEP:384:8JOtiIudxEUwi5rDL676yV12rPd34ZomzM2FR+qWi9vlKM1zJlFvmNz5VrlkTS0x:kOqv7FgixMFzMqd9TzJlFvAfxk1rt
                            MD5:752110777ECD9E72B16DF0E59C1E0019
                            SHA1:CB1BD57EC2694EE4ADFA1C544310A2505D513179
                            SHA-256:F724F1AFBA40A8CC374CBB3E20495BFE142B998B97D8F16F420FA307D2A4D402
                            SHA-512:D2358E17C2AFCFB813D50D841FD6B7ECCB4FD739D762BCBEF486E4F3F51949BB232DF54C6E8AAD5062F8D8B65B53E25298CD22E709B2767C193F084317234E96
                            Malicious:false
                            Preview:================================. The PyInstaller licensing terms.================================. ..Copyright (c) 2010-2021, PyInstaller Development Team.Copyright (c) 2005-2009, Giovanni Bajo.Based on previous work under copyright (c) 2002 McMillan Enterprises, Inc....PyInstaller is licensed under the terms of the GNU General Public License.as published by the Free Software Foundation; either version 2 of the License,.or (at your option) any later version....Bootloader Exception.--------------------..In addition to the permissions in the GNU General Public License, the.authors give you unlimited permission to link or embed compiled bootloader.and related files into combinations with other programs, and to distribute.those combinations without any restriction coming from the use of those.files. (The General Public License restrictions do apply in other respects;.for example, they cover modification of the files, and distribution when.not linked into a combined executable.). . .Bootlo

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info\INSTALLER

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):1.5
                            Encrypted:false
                            SSDEEP:3:Mn:M
                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                            Malicious:false
                            Preview:pip.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info\METADATA

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7075
                            Entropy (8bit):4.99295619306012
                            Encrypted:false
                            SSDEEP:192:tIc5PvuPyfOw2gOMiwMgbe+GXXp9oeU02zpWALn0:VGw2gdiDgbe5XfofzAALn0
                            MD5:7C2C65F6659E5E9BD790183B06F8D81F
                            SHA1:9539D59B3D5E28FAD6E42A8CF4AE445A1B064E81
                            SHA-256:628F500C10A4B88D5657F3356D7A57622BFB30196ED90A6DE6CDC32D01D01A32
                            SHA-512:8F6D78CCDC5F5B62FC9DD8D2AA732F3FC1F780FBF8F5241C78D5E368FE38B685F983F7AD2E171B8FA9932831E7495668B205FDA8D734FF5A20A52479C63CBEBB
                            Malicious:false
                            Preview:Metadata-Version: 2.1.Name: pyinstaller.Version: 4.5.1.Summary: PyInstaller bundles a Python application and all its dependencies into a single package..Home-page: http://www.pyinstaller.org/.Author: Hartmut Goebel, Giovanni Bajo, David Vierra, David Cortesi, Martin Zibricky.License: GPLv2-or-later with a special exception which allows to use PyInstaller to build and distribute non-free programs (including commercial ones).Keywords: packaging, app, apps, bundle, convert, standalone, executable,pyinstaller, cxfreeze, freeze, py2exe, py2app, bbfreeze.Platform: UNKNOWN.Classifier: Development Status :: 6 - Mature.Classifier: Environment :: Console.Classifier: Intended Audience :: Developers.Classifier: Intended Audience :: Other Audience.Classifier: Intended Audience :: System Administrators.Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2).Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: Mi

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info\RECORD

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:CSV text
                            Category:dropped
                            Size (bytes):54914
                            Entropy (8bit):5.5917030260823966
                            Encrypted:false
                            SSDEEP:384:s5xoZdH//O1JSojth0q0smCVCPDm/0hjktHgPH1dpRdmIY2k3Kyne5LGUzAcX+O:2Yohh0qfmXP/h8HgPb7kIY2AKgejduO
                            MD5:2B3BC676BAAC06E206F1F19B80B08FD4
                            SHA1:696258A5D4531A0DA3B8CBA23BDD295F177FEBF0
                            SHA-256:D49EA9747C2FD498B4A6D4D42570E4E5475109F81B9F273378A6D9E655458086
                            SHA-512:A330BD024FD3D744033AF9A37AABF61464C1A85E2C3D037C59CAF3C40736F225059C3D3490B39C8676E6E2E7D0856FB427AB686AC6C848EBCD21247D970B5801
                            Malicious:false
                            Preview:../../Scripts/pyi-archive_viewer.exe,sha256=tKcK9bgC2ziBvhL9f0Pq1IWKYiOTA8ucUkhuQIHySHA,106400..../../Scripts/pyi-bindepend.exe,sha256=Q1eCUp19csxlGmLpjhzxEFUZgmv6S4mfX0RWyizWWSw,106395..../../Scripts/pyi-grab_version.exe,sha256=YgwVtxSB29xAiHIvwkRQ1JVuaTjcs6wMZPhBSgyukHU,106398..../../Scripts/pyi-makespec.exe,sha256=UxwLldW8CK3QBvzX2I35UI1767MV1CFXt33h6VzRqV0,106394..../../Scripts/pyi-set_version.exe,sha256=rGFqOS3sPkVABRR-flDGREf5pTWHhZ8m2dkpIq_JA0k,106397..../../Scripts/pyinstaller.exe,sha256=2s9irSWVYNoA2XXVaz4HXER0oMqJF1VIRY6mm60w9NA,106379..PyInstaller/__init__.py,sha256=yUrIv4M4p-kB8-mZZVq3EFCzaxVdP4Q9J71WWsBaz7k,2853..PyInstaller/__main__.py,sha256=HnNlY8o5fwZtxAL1DEgXUmCu1n9gpe3UwCTBIfLdBJo,4595..PyInstaller/__pycache__/__init__.cpython-39.pyc,,..PyInstaller/__pycache__/__main__.cpython-39.pyc,,..PyInstaller/__pycache__/_recursion_to_deep_message.cpython-39.pyc,,..PyInstaller/__pycache__/_shared_with_waf.cpython-39.pyc,,..PyInstaller/__pycache__/compat.cpython-39.pyc,,..PyInst

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info\WHEEL

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):98
                            Entropy (8bit):4.942294805297369
                            Encrypted:false
                            SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5TLn:RtBMwlViQWBBULn
                            MD5:52B52F5F8068048B3EC56DBA1BCD8E4E
                            SHA1:6589459A6F7AEABDB7D18C155455B02833355CA7
                            SHA-256:D1F2D7058387A5BA30CA51FBA18BF08798A861B0A7F4A10AC5B4C01CBE51063F
                            SHA-512:98392FA9C5C54B3462D2CDD4A3146B364AD03BFB946BA17D6ACCEC50F6CF3576ED6F010E0944129F8E79780C40D4816B3A08D91F6021E31F67AD1DA0A83157BF
                            Malicious:false
                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-win_amd64..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info\entry_points.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):361
                            Entropy (8bit):4.532364994515823
                            Encrypted:false
                            SSDEEP:6:1VkKXL0DjyXLfUynXLEB85AQFXLHHVtAcRNnXLAX2OXFnXLLMMn:1qKXIyXLpXg4hX7VtdFXsX2OXFnXMM
                            MD5:E1773209C0AB0B0402725B5776B57AFF
                            SHA1:AC23E47ED2047EED17058116BE2E02D93B6EEF25
                            SHA-256:1EF5246366023F170942310D9E04650C4B666257FFA967A01B5FF0BFF27DF463
                            SHA-512:95DFC681D676A6D8F49CD8A65EA40B4A8C21BB62DB9075ABE3EB8B20EB5EC4D72C1E4C86DA0A94C5010156FB93BEC96DBD50E127091B7B559A91B6EB29BBB534
                            Malicious:false
                            Preview:[console_scripts].pyi-archive_viewer = PyInstaller.utils.cliutils.archive_viewer:run.pyi-bindepend = PyInstaller.utils.cliutils.bindepend:run.pyi-grab_version = PyInstaller.utils.cliutils.grab_version:run.pyi-makespec = PyInstaller.utils.cliutils.makespec:run.pyi-set_version = PyInstaller.utils.cliutils.set_version:run.pyinstaller = PyInstaller.__main__:run..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\pyinstaller-4.5.1.dist-info\top_level.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):12
                            Entropy (8bit):3.418295834054489
                            Encrypted:false
                            SSDEEP:3:rLWTXvn:f8Xvn
                            MD5:0A28E8E758F80C4B73AFD9DBEF9F96DD
                            SHA1:10072E4EC58C0E15D5A62FD256AC9D7BC6A28BCB
                            SHA-256:1AE466BD65C64D124D6262B989618E82536FE0BDDBCBB60A68488AC9C359E174
                            SHA-512:38D7A1B6198701708F90750C9D82390A150972FB898FC91C825FF6F6FE2A560B3BCC381A388BB7FE5DFAE63550BEC2A6A7CFED1390E620A5B2A559726C1439E5
                            Malicious:false
                            Preview:PyInstaller.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\python39.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):4488424
                            Entropy (8bit):6.438282060738091
                            Encrypted:false
                            SSDEEP:49152:yV2AZJ2D90f3gXG9Fo6fxOWzB/um/1S3pWiN9vXWYv4AvGi1r/onEHcPaRryThwk:ugD9cRVo3IkaeBmn3qCHDMo9wQ
                            MD5:7E9D14AA762A46BB5EBAC14FBAEAA238
                            SHA1:A5D90A7DF9B90BDD8A84D7DC5066E4EA64CEB3D9
                            SHA-256:E456EF44B261F895A01EFB52D26C7A0C7D7D465B647A7B5592708EBF693F12A3
                            SHA-512:280F16348DF1C0953BBC6F37FF277485351171D0545EBE469BACD106D907917F87584154AEC0F193F37322BC93AC5433CD9A5B5C7F47367176E5A8B19BBD5023
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................x..............g.....g.....g......g.....Rich...................PE..d...=>-a.........." .....X#...#......a.......................................@G......EE...`.........................................0.<.......=.|.....F......pD..0...`D.......F..u....$.T.............................$.8............p#.p............................text....W#......X#................. ..`.rdata...@...p#..B...\#.............@..@.data.........=.......=.............@....pdata...0...pD..2....A.............@..@.rsrc.........F.......C.............@..@.reloc...u....F..v....C.............@..B........................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\select.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):28904
                            Entropy (8bit):6.18939704919296
                            Encrypted:false
                            SSDEEP:768:3YyAU126JwhQHqJ8PzlI8mG6DG4yj4ZhH1K:T86WhQKJ8PzlI8mG+yjE1K
                            MD5:F8F5A047B98309D425FD06B3B41B16E4
                            SHA1:2A44819409199B47F11D5D022E6BB1D5D1E77AEA
                            SHA-256:5361DA714A61F99136737630D50FA4E975D76F5DE75E181AF73C5A23A2B49012
                            SHA-512:F0A96790FCDABF02B452F5C6B27604F5A10586B4BF759994E6D636CC55335026631FA302E209A53F5E454BEA03B958B6D662E0BE91FA64CE187A7DC5D35A9AA9
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f ...N...N...N.......N..rO...N..rK...N..rJ...N..rM...N..rO...N..lO...N...O...N..rC...N..rN...N..r....N..rL...N.Rich..N.........................PE..d...W>-a.........." ....."...4............................................................`.........................................@R..L....R..x............p..T....T..........D....B..T...........................0C..8............@..(............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data........`.......B..............@....pdata..T....p.......D..............@..@.rsrc................H..............@..@.reloc..D............R..............@..B................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info\INSTALLER

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):1.5
                            Encrypted:false
                            SSDEEP:3:Mn:M
                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                            Malicious:false
                            Preview:pip.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info\LICENSE

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1050
                            Entropy (8bit):5.072538194763298
                            Encrypted:false
                            SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                            MD5:7A7126E068206290F3FE9F8D6C713EA6
                            SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                            SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                            SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                            Malicious:false
                            Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW

                            C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info\METADATA

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4908
                            Entropy (8bit):5.0861617176323435
                            Encrypted:false
                            SSDEEP:96:DpsYyJAm4a113Nr1uCDIGSwMHodIDvVnddPnzQDiHNU4o7POX7FwTtPMk:dQdrMYIGSwMHodIDvBdBn77FwTJ
                            MD5:36BE36BE5EC1F5B5843A30038F034434
                            SHA1:B903344823DBD9176774D5EA17F8513C3C8CFF01
                            SHA-256:518DD6D71AC1743D85CE3CD8C692A58611340BC4A55DDEE4D0DF1C0921D613D5
                            SHA-512:509B79F3DD004A4C4B12CE16271CF89BD2AEAEBFA48F862922D650AF469F80599C305FE185B9AA6A7A129427A0BD293B085587624E4A7EA799393101B1B6E2C6
                            Malicious:false
                            Preview:Metadata-Version: 2.1.Name: setuptools.Version: 57.4.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.License: UNKNOWN.Project-URL: Documentation, https://setuptools.readthedocs.io/.Keywords: CPAN PyPI distutils eggs package management.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.6.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requires-Dist: sphinx ; extra == 'doc

                            C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info\RECORD

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:CSV text
                            Category:dropped
                            Size (bytes):23074
                            Entropy (8bit):5.583292444620482
                            Encrypted:false
                            SSDEEP:384:pJzrUuSogahtaPEkNcFEU2H4gcWmdcYctX6YruUtWD3y2jhZfP1zH9L1:pvx+FyUtMi2j7VH9L1
                            MD5:5E77770432402B1D23A7BF643665037E
                            SHA1:CA12200EBBD580A289437EFCB69180677A53771D
                            SHA-256:6018574D28C265E89C14C3BF47DA17E4A035A1E36DEF321280F7ED4EA0E29394
                            SHA-512:D3592EA0775BDE8783472C04E0C8385D983D3FE878DF3D5A905C329C4CD9761A17B2C6A5050CBFE1C6685FBC5D2F3A5BAA5B7532A9AC1DD9536795EA488917C6
                            Malicious:false
                            Preview:_distutils_hack/__init__.py,sha256=X3RUiA6KBPoEmco_CjACyltyQbFRGVUpZRAbSkPGwMs,3688.._distutils_hack/__pycache__/__init__.cpython-39.pyc,,.._distutils_hack/__pycache__/override.cpython-39.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=fqf_7z_ioRfuEsaO1lU2F_DX_S8FkCV8JcSElZo7c3M,152..pkg_resources/__init__.py,sha256=P3PNN3_m8JJrYMp-i-Sq-3rhK5vuViqqjn1UXKHfe7Q,108202..pkg_resources/__pycache__/__init__.cpython-39.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-39.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-39.pyc,,..pkg_resources/_vendor/__pycache__/pyparsing.cpython-39.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/packaging/__about__.py,sha256=PNMsaZn4UcCHyubgROH1bl6CluduPjI5kFrSp_Zgklo,736..pkg_resources/_vendor/packaging/__init__

                            C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info\WHEEL

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):92
                            Entropy (8bit):4.842566724466667
                            Encrypted:false
                            SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                            MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                            SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                            SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                            SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                            Malicious:false
                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info\entry_points.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2869
                            Entropy (8bit):4.534411891756618
                            Encrypted:false
                            SSDEEP:48:l9Zvy3g6yj+DsmnA540rZh2Phv4hhpTSeToq:xPAorZoP94hTTSecq
                            MD5:629278048EF5BF7880A43409D136981D
                            SHA1:04BC1062E0800A8570F1C81751B734E81FA9BBCB
                            SHA-256:96478968ADB5BE5B92DB2ECC7E63BFB5B2D88E1F2F6990E066CC33538243F608
                            SHA-512:31EB224235746AAFD44FEB872A5743FBED78F2B21317C81A31E5CFB076E67378518C32E09EB92DC5D52BB9863F322924B21F17A636EBDAA4AF027FE24D68D50F
                            Malicious:false
                            Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.setopt = setuptools.command.setopt:setopt.test = setuptools.command.test:test.upload_docs = setuptools.comman

                            C:\Users\user\AppData\Local\Temp\_MEI6002\setuptools-57.4.0.dist-info\top_level.txt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):41
                            Entropy (8bit):3.9115956018096876
                            Encrypted:false
                            SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                            MD5:789A691C859DEA4BB010D18728BAD148
                            SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                            SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                            SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                            Malicious:false
                            Preview:_distutils_hack.pkg_resources.setuptools.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl86t.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1705120
                            Entropy (8bit):6.496511987047776
                            Encrypted:false
                            SSDEEP:24576:umJTd0nVi/Md3bupZkKBhWPRIlq5YZ6a2CXH7oZgKGc+erWJUVWyubuapwQDlaTR:umJTd4iMwXH7oZgKb++BVL4B+GITgr0h
                            MD5:C0B23815701DBAE2A359CB8ADB9AE730
                            SHA1:5BE6736B645ED12E97B9462B77E5A43482673D90
                            SHA-256:F650D6BC321BCDA3FC3AC3DEC3AC4E473FB0B7B68B6C948581BCFC54653E6768
                            SHA-512:ED60384E95BE8EA5930994DB8527168F78573F8A277F8D21C089F0018CD3B9906DA764ED6FCC1BD4EFAD009557645E206FBB4E5BAEF9AB4B2E3C8BB5C3B5D725
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k)...GD..GD..GD.bFE..GD9..D..GD.bDE..GD.bBE..GD.bCE..GD.r.D..GD.jAE..GD.jFE..GD..FD..GD.bOE..GD.bGE..GD.b.D..GD.bEE..GDRich..GD........PE..d......\.........." .....d..........0h.......................................@.......b....`..........................................p..._......T.......0.... ............... .......<...............................=...............................................text....b.......d.................. ..`.rdata...k.......l...h..............@..@.data...."..........................@....pdata....... ......................@..@.rsrc...0...........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8\8.4\platform-1.0.14.tm

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10012
                            Entropy (8bit):4.988870027581882
                            Encrypted:false
                            SSDEEP:192:oM9irmCuZgxr31nvnaLAlgspxUth+PNkuQmYz6mh8029d2rPYVzXWamv:oM9irmCuixrxvispxUth+IzX29grPKzu
                            MD5:AAD7CE4027C713577DF2BC8D35406C13
                            SHA1:931262903B347F18AC1BE338524DB851B7AAE5BB
                            SHA-256:D4B3D9601454EA4828DFF3BE426C33FB845D005E98D2CC139DBB0D69CAD3168B
                            SHA-512:F54362286A3BCC4A421AC1687C6C1986C6575CF7233207D905EBE9217323612663728B8300D5660FC1F5A297BE7D2BFA770F8743C8D115533C3EA8BA5004BC36
                            Malicious:false
                            Preview:# -*- tcl -*-.# ### ### ### ######### ######### #########.## Overview..# Heuristics to assemble a platform identifier from publicly available.# information. The identifier describes the platform of the currently.# running tcl shell. This is a mixture of the runtime environment and.# of build-time properties of the executable itself..#.# Examples:.# <1> A tcl shell executing on a x86_64 processor, but having a.# wordsize of 4 was compiled for the x86 environment, i.e. 32.# bit, and loaded packages have to match that, and not the.# actual cpu..#.# <2> The hp/solaris 32/64 bit builds of the core cannot be.# distinguished by looking at tcl_platform. As packages have to.# match the 32/64 information we have to look in more places. In.# this case we inspect the executable itself (magic numbers,.# i.e. fileutil::magic::filetype)..#.# The basic information used comes out of the 'os' and 'machine'.# entries of the 'tcl_platform' array. A number of general and.# os/machine specific

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8\8.4\platform\shell-1.1.4.tm

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):5977
                            Entropy (8bit):4.79231401569641
                            Encrypted:false
                            SSDEEP:96:Wo05xaJIrnU0gEMydSv+lrnU0gEMPdSvfSrnUN4y1mP3jm5Q1/I+gYQ1KyHe36mV:Wo05xaJsnU0DMAK+5nU0DMFKfunUN4Oc
                            MD5:2A8B773513480EFA986D9CE061218348
                            SHA1:85763F378A68BA6A1EEE9887CDCF34C14D3AD5BF
                            SHA-256:2F812A0550716B88930174A8CA245698427CD286680C0968558AE269AB52440D
                            SHA-512:D3EC3891CC897A8ABB949EBA6A055D9283BA6E491E1CAEA132D894E7B3FD3B159E8226E0BBCDF369DB3F0E00AA1E0347E5B1838353E75B8AE114A83016010238
                            Malicious:false
                            Preview:.# -*- tcl -*-.# ### ### ### ######### ######### #########.## Overview..# Higher-level commands which invoke the functionality of this package.# for an arbitrary tcl shell (tclsh, wish, ...). This is required by a.# repository as while the tcl shell executing packages uses the same.# platform in general as a repository application there can be.# differences in detail (i.e. 32/64 bit builds)...# ### ### ### ######### ######### #########.## Requirements..package require platform.namespace eval ::platform::shell {}..# ### ### ### ######### ######### #########.## Implementation..# -- platform::shell::generic..proc ::platform::shell::generic {shell} {. # Argument is the path to a tcl shell... CHECK $shell. LOCATE base out.. set code {}. # Forget any pre-existing platform package, it might be in. # conflict with this one.. lappend code {package forget platform}. # Inject our platform package. lappend code [list source $base]. # Query and print the architectu

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8\8.5\msgcat-1.6.1.tm

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):33935
                            Entropy (8bit):4.898273709861797
                            Encrypted:false
                            SSDEEP:768:joWBAxonz0L7KILBk0U8Vl9NFljRFpGA1TrPiBDxDFP8sCNl:MWBAxgzY7KIL7j1NFl1Fp11/PiBVBksU
                            MD5:DB52847C625EA3290F81238595A915CD
                            SHA1:45A4ED9B74965E399430290BCDCD64ACA5D29159
                            SHA-256:4FDF70FDCEDEF97AA8BD82A02669B066B5DFE7630C92494A130FC7C627B52B55
                            SHA-512:5A8FB4ADA7B2EFBF1CADD10DBE4DC7EA7ACD101CB8FD0B80DAD42BE3ED8804FC8695C53E6AEEC088C2D4C3EE01AF97D148B836289DA6E4F9EE14432B923C7E40
                            Malicious:false
                            Preview:# msgcat.tcl --.#.#.This file defines various procedures which implement a.#.message catalog facility for Tcl programs. It should be.#.loaded with the command "package require msgcat"..#.# Copyright (c) 2010-2015 by Harald Oehlmann..# Copyright (c) 1998-2000 by Ajuba Solutions..# Copyright (c) 1998 by Mark Harrison..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...package require Tcl 8.5-.# When the version number changes, be sure to update the pkgIndex.tcl file,.# and the installation directory in the Makefiles..package provide msgcat 1.6.1..namespace eval msgcat {. namespace export mc mcexists mcload mclocale mcmax mcmset mcpreferences mcset\. mcunknown mcflset mcflmset mcloadedlocales mcforgetpackage\.. mcpackageconfig mcpackagelocale.. # Records the list of locales to search. variable Loclist {}.. # List of currently loaded locales. variable LoadedLocales {}.. # Rec

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8\8.5\tcltest-2.5.0.tm

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):101389
                            Entropy (8bit):4.78335748687105
                            Encrypted:false
                            SSDEEP:1536:r3UFHL/k3tqN0E7NkhtMcrQ3qoyX2/2rCmTMttfN/CrQnXcwIHmlDB/mizvB21J1:r3UdOAVfnPIHmlDFmiDB21cK/xasmhC
                            MD5:D34207F736FA9FC26785A4D87C867A44
                            SHA1:24E533DDD16C67E0D0B9ED303A40C9D90ABF3E80
                            SHA-256:3BFD9E06826C98490E22B00200488D06C1FE49E3B78E24E985ABC377B04021FE
                            SHA-512:1007E5812CBF7D907E33FD769FDC4E9A9D0E68852E91208F5C887A2A86849AF69A11CE4B00358059193A46D17F19C26A255A22C107D30433482A8A0CE7ED0D03
                            Malicious:false
                            Preview:# tcltest.tcl --.#.#.This file contains support code for the Tcl test suite. It.# defines the tcltest namespace and finds and defines the output.# directory, constraints available, output and error channels,.#.etc. used by Tcl tests. See the tcltest man page for more.#.details..#.# This design was based on the Tcl testing approach designed and.# initially implemented by Mary Ann May-Pumphrey of Sun.#.Microsystems..#.# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998-1999 by Scriptics Corporation..# Copyright (c) 2000 by Ajuba Solutions.# Contributions from Don Porter, NIST, 2002. (not subject to US copyright).# All rights reserved...package require Tcl 8.5-..;# -verbose line uses [info frame].namespace eval tcltest {.. # When the version number changes, be sure to update the pkgIndex.tcl file,. # and the install directory in the Makefiles. When the minor version. # changes (new feature) be sure to update the man page as well..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl8\8.6\http-2.9.0.tm

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):108619
                            Entropy (8bit):4.834993492587442
                            Encrypted:false
                            SSDEEP:1536:nFRYkDjVePrJwFR09W9JXvfM/2QXjjCV4ScA4MaLm1r:nF2wjVePrJyRpXv9+CV4S74rLg
                            MD5:E9C1DBACE852DE98ECC8906918C3167A
                            SHA1:A3CECEC2C8E67EB0BFCAA6E0DF8970440C29175F
                            SHA-256:D66A3E47106268C4FDE02F857EFDBBC9C44C9BFC6246B7678919F6DAD3C3B68D
                            SHA-512:C830CCA95D8EF2476BFD1B8AA8D0BBD8C557C44989D7398991716DE6F20C075A7FB321ABC0E48A1E5DDF8B4228444678D08761A5FA9D3C417CD58718235F0937
                            Malicious:false
                            Preview:# http.tcl --.#.#.Client-side HTTP for GET, POST, and HEAD commands. These routines can.#.be used in untrusted code that uses the Safesock security policy..#.These procedures use a callback interface to avoid using vwait, which.#.is not defined in the safe base..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...package require Tcl 8.6-.# Keep this in sync with pkgIndex.tcl and with the install directories in.# Makefiles.package provide http 2.9.0..namespace eval http {. # Allow resourcing to not clobber existing data.. variable http. if {![info exists http]} {..array set http {.. -accept */*.. -pipeline 1.. -postfresh 0.. -proxyhost {}.. -proxyport {}.. -proxyfilter http::ProxyRequired.. -repost 0.. -urlencoding utf-8.. -zip 1..}..# We need a useragent string of this style or various servers will..# refuse to send us compressed content even when we ask for it. This..#

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\auto.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):21148
                            Entropy (8bit):4.7268785966563405
                            Encrypted:false
                            SSDEEP:384:vyPcB5RJtAZ7SP9nYP9I5HU3mOuWzXBEWKYHEN+7yBtYSbI0QD+lM:AcB5RJtAFSPBYPN3mOuiVHEN+78YSbqT
                            MD5:5E9B3E874F8FBEAADEF3A004A1B291B5
                            SHA1:B356286005EFB4A3A46A1FDD53E4FCDC406569D0
                            SHA-256:F385515658832FEB75EE4DCE5BD53F7F67F2629077B7D049B86A730A49BD0840
                            SHA-512:482C555A0DA2E635FA6838A40377EEF547746B2907F53D77E9FFCE8063C1A24322D8FAA3421FC8D12FDCAFF831B517A65DAFB1CEA6F5EA010BDC18A441B38790
                            Malicious:false
                            Preview:# auto.tcl --.#.# utility procs formerly in init.tcl dealing with auto execution of commands.# and can be auto loaded themselves..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# auto_reset --.#.# Destroy all cached information for auto-loading and auto-execution, so that.# the information gets recomputed the next time it's needed. Also delete any.# commands that are listed in the auto-load index..#.# Arguments:.# None...proc auto_reset {} {. global auto_execs auto_index auto_path. if {[array exists auto_index]} {..foreach cmdName [array names auto_index] {.. set fqcn [namespace which $cmdName].. if {$fqcn eq ""} {...continue.. }.. rename $fqcn {}..}. }. unset -nocomplain auto_execs auto_index ::tcl::auto_oldpath. if {[catch {llength $auto_path}]} {..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\clock.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):128934
                            Entropy (8bit):5.001022641779315
                            Encrypted:false
                            SSDEEP:3072:6klVEuSDFeEzGtdaui+urVke5i1IsQ5SvtTImhrYnPrzAvtt2eyw7uZH/SOyQasa:yDFeEzMaui+urVke5i1R6SvtTImhrYPK
                            MD5:F1E825244CC9741595F47F4979E971A5
                            SHA1:7159DD873C567E10CADAF8638D986FFE11182A27
                            SHA-256:F0CF27CB4B5D9E3B5D7C84B008981C8957A0FF94671A52CC6355131E55DD59FB
                            SHA-512:468C881EB7CE92C91F28CAE2471507A76EF44091C1586DCD716309E3252ED00CCB847EC3296C1954CA6F965161664F7BB73F21A24B9FF5A86F625C0B67C74F67
                            Malicious:false
                            Preview:#----------------------------------------------------------------------.#.# clock.tcl --.#.#.This file implements the portions of the [clock] ensemble that are.#.coded in Tcl. Refer to the users' manual to see the description of.#.the [clock] command and its subcommands..#.#.#----------------------------------------------------------------------.#.# Copyright (c) 2004,2005,2006,2007 by Kevin B. Kenny.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.#----------------------------------------------------------------------..# We must have message catalogs that support the root locale, and we need.# access to the Registry on Windows systems...uplevel \#0 {. package require msgcat 1.6. if { $::tcl_platform(platform) eq {windows} } {..if { [catch { package require registry 1.1 }] } {.. namespace eval ::tcl::clock [list variable NoRegistry {}]..}. }.}..# Put the library directory into the namespace

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\ascii.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):2.009389929214244
                            Encrypted:false
                            SSDEEP:12:5TUvEESVrVJ/eyN9j233V2NdWTeVCT0VbsV7EV7sYnVAMmVZyg851VqxsGkl/:5TUmJvRju3ShVbsZiAMiZyb7PF
                            MD5:68D69C53B4A9F0AABD60646CA7E06DAE
                            SHA1:DD83333DC1C838BEB9102F063971CCC20CC4FD80
                            SHA-256:294C97175FD0894093B866E73548AE660AEED0C3CC1E73867EB66E52D34C0DD2
                            SHA-512:48960E838D30401173EA0DF8597BB5D9BC3A09ED2CFFCB774BA50CB0B2ACCF47AAD3BA2782B3D4A92BEF572CBD98A3F4109FC4344DB82EB207BFDE4F61094D72
                            Malicious:false
                            Preview:# Encoding file: ascii, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\big5.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):92873
                            Entropy (8bit):3.255311357682213
                            Encrypted:false
                            SSDEEP:768:3kkmY4kD7HGJxYXIdjQWTGzvKHBDViIM1sbh+dJE+FKw0sXlWVvDg21jj9:cGfKqIQCGzv8D7ksb2Ur79jj9
                            MD5:9E67816F304FA1A8E20D2270B3A53364
                            SHA1:9E35EBF3D5380E34B92FE2744124F9324B901DD3
                            SHA-256:465AE2D4880B8006B1476CD60FACF676875438244C1D93A7DBE4CDE1035E745F
                            SHA-512:EE529DA3511EB8D73465EB585561D54833C46B8C31062299B46F5B9EE7EB5BE473E630AA264F45B2806FC1B480C8ED39A173FF1756CB6401B363568E951F0637
                            Malicious:false
                            Preview:# Encoding file: big5, multi-byte.M.003F 0 89.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1250.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.286986942547087
                            Encrypted:false
                            SSDEEP:24:CqTUmJvRju3ShVbsZiAMiZyb7Ptuja5z8twsDO4yT2H:JgmOEVIwAMiw/Ptuja5z8RDtyT2H
                            MD5:79ACD9BD261A252D93C9D8DDC42B8DF6
                            SHA1:FA2271030DB9005D71FAAD60B44767955D5432DD
                            SHA-256:1B42DF7E7D6B0FEB17CB0BC8D97E6CE6899492306DD880C48A39D1A2F0279004
                            SHA-512:607F21A84AE569B19DF42463A56712D232CA192E1827E53F3ACB46D373EF4165A38FFBF116E28D4EAAEF49B08F6162C7A1C517CCE2DFACA71DA07193FEFFFF06
                            Malicious:false
                            Preview:# Encoding file: cp1250, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E2026202020210088203001602039015A0164017D0179.009020182019201C201D202220132014009821220161203A015B0165017E017A.00A002C702D8014100A4010400A600A700A800A9015E00AB00AC00AD00AE017B.00B000B102DB014200B400B500B600B700B80105015F00BB013D02DD013E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D00E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1251.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.288070862623515
                            Encrypted:false
                            SSDEEP:24:CTTUmJvRju3ShVbsZiAMiZyb7P4DRrwFsC/+H+SAJlM9aHe3cmx:wgmOEVIwAMiw/PStwFz/T5+smx
                            MD5:55FB20FB09C610DB38C22CF8ADD4F7B8
                            SHA1:604396D81FD2D90F5734FE6C3F283F8F19AABB64
                            SHA-256:2D1BED2422E131A140087FAF1B12B8A46F7DE3B6413BAE8BC395C06F0D70B9B0
                            SHA-512:07C6640BB40407C384BCF646CC436229AEC77C6398D57659B739DC4E180C81A1524F55A5A8F7B3F671A53320052AD888736383486CC01DFC317029079B17172E
                            Malicious:false
                            Preview:# Encoding file: cp1251, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.04020403201A0453201E20262020202120AC203004092039040A040C040B040F.045220182019201C201D202220132014009821220459203A045A045C045B045F.00A0040E045E040800A4049000A600A7040100A9040400AB00AC00AD00AE0407.00B000B104060456049100B500B600B704512116045400BB0458040504550457.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.043004310432043304340435043604370438043

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1252.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.2209074629945476
                            Encrypted:false
                            SSDEEP:24:C4TUmJvRju3ShVbsZiAMiZyb7PMmVurcNvPNNAkbnMH+tjg:rgmOEVIwAMiw/PMhrUok7zE
                            MD5:5900F51FD8B5FF75E65594EB7DD50533
                            SHA1:2E21300E0BC8A847D0423671B08D3C65761EE172
                            SHA-256:14DF3AE30E81E7620BE6BBB7A9E42083AF1AE04D94CF1203565F8A3C0542ACE0
                            SHA-512:EA0455FF4CD5C0D4AFB5E79B671565C2AEDE2857D534E1371F0C10C299C74CB4AD113D56025F58B8AE9E88E2862F0864A4836FED236F5730360B2223FDE479DC
                            Malicious:false
                            Preview:# Encoding file: cp1252, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D017D008F.009020182019201C201D20222013201402DC21220161203A0153009D017E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E800E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1253.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.3530146237761445
                            Encrypted:false
                            SSDEEP:24:CRTUmJvRju3ShVbsZiAMiZyb7PMuW24OrKUQQSqJWeIDmq:CgmOEVIwAMiw/PMuW2nKJQSqJWeI1
                            MD5:2E5F553D214B534EBA29A9FCEEC36F76
                            SHA1:8FF9A526A545D293829A679A2ECDD33AA6F9A90E
                            SHA-256:2174D94E1C1D5AD93717B9E8C20569ED95A8AF51B2D3AB2BCE99F1A887049C0E
                            SHA-512:44AB13C0D322171D5EE62946086058CF54963F91EC3F899F3A10D051F9828AC66D7E9F8055026E938DDD1B97A30D5D450B89D72F9113DEE2DBBB62DDBBBE456C
                            Malicious:false
                            Preview:# Encoding file: cp1253, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202100882030008A2039008C008D008E008F.009020182019201C201D20222013201400982122009A203A009C009D009E009F.00A00385038600A300A400A500A600A700A800A9000000AB00AC00AD00AE2015.00B000B100B200B3038400B500B600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B803B

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1254.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.2357714075228494
                            Encrypted:false
                            SSDEEP:24:CWTUmJvRju3ShVbsZiAMiZyb7PMSrcmvPNNAkKMH+tZL/M:lgmOEVIwAMiw/PMSrrokKzR0
                            MD5:35AD7A8FC0B80353D1C471F6792D3FD8
                            SHA1:484705A69596C9D813EA361625C3A45C6BB31228
                            SHA-256:BC4CBE4C99FD65ABEA45FBDAF28CC1D5C42119280125FBBD5C2C11892AE460B2
                            SHA-512:CCA3C6A4B826E0D86AC10E45FFC6E5001942AA1CF45B9E0229D56E06F2600DDA0139764F1222C56CF7A9C14E6E6C387F9AB265CB9B936E803FECD8285871C70F
                            Malicious:false
                            Preview:# Encoding file: cp1254, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030016020390152008D008E008F.009020182019201C201D20222013201402DC21220161203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E800E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1255.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.267336792625871
                            Encrypted:false
                            SSDEEP:24:CfTUmJvRju3ShVbsZiAMiZyb7PMI22iEePlNQhv6l50b:MgmOEVIwAMiw/PMI27EsQhvgg
                            MD5:0419DBEE405723E7A128A009DA06460D
                            SHA1:660DBE4583923CBDFFF6261B1FADF4349658579C
                            SHA-256:F8BD79AE5A90E5390D77DC31CB3065B0F93CB8813C9E67ACCEC72E2DB2027A08
                            SHA-512:FDD9F23A1B5ABBF973BEE28642A7F28F767557FE842AF0B30B1CF97CD258892F82E547392390A51900DC7FF5D56433549A5CB463779FC131E885B00568F86A32
                            Malicious:false
                            Preview:# Encoding file: cp1255, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A2039008C008D008E008F.009020182019201C201D20222013201402DC2122009A203A009C009D009E009F.00A000A100A200A320AA00A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE00BF.05B005B105B205B305B405B505B605B705B805B9000005BB05BC05BD05BE05BF.05C005C105C205C305F005F105F205F305F40000000000000000000000000000.05D005D105D205D305D405D505D605D705D805D

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1256.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.3332869352420795
                            Encrypted:false
                            SSDEEP:24:C0TUmJvRju3ShVbsZiAMiZyb7Ps0pPESLym/cwPm+ZMZjyco/fQIG/h:XgmOEVIwAMiw/Ps0FPLym/AsBfg/h
                            MD5:0FFA293AA50AD2795EAB7A063C4CCAE5
                            SHA1:38FEE39F44E14C3A219978F8B6E4DA548152CFD6
                            SHA-256:BBACEA81D4F7A3A7F3C036273A4534D31DBF8B6B5CCA2BCC4C00CB1593CF03D8
                            SHA-512:AB4A6176C8C477463A6CABD603528CEB98EF4A7FB9AA6A8659E1AA6FE3F88529DB9635D41649FBAD779AEB4413F9D8581E6CA078393A3042B468E8CAE0FA0780
                            Malicious:false
                            Preview:# Encoding file: cp1256, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC067E201A0192201E20262020202102C62030067920390152068606980688.06AF20182019201C201D20222013201406A921220691203A0153200C200D06BA.00A0060C00A200A300A400A500A600A700A800A906BE00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B9061B00BB00BC00BD00BE061F.06C1062106220623062406250626062706280629062A062B062C062D062E062F.063006310632063306340635063600D7063706380639063A0640064106420643.00E0064400E2064506460647064800E700E800E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1257.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.2734430397929604
                            Encrypted:false
                            SSDEEP:24:CNTUmJvRju3ShVbsZiAMiZyb7PtuWTfN641PaxUVG4da:ugmOEVIwAMiw/PtuWkgVfa
                            MD5:A1CCD70248FEA44C0EBB51FB71D45F92
                            SHA1:CC103C53B3BA1764714587EAEBD92CD1BC75194D
                            SHA-256:4151434A714FC82228677C39B07908C4E19952FC058E26E7C3EBAB7724CE0C77
                            SHA-512:74E4A13D65FAB11F205DB1E6D826B06DE421282F7461B273196FD7EECEE123EA0BD32711640B15B482C728966CC0C70FFC67AEDAD91566CA87CD623738E34726
                            Malicious:false
                            Preview:# Encoding file: cp1257, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0083201E20262020202100882030008A2039008C00A802C700B8.009020182019201C201D20222013201400982122009A203A009C00AF02DB009F.00A0000000A200A300A4000000A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B300B400B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010D00E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp1258.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.226508038800896
                            Encrypted:false
                            SSDEEP:24:CKlTUmJvRju3ShVbsZiAMiZyb7PMIX2jmvPNNXkohWiZo//:xgmOEVIwAMiw/PMIXXfkohnun
                            MD5:BB010BFF4DD16B05EEB6E33E5624767A
                            SHA1:6294E42ED22D75679FF1464FF41D43DB3B1824C2
                            SHA-256:0CDB59E255CCD7DCF4AF847C9B020AEAEE78CE7FCF5F214EBCF123328ACF9F24
                            SHA-512:2CD34F75DC61DC1495B0419059783A5579932F43DB9B125CADCB3838A142E0C1CD7B42DB71EF103E268206E31099D6BB0670E84D5658C0E18D0905057FF87182
                            Malicious:false
                            Preview:# Encoding file: cp1258, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC0081201A0192201E20262020202102C62030008A20390152008D008E008F.009020182019201C201D20222013201402DC2122009A203A0153009D009E0178.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C2010200C400C500C600C700C800C900CA00CB030000CD00CE00CF.011000D1030900D300D401A000D600D700D800D900DA00DB00DC01AF030300DF.00E000E100E2010300E400E500E600E700E800E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp437.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.447501009231115
                            Encrypted:false
                            SSDEEP:24:CFyTUmJvRju3ShVbsZiAMiZyb7P4jpuKBIrRjK8DvmH:wygmOEVIwAMiw/PYwjKgmH
                            MD5:8645C2DFCC4D5DAD2BCD53A180D83A2F
                            SHA1:3F725245C66050D39D9234BAACE9D047A3842944
                            SHA-256:D707A1F03514806E714F01CBFCB7C9F9973ACDC80C2D67BBD4E6F85223A50952
                            SHA-512:208717D7B1CBDD8A0B8B3BE1B6F85353B5A094BDC370E6B8396158453DD7DC400EE6C4D60490AD1A1F4C943E733298FC971AE30606D6BAB14FB1290B886C76D0
                            Malicious:false
                            Preview:# Encoding file: cp437, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp737.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.551534707521956
                            Encrypted:false
                            SSDEEP:24:CjTUmJvRju3ShVbsZiAMiZyb7P48KhQFhWeYDr1K8DZckbiY:WgmOEVIwAMiw/P9KhQFhWeY31Kk2Y
                            MD5:C68ADEFE02B77F6E6B5217CD83D46406
                            SHA1:C95EA4ED3FBEF013D810C0BFB193B15FA8ADE7B8
                            SHA-256:8BFCA34869B3F9A3B2FC71B02CBAC41512AF6D1F8AB17D2564E65320F88EDE10
                            SHA-512:5CCAACD8A9795D4FE0FD2AC6D3E33C10B0BCC43B29B45DFBA66FBD180163251890BB67B8185D806E4341EB01CB1CED6EA682077577CC9ED948FC094B099A662A
                            Malicious:false
                            Preview:# Encoding file: cp737, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.039103920393039403950396039703980399039A039B039C039D039E039F03A0.03A103A303A403A503A603A703A803A903B103B203B303B403B503B603B703B8.03B903BA03BB03BC03BD03BE03BF03C003C103C303C203C403C503C603C703C8.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03C903AC03AD03AE03CA03AF03CC03CD03CB03CE

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp775.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.3818286672990854
                            Encrypted:false
                            SSDEEP:24:CsOTUmJvRju3ShVbsZiAMiZyb7P4DBcqb67JnsUgqIPfJ:AgmOEVIwAMiw/PSzb67NsrLPR
                            MD5:DE1282E2925870A277AF9DE4C52FA457
                            SHA1:F4301A1340A160E1F282B5F98BF9FACBFA93B119
                            SHA-256:44FB04B5C72B584B6283A99B34789690C627B5083C5DF6E8B5B7AB2C68903C06
                            SHA-512:08173FC4E5FC9AA9BD1E296F299036E49C0333A876EA0BDF40BEC9F46120329A530B6AA57B32BC83C7AA5E6BD20DE9F616F4B17532EE54634B6799C31D8F668F
                            Malicious:false
                            Preview:# Encoding file: cp775, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.010600FC00E9010100E4012300E501070142011301560157012B017900C400C5.00C900E600C6014D00F6012200A2015A015B00D600DC00F800A300D800D700A4.0100012A00F3017B017C017A201D00A600A900AE00AC00BD00BC014100AB00BB.259125922593250225240104010C01180116256325512557255D012E01602510.25142534252C251C2500253C0172016A255A25542569256625602550256C017D.0105010D01190117012F01610173016B017E2518250C25882584258C25902580.00D300DF014C014300F500D500B5014401360137

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp850.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.301196372002172
                            Encrypted:false
                            SSDEEP:24:C9TUmJvRju3ShVbsZiAMiZyb7P4jpuKBc+mTRF5aefDT4HJ:EgmOEVIwAMiw/PYelF5xfn4p
                            MD5:FF3D96C0954843C7A78299FED6986D9E
                            SHA1:5EAD37788D124D4EE49EC4B8AA1CF6AAA9C2849C
                            SHA-256:55AA2D13B789B3125F5C9D0DC5B6E3A90D79426D3B7825DCD604F56D4C6E36A2
                            SHA-512:B76CD82F3204E17D54FB679615120564C53BBE27CC474101EE073EFA6572B50DB2E9C258B09C0F7EAE8AC445D469461364C81838C07D41B43E353107C06C247E
                            Malicious:false
                            Preview:# Encoding file: cp850, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D800D70192.00E100ED00F300FA00F100D100AA00BA00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00F000D000CA00CB00C8013100CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B500FE00DE00DA

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp852.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.3816687566591797
                            Encrypted:false
                            SSDEEP:24:CPTUmJvRju3ShVbsZiAMiZyb7P4OvEUs5ycHQjc59X/C:mgmOEVIwAMiw/Pkv5ycHQjc59Xa
                            MD5:25A59EA83B8E9F3322A54B138861E274
                            SHA1:904B357C30603DFBCF8A10A054D9399608B131DF
                            SHA-256:5266B6F18C3144CFADBCB7B1D27F0A7EAA1C641FD3B33905E42E4549FD373770
                            SHA-512:F7E41357849599E7BA1D47B9B2E615C3C2EF4D432978251418EBF9314AAEB0E1B0A56ED14ED9BA3BE46D3DABE5DD80E0CA6592AE88FB1923E7C3D90D7F846709
                            Malicious:false
                            Preview:# Encoding file: cp852, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E4016F010700E7014200EB0150015100EE017900C40106.00C90139013A00F400F6013D013E015A015B00D600DC01640165014100D7010D.00E100ED00F300FA01040105017D017E0118011900AC017A010C015F00AB00BB.2591259225932502252400C100C2011A015E256325512557255D017B017C2510.25142534252C251C2500253C01020103255A25542569256625602550256C00A4.01110110010E00CB010F014700CD00CE011B2518250C258825840162016E2580.00D300DF00D401430144014801600161015400DA

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp855.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.3580450853378596
                            Encrypted:false
                            SSDEEP:24:CoTUmJvRju3ShVbsZiAMiZyb7P4hHVLjwk6rMZCb32SLauDbr:hgmOEVIwAMiw/PM/wcMb3VuuT
                            MD5:0220F1955F01B676D2595C30DEFB6064
                            SHA1:F8BD4BF6D95F672CB61B8ECAB580A765BEBDAEA5
                            SHA-256:E3F071C63AC43AF66061506EF2C574C35F7BF48553FB5158AE41D9230C1A10DF
                            SHA-512:F7BFF7D6534C9BFDBF0FB0147E31E948F60E933E6DA6A39E8DC62CC55FEBDD6901240460D7B3C0991844CDEE7EB8ED26E5FDBBC12BDC9B8173884D8FCA123B69
                            Malicious:false
                            Preview:# Encoding file: cp855, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0452040204530403045104010454040404550405045604060457040704580408.04590409045A040A045B040B045C040C045E040E045F040F044E042E044A042A.0430041004310411044604260434041404350415044404240433041300AB00BB.259125922593250225240445042504380418256325512557255D043904192510.25142534252C251C2500253C043A041A255A25542569256625602550256C00A4.043B041B043C041C043D041D043E041E043F2518250C25882584041F044F2580.042F044004200441042104420422044304230436

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp857.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.2936796452153128
                            Encrypted:false
                            SSDEEP:24:CaTUmJvRju3ShVbsZiAMiZyb7P4jpu6u/5WH5aeoC4ljIJ:jgmOEVIwAMiw/Pr/UH5xp4l6
                            MD5:58C52199269A3BB52C3E4C20B5CE6093
                            SHA1:888499D9DFDF75C60C2770386A4500F35753CE70
                            SHA-256:E39985C6A238086B54427475519C9E0285750707DB521D1820E639723C01C36F
                            SHA-512:754667464C4675E8C8F2F88A9211411B3648068085A898D693B33BF3E1FAECC9676805FD2D1A4B19FAAB30E286236DCFB2FC0D498BF9ABD9A5E772B340CEE768
                            Malicious:false
                            Preview:# Encoding file: cp857, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE013100C400C5.00C900E600C600F400F600F200FB00F9013000D600DC00F800A300D8015E015F.00E100ED00F300FA00F100D1011E011F00BF00AE00AC00BD00BC00A100AB00BB.2591259225932502252400C100C200C000A9256325512557255D00A200A52510.25142534252C251C2500253C00E300C3255A25542569256625602550256C00A4.00BA00AA00CA00CB00C8000000CD00CE00CF2518250C2588258400A600CC2580.00D300DF00D400D200F500D500B5000000D700DA

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp860.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.438607583601603
                            Encrypted:false
                            SSDEEP:24:CMTUmJvRju3ShVbsZiAMiZyb7P4Aj4AxOt49+nK8DvmH:VgmOEVIwAMiw/PeR+snKgmH
                            MD5:8CA7C4737A18D5326E9A437D5ADC4A1A
                            SHA1:C6B1E9320EEF46FC9A23437C255E4085EA2980DB
                            SHA-256:6DB59139627D29ABD36F38ED2E0DE2A6B234A7D7E681C7DBAF8B888F1CAC49A5
                            SHA-512:2D2427E7A3FF18445321263A42C6DA560E0250691ACBE5113BDE363B36B5E9929003F3C91769A02FF720AB8261429CBFA9D9580C1065FFE77400327B1A5539A6
                            Malicious:false
                            Preview:# Encoding file: cp860, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E300E000C100E700EA00CA00E800CD00D400EC00C300C2.00C900C000C800F400F500F200DA00F900CC00D500DC00A200A300D920A700D3.00E100ED00F300FA00F100D100AA00BA00BF00D200AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp861.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.4494568686644276
                            Encrypted:false
                            SSDEEP:24:ClTUmJvRju3ShVbsZiAMiZyb7P4jpOkPn9R2GRK8DvmH:8gmOEVIwAMiw/PAPXvKgmH
                            MD5:45F0D888DBCB56703E8951C06CFAED51
                            SHA1:53529772EA6322B7949DB73EEBAED91E5A5BA3DA
                            SHA-256:A43A5B58BFC57BD723B12BBDEA9F6E1A921360B36D2D52C420F37299788442D3
                            SHA-512:61D0C361E1C7D67193409EC327568867D1FD0FE448D11F16A08638D3EE31BE95AD37B8A2E67B8FB448D09489AA3F5D65AD9AC18E9BDC690A049F0C015BA806F1
                            Malicious:false
                            Preview:# Encoding file: cp861, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800D000F000DE00C400C5.00C900E600C600F400F600FE00FB00DD00FD00D600DC00F800A300D820A70192.00E100ED00F300FA00C100CD00D300DA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp862.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.4900477558394694
                            Encrypted:false
                            SSDEEP:24:CdMTUmJvRju3ShVbsZiAMiZyb7P4N6rRjK8DvmH:iMgmOEVIwAMiw/PljKgmH
                            MD5:E417DCE52E8438BBE9AF8AD51A09F9E3
                            SHA1:EF273671D46815F22996EA632D22CC27EB8CA44B
                            SHA-256:AEA716D490C35439621A8F00CA7E4397EF1C70428E206C5036B7AF25F1C3D82F
                            SHA-512:97D65E05008D75BC56E162D51AB76888E1FA0591D9642D7C0D09A5CE823904B5D6C14214828577940EDBE7F0265ABACDD67E4E12FACFDF5C7CD35FA80B90EC02
                            Malicious:false
                            Preview:# Encoding file: cp862, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.05D005D105D205D305D405D505D605D705D805D905DA05DB05DC05DD05DE05DF.05E005E105E205E305E405E505E605E705E805E905EA00A200A300A520A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp863.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.450081751310228
                            Encrypted:false
                            SSDEEP:24:CXTUmJvRju3ShVbsZiAMiZyb7P4aGuXVsq5RNK8DvmH:egmOEVIwAMiw/PT3VswKgmH
                            MD5:A2C4062EB4F37C02A45B13BD08EC1120
                            SHA1:7F6ED89BD0D415C64D0B8A037F08A47FEADD14C4
                            SHA-256:13B5CB481E0216A8FC28BFA9D0F6B060CDF5C457B3E12435CA826EB2EF52B068
                            SHA-512:95EFDA8CBC5D52E178640A145859E95A780A8A25D2AF88F98E8FFFA035016CABAE2259D22B3D6A95316F64138B578934FAF4C3403E35C4B7D42E0369B5D88C9B
                            Malicious:false
                            Preview:# Encoding file: cp863, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200C200E000B600E700EA00EB00E800EF00EE201700C000A7.00C900C800CA00F400CB00CF00FB00F900A400D400DC00A200A300D900DB0192.00A600B400F300FA00A800B800B300AF00CE231000AC00BD00BC00BE00AB00BB.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp864.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.6558830653506647
                            Encrypted:false
                            SSDEEP:24:CwTUmJvRju3YhVbsZiAMiZyb7P46SY927iqtcYQjDUjSD:5gmOqVIwAMiw/PCXjcYQfcSD
                            MD5:3C88BF83DBA99F7B682120FBEEC57336
                            SHA1:E0CA400BAE0F66EEBE4DFE147C5A18DD3B00B78C
                            SHA-256:E87EC076F950FCD58189E362E1505DD55B0C8F4FA7DD1A9331C5C111D2CE569F
                            SHA-512:6BD65D0A05F57333DA0078759DB2FC629B56C47DAB24E231DE41AD0DF3D07BF7A2A55D1946A7BA38BE228D415FB2BDB606BF1EF243974ED7DFD204548B2A43BA
                            Malicious:false
                            Preview:# Encoding file: cp864, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00200021002200230024066A0026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00B000B72219221A259225002502253C2524252C251C25342510250C25142518.03B2221E03C600B100BD00BC224800AB00BBFEF7FEF8009B009CFEFBFEFC009F.00A000ADFE8200A300A4FE8400000000FE8EFE8FFE95FE99060CFE9DFEA1FEA5.0660066106620663066406650666066706680669FED1061BFEB1FEB5FEB9061F.00A2FE80FE81FE83FE85FECAFE8BFE8DFE91FE93FE97FE9BFE9FFEA3FEA7FEA9.FEABFEADFEAFFEB3FEB7FEBBFEBFFEC1FEC5FECBFECF00A600AC00F700D7FEC9.0640FED3FED7FEDBFEDFFEE3FEE7FEEBFEEDFEEF

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp865.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.451408971174579
                            Encrypted:false
                            SSDEEP:24:CsKTUmJvRju3ShVbsZiAMiZyb7P4jpuKBn9RUK8DvmH:ggmOEVIwAMiw/PYRXUKgmH
                            MD5:6F290E2C3B8A8EE38642C23674B18C71
                            SHA1:0EB40FEEB8A382530B69748E08BF513124232403
                            SHA-256:407FC0FE06D2A057E9BA0109EA9356CAB38F27756D135EF3B06A85705B616F50
                            SHA-512:A975F69360A28484A8A3B4C93590606B8F372A27EC612ECC2355C9B48E042DCE132E64411CF0B107AA5566CAF6954F6937BEBFE17A2AE79EFF25B67FA0F88B7D
                            Malicious:false
                            Preview:# Encoding file: cp865, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C700FC00E900E200E400E000E500E700EA00EB00E800EF00EE00EC00C400C5.00C900E600C600F400F600F200FB00F900FF00D600DC00F800A300D820A70192.00E100ED00F300FA00F100D100AA00BA00BF231000AC00BD00BC00A100AB00A4.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.03B100DF039303C003A303C300B503C403A60398

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp866.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.435639928335435
                            Encrypted:false
                            SSDEEP:24:CCTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aHe3cIK8D/eke:bgmOEVIwAMiw/Pr5+sIK8ev
                            MD5:C612610A7B63519BB7FEFEE26904DBB5
                            SHA1:431270939D3E479BF9B9A663D9E67FCEBA79416F
                            SHA-256:82633643CD326543915ACC5D28A634B5795274CD39974D3955E51D7330BA9338
                            SHA-512:A3B84402AB66B1332C150E9B931E75B401378DDB4378D993DD460C81909DB72F2D136F0BE7B014F0A907D9EF9BE541C8E0B42CAB01667C6EF17E1DE1E0A3D0AE
                            Malicious:false
                            Preview:# Encoding file: cp866, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.259125922593250225242561256225562555256325512557255D255C255B2510.25142534252C251C2500253C255E255F255A25542569256625602550256C2567.2568256425652559255825522553256B256A2518250C25882584258C25902580.0440044104420443044404450446044704480449

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp869.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.458262128093304
                            Encrypted:false
                            SSDEEP:24:CtTUmJvRju3ShVbsZiAMiZyb7P4UN+lhNo5+8dKfQFhWGDrjz9:EgmOEVIwAMiw/PxYNo5+8dKfQFhWG3jZ
                            MD5:51B18570775BCA6465BD338012C9099C
                            SHA1:E8149F333B1809DCCDE51CF8B6332103DDE7FC30
                            SHA-256:27F16E3DD02B2212C4980EA09BDC068CF01584A1B8BB91456C03FCABABE0931E
                            SHA-512:EB285F0E5A9333FFF0E3A6E9C7CAC9D44956EDF180A46D623989A93683BC70EE362256B58EB9AED3BFC6B5C8F5DB4E42540DFC681D51D22A97398CD18F76A1E1
                            Malicious:false
                            Preview:# Encoding file: cp869, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850386008700B700AC00A620182019038820150389.038A03AA038C00930094038E03AB00A9038F00B200B303AC00A303AD03AE03AF.03CA039003CC03CD039103920393039403950396039700BD0398039900AB00BB.25912592259325022524039A039B039C039D256325512557255D039E039F2510.25142534252C251C2500253C03A003A1255A25542569256625602550256C03A3.03A403A503A603A703A803A903B103B203B32518250C2588258403B403B52580.03B603B703B803B903BA03BB03BC03BD03BE03BF

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp874.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1090
                            Entropy (8bit):3.2660589395582478
                            Encrypted:false
                            SSDEEP:24:CSyTUmJvRju3ShVbsZiAMiZyb7PQXzHmED43U/TW5dV:CgmOEVIwAMiw/PIr43UKV
                            MD5:7884C95618EF4E9BAA1DED2707F48467
                            SHA1:DA057E1F93F75521A51CC725D47130F41E509E70
                            SHA-256:3E067363FC07662EBE52BA617C2AAD364920F2AF395B3416297400859ACD78BB
                            SHA-512:374AA659A8DB86C023187D02BD7993516CE0EC5B4C6743AD4956AA2DDB86D2B4A57B797253913E08E40485BF3263FBD1C74DDE2C00E6F228201811ED89A6DFF0
                            Malicious:false
                            Preview:# Encoding file: cp874, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC008100820083008420260086008700880089008A008B008C008D008E008F.009020182019201C201D20222013201400980099009A009B009C009D009E009F.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E49

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp932.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):48207
                            Entropy (8bit):3.450462303370557
                            Encrypted:false
                            SSDEEP:768:LhuW1PJnT9TO7RaQiPCLUKr7KBi9FrOLdtZ7RkEw:LZPV9KuqTxFGXZlQ
                            MD5:AA4398630883066C127AA902832C82E4
                            SHA1:D0B3DEB0EE6539CE5F28A51464BFBB3AA03F28E5
                            SHA-256:9D33DF6E1CFDD2CF2553F5E2758F457D710CAFF5F8C69968F2665ACCD6E9A6FD
                            SHA-512:77794E74B0E6B5855773EE9E1F3B1DA9DB7661D66485DAE6F61CA69F6DA9FD308A55B3A76C9B887135949C60FC3888E6F9A45C6BC481418737AA452A0D9CAE64
                            Malicious:false
                            Preview:# Encoding file: cp932, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp936.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):132509
                            Entropy (8bit):3.458586416034501
                            Encrypted:false
                            SSDEEP:1536:JUbXcUPivzybu9VBPbUQMp8nDr+VFQQHkrUkAEAd4WD7tH8dd1+a:muVDQEr2dhDBH8d3+a
                            MD5:27280A39A06496DE6035203A6DAE5365
                            SHA1:3B1D07B02AE7E3B40784871E17F36332834268E6
                            SHA-256:619330192984A80F93AC6F2E4E5EAA463FD3DDDC75C1F65F3975F33E0DD7A0BB
                            SHA-512:EA05CC8F9D6908EE2241E2A72374DAAD55797B5A487394B4C2384847C808AF091F980951941003039745372022DE88807F93EEF6CDB3898FBB300A48A09B66E8
                            Malicious:false
                            Preview:# Encoding file: cp936, multi-byte.M.003F 0 127.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.20AC000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp949.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):130423
                            Entropy (8bit):3.0309641114333425
                            Encrypted:false
                            SSDEEP:1536:fimT/rTarSdgL6MVTCwCWUw62Ljv10xb+KYTuHEh:ftT/IQYLzGxSdCy
                            MD5:6788B104D2297CBD8D010E2776AF6EBA
                            SHA1:904A8B7846D34521634C8C09013DBB1D31AF47CA
                            SHA-256:26BCB620472433962717712D04597A63264C8E444459432565C4C113DE0A240B
                            SHA-512:0DF73561B76159D0A94D16A2DAB22F2B3D88C67146A840CB74D19E70D50A4C7E4DDF1952B5B805471985A896CA9F1B69C3FC4E6D8D17454566D7D39377BA1394
                            Malicious:false
                            Preview:# Encoding file: cp949, multi-byte.M.003F 0 125.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\cp950.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):91831
                            Entropy (8bit):3.253346615914323
                            Encrypted:false
                            SSDEEP:768:VkkmY4kD7HGJxYXIdjQW7GzvKHBDViIM1sbh+dJE+FKw0sXlWVvDg21jjA:mGfKqIQwGzv8D7ksb2Ur79jjA
                            MD5:A0F8C115D46D02A5CE2B8C56AFF53235
                            SHA1:6605FCCB235A08F9032BB45231B1A6331764664B
                            SHA-256:1FB9A3D52D432EA2D6CD43927CEBF9F58F309A236E1B11D20FE8D5A5FB944E6E
                            SHA-512:124EA2134CF59585DB2C399B13DE67089A6BB5412D2B210DF484FA38B77555AAF0605D04F441BDC2B0BE0F180FA17C145731D7826DA7556A573D357CC00A968F
                            Malicious:false
                            Preview:# Encoding file: cp950, multi-byte.M.003F 0 88.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\dingbats.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1093
                            Entropy (8bit):3.7149721845090347
                            Encrypted:false
                            SSDEEP:24:vJM0UmJvRjuyfqYCsUBOdXBCbtwHviANskfUPiXFtoE4OSFgHrBPkq:vKfmOEqYCs6CXRPiANIiXFt9XSMdPH
                            MD5:7715CC78774FEA9EB588397D8221FA5B
                            SHA1:6A21D57B44A0856ABCDE61B1C16CB93F4E4C3D74
                            SHA-256:3BDE9AE7EAF9BE799C84B2AA4E80D78BE8ACBACA1E486F10B9BDD42E3AEDDCB2
                            SHA-512:C7500B9DD36F7C92C1A92B8F7BC507F6215B12C26C8CB4564A8A87299859C29C05DEFD3212DE8F2DB76B7DFAB527D6C7B10D1E9A9F6B682F1B5BC4911CFAD26C
                            Malicious:false
                            Preview:# Encoding file: dingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727A82

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\ebcdic.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1054
                            Entropy (8bit):2.92745681322567
                            Encrypted:false
                            SSDEEP:24:scICJZoBqoQzRKCGW5JyY9yZk3Vvd2p4Z4XgiAmV3q:JmqrRKCtEYYZk3V4WSwitV6
                            MD5:67212AAC036FE54C8D4CDCB2D03467A6
                            SHA1:465509C726C49680B02372501AF7A52F09AB7D55
                            SHA-256:17A7D45F3B82F2A42E1D36B13DB5CED077945A3E82700947CD1F803DD2A60DBF
                            SHA-512:9500685760800F5A31A755D582FCEDD8BB5692C27FEEEC2709D982C0B8FCB5238AFB310DCB817F9FE140086A8889B7C60D5D1017764CEB03CB388DD22C8E0B3E
                            Malicious:false
                            Preview:S.006F 0 1.00.0000000100020003008500090086007F0087008D008E000B000C000D000E000F.0010001100120013008F000A0008009700180019009C009D001C001D001E001F.0080008100820083008400920017001B00880089008A008B008C000500060007.0090009100160093009400950096000400980099009A009B00140015009E001A.002000A000E200E400E000E100E300E500E700F10060002E003C0028002B007C.002600E900EA00EB00E800ED00EE00EF00EC00DF00210024002A0029003B009F.002D002F00C200C400C000C100C300C500C700D1005E002C0025005F003E003F.00F800C900CA00CB00C800CD00CE00CF00CC00A8003A002300400027003D0022.00D800610062006300640065006600670068006900AB00BB00F000FD00FE00B1.00B0006A006B006C006D006E006F00700071007200AA00BA00E600B800C600A4.00B500AF0073007400750076007700780079007A00A100BF00D000DD00DE00AE.00A200A300A500B700A900A700B600BC00BD00BE00AC005B005C005D00B400D7.00F900410042004300440045004600470048004900AD00F400F600F200F300F5.00A6004A004B004C004D004E004F00500051005200B900FB00FC00DB00FA00FF.00D900F70053005400550056005700580059005A00B200D400D600D200D300D5.00300031003

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\euc-cn.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):85574
                            Entropy (8bit):2.3109636068522357
                            Encrypted:false
                            SSDEEP:384:SgOycCs6mBixg1k6y8NMSwR8JMvz6VaVZmASVHBtGtRfS7FXtQ/RSJj9fNLSmXn/:SdC4BmCkjSwAO6VIrahNrVNTSYG3Oln
                            MD5:9A60E5D1AB841DB3324D584F1B84F619
                            SHA1:BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
                            SHA-256:546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
                            SHA-512:E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
                            Malicious:false
                            Preview:# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\euc-jp.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):82537
                            Entropy (8bit):2.267779266005065
                            Encrypted:false
                            SSDEEP:384:c7C2o8+/s5VHxANqsFvGFkMpUEg4MWv947ebZ745zIPcvZ3p6JhE1mrUH2xUoSuL:U+UTHxAlFxkUeGcOmaj6JhEMrUwLf3d1
                            MD5:453626980EB36062E32D98ACECCCBD6E
                            SHA1:F8FCA3985009A2CDD397CB3BAE308AF05B0D7CAC
                            SHA-256:3BFB42C4D36D1763693AEFCE87F6277A11AD5A756D691DEDA804D9D0EDCB3093
                            SHA-512:0F026E1EF3AE1B08BBC7050DB0B181B349511F2A526D2121A6100C426674C0FB1AD6904A5CC11AA924B7F03E33F6971599BAF85C94528428F2E22DCB7D6FE443
                            Malicious:false
                            Preview:# Encoding file: euc-jp, multi-byte.M.003F 0 79.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D0000008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\euc-kr.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):93918
                            Entropy (8bit):2.3267174168729032
                            Encrypted:false
                            SSDEEP:768:1/W3oNwgt2qyVY1OVxk6ZN4KYDN1uq44hohExh:1/W3pqv10xb+KYTuHEh
                            MD5:93FEADA4D8A974E90E77F6EB8A9F24AB
                            SHA1:89CDA4FE6515C9C03551E4E1972FD478AF3A419C
                            SHA-256:1F1AD4C4079B33B706E948A735A8C3042F40CC68065C48C220D0F56FD048C33B
                            SHA-512:7FC43C273F8C2A34E7AD29375A36B6CAC539AC4C1CDCECFAF0B366DCFE605B5D924D09DAD23B2EE589B1A8A63EE0F7A0CE32CE74AC873369DE8555C9E27A5EDF
                            Malicious:false
                            Preview:# Encoding file: euc-kr, multi-byte.M.003F 0 90.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\gb12345.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):86619
                            Entropy (8bit):2.2972446758995697
                            Encrypted:false
                            SSDEEP:384:XSeUMIZQkyMiS4Y3fPOYo55XVi684z6WwQrrNoTRoyzDciB126afGG9whRJGAy/I:XhcQjSr3XeXVbmWdWd/zl5auG2hU/I
                            MD5:12DBEEF45546A01E041332427FEC7A51
                            SHA1:5C8E691AE3C13308820F4CF69206D765CFD5094B
                            SHA-256:0C0DF17BFECE897A1DA7765C822453B09866573028CECCED13E2EFEE02BCCCC4
                            SHA-512:FC8A250EE17D5E94A765AFCD9464ECAE74A4E2FF594A8632CEAEC5C84A3C4D26599642DA42E507B7873C37849D3E784CFB0792DE5B4B4262428619D7473FF611
                            Malicious:false
                            Preview:# Encoding file: gb12345, double-byte.D.233F 0 83.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\gb1988.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.1978221748141253
                            Encrypted:false
                            SSDEEP:24:qrmTUmJvRju36hVbsZiAMiZyb7PN8pUPnfk5JM0RHFj:qSgmO8VIwAMiw/PNPQPFj
                            MD5:06645FE6C135D2EDE313629D24782F98
                            SHA1:49C663AC26C1FE4F0FD1428C9EF27058AEE6CA95
                            SHA-256:A2717AE09E0CF2D566C245DC5C5889D326661B40DB0D5D9A6D95B8E6B0F0E753
                            SHA-512:DB544CFE58753B2CF8A5D65321A2B41155FE2430DB6783DD2F20E1244657482072633D16C8AC99765C113B60E99C8718263C483763A34C5E4BB04B4FFBA41976
                            Malicious:false
                            Preview:# Encoding file: gb1988, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.002000210022002300A500250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\gb2312-raw.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):84532
                            Entropy (8bit):2.3130049332819502
                            Encrypted:false
                            SSDEEP:384:KSevutIzbwixZ1J9vS+MReR8cMvwKVDAcmaj8HEtG0waFtFsKQ2RzIjTfYahm6n3:Kat+wmTJYReltKVMeYkXOjYo5tG3VN+
                            MD5:BF74C90D28E52DD99A01377A96F462E3
                            SHA1:DBA09C670F24D47B95D12D4BB9704391B81DDA9A
                            SHA-256:EC11BFD49C715CD89FB9D387A07CF54261E0F4A1CCEC1A810E02C7B38AD2F285
                            SHA-512:8F5A86BB57256ED2412F6454AF06C52FB44C83EB7B820C642CA9216E9DB31D6EC22965BF5CB9E8AE4492C77C1F48EB2387B1CBDC80F6CDA33FA57C57EC9FF9CD
                            Malicious:false
                            Preview:# Encoding file: gb2312, double-byte.D.233F 0 81.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300230FB02C902C700A8300330052015FF5E2225202620182019.201C201D3014301530083009300A300B300C300D300E300F3016301730103011.00B100D700F72236222722282211220F222A222922082237221A22A522252220.23122299222B222E2261224C2248223D221D2260226E226F22642265221E2235.22342642264000B0203220332103FF0400A4FFE0FFE1203000A7211626062605.25CB25CF25CE25C725C625A125A025B325B2203B219221902191219330130000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\gb2312.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):85574
                            Entropy (8bit):2.3109636068522357
                            Encrypted:false
                            SSDEEP:384:SgOycCs6mBixg1k6y8NMSwR8JMvz6VaVZmASVHBtGtRfS7FXtQ/RSJj9fNLSmXn/:SdC4BmCkjSwAO6VIrahNrVNTSYG3Oln
                            MD5:9A60E5D1AB841DB3324D584F1B84F619
                            SHA1:BCCC899015B688D5C426BC791C2FCDE3A03A3EB5
                            SHA-256:546392237F47D71CEE1DAA1AAE287D94D93216A1FABD648B50F59DDCE7E8AE35
                            SHA-512:E9F42B65A8DFB157D1D3336A94A83D372227BAA10A82EB0C6B6FB5601AA352A576FA3CDFD71EDF74A2285ABCA3B1D3172BB4B393C05B3B4AB141AAF04B10F426
                            Malicious:false
                            Preview:# Encoding file: euc-cn, multi-byte.M.003F 0 82.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso2022-jp.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):192
                            Entropy (8bit):4.915818681498601
                            Encrypted:false
                            SSDEEP:3:SOd5MNXVSVLqRIBXSl1AEXMV/RRDfANDemSjs5dqcRcRZMvs5BCUNZ:SVNFS01K+MtkvSjwqd9NZ
                            MD5:224219C864280FA5FB313ADBC654E37D
                            SHA1:39E20B41CFA8B269377AFA06F9C4D66EDD946ACB
                            SHA-256:E12928E8B5754D49D0D3E799135DE2B480BA84B5DBAA0E350D9846FA67F943EC
                            SHA-512:6E390D83B67E2FD5BCAC1BA603A9C6F8BE071FA64021612CE5F8EE33FD8E3840A8C31A7B00134A0039E46BDC66BEF7EB6EA1F8663BA72816B86AF792EF7BDC56
                            Malicious:false
                            Preview:# Encoding file: iso2022-jp, escape-driven.E.name..iso2022-jp.init..{}.final..{}.ascii..\x1b(B.jis0201..\x1b(J.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso2022-kr.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):115
                            Entropy (8bit):4.945508829557185
                            Encrypted:false
                            SSDEEP:3:SOd5MNXVTEXIBXSl1AEXNELmUHhqQc6XfUNOvn:SVNFS1K+9Qc6sNA
                            MD5:F6464F7C5E3F642BC3564D59B888C986
                            SHA1:94C5F39256366ABB68CD67E3025F177F54ECD39D
                            SHA-256:6AC0F1845A56A1A537B9A6D9BCB724DDDF3D3A5E61879AE925931B1C0534FBB7
                            SHA-512:B9A7E0A9344D8E883D44D1A975A7C3B966499D34BA6206B15C90250F88A8FA422029CEF190023C4E4BE806791AC3BEA87FD8872B47185B0CE0F9ED9C38C41A84
                            Malicious:false
                            Preview:# Encoding file: iso2022-kr, escape-driven.E.name..iso2022-kr.init..\x1b$)C.final..{}.iso8859-1.\x0f.ksc5601..\x0e.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso2022.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):226
                            Entropy (8bit):4.925633473589168
                            Encrypted:false
                            SSDEEP:3:SOd5MNXVUW+IBXSl1AEXM56DfqQc6WHmSjs5dReQSXcRcRZMvs5BCUNxXeR5IHRv:SVNFUX1K+M55Qc6WGSjwRDSXd9NGIHRv
                            MD5:745464FF8692E3C3D8EBBA38D23538C8
                            SHA1:9D6F077598A5A86E6EB6A4EEC14810BF525FBD89
                            SHA-256:753DDA518A7E9F6DC0309721B1FAAE58C9661F545801DA9F04728391F70BE2D0
                            SHA-512:E919677CC96DEF4C75126A173AF6C229428731AB091CDDBB2A6CE4EB82BCD8191CE64A33B418057A15E094A48E846BEE7820619E414E7D90EDA6E2B66923DDA5
                            Malicious:false
                            Preview:# Encoding file: iso2022, escape-driven.E.name..iso2022.init..{}.final..{}.iso8859-1.\x1b(B.jis0201..\x1b(J.gb1988..\x1b(T.jis0208..\x1b$B.jis0208..\x1b$@.jis0212..\x1b$(D.gb2312..\x1b$A.ksc5601..\x1b$(C.jis0208..\x1b&@\x1b$B.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-1.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):3.163043970763833
                            Encrypted:false
                            SSDEEP:24:iyTUmJvRju3ShVbsZiAMiZyb7P4UPvvPNNAkbnMH+tjg:iygmOEVIwAMiw/PTvok7zE
                            MD5:E3BAE26F5D3D9A4ADCF5AE7D30F4EC38
                            SHA1:A71B6380EA3D23DC0DE11D3B8CEA86A4C8063D47
                            SHA-256:754EF6BF3A564228AB0B56DDE391521DCC1A6C83CFB95D4B761141E71D2E8E87
                            SHA-512:AFED8F5FE02A9A30987736F08B47F1C19339B5410D6020CC7EA37EA0D717A70AF6CDDC775F53CE261FCF215B579206E56458D61AB4CEB44E060BD6B3AC2F4C41
                            Malicious:false
                            Preview:# Encoding file: iso8859-1, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E8

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-10.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.2483197762497458
                            Encrypted:false
                            SSDEEP:24:jTUmJvRju3ShVbsZiAMiZyb7P4UP6L2yhBKyta:jgmOEVIwAMiw/PT6L2Ryta
                            MD5:162E76BD187CB54A5C9F0B72A082C668
                            SHA1:CEC787C4DE78F9DBB97B9C44070CF2C12A2468F7
                            SHA-256:79F6470D9BEBD30832B3A9CA59CD1FDCA28C5BE6373BD01D949EEE1BA51AA7A8
                            SHA-512:ADDBCA6E296286220FFF449D3E34E5267528627AFFF1FCBD2B9AC050A068D116452D70308049D88208FB7CB2C2F7582FCF1703CF22CFC125F2E6FA89B8A653FE
                            Malicious:false
                            Preview:# Encoding file: iso8859-10, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010401120122012A0128013600A7013B011001600166017D00AD016A014A.00B0010501130123012B0129013700B7013C011101610167017E2015016B014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE00CF.00D00145014C00D300D400D500D6016800D8017200DA00DB00DC00DD00DE00DF.010100E100E200E300E400E500E6012F010

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-13.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.267798724121087
                            Encrypted:false
                            SSDEEP:24:olTUmJvRju3ShVbsZiAMiZyb7P4UP1w4LaxUVG4dT:olgmOEVIwAMiw/PT+4VfT
                            MD5:BF3993877A45AC7091CFC81CFD4A4D43
                            SHA1:D462934A074EE13F2C810463FD061084953F77BC
                            SHA-256:33C6072A006BA4E9513D7B7FD3D08B1C745CA1079B6D796C36B2A5AE8E4AE02B
                            SHA-512:17489E6AD6A898628239EA1B43B4BE81ECC33608F0FD3F7F0E19CF74F7FC4752813C3C21F1DC73E9CC8765E23C63ED932799905381431DAF4E10A88EC29EBF6E
                            Malicious:false
                            Preview:# Encoding file: iso8859-13, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0201D00A200A300A4201E00A600A700D800A9015600AB00AC00AD00AE00C6.00B000B100B200B3201C00B500B600B700F800B9015700BB00BC00BD00BE00E6.0104012E0100010600C400C501180112010C00C90179011601220136012A013B.01600143014500D3014C00D500D600D701720141015A016A00DC017B017D00DF.0105012F0101010700E400E501190113010

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-14.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.296489289648924
                            Encrypted:false
                            SSDEEP:24:vTUmJvRju3ShVbsZiAMiZyb7P4UPt6C5AkE7MH+tZS4Y:vgmOEVIwAMiw/PTAQAkCzsP
                            MD5:3BE4986264587BEC738CC46EBB43D698
                            SHA1:62C253AA7A868CE32589868FAB37336542457A96
                            SHA-256:8D737283289BAF8C08EF1DD7E47A6C775DACE480419C5E2A92D6C0E85BB5B381
                            SHA-512:CB9079265E47EF9672EAACFCE474E4D6771C6F61394F29CC59C9BBE7C99AE89A0EACD73F2BCDD8374C4E03BE9B1685F463F029E35C4070DF9D1B143B02CAD573
                            Malicious:false
                            Preview:# Encoding file: iso8859-14, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A01E021E0300A3010A010B1E0A00A71E8000A91E821E0B1EF200AD00AE0178.1E1E1E1F012001211E401E4100B61E561E811E571E831E601EF31E841E851E61.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.017400D100D200D300D400D500D61E6A00D800D900DA00DB00DC00DD017600DF.00E000E100E200E300E400E500E600E700E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-15.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.1878838020538374
                            Encrypted:false
                            SSDEEP:24:mTUmJvRju3ShVbsZiAMiZyb7P4UPvRarkbnMH+tjg:mgmOEVIwAMiw/PTvqk7zE
                            MD5:6AE49F4E916B02EB7EDB160F88B5A27F
                            SHA1:49F7A42889FB8A0D78C80067BDE18094DBE956EE
                            SHA-256:C7B0377F30E42048492E4710FE5A0A54FA9865395B8A6748F7DAC53B901284F9
                            SHA-512:397E636F4B95522FD3909B4546A1B7E31E92388DAE4F9F6B638875449E3498B49320F4C4A47168C7ADD43C78EF5680CAAEE40661DDC8205687532D994133EA3B
                            Malicious:false
                            Preview:# Encoding file: iso8859-15, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A320AC00A5016000A7016100A900AA00AB00AC00AD00AE00AF.00B000B100B200B3017D00B500B600B7017E00B900BA00BB01520153017800BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.00D000D100D200D300D400D500D600D700D800D900DA00DB00DC00DD00DE00DF.00E000E100E200E300E400E500E600E700E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-16.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.2349228762697972
                            Encrypted:false
                            SSDEEP:24:dTUmJvRju3ShVbsZiAMiZyb7P4UP/SlTPkyTtZVc:dgmOEVIwAMiw/PTqFPkypXc
                            MD5:D30094CAEFA5C4A332159829C6CB7FEC
                            SHA1:50FDA6C70A133CB64CF38AA4B2F313B54D2FD955
                            SHA-256:C40CA014B88F97AE62AE1A816C5963B1ED432A77D84D89C3A764BA15C8A23708
                            SHA-512:6EDD6912053D810D1E2B0698494D26E119EF1BF3FABC2FBFBA44551792800FA0CF163773E4F37F908C2DE41F05D6F17153656623A6D4681BE74EB253D9163422
                            Malicious:false
                            Preview:# Encoding file: iso8859-16, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040105014120AC201E016000A7016100A9021800AB017900AD017A017B.00B000B1010C0142017D201D00B600B7017E010D021900BB015201530178017C.00C000C100C2010200C4010600C600C700C800C900CA00CB00CC00CD00CE00CF.0110014300D200D300D4015000D6015A017000D900DA00DB00DC0118021A00DF.00E000E100E2010300E4010700E600E700E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-2.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):3.269412550127009
                            Encrypted:false
                            SSDEEP:24:UTUmJvRju3ShVbsZiAMiZyb7P4UPPssm0O4yT2H:UgmOEVIwAMiw/PTPss5tyT2H
                            MD5:69FCA2E8F0FD9B39CDD908348BD2985E
                            SHA1:FF62EB5710FDE11074A87DAEE9229BCF7F66D7A0
                            SHA-256:0E0732480338A229CC3AD4CDDE09021A0A81902DC6EDFB5F12203E2AFF44668F
                            SHA-512:46A7899D17810D2E0FF812078D91F29BF2BB8770F09A02367CF8361229F424FC9B06EAC8E3756491612972917463B6F27DB3D897AFAE8DB5F159D45975D9CBD8
                            Malicious:false
                            Preview:# Encoding file: iso8859-2, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0010402D8014100A4013D015A00A700A80160015E0164017900AD017D017B.00B0010502DB014200B4013E015B02C700B80161015F0165017A02DD017E017C.015400C100C2010200C40139010600C7010C00C9011800CB011A00CD00CE010E.01100143014700D300D4015000D600D70158016E00DA017000DC00DD016200DF.015500E100E2010300E4013A010700E7010D

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-3.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):3.178020305301999
                            Encrypted:false
                            SSDEEP:24:tTUmJvRju3ShVbsZiAMiZyb7P4UPp2g4kBTvSMkFtP0:tgmOEVIwAMiw/PTj4kBTvSDP0
                            MD5:5685992A24D85E93BD8EA62755E327BA
                            SHA1:B0BEBEDEC53FFB894D9FB0D57F25AB2A459B6DD5
                            SHA-256:73342C27CF55F625D3DB90C5FC8E7340FFDF85A51872DBFB1D0A8CB1E43EC5DA
                            SHA-512:E88ED02435026CA9B8A23073F61031F3A75C4B2CD8D2FC2B598F924ADF34B268AB16909120F1D96B794BDBC484C764FDE83B63C9FB122279AC5242D57030AF3A
                            Malicious:false
                            Preview:# Encoding file: iso8859-3, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0012602D800A300A40000012400A700A80130015E011E013400AD0000017B.00B0012700B200B300B400B5012500B700B80131015F011F013500BD0000017C.00C000C100C2000000C4010A010800C700C800C900CA00CB00CC00CD00CE00CF.000000D100D200D300D4012000D600D7011C00D900DA00DB00DC016C015C00DF.00E000E100E2000000E4010B010900E700E8

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-4.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):3.2703067063488724
                            Encrypted:false
                            SSDEEP:24:KTUmJvRju3ShVbsZiAMiZyb7P4UP04xsD/njwKyjhJ:KgmOEVIwAMiw/PT06s3fylJ
                            MD5:07576E85AFDB2816BBCFFF80E2A12747
                            SHA1:CC1C2E6C35B005C17EB7B1A3D744983A86A75736
                            SHA-256:17745BDD299779E91D41DB0CEE26CDC7132DA3666907A94210B591CED5A55ADB
                            SHA-512:309EEF25EE991E3321A57D2CEE139C9C3E7C8B3D9408664AAFE9BA34E28EF5FB8167481F3C5CAD0557AE55249E47016CA3A6AC19857D76EFB58D0CDAC428F600
                            Malicious:false
                            Preview:# Encoding file: iso8859-4, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A001040138015600A40128013B00A700A8016001120122016600AD017D00AF.00B0010502DB015700B40129013C02C700B80161011301230167014A017E014B.010000C100C200C300C400C500C6012E010C00C9011800CB011600CD00CE012A.01100145014C013600D400D500D600D700D8017200DA00DB00DC0168016A00DF.010100E100E200E300E400E500E6012F010D

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-5.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):3.2716690950473573
                            Encrypted:false
                            SSDEEP:24:zTUmJvRju3ShVbsZiAMiZyb7P4UPNXe+SAJlM9aHe3cmy+:zgmOEVIwAMiw/PTNp5+smy+
                            MD5:67577E6720013EEF73923D3F050FBFA1
                            SHA1:F9F64BB6014068E2C0737186C694B8101DD9575E
                            SHA-256:BC5ED164D15321404BBDCAD0D647C322FFAB1659462182DBD3945439D9ECBAE7
                            SHA-512:B584DB1BD5BE97CCFCA2F71E765DEC66CF2ABE18356C911894C988B2238E14074748C71074E0633C7CA50733E189D937160A35438C720DB2243CBC3566F52629
                            Malicious:false
                            Preview:# Encoding file: iso8859-5, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0040104020403040404050406040704080409040A040B040C00AD040E040F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.0430043104320433043404350436043704380439043A043B043C043D043E043F.044004410442044304440445044604470448

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-6.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):2.9147595181616284
                            Encrypted:false
                            SSDEEP:24:YTUmJvRju3ShVbsZiAMiZyb7P4UPSIZjyco/rs:YgmOEVIwAMiw/PTBsBrs
                            MD5:49DEC951C7A7041314DF23FE26C9B300
                            SHA1:B810426354D857718CC841D424DA070EFB9F144F
                            SHA-256:F502E07AE3F19CCDC31E434049CFC733DD5DF85487C0160B0331E40241AD0274
                            SHA-512:CB5D8C5E807A72F35AD4E7DA80882F348D70052169A7ED5BB585152C2BF628177A2138BD0A982A398A8DF373E1D3E145AD1F6C52485DE57ECBE5A7ED33E13776
                            Malicious:false
                            Preview:# Encoding file: iso8859-6, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000000000000000A40000000000000000000000000000060C00AD00000000.00000000000000000000000000000000000000000000061B000000000000061F.0000062106220623062406250626062706280629062A062B062C062D062E062F.0630063106320633063406350636063706380639063A00000000000000000000.064006410642064306440645064606470648

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-7.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):3.2933089629252037
                            Encrypted:false
                            SSDEEP:24:TMyTUmJvRju3ShVbsZiAMiZyb7P4UP1mKUQQSqJWeIDmq:TlgmOEVIwAMiw/PTkKJQSqJWeI1
                            MD5:0AF65F8F07F623FA38E2D732400D95CF
                            SHA1:D2903B32FEA225F3FB9239E622390A078C8A8FA6
                            SHA-256:8FEC7631A69FCF018569EBADB05771D892678790A08E63C05E0007C9910D58A8
                            SHA-512:EF03237A030C54E0E20DBA7ED724580C513490B9B3B043C1E885638E7BCE21415CE56C3902EA39689365B12E44194C6BF868C4D9BCBCA8FDC334BE77DA46E24D
                            Malicious:false
                            Preview:# Encoding file: iso8859-7, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A02018201900A30000000000A600A700A800A9000000AB00AC00AD00002015.00B000B100B200B303840385038600B703880389038A00BB038C00BD038E038F.0390039103920393039403950396039703980399039A039B039C039D039E039F.03A003A1000003A303A403A503A603A703A803A903AA03AB03AC03AD03AE03AF.03B003B103B203B303B403B503B603B703B8

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-8.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):2.9730608214144323
                            Encrypted:false
                            SSDEEP:24:uTUmJvRju3ShVbsZiAMiZyb7P4UPtePly0b:ugmOEVIwAMiw/PTtw
                            MD5:45E35EFF7ED2B2DF0B5694A2B639FE1E
                            SHA1:4EA5EC5331541EDE65A9CF601F5418FD4B6CFCBC
                            SHA-256:E1D207917AA3483D9110E24A0CC0CD1E0E5843C8BFC901CFEE7A6D872DD945A9
                            SHA-512:527283C9EFF2C1B21FAE716F5DFB938D8294B22938C76A73D88135312FA01B5C3DF288461CCE8B692928B334A28A7D29319F9F48733174C898F41BD1BEB8E862
                            Malicious:false
                            Preview:# Encoding file: iso8859-8, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A0000000A200A300A400A500A600A700A800A900D700AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900F700BB00BC00BD00BE0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000002017.05D005D105D205D305D405D505D605D705D8

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\iso8859-9.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1094
                            Entropy (8bit):3.1865263857127375
                            Encrypted:false
                            SSDEEP:24:XTUmJvRju3ShVbsZiAMiZyb7P4UPvvPNNAkKMH+tZL/M:XgmOEVIwAMiw/PTvokKzR0
                            MD5:675C89ECD212C8524B1875095D78A5AF
                            SHA1:F585C70A5589DE39558DAC016743FF85E0C5F032
                            SHA-256:1CDCF510C38464E5284EDCFAEC334E3FC516236C1CA3B9AB91CA878C23866914
                            SHA-512:E620657C5F521A101B6FF7B5FD9A7F0DDD560166BA109D20E91F2E828F81697F897DFA136533C0D6F24A9861E92F34C0CC0FA590F344713C089157F8AC3ECFE2
                            Malicious:false
                            Preview:# Encoding file: iso8859-9, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.00A000A100A200A300A400A500A600A700A800A900AA00AB00AC00AD00AE00AF.00B000B100B200B300B400B500B600B700B800B900BA00BB00BC00BD00BE00BF.00C000C100C200C300C400C500C600C700C800C900CA00CB00CC00CD00CE00CF.011E00D100D200D300D400D500D600D700D800D900DA00DB00DC0130015E00DF.00E000E100E200E300E400E500E600E700E8

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\jis0201.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1092
                            Entropy (8bit):3.1984111069807395
                            Encrypted:false
                            SSDEEP:24:zBTUmJvRju3ShVbsZiAMiZyb7PN8pUPnfk5JM0RHFj:zBgmOEVIwAMiw/PNPQPFj
                            MD5:0DCB64ACBB4B518CC20F4E196E04692C
                            SHA1:7AEB708C89C178FB4D5611C245EA1A7CF66ADF3A
                            SHA-256:480F61D0E1A75DEE59BF9A66DE0BB78FAAE4E87FD6317F93480412123277D442
                            SHA-512:4AFA210763DE9742626886D7D281AC15169CDC7A31D185F48D105190CA247AA014FB8F281AFCB4A0C31D2D55EE7D907B6A8E51FC4BEEDB9DB8C484E88CAA78A9
                            Malicious:false
                            Preview:# Encoding file: jis0201, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D203E007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.00000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\jis0208.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):80453
                            Entropy (8bit):2.274731552146978
                            Encrypted:false
                            SSDEEP:384:R7Cyeug/RAEo7umlshyGYknyRXglMVw9bq7bYI45zh2cvA3FXwhZ1BrUc2C5oS5u:RgZJo7uNhbyO1ZiEXPcXwhZbrUPkBso2
                            MD5:F35938AC582E460A14646D2C93F1A725
                            SHA1:A922ACACE0C1A4A7DDC92FE5DD7A116D30A3686B
                            SHA-256:118EA160EF29E11B46DEC57AF2C44405934DD8A7C49D2BC8B90C94E8BAA6138B
                            SHA-512:D27CD9C9D67370C288036AACA5999314231F7070152FF7EEF1F3379E748EF9047001430D391B61C281FF69AB4F709D47F8FF5390873B5DEFD105371AB8FB8872
                            Malicious:false
                            Preview:# Encoding file: jis0208, double-byte.D.2129 0 77.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000300030013002FF0CFF0E30FBFF1AFF1BFF1FFF01309B309C00B4FF4000A8.FF3EFFE3FF3F30FD30FE309D309E30034EDD30053006300730FC20152010FF0F.FF3C301C2016FF5C2026202520182019201C201DFF08FF0930143015FF3BFF3D.FF5BFF5D30083009300A300B300C300D300E300F30103011FF0B221200B100D7.00F7FF1D2260FF1CFF1E22662267221E22342642264000B0203220332103FFE5.FF0400A200A3FF05FF03FF06FF0AFF2000A72606260525CB25CF25CE25C70000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\jis0212.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):70974
                            Entropy (8bit):2.2631380488363284
                            Encrypted:false
                            SSDEEP:768:WmU4+qNPpEzjKgGWJACVeCssX2Qt5E2+G7PBIv:LU4+qNaCgGW7VGK2o+0qv
                            MD5:F518436AC485F5DC723518D7872038E0
                            SHA1:15013478760463A0BCE3577B4D646ECDB07632B5
                            SHA-256:24A9D379FDA39F2BCC0580CA3E0BD2E99AE279AF5E2841C9E7DBE7F931D19CC0
                            SHA-512:2325705D4772A10CD81082A035BEAC85E6C64C7CCFA5981955F0B85CAF9A95D8A0820092957822A05C2E8E773F2089035ED5E76BF3FAF19B0E7E6AED7B4214D8
                            Malicious:false
                            Preview:# Encoding file: jis0212, double-byte.D.2244 0 68.22.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000000000000000000000000000000000000000000000000000000000002D8.02C700B802D902DD00AF02DB02DA007E03840385000000000000000000000000.0000000000A100A600BF00000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000BA00AA00A900AE2122.00A4211600000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\koi8-r.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.463428231669408
                            Encrypted:false
                            SSDEEP:24:KcJ5mTUmJvRju3ShVbsZiAMiZyb7PcSzm1XvRS3YcmchJQ3MAxSy:KmmgmOEVIwAMiw/Ptz8gBmRcAx5
                            MD5:E66D42CB71669CA0FFBCDC75F6292832
                            SHA1:366C137C02E069B1A93FBB5D64B9120EA6E9AD1F
                            SHA-256:7142B1120B993D6091197574090FE04BE3EA64FFC3AD5A167A4B5E0B42C9F062
                            SHA-512:6FBF7AF0302B4AA7EF925EFED7235E946EDA8B628AA204A8BBB0A3D1CB8C79DD37D9DD92A276AD14B55776FEBB3B55CF5881AC4013F95ED4E618E3B49771E8A5
                            Malicious:false
                            Preview:# Encoding file: koi8-r, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204512553255425552556255725582559255A255B255C255D255E.255F25602561040125622563256425652566256725682569256A256B256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\koi8-u.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.439504497428066
                            Encrypted:false
                            SSDEEP:24:K+TUmJvRju3ShVbsZiAMiZyb7PcSzmn3gXDRS3YcmchJQ3MAxSy:K+gmOEVIwAMiw/Ptz0KgBmRcAx5
                            MD5:D722EFEA128BE671A8FDA45ED7ADC586
                            SHA1:DA9E67F64EC4F6A74C60CB650D5A12C4430DCFF7
                            SHA-256:BBB729B906F5FC3B7EE6694B208B206D19A9D4DC571E235B9C94DCDD4A323A2A
                            SHA-512:FDF183C1A0D9109E21F7EEBC5996318AEDED3F87319A980C4E96BFE1D43593BDB693D181744C5C7E391A849783E3594234060A9F76116DE56F9592EF95979E63
                            Malicious:false
                            Preview:# Encoding file: koi8-u, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.25002502250C251025142518251C2524252C2534253C258025842588258C2590.259125922593232025A02219221A22482264226500A0232100B000B200B700F7.25502551255204510454255404560457255725582559255A255B0491255D255E.255F25602561040104032563040604072566256725682569256A0490256C00A9.044E0430043104460434043504440433044504380439043A043B043C043D043E.043F044F044004410442044304360432044C044B04370448044D04490447044A.042E04100411042604140415042404130425041

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\ksc5601.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):92877
                            Entropy (8bit):2.32911747373862
                            Encrypted:false
                            SSDEEP:768:XtWS2ymX62EztZ1Oyxk1uGtQPUNg0q+6XVfEFh:XtWnzEn1HxRQQPV0Eeh
                            MD5:599CEA614F5C5D01CDFA433B184AA904
                            SHA1:C2FFA427457B4931E5A92326F251CD3D671059B0
                            SHA-256:0F8B530AD0DECBF8DD81DA8291B8B0F976C643B5A292DB84680B31ECFBE5D00A
                            SHA-512:43D24B719843A21E3E1EDDFC3607B1B198542306C2EC8D621188CD39BA913D23678D39D12D8370CC1CE12828661AF0A5F14AD2B2BF99F62387C5E3E365BA1E75
                            Malicious:false
                            Preview:# Encoding file: ksc5601, double-byte.D.233F 0 89.21.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.000030003001300200B72025202600A8300300AD20152225FF3C223C20182019.201C201D3014301530083009300A300B300C300D300E300F3010301100B100D7.00F7226022642265221E223400B0203220332103212BFFE0FFE1FFE526422640.222022A52312220222072261225200A7203B2606260525CB25CF25CE25C725C6.25A125A025B325B225BD25BC219221902191219321943013226A226B221A223D.221D2235222B222C2208220B2286228722822283222A222922272228FFE20000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macCentEuro.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1096
                            Entropy (8bit):3.3601842107710365
                            Encrypted:false
                            SSDEEP:24:8jTUmJvRju3ShVbsZiAMiZyb7P4ZVPJS82WcVDX1MPEd4RPMppJ8K:8jgmOEVIwAMiw/PsVoy24VMppiK
                            MD5:CADFBF5A4C7CAD984294284D643E9CA3
                            SHA1:16B51D017001688A32CB7B15DE6E7A49F28B76FD
                            SHA-256:8F3089F4B2CA47B7AC4CB78375B2BFAC01268113A7C67D020F8B5B7F2C25BBDA
                            SHA-512:3941ACA62CF59BF6857BA9C300B4236F18690DE1213BB7FCFA0EC87DCD71152849F1DEAFB470CA4BC2ACC2C0C13D7FD57661BFC053960ADD7570DE365AE7E63C
                            Malicious:false
                            Preview:# Encoding file: macCentEuro, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C40100010100C9010400D600DC00E10105010C00E4010D0106010700E90179.017A010E00ED010F01120113011600F3011700F400F600F500FA011A011B00FC.202000B0011800A300A7202200B600DF00AE00A92122011900A822600123012E.012F012A22642265012B0136220222110142013B013C013D013E0139013A0145.0146014300AC221A01440147220600AB00BB202600A00148015000D50151014C.20132014201C201D2018201900F725CA014D0154015501582039203A01590156.01570160201A201E0161015A015B00C101

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macCroatian.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1096
                            Entropy (8bit):3.3293096097500965
                            Encrypted:false
                            SSDEEP:24:8ULyTUmJvRju3ShVbsZiAMiZyb7P4SNMdNxOZwl+KR8DklJyseQWkv:8ULygmOEVIwAMiw/P34+KR8DklEswm
                            MD5:F13D479550D4967A0BC76A60C89F1461
                            SHA1:63F44E818284384DE07AB0D8B0CD6F7EBFE09AB9
                            SHA-256:8D0B6A882B742C5CCE938241328606C111DDA0CB83334EBEDCDA17605F3641AE
                            SHA-512:80AB9DCAAC1A496FD2CA6BE9959FE2DE201F504D8A58D114F2FF5D1F6AAD507F052B87D29D3EBA69093C3D965CC4C113C9EA6DB8EEBB67BD620ADF860CA2CC35
                            Malicious:false
                            Preview:# Encoding file: macCroatian, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE0160212200B400A82260017D00D8.221E00B122642265220600B522022211220F0161222B00AA00BA03A9017E00F8.00BF00A100AC221A01922248010600AB010C202600A000C000C300D501520153.01102014201C201D2018201900F725CAF8FF00A9204420AC2039203A00C600BB.201300B7201A201E203000C2010700C101

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macCyrillic.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1096
                            Entropy (8bit):3.3482225358368565
                            Encrypted:false
                            SSDEEP:24:8dTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aDpiR/Pk956e3cmh:8dgmOEVIwAMiw/Pr5NY3k9nsmh
                            MD5:60FFC8E390A31157D8646AEAC54E58AE
                            SHA1:3DE17B2A5866272602FB8E9C54930A4CD1F3B06C
                            SHA-256:EB135A89519F2E004282DED21B11C3AF7CCB2320C9772F2DF7D1A4A1B674E491
                            SHA-512:3644429A9BD42ADC356E1BD6FCFABEE120E851348B538A4FE4903B72A533174D7448A6C2DA71219E4CD5D0443C0475417D54C8E113005DF2CA20C608DE5E3306
                            Malicious:false
                            Preview:# Encoding file: macCyrillic, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.0430043104320433043404350436043704

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macDingbats.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1096
                            Entropy (8bit):3.8086748658227827
                            Encrypted:false
                            SSDEEP:24:87JM0UmJvRjuyfqYCsUBOdXBCbtwHviANskNWkiXFtoE4OSFgHrBPkq:87KfmOEqYCs6CXRPiANHWkiXFt9XSMdf
                            MD5:EBD121A4E93488A48FC0A06ADE9FD158
                            SHA1:A40E6DB97D6DB2893A072B2275DC22E2A4D60737
                            SHA-256:8FBCC63CB289AFAAE15B438752C1746F413F3B79BA5845C2EF52BA1104F8BDA6
                            SHA-512:26879ABE4854908296F32B2BB97AEC1F693C56EC29A7DB9B63B2DA62282F2D2EDAE9D50738595D1530731DF5B1812719A74F50ADF521F80DD5067F3DF6A3517C
                            Malicious:false
                            Preview:# Encoding file: macDingbats, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.00202701270227032704260E2706270727082709261B261E270C270D270E270F.2710271127122713271427152716271727182719271A271B271C271D271E271F.2720272127222723272427252726272726052729272A272B272C272D272E272F.2730273127322733273427352736273727382739273A273B273C273D273E273F.2740274127422743274427452746274727482749274A274B25CF274D25A0274F.27502751275225B225BC25C6275625D727582759275A275B275C275D275E007F.F8D7F8D8F8D9F8DAF8DBF8DCF8DDF8DEF8DFF8E0F8E1F8E2F8E3F8E4008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.0000276127622763276427652766276726632666266526602460246124622463.2464246524662467246824692776277727782779277A277B277C277D277E277F.2780278127822783278427852786278727882789278A278B278C278D278E278F.2790279127922793279421922194219527982799279A279B279C279D279E279F.27A027A127A227A327A427A527A627A727

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macGreek.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1093
                            Entropy (8bit):3.4271472017271556
                            Encrypted:false
                            SSDEEP:24:8dOTUmJvRju3ShVbsZiAMiZyb7P4Hlb7BMM2aSYjsSkUEkp1FsOSUTime:8kgmOEVIwAMiw/Pg7K23s0x1FsOJTime
                            MD5:14AD68855168E3E741FE179888EA7482
                            SHA1:9C2AD53D69F5077853A05F0933330B5D6F88A51C
                            SHA-256:F7BFF98228DED981EC9A4D1D0DA62247A8D23F158926E3ACBEC3CCE379C998C2
                            SHA-512:FB13F32197D3582BC20EEA604A0B0FD7923AE541CCEB3AF1CDE36B0404B8DB6312FB5270B40CBC8BA4C91B9505B57FB357EB875E8AFB3DB76DFB498CE17851ED
                            Malicious:false
                            Preview:# Encoding file: macGreek, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400B900B200C900B300D600DC038500E000E200E4038400A800E700E900E8.00EA00EB00A3212200EE00EF202200BD203000F400F600A600AD00F900FB00FC.2020039303940398039B039E03A000DF00AE00A903A303AA00A7226000B000B7.039100B12264226500A503920395039603970399039A039C03A603AB03A803A9.03AC039D00AC039F03A1224803A400AB00BB202600A003A503A7038603880153.20132015201C201D2018201900F70389038A038C038E03AD03AE03AF03CC038F.03CD03B103B203C803B403B503C603B303B70

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macIceland.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.3292041026777457
                            Encrypted:false
                            SSDEEP:24:8KTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdjY4g4JysAWD:8KgmOEVIwAMiw/Pf2YRMFBEszD
                            MD5:6D52A84C06970CD3B2B7D8D1B4185CE6
                            SHA1:C434257D76A9FDF81CCCD8CC14242C8E3940FD89
                            SHA-256:633F5E3E75BF1590C94AB9CBF3538D0F0A7A319DB9016993908452D903D9C4FD
                            SHA-512:711F4DC86DD609823BF1BC5505DEE9FA3875A8AA7BCA31DC1B5277720C5ABE65B62E8A592FC55D99D1C7CA181FDDC2606551C43A9D12489B9FECFF152E9A3DCF
                            Malicious:false
                            Preview:# Encoding file: macIceland, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.00DD00B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC00D000F000DE00FE.00FD00B7201A201E203000C200CA00C100C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macJapan.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):48028
                            Entropy (8bit):3.3111639331656635
                            Encrypted:false
                            SSDEEP:768:ehuW1PJnT9TO7RaQiPCLUKr7KBi9FrOLdtHJ:eZPV9KuqTxFGXp
                            MD5:105B49F855C77AE0D3DED6C7130F93C2
                            SHA1:BA187C52FAE9792DA5BFFBEAA781FD4E0716E0F6
                            SHA-256:2A6856298EC629A16BDD924711DFE3F3B1E3A882DDF04B7310785D83EC0D566C
                            SHA-512:5B5FBE69D3B67AF863759D92D4A68481EC2211FF84ED9F0B3BD6129857966DE32B42A42432C44B9246C9D0D9C4C546CD3C6D13FF49BD338192C24AD053C0602E
                            Malicious:false
                            Preview:# Encoding file: macJapan, multi-byte.M.003F 0 46.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00A0FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macRoman.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1093
                            Entropy (8bit):3.3361385497578406
                            Encrypted:false
                            SSDEEP:24:8TTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdjBtRg4JysAWD:8TgmOEVIwAMiw/P32YRMTtRBEszD
                            MD5:30BECAE9EFD678B6FD1E08FB952A7DBE
                            SHA1:E4D8EA6A0E70BB793304CA21EB1337A7A2C26A31
                            SHA-256:68F22BAD30DAA81B215925416C1CC83360B3BB87EFC342058929731AC678FF37
                            SHA-512:E87105F7A5A983ACEAC55E93FA802C985B2B19F51CB3C222B4C13DDCF17C32D08DF323C829FB4CA33770B668485B7D14B7F6B0CF2287B0D76091DE2A675E88BD
                            Malicious:false
                            Preview:# Encoding file: macRoman, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204420AC2039203AFB01FB02.202100B7201A201E203000C200CA00C100CB0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macRomania.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.342586490827578
                            Encrypted:false
                            SSDEEP:24:8tTUmJvRju3ShVbsZiAMiZyb7P4SNMVZSxOZFYRMdj/TAg4JysAWD:8tgmOEVIwAMiw/P3AtYRMFTABEszD
                            MD5:C9AD5E42DA1D2C872223A14CC76F1D2B
                            SHA1:E257BD16EF34FDC29D5B6C985A1B45801937354C
                            SHA-256:71AE80ADFB437B7BC88F3C76FD37074449B3526E7AA5776D2B9FD5A43C066FA8
                            SHA-512:74588523D35A562AD4B1AF2B570596194D8C5018D5B44C8BA2B1F6BAD422D06E90172B0E65BB975663F3A3C246BCF2F598E9778BA86D1C5A51F5C0A38A2670EC
                            Malicious:false
                            Preview:# Encoding file: macRomania, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A822600102015E.221E00B12264226500A500B522022211220F03C0222B00AA00BA21260103015F.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178204400A42039203A01620163.202100B7201A201E203000C200CA00C100C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macThai.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1092
                            Entropy (8bit):3.539905812302991
                            Encrypted:false
                            SSDEEP:24:88TUmJvRju3ShVbsZiAMiZyb7P4oJi8XPHmED43U/Tmh:88gmOEVIwAMiw/PNJpP43U0
                            MD5:163729C7C2B1F5A5DE1FB7866C93B102
                            SHA1:633D190B5E281CFC0178F6C11DD721C6A266F643
                            SHA-256:CEAD5EB2B0B44EF4003FBCB2E49CA0503992BA1D6540D11ACBBB84FDBBD6E79A
                            SHA-512:2093E3B59622E61F29276886911FAA50BA3AA9D903CAF8CB778A1D3FDB3D1F7DA43071AFC3672C27BE175E7EEBBC542B655A85533F41EA39F32E80663CAF3B44
                            Malicious:false
                            Preview:# Encoding file: macThai, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00AB00BB2026F88CF88FF892F895F898F88BF88EF891F894F897201C201DF899.FFFD2022F884F889F885F886F887F888F88AF88DF890F893F89620182019FFFD.00A00E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3AFEFF200B201320140E3F.0E400E410E420E430E440E450E460E470E480E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macTurkish.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.353168947106635
                            Encrypted:false
                            SSDEEP:24:8QjTUmJvRju3ShVbsZiAMiZyb7P4SNMVtOZm5YRMdD/g4JysD:88gmOEVIwAMiw/P32YRM9BEsD
                            MD5:F20CBBE1FF9289AC4CBAFA136A9D3FF1
                            SHA1:382E34824AD8B79EF0C98FD516750649FD94B20A
                            SHA-256:F703B7F74CC6F5FAA959F51C757C94623677E27013BCAE23BEFBA01A392646D9
                            SHA-512:23733B711614EA99D954E92C6035DAC1237866107FE11CDD5B0CD2A780F22B9B7B879570DB38C6B9195F54DAD9DFB0D60641AB37DFF3C51CF1A11D1D36471B2D
                            Malicious:false
                            Preview:# Encoding file: macTurkish, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.00C400C500C700C900D100D600DC00E100E000E200E400E300E500E700E900E8.00EA00EB00ED00EC00EE00EF00F100F300F200F400F600F500FA00F900FB00FC.202000B000A200A300A7202200B600DF00AE00A9212200B400A8226000C600D8.221E00B12264226500A500B522022211220F03C0222B00AA00BA03A900E600F8.00BF00A100AC221A01922248220600AB00BB202600A000C000C300D501520153.20132014201C201D2018201900F725CA00FF0178011E011F01300131015E015F.202100B7201A201E203000C200CA00C100C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\macUkraine.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1095
                            Entropy (8bit):3.3460856516901947
                            Encrypted:false
                            SSDEEP:24:8TzTUmJvRju3ShVbsZiAMiZyb7P4GE+SAJlM9aDpiR/Pk956e3cmq:8PgmOEVIwAMiw/Pr5NY3k9nsmq
                            MD5:92716A59D631BA3A352DE0872A5CF351
                            SHA1:A487946CB2EFD75FD748503D75E495720B53E5BC
                            SHA-256:4C94E7FBE183379805056D960AB624D78879E43278262E4D6B98AB78E5FEFEA8
                            SHA-512:863A667B6404ED02FE994089320EB0ECC34DC431D591D661277FB54A2055334DBEBCAAE1CA06FB8D190727EBA23A47B47991323BE35E74C182F83E5DEAA0D83B
                            Malicious:false
                            Preview:# Encoding file: macUkraine, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0410041104120413041404150416041704180419041A041B041C041D041E041F.0420042104220423042404250426042704280429042A042B042C042D042E042F.202000B0049000A300A7202200B6040600AE00A9212204020452226004030453.221E00B122642265045600B504910408040404540407045704090459040A045A.0458040500AC221A01922248220600AB00BB202600A0040B045B040C045C0455.20132014201C201D2018201900F7201E040E045E040F045F211604010451044F.04300431043204330434043504360437043

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\shiftjis.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):41862
                            Entropy (8bit):3.4936148161949747
                            Encrypted:false
                            SSDEEP:768:/huW1PJnT9TOZRaQiPCLUKr7KBi9FrOLdtY:/ZPV9KoqTxFGXY
                            MD5:8FBCB1BBC4B59D6854A8FCBF25853E0D
                            SHA1:2D56965B24125D999D1020C7C347B813A972647C
                            SHA-256:7502587D52E7810228F2ECB45AC4319EA0F5C008B7AC91053B920010DC6DDF94
                            SHA-512:128E66F384F9EA8F3E7FBEAD0D3AA1D45570EB3669172269A89AE3B522ED44E4572C6A5C9281B7E219579041D14FF0E76777A36E3902BFA1B58DC3DA729FA075
                            Malicious:false
                            Preview:# Encoding file: shiftjis, multi-byte.M.003F 0 40.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E007F.0080000000000000000000850086008700000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.0000FF61FF62FF63FF64FF65FF66FF67FF68FF69FF6AFF6BFF6CFF6DFF6EFF6F.FF70FF71FF72FF73FF74FF75FF76FF77FF78FF79FF7AFF7BFF7CFF7DFF7EFF7F.FF80FF81FF82FF83FF84FF85FF86FF87FF88FF89FF8AFF8BFF8CFF8DFF8EFF8F.FF90FF91FF92FF93FF94FF95FF96FF97FF98FF99FF9AFF9BFF9CFF9DFF9EFF9F.0000000000000000000000000000000000000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\symbol.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.675943323650254
                            Encrypted:false
                            SSDEEP:24:Sd0UmJvRjuLoVoMQVoRmSdsTAsSnP9Us+yw4VivXObCXv:afmOEVoMQVoRmosTHSP9U/ydmXwCXv
                            MD5:1B612907F31C11858983AF8C009976D6
                            SHA1:F0C014B6D67FC0DC1D1BBC5F052F0C8B1C63D8BF
                            SHA-256:73FD2B5E14309D8C036D334F137B9EDF1F7B32DBD45491CF93184818582D0671
                            SHA-512:82D4A8F9C63F50E5D77DAD979D3A59729CD2A504E7159AE3A908B7D66DC02090DABD79B6A6DC7B998C32C383F804AACABC564A5617085E02204ADF0B13B13E5B
                            Malicious:false
                            Preview:# Encoding file: symbol, single-byte.S.003F 1 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002122000023220300250026220D002800292217002B002C2212002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.22450391039203A70394039503A603930397039903D1039A039B039C039D039F.03A0039803A103A303A403A503C203A9039E03A80396005B2234005D22A5005F.F8E503B103B203C703B403B503C603B303B703B903D503BA03BB03BC03BD03BF.03C003B803C103C303C403C503D603C903BE03C803B6007B007C007D223C007F.0080008100820083008400850086008700880089008A008B008C008D008E008F.0090009100920093009400950096009700980099009A009B009C009D009E009F.000003D2203222642044221E0192266326662665266021942190219121922193.00B000B12033226500D7221D2202202200F72260226122482026F8E6F8E721B5.21352111211C21182297229522052229222A2283228722842282228622082209.2220220700AE00A92122220F221A22C500AC2227222821D421D021D121D221D3.22C42329F8E8F8E9F8EA2211F8EBF8ECF8EDF8E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\encoding\tis-620.enc

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):2.9763240350841884
                            Encrypted:false
                            SSDEEP:24:ZlTUmJvRju3ShVbsZiAMiZyb7PNHmED43U/TW5dF:PgmOEVIwAMiw/PJ43UKF
                            MD5:7273E998972C9EFB2CEB2D5CD553DE49
                            SHA1:4AA47E6DF964366FA3C29A0313C0DAE0FA63A78F
                            SHA-256:330517F72738834ECBF4B6FA579F725B4B33AD9F4669975E727B40DF185751FF
                            SHA-512:56BF15C123083D3F04FE0C506EE8ECE4C08C17754F0CAAD3566F1469728CFD2F0A487023DCB26432240EB09F064944D3EF08175979F5D1D2BF734E7C7C609055
                            Malicious:false
                            Preview:# Encoding file: tis-620, single-byte.S.003F 0 1.00.0000000100020003000400050006000700080009000A000B000C000D000E000F.0010001100120013001400150016001700180019001A001B001C001D001E001F.0020002100220023002400250026002700280029002A002B002C002D002E002F.0030003100320033003400350036003700380039003A003B003C003D003E003F.0040004100420043004400450046004700480049004A004B004C004D004E004F.0050005100520053005400550056005700580059005A005B005C005D005E005F.0060006100620063006400650066006700680069006A006B006C006D006E006F.0070007100720073007400750076007700780079007A007B007C007D007E0000.0000000000000000000000000000000000000000000000000000000000000000.0000000000000000000000000000000000000000000000000000000000000000.00000E010E020E030E040E050E060E070E080E090E0A0E0B0E0C0E0D0E0E0E0F.0E100E110E120E130E140E150E160E170E180E190E1A0E1B0E1C0E1D0E1E0E1F.0E200E210E220E230E240E250E260E270E280E290E2A0E2B0E2C0E2D0E2E0E2F.0E300E310E320E330E340E350E360E370E380E390E3A00000000000000000E3F.0E400E410E420E430E440E450E460E470E480E

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\history.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7900
                            Entropy (8bit):4.806010360595623
                            Encrypted:false
                            SSDEEP:192:DXzSaH9ox7j4LaQMpsyGb0XEACrHpff6Jy8qNy6QRIt5QYTLa3QAQYplavQqQIL0:DpH9m7DPnQdg+Q
                            MD5:E8FD468CCD2EE620544FE204BDE2A59D
                            SHA1:2E26B7977D900EAA7D4908D5113803DF6F34FC59
                            SHA-256:9B6E400EB85440EC64AB66B4AC111546585740C9CA61FD156400D7153CBAD9F4
                            SHA-512:13A40A4BDE32F163CB789C69BD260ABF41C6771E7AC50FB122C727B9F39BE5D73E4D8BAE040DDDD94C5F2B901AB7C32D9C6BB62310121CA8DB4ADE25CB9AA4B0
                            Malicious:false
                            Preview:# history.tcl --.#.# Implementation of the history command..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#...# The tcl::history array holds the history list and some additional.# bookkeeping variables..#.# nextid.the index used for the next history list item..# keep..the max size of the history list.# oldest.the index of the oldest item in the history...namespace eval ::tcl {. variable history. if {![info exists history]} {..array set history {.. nextid.0.. keep.20.. oldest.-20..}. }.. namespace ensemble create -command ::tcl::history -map {..add.::tcl::HistAdd..change.::tcl::HistChange..clear.::tcl::HistClear..event.::tcl::HistEvent..info.::tcl::HistInfo..keep.::tcl::HistKeep..nextid.::tcl::HistNextID..redo.::tcl::HistRedo. }.}...# history --.#.#.This is the main history command. See the man page for its interface..#.This does s

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\http1.0\http.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9689
                            Entropy (8bit):4.754346192989986
                            Encrypted:false
                            SSDEEP:192:kQkH8VqqNg5PPx7GRpoMJesrCL2coOG0vARQVSDR6VrKj7vWQYQN81QvLbDdv:pVqeglpu6toO3ACUnvv
                            MD5:1DA12C32E7E4C040BD9AB2BCBAC5445B
                            SHA1:8E8659BEF065AF9430509BBDD5FB4CFE0EF14153
                            SHA-256:ACBFF9B5EF75790920B95023156FAD80B18AFF8CAFC4A6DC03893F9388E053A2
                            SHA-512:A269C76C1684EC1A2E2AA611ABB459AA3BE2973FD456737BC8C8D2E5C8BC53A26BBC1488062281CA87E38D548281166C4D775C50C695AEC9741FE911BB431EAD
                            Malicious:false
                            Preview:# http.tcl.# Client-side HTTP for GET, POST, and HEAD commands..# These routines can be used in untrusted code that uses the Safesock.# security policy..# These procedures use a callback interface to avoid using vwait,.# which is not defined in the safe base..#.# See the http.n man page for documentation..package provide http 1.0..array set http {. -accept */*. -proxyhost {}. -proxyport {}. -useragent {Tcl http client package 1.0}. -proxyfilter httpProxyRequired.}.proc http_config {args} {. global http. set options [lsort [array names http -*]]. set usage [join $options ", "]. if {[llength $args] == 0} {..set result {}..foreach name $options {.. lappend result $name $http($name)..}..return $result. }. regsub -all -- - $options {} options. set pat ^-([join $options |])$. if {[llength $args] == 1} {..set flag [lindex $args 0]..if {[regexp -- $pat $flag]} {.. return $http($flag)..} else {.. return -code error "Unknown option $flag, must be:

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\http1.0\pkgIndex.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):735
                            Entropy (8bit):4.669068874824871
                            Encrypted:false
                            SSDEEP:12:jHxxYRs+opS42wyGlTajUA43KXks4L57+HkuRz20JSv6C3l5kl:bbYRshS42wyGlTah9XkbL5i1z2jxXkl
                            MD5:10EC7CD64CA949099C818646B6FAE31C
                            SHA1:6001A58A0701DFF225E2510A4AAEE6489A537657
                            SHA-256:420C4B3088C9DACD21BC348011CAC61D7CB283B9BEE78AE72EED764AB094651C
                            SHA-512:34A0ACB689E430ED2903D8A903D531A3D734CB37733EF13C5D243CB9F59C020A3856AAD98726E10AD7F4D67619A3AF1018F6C3E53A6E073E39BD31D088EFD4AF
                            Malicious:false
                            Preview:# Tcl package index file, version 1.0.# This file is generated by the "pkg_mkIndex" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...package ifneeded http 1.0 [list tclPkgSetup $dir http 1.0 {{http.tcl source {httpCopyDone httpCopyStart httpEof httpEvent httpFinish httpMapReply httpProxyRequired http_code http_config http_data http_formatQuery http_get http_reset http_size http_status http_wait}}}].

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\init.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):24432
                            Entropy (8bit):4.824619671192163
                            Encrypted:false
                            SSDEEP:384:U8Oh2gWD8Ud4zaJqacMQsRNLKx32LgWMOFaBBf6/9IrO1zWq8oXbjdEfdQxAp12Q:2OD8Ud4WJqJfcMOFt/9IrOBWq8oXwQxM
                            MD5:B900811A252BE90C693E5E7AE365869D
                            SHA1:345752C46F7E8E67DADEF7F6FD514BED4B708FC5
                            SHA-256:BC492B19308BC011CFCD321F1E6E65E6239D4EEB620CC02F7E9BF89002511D4A
                            SHA-512:36B8CDBA61B9222F65B055C0C513801F3278A3851912215658BCF0CE10F80197C1F12A5CA3054D8604DA005CE08DA8DCD303B8544706B642140A49C4377DD6CE
                            Malicious:false
                            Preview:# init.tcl --.#.# Default system startup file for Tcl-based applications. Defines.# "unknown" procedure and auto-load facilities..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-1999 Scriptics Corporation..# Copyright (c) 2004 by Kevin B. Kenny. All rights reserved..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# This test intentionally written in pre-7.5 Tcl.if {[info commands package] == ""} {. error "version mismatch: library\nscripts expect Tcl version 7.5b1 or later but the loaded version is\nonly [info patchlevel]".}.package require -exact Tcl 8.6.9..# Compute the auto path to use in this interpreter..# The values on the path come from several locations:.#.# The environment variable TCLLIBPATH.#.# tcl_library, which is the directory containing this init.tcl script..# [tclInit] (Tcl_Init()) sea

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\af.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):989
                            Entropy (8bit):4.015702624322247
                            Encrypted:false
                            SSDEEP:12:4EnLzu8wcm2NkKcmtH3WhvdfjESBToOqepFHvFgdF69dixmem1OMVjeza6O6c:4azu8DtkN3bbJ75pF9gG3U2e+gc
                            MD5:3A3B4D3B137E7270105DC7B359A2E5C2
                            SHA1:2089B3948F11EF8CE4BD3D57167715ADE65875E9
                            SHA-256:2981965BD23A93A09EB5B4A334ACB15D00645D645C596A5ECADB88BFA0B6A908
                            SHA-512:044602E7228D2CB3D0A260ADFD0D3A1F7CAB7EFE5DD00C7519EAF00A395A48A46EEFDB3DE81902D420D009B137030BC98FF32AD97E9C3713F0990FE6C09887A2
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af DAYS_OF_WEEK_ABBREV [list \. "So"\. "Ma"\. "Di"\. "Wo"\. "Do"\. "Vr"\. "Sa"]. ::msgcat::mcset af DAYS_OF_WEEK_FULL [list \. "Sondag"\. "Maandag"\. "Dinsdag"\. "Woensdag"\. "Donderdag"\. "Vrydag"\. "Saterdag"]. ::msgcat::mcset af MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset af MONTHS_FULL [list \. "Januarie"\. "Februarie"\. "Maart"\. "April"\. "Mei"\. "Junie"\. "Julie"\. "Augustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""]. ::msgcat::mcset af AM "VM". ::msgcat::mcset af PM "NM".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\af_za.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.879621059534584
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmouFygvNLouFqF3v6aZouFy9+3vR6HK:4EnLzu8YAgvNTYF3v6axAI3voq
                            MD5:27C356DF1BED4B22DFA55835115BE082
                            SHA1:677394DF81CDBAF3D3E735F4977153BB5C81B1A6
                            SHA-256:3C2F5F631ED3603EF0D5BCB31C51B2353C5C27839C806A036F3B7007AF7F3DE8
                            SHA-512:EE88348C103382F91F684A09F594177119960F87E58C5E4FC718C698AD436E332B74B8ED18DF8563F736515A3A6442C608EBCBE6D1BD13B3E3664E1AA3851076
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset af_ZA DATE_FORMAT "%d %B %Y". ::msgcat::mcset af_ZA TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset af_ZA DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ar.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1964
                            Entropy (8bit):4.417722751563065
                            Encrypted:false
                            SSDEEP:24:4azu8fnkFewadQxvbkMPm/FiUoAwonC9UFsvSnvMq:46dw/L+C9cKSvF
                            MD5:0A88A6BFF15A6DABAAE48A78D01CFAF1
                            SHA1:90834BCBDA9B9317B92786EC89E20DCF1F2DBD22
                            SHA-256:BF984EC7CF619E700FE7E00381FF58ABE9BD2F4B3DD622EB2EDACCC5E6681050
                            SHA-512:85CB96321BB6FB3119D69540B9E76916F0C5F534BA01382E73F8F9A0EE67A7F1BFC39947335688F2C8F3DB9B51D969D8EA7C7104A035C0E949E8E009D4656288
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar DAYS_OF_WEEK_ABBREV [list \. "\u062d"\. "\u0646"\. "\u062b"\. "\u0631"\. "\u062e"\. "\u062c"\. "\u0633"]. ::msgcat::mcset ar DAYS_OF_WEEK_FULL [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar MONTHS_ABBREV [list \. "\u064a\u0646\u0627"\. "\u0641\u0628\u0631"\. "\u0645\u0627\u0631"\. "\u0623\u0628\u0631"\. "\u0645\u0627\u064a"\. "\u064a\u0648\u0646"\. "\u064a\u0648\u0644"\. "\u0623\u063a\u0633"\. "\u0633\u0628\u062a"\. "\u0623\u0643\u062a"\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ar_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):259
                            Entropy (8bit):4.825452591398057
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoKNvf/NLoKU3v6xH5oKNo+3vfXM6PYv:4EnLzu8yvf/Nq3v6vF3vfc6q
                            MD5:EEB42BA91CC7EF4F89A8C1831ABE7B03
                            SHA1:74D12B4CBCDF63FDF00E589D8A604A5C52C393EF
                            SHA-256:29A70EAC43B1F3AA189D8AE4D92658E07783965BAE417FB66EE5F69CFCB564F3
                            SHA-512:6CCB2F62986CE1CF3CE78538041A0E4AAF717496F965D73014A13E9B05093EB43185C3C14212DC052562F3F369AB6985485C8C93D1DFC60CF9B8DABEA7CDF434
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_IN DATE_FORMAT "%A %d %B %Y". ::msgcat::mcset ar_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ar_IN DATE_TIME_FORMAT "%A %d %B %Y %I:%M:%S %z %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ar_jo.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1812
                            Entropy (8bit):4.023830561129656
                            Encrypted:false
                            SSDEEP:24:4azu8J5Fe6k+wR+9Gb+Oa+UcP+wR+9Gb+Oa+UD:46I6CNbtdNbQ
                            MD5:4338BD4F064A6CDC5BFED2D90B55D4E8
                            SHA1:709717BB1F62A71E94D61056A70660C6A03B48AE
                            SHA-256:78116E7E706C7D1E3E7446094709819FB39A50C2A2302F92D6A498E06ED4A31B
                            SHA-512:C63A535AD19CBEF5EFC33AC5A453B1C503A59C6CE71A4CABF8083BC516DF0F3F14D3D4F309D33EDF2EC5E79DB00ED1F7D56FD21068F09F178BB2B191603BAC25
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_JO DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_JO MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ar_lb.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1812
                            Entropy (8bit):4.020656526954981
                            Encrypted:false
                            SSDEEP:24:4azu865Fehk+wR+9Gb+Oa+UXP+wR+9Gb+Oa+UD:46nhCNbadNbQ
                            MD5:3789E03CF926D4F12AFD30FC7229B78D
                            SHA1:AEF38AAB736E5434295C72C14F38033AAFE6EF15
                            SHA-256:7C970EFEB55C53758143DF42CC452A3632F805487CA69DB57E37C1F478A7571B
                            SHA-512:C9172600703337EDB2E36D7470A3AED96CCC763D7163067CB19E7B097BB7877522758C3109E31D5D72F486DD50BF510DDBA50EDD248B899FA0A2EEF09FCBF903
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_LB DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_LB MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ar_sy.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1812
                            Entropy (8bit):4.02203966019266
                            Encrypted:false
                            SSDEEP:24:4azu8k5Fezk+wR+9Gb+Oa+U5P+wRa9Gb+Oa+UD:46ZzCNb0d5bQ
                            MD5:EC736BFD4355D842E5BE217A7183D950
                            SHA1:C6B83C02F5D4B14064D937AFD8C6A92BA9AE9EFB
                            SHA-256:AEF17B94A0DB878E2F0FB49D982057C5B663289E3A8E0E2B195DCEC37E8555B1
                            SHA-512:68BB7851469C24003A9D74FC7FE3599A2E95EE3803014016DDEBF4C5785F49EDBADA69CD4103F2D3B6CE91E9A32CC432DBDFEC2AED0557E5B6B13AED489A1EDA
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ar_SY DAYS_OF_WEEK_ABBREV [list \. "\u0627\u0644\u0623\u062d\u062f"\. "\u0627\u0644\u0627\u062b\u0646\u064a\u0646"\. "\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621"\. "\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621"\. "\u0627\u0644\u062e\u0645\u064a\u0633"\. "\u0627\u0644\u062c\u0645\u0639\u0629"\. "\u0627\u0644\u0633\u0628\u062a"]. ::msgcat::mcset ar_SY MONTHS_ABBREV [list \. "\u0643\u0627\u0646\u0648\u0646 \u0627\u0644\u062b\u0627\u0646\u064a"\. "\u0634\u0628\u0627\u0637"\. "\u0622\u0630\u0627\u0631"\. "\u0646\u064a\u0633\u0627\u0646"\. "\u0646\u0648\u0627\u0631"\. "\u062d\u0632\u064a\u0631\u0627\u0646"\. "\u062a\u0645\u0648\u0632"\. "\u0622\u0628"\. "\u0623\u064a\u0644\u0648\u0644"\. "\u062a\u0634\u0631\u064a\u0646 \u0627\u0644\u0623\u0648\u0644"\. "\u062a\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\be.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2105
                            Entropy (8bit):4.215818273236158
                            Encrypted:false
                            SSDEEP:48:46dJRQPQ86AK0xQuEQS3oQsDptuCrQICZmQ8ZVDtN1QFqQLtCSjZMpktvp:hdP6HIZoFnl1Rgx
                            MD5:1A3ABFBC61EF757B45FF841C197BB6C3
                            SHA1:74D623DAB6238D05C18DDE57FC956D84974FC2D4
                            SHA-256:D790E54217A4BF9A7E1DCB4F3399B5861728918E93CD3F00B63F1349BDB71C57
                            SHA-512:154D053410AA0F7817197B7EE1E8AE839BA525C7660620581F228477B1F5B972FE95A4E493BB50365D0B63B0115036DDE54A98450CA4E8048AF5D0AF092BADE5
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset be DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0430\u0442"\. "\u0441\u0440"\. "\u0447\u0446"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset be DAYS_OF_WEEK_FULL [list \. "\u043d\u044f\u0434\u0437\u0435\u043b\u044f"\. "\u043f\u0430\u043d\u044f\u0434\u0437\u0435\u043b\u0430\u043a"\. "\u0430\u045e\u0442\u043e\u0440\u0430\u043a"\. "\u0441\u0435\u0440\u0430\u0434\u0430"\. "\u0447\u0430\u0446\u0432\u0435\u0440"\. "\u043f\u044f\u0442\u043d\u0456\u0446\u0430"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset be MONTHS_ABBREV [list \. "\u0441\u0442\u0434"\. "\u043b\u044e\u0442"\. "\u0441\u043a\u0432"\. "\u043a\u0440\u0441"\. "\u043c\u0430\u0439"\. "\u0447\u0440\u0432"\. "\u043b\u043f\u043d"\. "\u0436\u043d\u

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\bg.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1819
                            Entropy (8bit):4.363233187157474
                            Encrypted:false
                            SSDEEP:48:46scAXuQfuQVoQAWN5EPIKfD8WQjQ3QgQaQLSqQsQGtQWCQMmt1f:hD/zQaPIKfTSiF3KVfVCqp
                            MD5:11FA3BA30A0EE6A7B2B9D67B439C240D
                            SHA1:EC5557A16A0293ABF4AA8E5FD50940B60A8A36A6
                            SHA-256:E737D8DC724AA3B9EC07165C13E8628C6A8AC1E80345E10DC77E1FC62A6D86F1
                            SHA-512:B776E7C98FB819436C61665206EE0A2644AA4952D739FF7CC58EAFBD549BD1D26028DE8E11B8533814102B31FC3884F95890971F547804BCAA4530E35BDD5CFD
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bg DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0434"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset bg DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u043b\u044f"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0412\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0421\u0440\u044f\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u044a\u0440\u0442\u044a\u043a"\. "\u041f\u0435\u0442\u044a\u043a"\. "\u0421\u044a\u0431\u043e\u0442\u0430"]. ::msgcat::mcset bg MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset bg MONTHS_FULL [list \. "\u042

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\bn.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2286
                            Entropy (8bit):4.04505151160981
                            Encrypted:false
                            SSDEEP:24:4azu8adWa9tUEVcqVc5VcaUTVcHVEVc+7VclEVcNGVcn0VcMG/0VcMjVcMK7YXs+:46C07LetHigetH1YES
                            MD5:B387D4A2AB661112F2ABF57CEDAA24A5
                            SHA1:80DB233687A9314600317AD39C01466C642F3C4C
                            SHA-256:297D4D7CAE6E99DB3CA6EE793519512BFF65013CF261CF90DED4D28D3D4F826F
                            SHA-512:450BB56198AAAB2EEFCD4E24C29DD79D71D2EF7E8D066F3B58F9C5D831F960AFB78C46ECE2DB32EF81454BCCC80C730E36A610DC9BAF06757E0757B421BACB19
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn DAYS_OF_WEEK_ABBREV [list \. "\u09b0\u09ac\u09bf"\. "\u09b8\u09cb\u09ae"\. "\u09ae\u0999\u0997\u09b2"\. "\u09ac\u09c1\u09a7"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf"\. "\u09b6\u09c1\u0995\u09cd\u09b0"\. "\u09b6\u09a8\u09bf"]. ::msgcat::mcset bn DAYS_OF_WEEK_FULL [list \. "\u09b0\u09ac\u09bf\u09ac\u09be\u09b0"\. "\u09b8\u09cb\u09ae\u09ac\u09be\u09b0"\. "\u09ae\u0999\u0997\u09b2\u09ac\u09be\u09b0"\. "\u09ac\u09c1\u09a7\u09ac\u09be\u09b0"\. "\u09ac\u09c3\u09b9\u09b8\u09cd\u09aa\u09a4\u09bf\u09ac\u09be\u09b0"\. "\u09b6\u09c1\u0995\u09cd\u09b0\u09ac\u09be\u09b0"\. "\u09b6\u09a8\u09bf\u09ac\u09be\u09b0"]. ::msgcat::mcset bn MONTHS_ABBREV [list \. "\u099c\u09be\u09a8\u09c1\u09df\u09be\u09b0\u09c0"\. "\u09ab\u09c7\u09ac\u09cd\u09b0\u09c1\u09df\u09be\u09b0\u09c0"\.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\bn_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):259
                            Entropy (8bit):4.821338044395148
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmovtvflD/Lo/E3v6xH5ovto+3vflm6PYv:4EnLzu81tvflD/SE3v6etF3vflm6q
                            MD5:764E70363A437ECA938DEC17E615608B
                            SHA1:2296073AE8CC421780E8A3BCD58312D6FB2F5BFC
                            SHA-256:7D3A956663C529D07C8A9610414356DE717F3A2A2CE9B331B052367270ACEA94
                            SHA-512:4C7B9082DA9DDF07C2BE16C359A1A42834B8E730AD4DD5B987866C2CC735402DDE513588A89C8DFA25A1AC6F66AF9FDDBEA8FD500F8526C4641BBA7011CD0D28
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset bn_IN DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset bn_IN TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset bn_IN DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ca.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1102
                            Entropy (8bit):4.213250101046006
                            Encrypted:false
                            SSDEEP:24:4azu8WBVUUQ48wsF0nuLsCtJeUFqwv1v3:46BwoL5ScfR3
                            MD5:9378A5AD135137759D46A7CC4E4270E0
                            SHA1:8D2D53DA208BB670A335C752DFC4B4FF4509A799
                            SHA-256:14FF564FAB584571E954BE20D61C2FACB096FE2B3EF369CC5ECB7C25C2D92D5A
                            SHA-512:EF784D0D982BA0B0CB37F1DA15F8AF3BE5321F59E586DBED1EDD0B3A38213D3CEA1CDFC983A025418403400CCE6039B786EE35694A5DFCE1F22CB2D315F5FCF8
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ca DAYS_OF_WEEK_ABBREV [list \. "dg."\. "dl."\. "dt."\. "dc."\. "dj."\. "dv."\. "ds."]. ::msgcat::mcset ca DAYS_OF_WEEK_FULL [list \. "diumenge"\. "dilluns"\. "dimarts"\. "dimecres"\. "dijous"\. "divendres"\. "dissabte"]. ::msgcat::mcset ca MONTHS_ABBREV [list \. "gen."\. "feb."\. "mar\u00e7"\. "abr."\. "maig"\. "juny"\. "jul."\. "ag."\. "set."\. "oct."\. "nov."\. "des."\. ""]. ::msgcat::mcset ca MONTHS_FULL [list \. "gener"\. "febrer"\. "mar\u00e7"\. "abril"\. "maig"\. "juny"\. "juliol"\. "agost"\. "setembre"\. "octubre"\. "novembre"\. "desembre"\. ""]. ::msgcat::mcset ca DATE_FORMAT "%d/%m/%Y". ::msg

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\cs.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1300
                            Entropy (8bit):4.400184537938628
                            Encrypted:false
                            SSDEEP:24:4azu8f4sO4fETEtd3N5EPIK+kJQz3R3VJ2PYYITCF3eYGCvt2/v3eG:46/ETKN5EPIKfsxV+pBtMJ
                            MD5:4C5679B0880394397022A70932F02442
                            SHA1:CA5C47A76CD4506D8E11AECE1EA0B4A657176019
                            SHA-256:49CF452EEF0B8970BC56A7B8E040BA088215508228A77032CBA0035522412F86
                            SHA-512:39FA0D3235FFD3CE2BCCFFFA6A4A8EFE2668768757DAFDE901917731E20AD15FCAC4E48CF4ACF0ADFAA38CC72768FD8F1B826464B0F71A1C784E334AE72F857C
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset cs DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "\u00dat"\. "St"\. "\u010ct"\. "P\u00e1"\. "So"]. ::msgcat::mcset cs DAYS_OF_WEEK_FULL [list \. "Ned\u011ble"\. "Pond\u011bl\u00ed"\. "\u00dater\u00fd"\. "St\u0159eda"\. "\u010ctvrtek"\. "P\u00e1tek"\. "Sobota"]. ::msgcat::mcset cs MONTHS_ABBREV [list \. "I"\. "II"\. "III"\. "IV"\. "V"\. "VI"\. "VII"\. "VIII"\. "IX"\. "X"\. "XI"\. "XII"\. ""]. ::msgcat::mcset cs MONTHS_FULL [list \. "leden"\. "\u00fanor"\. "b\u0159ezen"\. "duben"\. "kv\u011bten"\. "\u010derven"\. "\u010dervenec"\. "srpen"\. "z\u00e1\u0159\u00ed"\. "\u0159\u00edjen"\. "listopad"\. "prosinec"\. ""]

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\da.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1156
                            Entropy (8bit):4.242018456508518
                            Encrypted:false
                            SSDEEP:24:4azu8xVKE6V4/xPsS9CfXTBfijQT1GqAPwvsvT:461H6y/RsJXTNGqAuKT
                            MD5:F012F45523AA0F8CFEACC44187FF1243
                            SHA1:B171D1554244D2A6ED8DE17AC8000AA09D2FADE9
                            SHA-256:CA58FF5BAA9681D9162E094E833470077B7555BB09EEE8E8DD41881B108008A0
                            SHA-512:5BBC44471AB1B1622FABC7A12A8B8727087BE64BEAF72D2C3C9AAC1246A41D9B7CAFC5C451F24A3ACC681C310BF47BBC3384CF80EB0B4375E12646CB7BB8FFD5
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset da DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset da DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset da MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset da MONTHS_FULL [list \. "januar"\. "februar"\. "marts"\. "april"\. "maj"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset da BCE "f.Kr.". ::msgcat::mcset da CE "e.Kr.".

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\de.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1222
                            Entropy (8bit):4.277486792653572
                            Encrypted:false
                            SSDEEP:24:4azu8byFouxpZzWsu0biMe5pF9g1tT9egQTqrS8QWmWFUvIvWI3:46CFB/ZzWsu0vpHlrS8QLWFSeWI3
                            MD5:68882CCA0886535A613ECFE528BB81FC
                            SHA1:6ABF519F6E4845E6F13F272D628DE97F2D2CD481
                            SHA-256:CC3672969C1DD223EADD9A226E00CAC731D8245532408B75AB9A70E9EDD28673
                            SHA-512:ACD5F811A0494E04A18035D2B9171FAF3AB8C856AAB0C09AEBE755590261066ADCD2750565F1CB840B2D0111D95C98970294550A4FBD00E4346D2EDBA3A5C957
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de DAYS_OF_WEEK_ABBREV [list \. "So"\. "Mo"\. "Di"\. "Mi"\. "Do"\. "Fr"\. "Sa"]. ::msgcat::mcset de DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mrz"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de BCE "v. Chr.". ::msgcat::mcset de CE "n. Chr.".

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\de_at.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):812
                            Entropy (8bit):4.344116560816791
                            Encrypted:false
                            SSDEEP:12:4EnLzu8U3S5dkTo7eqepFHvFgt1BAI+5zS17eM5Qz3q6owjI9I3vd3v6B3v9dy:4azu8UlMe5pF9gXDT9egQTqr+rv1vivi
                            MD5:63B8EBBA990D1DE3D83D09375E19F6AC
                            SHA1:B7714AF372B4662A0C15DDBC0F80D1249CB1EEBD
                            SHA-256:80513A9969A12A8FB01802D6FC3015712A4EFDDA64552911A1BB3EA7A098D02C
                            SHA-512:638307C9B97C74BAF38905AC88E73B57F24282E40929DA43ADB74978040B818EFCC2EE2A377DFEB3AC9050800536F2BE1C7C2A7AB9E7B8BCF8D15E5F293F24D9
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_AT MONTHS_ABBREV [list \. "J\u00e4n"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_AT MONTHS_FULL [list \. "J\u00e4nner"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_AT DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset de_AT TIME_FORMAT "%T". ::msgcat::mcset de_AT TIME_FORMAT_12 "%T". ::msgcat::mcset de_AT DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\de_be.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1223
                            Entropy (8bit):4.319193323810203
                            Encrypted:false
                            SSDEEP:24:4azu8I8VWRFFAVa8VpZzWsuEbkMe5pF9grtT9egQTqr9u5sevOevmDvi:46kR6VaIZzWsuEJnHlrg5soOomzi
                            MD5:A741CF1A27C77CFF2913076AC9EE9DDC
                            SHA1:DE519D3A86DCF1E8F469490967AFE350BAEAFE01
                            SHA-256:7573581DEC27E90B0C7D34057D9F4EF89727317D55F2C4E0428A47740FB1EB7A
                            SHA-512:C9272793BAA1D33C32576B48756063F4A9BB97E8FFA276809CF4C3956CC457E48C577BDF359C1ECF5CF665A68135CAED17E972DC053A6AFBAAC3BA0ECBAFEB05
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset de_BE DAYS_OF_WEEK_ABBREV [list \. "Son"\. "Mon"\. "Die"\. "Mit"\. "Don"\. "Fre"\. "Sam"]. ::msgcat::mcset de_BE DAYS_OF_WEEK_FULL [list \. "Sonntag"\. "Montag"\. "Dienstag"\. "Mittwoch"\. "Donnerstag"\. "Freitag"\. "Samstag"]. ::msgcat::mcset de_BE MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "M\u00e4r"\. "Apr"\. "Mai"\. "Jun"\. "Jul"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset de_BE MONTHS_FULL [list \. "Januar"\. "Februar"\. "M\u00e4rz"\. "April"\. "Mai"\. "Juni"\. "Juli"\. "August"\. "September"\. "Oktober"\. "November"\. "Dezember"\. ""]. ::msgcat::mcset de_BE AM "vorm". ::msgcat::mcs

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\el.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2252
                            Entropy (8bit):4.313031807335687
                            Encrypted:false
                            SSDEEP:24:4azu8+v+39bYW4v+0Wn4Obg+EKkJQg9UWWY+YcYGV97Wu9TJGJABRF6RrJFdsvjt:468XxCSpAWL8jdL
                            MD5:E152787B40C5E30699AD5E9B0C60DC07
                            SHA1:4FB9DB6E784E1D28E632B55ED31FBBB4997BF575
                            SHA-256:9B2F91BE34024FBCF645F6EF92460E5F944CA6A16268B79478AB904B2934D357
                            SHA-512:DE59E17CAB924A35C4CC74FE8FCA4776BD49E30C224E476741A273A74BBE40CDAAEDBF6BBB5E30011CD0FEED6B2840F607FD0F1BD3E136E7FE39BAE81C7ED4DB
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset el DAYS_OF_WEEK_ABBREV [list \. "\u039a\u03c5\u03c1"\. "\u0394\u03b5\u03c5"\. "\u03a4\u03c1\u03b9"\. "\u03a4\u03b5\u03c4"\. "\u03a0\u03b5\u03bc"\. "\u03a0\u03b1\u03c1"\. "\u03a3\u03b1\u03b2"]. ::msgcat::mcset el DAYS_OF_WEEK_FULL [list \. "\u039a\u03c5\u03c1\u03b9\u03b1\u03ba\u03ae"\. "\u0394\u03b5\u03c5\u03c4\u03ad\u03c1\u03b1"\. "\u03a4\u03c1\u03af\u03c4\u03b7"\. "\u03a4\u03b5\u03c4\u03ac\u03c1\u03c4\u03b7"\. "\u03a0\u03ad\u03bc\u03c0\u03c4\u03b7"\. "\u03a0\u03b1\u03c1\u03b1\u03c3\u03ba\u03b5\u03c5\u03ae"\. "\u03a3\u03ac\u03b2\u03b2\u03b1\u03c4\u03bf"]. ::msgcat::mcset el MONTHS_ABBREV [list \. "\u0399\u03b1\u03bd"\. "\u03a6\u03b5\u03b2"\. "\u039c\u03b1\u03c1"\. "\u0391\u03c0\u03c1"\. "\u039c\u03b1\u03ca"\. "\u0399\u03bf\u03c5\u03bd"\. "\u

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_au.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):300
                            Entropy (8bit):4.849761581276844
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoCwmGjbJFLoCws6W3vULoCws6W3v6p6HH5oCwmT+3vjb0y6:4EnLzu8brJFqs6W3v3s6W3v6QQJ3vK
                            MD5:F8AE50E60590CC1FF7CCC43F55B5B8A8
                            SHA1:52892EDDFA74DD4C8040F9CDD19A9536BFF72B6E
                            SHA-256:B85C9A373FF0F036151432652DD55C182B0704BD0625EA84BED1727EC0DE3DD8
                            SHA-512:8E15C9CA9A7D2862FDBA330F59BB177B06E5E3154CF3EA948B8E4C0282D66E75E18C225F28F6A203B4643E8BCAA0B5BDB59578A4C20D094F8B923650796E2E72
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_AU DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_AU TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_AU TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_AU DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_be.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):305
                            Entropy (8bit):4.823881517188826
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoCr3FD/LoCsX3vtfNrFLoCsX3v6YNn5oCs+3v3FnN9:4EnLzu863FD/U3vtNm3v6yt3v3FnN9
                            MD5:A0BB5A5CC6C37C12CB24523198B82F1C
                            SHA1:B7A6B4BFB6533CC33A0A0F5037E55A55958C4DFC
                            SHA-256:596AC02204C845AA74451FC527645549F2A3318CB63051FCACB2BF948FD77351
                            SHA-512:9859D8680E326C2EB39390F3B96AC0383372433000A4E828CF803323AB2AB681B2BAE87766CB6FB23F6D46DBA38D3344BC4A941AFB0027C737784063194F9AE4
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BE DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_BE TIME_FORMAT "%k:%M:%S". ::msgcat::mcset en_BE TIME_FORMAT_12 "%k h %M min %S s %z". ::msgcat::mcset en_BE DATE_TIME_FORMAT "%d %b %Y %k:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_bw.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.869619023232552
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmosmGvNLoss6W3v6aZosmT+3vR6HK:4EnLzu8WrvNbs6W3v6aBJ3voq
                            MD5:ECC735522806B18738512DC678D01A09
                            SHA1:EEEC3A5A3780DBA7170149C779180748EB861B86
                            SHA-256:340804F73B620686AB698B2202191D69227E736B1652271C99F2CFEF03D72296
                            SHA-512:F46915BD68249B5B1988503E50EBC48C13D9C0DDBDCBA9F520386E41A0BAAE640FD97A5085698AB1DF65640CE70AC63ED21FAD49AF54511A5543D1F36247C22D
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_BW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_BW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_BW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_ca.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):288
                            Entropy (8bit):4.828989678102087
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoAhgqH5oAZF3vGoAZF3v6loAh9+3vnFDLq:4EnLzu8mhgqHFZF3vGZF3v65hI3v9G
                            MD5:F9A9EE00A4A2A899EDCCA6D82B3FA02A
                            SHA1:BFDBAD5C0A323A37D5F91C37EC899B923DA5B0F5
                            SHA-256:C9FE2223C4949AC0A193F321FC0FD7C344A9E49A54B00F8A4C30404798658631
                            SHA-512:4E5471ADE75E0B91A02A30D8A042791D63565487CBCA1825EA68DD54A3AE6F1E386D9F3B016D233406D4B0B499B05DF6295BC0FFE85E8AA9DA4B4B7CC0128AD9
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_CA DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_CA TIME_FORMAT "%r". ::msgcat::mcset en_CA TIME_FORMAT_12 "%I:%M:%S %p". ::msgcat::mcset en_CA DATE_TIME_FORMAT "%a %d %b %Y %r %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_gb.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.84511182583436
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoEbtvqH5oELE3vG5oELE3v6X5oEbto+3vnFDoAov:4EnLzu8ibtvqHBLE3v4LE3v6RbtF3v98
                            MD5:07C16C81F1B59444508D0F475C2DB175
                            SHA1:DEDBDB2C9ACA932C373C315FB6C5691DBEDEB346
                            SHA-256:AE38AD5452314B0946C5CB9D3C89CDFC2AD214E146EB683B8D0CE3FE84070FE1
                            SHA-512:F13333C975E6A0AD06E57C5C1908ED23C4A96008A895848D1E2FE7985001B2E5B9B05C4824C74EDA94E0CC70EC7CABCB103B97E54E957F986D8F277EEC3325B7
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_GB DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_GB TIME_FORMAT "%T". ::msgcat::mcset en_GB TIME_FORMAT_12 "%T". ::msgcat::mcset en_GB DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_hk.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):321
                            Entropy (8bit):4.803235346516854
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoa/5oaQ9woaAx/G4FLoaYYW3v6aZoaAx/T+3v4x6HK:4EnLzu8cpZF4F7xW3v6ah/3v4Iq
                            MD5:27B4185EB5B4CAAD8F38AE554231B49A
                            SHA1:67122CAA8ECA829EC0759A0147C6851A6E91E867
                            SHA-256:C9BE2C9AD31D516B508D01E85BCCA375AAF807D6D8CD7C658085D5007069FFFD
                            SHA-512:003E5C1E2ECCCC48D14F3159DE71A5B0F1471275D4051C7AC42A3CFB80CAF651A5D04C4D8B868158211E8BC4E08554AF771993B0710E6625AA3AE912A33F5487
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_HK AM "AM". ::msgcat::mcset en_HK PM "PM". ::msgcat::mcset en_HK DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_HK TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_HK DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_ie.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.78446779523026
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoK6qH5oKi+3vG5oKi+3v6X5oKv+3vnFDoAov:4EnLzu8vqHr3vQ3v6O3v9dy
                            MD5:30E351D26DC3D514BC4BF4E4C1C34D6F
                            SHA1:FA87650F840E691643F36D78F7326E925683D0A8
                            SHA-256:E7868C80FD59D18BB15345D29F5292856F639559CFFD42EE649C16C7938BF58D
                            SHA-512:5AAC8A55239A909207E73EFB4123692D027F7728157D07FAFB629AF5C6DB84B35CF11411E561851F7CDB6F25AEC174E85A1982C4B79C7586644E74512F5FBDDA
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset en_IE TIME_FORMAT "%T". ::msgcat::mcset en_IE TIME_FORMAT_12 "%T". ::msgcat::mcset en_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):310
                            Entropy (8bit):4.756550208645364
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoKr3v5oKrGaoKr5vvNLoKrw3vULoKr5o+3voA6:4EnLzu8si2vvNa3vuF3vo3
                            MD5:1423A9CF5507A198580D84660D829133
                            SHA1:70362593A2B04CF965213F318B10E92E280F338D
                            SHA-256:71E5367FE839AFC4338C50D450F111728E097538ECACCC1B17B10238001B0BB1
                            SHA-512:C4F1AD41D44A2473531247036BEEF8402F7C77A21A33690480F169F35E78030942FD31C9331A82B8377D094E22D506C785D0311DBB9F1C2B4AD3575B3F0E76E3
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_IN AM "AM". ::msgcat::mcset en_IN PM "PM". ::msgcat::mcset en_IN DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_IN TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_IN DATE_TIME_FORMAT "%d %B %Y %H:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_nz.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):300
                            Entropy (8bit):4.89415873600679
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoyejbJFLo63vULo63v6p6HH5oy7+3vjb0y6:4EnLzu8YeJFL3vI3v6QtS3vK
                            MD5:DB734349F7A1A83E1CB18814DB6572E8
                            SHA1:3386B2599C7C170A03E4EED68C39EAC7ADD01708
                            SHA-256:812DB204E4CB8266207A4E948FBA3DD1EFE4D071BBB793F9743A4320A1CEEBE3
                            SHA-512:EF09006552C624A2F1C62155251A18BDA9EE85C9FC81ABBEDE8416179B1F82AD0D88E42AB0A10B4871EF4B7DB670E4A824392339976C3C95FB31F588CDE5840D
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_NZ DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset en_NZ TIME_FORMAT "%H:%M:%S". ::msgcat::mcset en_NZ TIME_FORMAT_12 "%I:%M:%S %P %z". ::msgcat::mcset en_NZ DATE_TIME_FORMAT "%e/%m/%Y %H:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_ph.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):321
                            Entropy (8bit):4.775448167269054
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoJ5oXo2e4FLoe3v6aZo27+3v4x6HK:4EnLzu8l4Fj3v6aE3v4Iq
                            MD5:787C83099B6E4E80AC81DD63BA519CBE
                            SHA1:1971ACFAA5753D2914577DCC9EBDF43CF89C1D00
                            SHA-256:BE107F5FAE1E303EA766075C52EF2146EF149EDA37662776E18E93685B176CDC
                            SHA-512:527A36D64B4B5C909F69AA8609CFFEBBA19A378CEA618E1BB07EC2AED89E456E2292080C43917DF51B08534A1D0B35F2069008324C99A7688BBEDE49049CD8A2
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_PH AM "AM". ::msgcat::mcset en_PH PM "PM". ::msgcat::mcset en_PH DATE_FORMAT "%B %e, %Y". ::msgcat::mcset en_PH TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_PH DATE_TIME_FORMAT "%B %e, %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_sg.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.865159200607995
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoQW53FD/LoQGuX3v6ZhLoQWa+3v3F0fJ:4EnLzu8283FD/LJ3v6Xc3v3F4
                            MD5:3045036D8F0663E26796E4E8AFF144E2
                            SHA1:6C9066396C107049D861CD0A9C98DE8753782571
                            SHA-256:B8D354519BD4EB1004EB7B25F4E23FD3EE7F533A5F491A46D19FD520ED34C930
                            SHA-512:EBA6CD05BD596D0E8C96BBCA86379F003AD31E564D9CB90C906AF4B3A776AA797FC18EC405781F83493BBB33510DEDC0E78504AD1E6977BE0F83B2959AD25B8A
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_SG DATE_FORMAT "%d %b %Y". ::msgcat::mcset en_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset en_SG DATE_TIME_FORMAT "%d %b %Y %P %I:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_za.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):245
                            Entropy (8bit):4.89152584889677
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoOr0l5oOK3v6wLoOs+3v0l6C:4EnLzu8WL3v663vlC
                            MD5:F285A8BA3216DA69B764991124F2F75A
                            SHA1:A5B853A39D944DB9BB1A4C0B9D55AFDEF0515548
                            SHA-256:98CE9CA4BB590BA5F922D6A196E5381E19C64E7682CDBEF914F2DCE6745A7332
                            SHA-512:05695E29BA10072954BC91885A07D74EFBCB81B0DE3961261381210A51968F99CE1801339A05B810A54295E53B0A7E1D75CA5350485A8DEBFFFCBD4945234382
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZA DATE_FORMAT "%Y/%m/%d". ::msgcat::mcset en_ZA TIME_FORMAT_12 "%I:%M:%S". ::msgcat::mcset en_ZA DATE_TIME_FORMAT "%Y/%m/%d %I:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\en_zw.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.888960668540414
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoEmGvNLoEs6W3v6aZoEmT+3vR6HK:4EnLzu8urvNDs6W3v6a5J3voq
                            MD5:D8878533B11C21445CAEFA324C638C7E
                            SHA1:EFF82B28741FA16D2DFC93B5421F856D6F902509
                            SHA-256:91088BBBF58A704185DEC13DBD421296BBD271A1AEBBCB3EF85A99CECD848FF8
                            SHA-512:CBFD4FC093B3479AE9E90A5CA05EA1894F62DA9E0559ACC2BD37BBED1F0750ECFF13E6DF2078D68268192CA51A832E1BEED379E11380ADF3C91C1A01A352B20C
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset en_ZW DATE_FORMAT "%d %B %Y". ::msgcat::mcset en_ZW TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset en_ZW DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\eo.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1231
                            Entropy (8bit):4.282246801138565
                            Encrypted:false
                            SSDEEP:24:4azu8CouOZBQpsS9C58mTXv8/s5pkPXvRvm:46nZ6psX8mT/cYpmfFm
                            MD5:FE2F92E5C0AB19CDC7119E70187479F6
                            SHA1:A14B9AA999C0BBD9B21E6A2B44A934D685897430
                            SHA-256:50DF3E0E669502ED08DD778D0AFEDF0F71993BE388B0FCAA1065D1C91BD22D83
                            SHA-512:72B4975DC2CAB725BD6557CAED41B9C9146E0DE167EE0A0723C3C90D7CF49FB1D749977042FFECBCD7D8F21509307AAB3CE80E3C51023D22072FB5B415801EA9
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eo DAYS_OF_WEEK_ABBREV [list \. "di"\. "lu"\. "ma"\. "me"\. "\u0135a"\. "ve"\. "sa"]. ::msgcat::mcset eo DAYS_OF_WEEK_FULL [list \. "diman\u0109o"\. "lundo"\. "mardo"\. "merkredo"\. "\u0135a\u016ddo"\. "vendredo"\. "sabato"]. ::msgcat::mcset eo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "a\u016dg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset eo MONTHS_FULL [list \. "januaro"\. "februaro"\. "marto"\. "aprilo"\. "majo"\. "junio"\. "julio"\. "a\u016dgusto"\. "septembro"\. "oktobro"\. "novembro"\. "decembro"\. ""]. ::msgcat::mcset eo BCE "aK". ::msgcat::mcset e

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1180
                            Entropy (8bit):4.216657382642579
                            Encrypted:false
                            SSDEEP:24:4azu8OJccwdQSBJr/S3tFA7C28/sF9AaD5rYrvtAvrG:46w3wdJB1/6FA22c49XrY7tWrG
                            MD5:022CBA4FF73CF18D63D1B0C11D058B5D
                            SHA1:8B2D0BE1BE354D639EC3373FE20A0F255E312EF6
                            SHA-256:FFF2F08A5BE202C81E469E16D4DE1F8A0C1CFE556CDA063DA071279F29314837
                            SHA-512:5142AD14C614E6BA5067B371102F7E81B14EB7AF3E40D05C674CFF1052DA4D172768636D34FF1DEE2499E43B2FEB4771CB1B67EDA10B887DE50E15DCD58A5283
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mi\u00e9"\. "jue"\. "vie"\. "s\u00e1b"]. ::msgcat::mcset es DAYS_OF_WEEK_FULL [list \. "domingo"\. "lunes"\. "martes"\. "mi\u00e9rcoles"\. "jueves"\. "viernes"\. "s\u00e1bado"]. ::msgcat::mcset es MONTHS_ABBREV [list \. "ene"\. "feb"\. "mar"\. "abr"\. "may"\. "jun"\. "jul"\. "ago"\. "sep"\. "oct"\. "nov"\. "dic"\. ""]. ::msgcat::mcset es MONTHS_FULL [list \. "enero"\. "febrero"\. "marzo"\. "abril"\. "mayo"\. "junio"\. "julio"\. "agosto"\. "septiembre"\. "octubre"\. "noviembre"\. "diciembre"\. ""]. ::msgcat::mcset es BCE "a.C.". ::msgcat::mcset es

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_ar.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):242
                            Entropy (8bit):4.830874390627383
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo8GUFLot/W3vULo8T+3v9y6:4EnLzu8KGUFN3v+K3v3
                            MD5:C806EF01079E6B6B7EAE5D717DA2AAB3
                            SHA1:3C553536241A5D2E95A3BA9024AAB46BB87FBAD9
                            SHA-256:AF530ACD69676678C95B803A29A44642ED2D2F2D077CF0F47B53FF24BAC03B2E
                            SHA-512:619905C2FB5F8D2BC2CBB9F8F0EA117C0AEFBDDE5E4F826FF962D7DC069D16D5DE12E27E898471DC6C039866FB64BBF62ED54DBC031E03C7D24FC2EA38DE5699
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_AR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_AR TIME_FORMAT "%H:%M:%S". ::msgcat::mcset es_AR DATE_TIME_FORMAT "%d/%m/%Y %H:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_bo.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.878640071219599
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoYePWHFLoU3v6rZoY7+3vPUe6HK:4EnLzu8OegFp3v6rHS3vs3q
                            MD5:4C2B2A6FBC6B514EA09AA9EF98834F17
                            SHA1:853FFCBB9A2253B7DC2B82C2BFC3B132500F7A9D
                            SHA-256:24B58DE38CD4CB2ABD08D1EDA6C9454FFDE7ED1A33367B457D7702434A0A55EE
                            SHA-512:3347F9C13896AF19F6BAFBEF225AF2A1F84F20F117E7F0CE3E5CAA783FDD88ABDFAF7C1286AE421BC609A39605E16627013945E4ACA1F7001B066E14CAB90BE7
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_BO DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_BO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_BO DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_cl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.889615718638578
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmodvPWHFLok3v6rZodo+3vPUe6HK:4EnLzu8DgF93v6rC3vs3q
                            MD5:B7E7BE63F24FC1D07F28C5F97637BA1C
                            SHA1:8FE1D17696C910CF59467598233D55268BFE0D94
                            SHA-256:12AD1546EB391989105D80B41A87686D3B30626D0C42A73705F33B2D711950CC
                            SHA-512:FD8B83EF06B1E1111AFF186F5693B17526024CAD8CC99102818BE74FD885344D2F628A0541ABB485F38DB8DE7E29EA4EE4B28D8E5F6ECEF826BABE1013ABDFB8
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CL DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset es_CL TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CL DATE_TIME_FORMAT "%d-%m-%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_co.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.862231219172699
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo4FjbJFLo4F+3v6rZo4++3vjb0f6HK:4EnLzu8QJFL+3v6rv3vbq
                            MD5:FD946BE4D44995911E79135E5B7BD3BB
                            SHA1:3BA38CB03258CA834E37DBB4E3149D4CDA9B353B
                            SHA-256:1B4979874C3F025317DFCF0B06FC8CEE080A28FF3E8EFE1DE9E899F6D4F4D21E
                            SHA-512:FBD8087891BA0AE58D71A6D07482EED5E0EA5C658F0C82A9EC67DFC0D826059F1FC6FF404D6A6DC9619BD9249D4E4EC30D828B177E0939302196C51FA9B2FC4B
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CO DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_CO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CO DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_cr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.873281593259653
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo76GUFLoTW3v6rZo76T+3v9f6HK:4EnLzu8d6GUF73v6rq6K3vMq
                            MD5:F08EF3582AF2F88B71C599FBEA38BFD9
                            SHA1:456C90C09C2A8919DC948E86170F523062F135DB
                            SHA-256:7AC5FC35BC422A5445603E0430236E62CCA3558787811DE22305F72D439EB4BB
                            SHA-512:7187FC4CE0533F14BBA073039A0B86D610618573BA9A936CBE7682ED2939384C6BB9E0A407C016A42702E83627CCE394618ACB58419EA36908AA37F59165E371
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_CR DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_CR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_CR DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_do.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.8668686830029335
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmomerQZnFLou3v6rZom7+3vrQZg6HK:4EnLzu8xkZFH3v6rM3vkrq
                            MD5:44F2EE567A3E9A021A3C16062CEAE220
                            SHA1:180E938584F0A57AC0C3F85E6574BC48291D820E
                            SHA-256:847C14C297DBE4D8517DEBAA8ED555F3DAEDF843D6BAD1F411598631A0BD3507
                            SHA-512:BEB005D006E432963F9C1EF474A1E3669C8B7AF0681681E74DDA8FE9C8EE04D307EF85CF0257DA72663026138D38807A6ABA1255337CF8CC724ED1993039B40C
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_DO DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_DO TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_DO DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_ec.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.86970949384834
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmozgUFLoro+3v6rZoz9+3v9f6HK:4EnLzu8ZgUFcF3v6ruI3vMq
                            MD5:CCB036C33BA7C8E488D37E754075C6CF
                            SHA1:336548C8D361B1CAA8BDF698E148A88E47FB27A6
                            SHA-256:2086EE8D7398D5E60E5C3048843B388437BD6F2507D2293CA218936E3BF61E59
                            SHA-512:05058262E222653CF3A4C105319B74E07322AEE726CC11AEB2B562F01FF2476E3169EA829BF8B66E1B76617CB58E45423480E5A6CB3B3D4B33AA4DDDFA52D111
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_EC DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_EC TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_EC DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_gt.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.86395314548955
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmohvjbJFLoI3v6rZoho+3vjb0f6HK:4EnLzu8PJFB3v6r23vbq
                            MD5:1E6062716A094CC3CE1F2C97853CD3CD
                            SHA1:499F69E661B3B5747227B31DE4539CAF355CCAAC
                            SHA-256:1BC22AF98267D635E3F07615A264A716940A2B1FAA5CAA3AFF54D4C5A4A34370
                            SHA-512:7C3FB65EC76A2F35354E93A47C3A59848170AAF504998CEF66AEBAAD39D303EC67BE212C6FACC98305E35FFEBF23CCB7E34396F11987E81D76B3685E6B5E89B3
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_GT DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_GT TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_GT DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_hn.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.902544453689719
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoIvriP/FLoP3v6rZoIo+3vrig6HK:4EnLzu8w+nF+3v6rP3v+lq
                            MD5:AAE4A89F6AB01044D6BA3511CBE6FE66
                            SHA1:639A94279453B0028995448FD2E221C1BDE23CEE
                            SHA-256:A2D25880C64309552AACED082DEED1EE006482A14CAB97DB524E9983EE84ACFC
                            SHA-512:E2BE94973C931B04C730129E9B9746BB76E7AC7F5AAA8D7899903B8C86B4E3D4A955E9580CF2C64DE48AFD6A2A9386337C2F8A8128A511AFBFBBA09CC032A76E
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_HN DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_HN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_HN DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_mx.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.863953145489551
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoPjbJFLoH+3v6rZoI+3vjb0f6HK:4EnLzu8NJF73v6rE3vbq
                            MD5:F60290CF48AA4EDCA938E496F43135FD
                            SHA1:0EE5A36277EA4E7A1F4C6D1D9EE32D90918DA25C
                            SHA-256:D0FAA9D7997D5696BFF92384144E0B9DFB2E4C38375817613F81A89C06EC6383
                            SHA-512:380DFCD951D15E53FCB1DEF4B892C8FD65CEFBF0857D5A7347FF3ED34F69ADD53AEEF895EDCFC6D2F24A65AB8F67CF813AEA2045EDBF3BF182BD0635B5ACB1A4
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_MX DATE_FORMAT "%e/%m/%Y". ::msgcat::mcset es_MX TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_MX DATE_TIME_FORMAT "%e/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_ni.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.872124246425178
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoe/GriP/FLo3W3v6rZoe/T+3vrig6HK:4EnLzu8Ae+nFmW3v6rxS3v+lq
                            MD5:2C4C45C450FEA6BA0421281F1CF55A2A
                            SHA1:5249E31611A670EAEEF105AB4AD2E5F14B355CAE
                            SHA-256:4B28B46981BBB78CBD2B22060E2DD018C66FCFF1CEE52755425AD4900A90D6C3
                            SHA-512:969A4566C7B5FAF36204865D5BC22C849FBB44F0D16B04B9A9473B05DBABF22AEB9B77F282A44BB85D7E2A56C4E5BCE59E4E4CDEB3F6DD52AF47C65C709A3690
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_NI DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_NI TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_NI DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_pa.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.860352858208512
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoX5rQZnFLoHE3v6rZoXa+3vrQZg6HK:4EnLzu8vkZF93v6rm3vkrq
                            MD5:148626186A258E58851CC0A714B4CFD6
                            SHA1:7F14D46F66D8A94A493702DCDE7A50C1D71774B2
                            SHA-256:6832DC5AB9F610883784CF702691FCF16850651BC1C6A77A0EFA81F43BC509AC
                            SHA-512:2B452D878728BFAFEA9A60030A26E1E1E44CE0BB26C7D9B8DB1D7C4F1AD3217770374BD4EDE784D0A341AB5427B08980FF4A62141FAF7024AB17296FE98427AC
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PA DATE_FORMAT "%m/%d/%Y". ::msgcat::mcset es_PA TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PA DATE_TIME_FORMAT "%m/%d/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_pe.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.8632965835916195
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoIgUFLoQ9X3v6rZoI9+3v9f6HK:4EnLzu8jUFZ3v6rS3vMq
                            MD5:74F014096C233B4D1D38A9DFB15B01BB
                            SHA1:75C28321AFED3D9CDA3EBF3FD059CDEA597BB13A
                            SHA-256:CC826C93682EF19D29AB6304657E07802C70CF18B1E5EA99C3480DF6D2383983
                            SHA-512:24E7C3914BF095B55DE7F01CB537E20112E10CF741333FD0185FEF0B0E3A1CD9651C2B2EDC470BCF18F51ADB352CA7550CFBF4F79342DCA33F7E0841AEDEBA8D
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_pr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.859298425911738
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo06GriP/FLoeW3v6rZo06T+3vrig6HK:4EnLzu8ZG+nFy3v6rAK3v+lq
                            MD5:AEB569C12A50B8C4A57C8034F666C1B3
                            SHA1:24D8B096DD8F1CFA101D6F36606D003D4FCC7B4D
                            SHA-256:19563225CE7875696C6AA2C156E6438292DE436B58F8D7C23253E3132069F9A2
                            SHA-512:B5432D7A80028C3AD3A7819A5766B07EDB56CEE493C0903EDFA72ACEE0C2FFAA955A8850AA48393782471905FFF72469F508B19BE83CC626478072FFF6B60B5D
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PR DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_PR TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PR DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_py.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.871431420165191
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo/5UFLovE3v6rZo/a+3v9f6HK:4EnLzu8XUF13v6re3vMq
                            MD5:D24FF8FAEE658DD516AC298B887D508A
                            SHA1:61990E6F3E399B87060E522ABCDE77A832019167
                            SHA-256:94FF64201C27AB04F362617DD56B7D85B223BCCA0735124196E7669270C591F0
                            SHA-512:1409E1338988BC70C19DA2F6C12A39E311CF91F6BB759575C95E125EA67949F17BBE450B2CD29E3F6FDA1421C742859CB990921949C6940B34D7A8B8545FF8F0
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_PY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_PY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_PY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_sv.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.883202808381857
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmofriP/FLo3+3v6rZoY+3vrig6HK:4EnLzu89+nFO+3v6rw3v+lq
                            MD5:6A013D20A3C983639EAF89B93AB2037C
                            SHA1:9ABEC22E82C1638B9C8E197760C66E370299BB93
                            SHA-256:E3268C95E9B7D471F5FD2436C17318D5A796220BA39CEBEBCD39FBB0141A49CE
                            SHA-512:C4FE0493A2C45DA792D0EE300EC1D30E25179209FE39ACCD74B23ACDFF0A72DEEEED1A1D12842101E0A4E57E8FEADF54F926347B6E9B987B70A52E0557919FC2
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_SV DATE_FORMAT "%m-%d-%Y". ::msgcat::mcset es_SV TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_SV DATE_TIME_FORMAT "%m-%d-%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_uy.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.877844330421912
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmooygUFLooq9X3v6rZooy9+3v9f6HK:4EnLzu8SrUFzsX3v6rZJ3vMq
                            MD5:40250432AD0DC4FF168619719F91DBCA
                            SHA1:D38532CA84E80FE70C69108711E3F9A7DFD5230F
                            SHA-256:BA557A3C656275A0C870FB8466F2237850F5A7CF2D001919896725BB3D3EAA4B
                            SHA-512:26FB4B3332E2C06628869D4C63B7BAB4F42FF73D1D4FD8603323A93067F60D9505C70D1A14D7E34A9880E2993183FC09D43013F3BEB8BC48732F08181643D05D
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_UY DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_UY TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_UY DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\es_ve.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.882638228899482
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoXrUFLoXK3v6rZoXs+3v9f6HK:4EnLzu8VUFH3v6r83vMq
                            MD5:F3A789CBC6B9DD4F5BA5182C421A9F78
                            SHA1:7C2AF280C90B0104AB49B2A527602374254274CE
                            SHA-256:64F796C5E3E300448A1F309A0DA7D43548CC40511036FF3A3E0C917E32147D62
                            SHA-512:822C0D27D2A72C9D5336C1BCEDC13B564F0FB12146CF8D30FBE77B9C4728C4B3BF456AC62DACD2962A6B5B84761354B31CD505105EDB060BF202BA0B0A830772
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset es_VE DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset es_VE TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset es_VE DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\et.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1206
                            Entropy (8bit):4.321464868793769
                            Encrypted:false
                            SSDEEP:24:4azu8W1Yn1YZ1waUuvVTGiMiLpBgoVTJ01iLTh/w2SJmG5F1svtFmsv5d:46K1y1Mv9GrM9oc/FSJmG5F1KtFmK5d
                            MD5:3B4BEE5DD7441A63A31F89D6DFA059BA
                            SHA1:BEE39E45FA3A76B631B4C2D0F937FF6041E09332
                            SHA-256:CCC2B4738DB16FAFB48BFC77C9E2F8BE17BC19E4140E48B61F3EF1CE7C9F3A8C
                            SHA-512:AEC24C75CB00A506A46CC631A2A804C59FBE4F8EBCB86CBA0F4EE5DF7B7C12ED7D25845150599837B364E40BBFDB68244991ED5AF59C9F7792F8362A1E728883
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset et DAYS_OF_WEEK_ABBREV [list \. "P"\. "E"\. "T"\. "K"\. "N"\. "R"\. "L"]. ::msgcat::mcset et DAYS_OF_WEEK_FULL [list \. "p\u00fchap\u00e4ev"\. "esmasp\u00e4ev"\. "teisip\u00e4ev"\. "kolmap\u00e4ev"\. "neljap\u00e4ev"\. "reede"\. "laup\u00e4ev"]. ::msgcat::mcset et MONTHS_ABBREV [list \. "Jaan"\. "Veebr"\. "M\u00e4rts"\. "Apr"\. "Mai"\. "Juuni"\. "Juuli"\. "Aug"\. "Sept"\. "Okt"\. "Nov"\. "Dets"\. ""]. ::msgcat::mcset et MONTHS_FULL [list \. "Jaanuar"\. "Veebruar"\. "M\u00e4rts"\. "Aprill"\. "Mai"\. "Juuni"\. "Juuli"\. "August"\. "September"\. "Oktoober"\. "November"\. "Detsember"\. ""]. ::msgcat::mcset et

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\eu.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):985
                            Entropy (8bit):3.9137059580146376
                            Encrypted:false
                            SSDEEP:24:4azu80P6/XTPi6/XTotXSSzTGsy+trjz4HsKI:46qWKWoX75Bb4Mv
                            MD5:E27FEB15A6C300753506FC706955AC90
                            SHA1:FDFAC22CC0839B29799001838765EB4A232FD279
                            SHA-256:7DCC4966A5C13A52B6D1DB62BE200B9B5A1DECBACCFCAF15045DD03A2C3E3FAA
                            SHA-512:C54A0F72BC0DAF6A411466565467A2783690EA19F4D401A5448908944A0A6F3F74A7976FA0F851F15B6A97C6D6A3C41FB8BBC8EA42B5D5E3C17A5C8A37436FC5
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu DAYS_OF_WEEK_ABBREV [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu DAYS_OF_WEEK_FULL [list \. "igandea"\. "astelehena"\. "asteartea"\. "asteazkena"\. "osteguna"\. "ostirala"\. "larunbata"]. ::msgcat::mcset eu MONTHS_ABBREV [list \. "urt"\. "ots"\. "mar"\. "api"\. "mai"\. "eka"\. "uzt"\. "abu"\. "ira"\. "urr"\. "aza"\. "abe"\. ""]. ::msgcat::mcset eu MONTHS_FULL [list \. "urtarrila"\. "otsaila"\. "martxoa"\. "apirila"\. "maiatza"\. "ekaina"\. "uztaila"\. "abuztua"\. "iraila"\. "urria"\. "azaroa"\. "abendua"\. ""].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\eu_es.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):287
                            Entropy (8bit):4.8689948586471825
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoszFnJF+l6VALoszw3vG5oszw3v6X5osz++3v/R3v:4EnLzu8gL+l6Vt3vf3v6P3vZf
                            MD5:D20788793E6CC1CD07B3AFD2AA135CB6
                            SHA1:3503FCB9490261BA947E89D5494998CEBB157223
                            SHA-256:935164A2D2D14815906B438562889B31139519B3A8E8DB3D2AC152A77EC591DC
                            SHA-512:F65E7D27BD0A99918D6F21C425238000563C2E3A4162D6806EEAC7C9DCB9798987AFFB8BE01899D577078F6297AF468DBAEBEB6375C09ABF332EB44E328F0E8B
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset eu_ES DATE_FORMAT "%a, %Yeko %bren %da". ::msgcat::mcset eu_ES TIME_FORMAT "%T". ::msgcat::mcset eu_ES TIME_FORMAT_12 "%T". ::msgcat::mcset eu_ES DATE_TIME_FORMAT "%y-%m-%d %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fa.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1664
                            Entropy (8bit):4.1508548760580295
                            Encrypted:false
                            SSDEEP:24:4azu8BMnqZEjgYDT0/y3xg2LSREyqyxDfsycNp/Tpn29Ey5ykDDzi:46cGTYDT0/ya4KIySNnCz2
                            MD5:7E74DE42FBDA63663B58B2E58CF30549
                            SHA1:CB210740F56208E8E621A45D545D7DEFCAE8BCAF
                            SHA-256:F9CA4819E8C8B044D7D68C97FC67E0F4CCD6245E30024161DAB24D0F7C3A9683
                            SHA-512:A03688894BD44B6AB87DC6CAB0A5EC348C9117697A2F9D00E27E850F23EFDC2ADBD53CAC6B9ED33756D3A87C9211B6EE8DF06020F6DA477B9948F52E96071F76
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u0633\u067e\u

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fa_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1957
                            Entropy (8bit):4.433104256056609
                            Encrypted:false
                            SSDEEP:24:4azu8XMnSZEjgYDT0g3xg2LSREyqyxDf5cNp/Tpn29Ey5ykDDzJ6v3Nev0Nv0f:46OeTYDT0ga4K9SNnCz0v9o0JI
                            MD5:E6DBD1544A69BFC653865B723395E79C
                            SHA1:5E4178E7282807476BD0D6E1F2E320E42FA0DE77
                            SHA-256:6360CE0F31EE593E311B275F3C1F1ED427E237F31010A4280EF2C58AA6F2633A
                            SHA-512:8D77DCB4333F043502CED7277AEEB0453A2C019E1A46826A0FE90F0C480A530F5646A4F76ECC1C15825601FC8B646ED7C78E53996E2908B341BA4ED1392B95F0
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IN DAYS_OF_WEEK_ABBREV [list \. "\u06cc\u2214"\. "\u062f\u2214"\. "\u0633\u2214"\. "\u0686\u2214"\. "\u067e\u2214"\. "\u062c\u2214"\. "\u0634\u2214"]. ::msgcat::mcset fa_IN DAYS_OF_WEEK_FULL [list \. "\u06cc\u06cc\u200c\u0634\u0646\u0628\u0647"\. "\u062f\u0648\u0634\u0646\u0628\u0647"\. "\u0633\u0647\u200c\u0634\u0646\u0628\u0647"\. "\u0686\u0647\u0627\u0631\u0634\u0646\u0628\u0647"\. "\u067e\u0646\u062c\u200c\u0634\u0646\u0628\u0647"\. "\u062c\u0645\u0639\u0647"\. "\u0634\u0646\u0628\u0647"]. ::msgcat::mcset fa_IN MONTHS_ABBREV [list \. "\u0698\u0627\u0646"\. "\u0641\u0648\u0631"\. "\u0645\u0627\u0631"\. "\u0622\u0648\u0631"\. "\u0645\u0640\u0647"\. "\u0698\u0648\u0646"\. "\u0698\u0648\u06cc"\. "\u0627\u0648\u062a"\. "\u063

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fa_ir.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):417
                            Entropy (8bit):5.087144086729547
                            Encrypted:false
                            SSDEEP:12:4EnLzu82vGz7AhF/Q3vf3v6TANv+K3vz7AA7:4azu8vPm/ivfvF9xvP9
                            MD5:044BAAA627AD3C3585D229865A678357
                            SHA1:9D64038C00253A7EEDA4921B9C5E34690E185061
                            SHA-256:CF492CBD73A6C230725225D70566B6E46D5730BD3F63879781DE4433965620BE
                            SHA-512:DA138F242B44111FAFE9EFE986EB987C26A64D9316EA5644AC4D3D4FEC6DF9F5D55F342FC194BC487A1B7C740F931D883A574863B48396D837D1E270B733F735
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fa_IR AM "\u0635\u0628\u062d". ::msgcat::mcset fa_IR PM "\u0639\u0635\u0631". ::msgcat::mcset fa_IR DATE_FORMAT "%d\u2044%m\u2044%Y". ::msgcat::mcset fa_IR TIME_FORMAT "%S:%M:%H". ::msgcat::mcset fa_IR TIME_FORMAT_12 "%S:%M:%l %P". ::msgcat::mcset fa_IR DATE_TIME_FORMAT "%d\u2044%m\u2044%Y %S:%M:%H %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fi.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1145
                            Entropy (8bit):4.249302428029841
                            Encrypted:false
                            SSDEEP:24:4azu8ZeTWSS/DatuUSlWCBTtotL8W183eYKvt3v3eG:46sWp/DatBSPtoNmpMt/J
                            MD5:34FE8E2D987FE534BD88291046F6820B
                            SHA1:B173700C176336BD1B123C2A055A685F73B60C07
                            SHA-256:BE0D2DCE08E6CD786BC3B07A1FB1ADC5B2CF12053C99EACDDAACDDB8802DFB9C
                            SHA-512:4AC513F092D2405FEF6E30C828AE94EDBB4B0B0E1C68C1168EB2498C186DB054EBF697D6B55B49F865A2284F75B7D5490AFE7A80F887AE8312E6F9A5EFE16390
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fi DAYS_OF_WEEK_ABBREV [list \. "su"\. "ma"\. "ti"\. "ke"\. "to"\. "pe"\. "la"]. ::msgcat::mcset fi DAYS_OF_WEEK_FULL [list \. "sunnuntai"\. "maanantai"\. "tiistai"\. "keskiviikko"\. "torstai"\. "perjantai"\. "lauantai"]. ::msgcat::mcset fi MONTHS_ABBREV [list \. "tammi"\. "helmi"\. "maalis"\. "huhti"\. "touko"\. "kes\u00e4"\. "hein\u00e4"\. "elo"\. "syys"\. "loka"\. "marras"\. "joulu"\. ""]. ::msgcat::mcset fi MONTHS_FULL [list \. "tammikuu"\. "helmikuu"\. "maaliskuu"\. "huhtikuu"\. "toukokuu"\. "kes\u00e4kuu"\. "hein\u00e4kuu"\. "elokuu"\. "syyskuu"\. "lokakuu"\. "marraskuu"\. "joulukuu"\. ""]. ::msgcat

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fo.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):986
                            Entropy (8bit):4.07740021579371
                            Encrypted:false
                            SSDEEP:12:4EnLzu87mY5mvAqO6RxmtV5qHbMj6aywE1ZD4ScMfRDc6VZTEpSecbLwJQT1Y4:4azu874/RqEXsSpffTBtbQQT1t
                            MD5:996B699F6821A055B826415446A11C8E
                            SHA1:C382039ED7D2AE8D96CF2EA55FA328AE9CFD2F7D
                            SHA-256:F249DD1698ED1687E13654C04D08B829193027A2FECC24222EC854B59350466A
                            SHA-512:AB6F5ABC9823C7F7A67BA1E821680ACD37761F83CD1F46EC731AB2B72AA34C2E523ACE288E9DE70DB3D58E11F5CB42ECB5A5E4E39BFD7DFD284F1FF6B637E11D
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo DAYS_OF_WEEK_ABBREV [list \. "sun"\. "m\u00e1n"\. "t\u00fds"\. "mik"\. "h\u00f3s"\. "fr\u00ed"\. "ley"]. ::msgcat::mcset fo DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nadagur"\. "t\u00fdsdagur"\. "mikudagur"\. "h\u00f3sdagur"\. "fr\u00edggjadagur"\. "leygardagur"]. ::msgcat::mcset fo MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset fo MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "apr\u00edl"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fo_fo.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.816022066048386
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoZA4HFLoZd3vG5oZd3v6X5oZd+3vnFDoAov:4EnLzu8kyFO3vf3v6f3v9dy
                            MD5:A76D09A4FA15A2C985CA6BDD22989D6A
                            SHA1:E6105EBCDC547FE2E2FE9EDDC9C573BBDAD85AD0
                            SHA-256:7145B57AC5C074BCA968580B337C04A71BBD6EFB93AFAF291C1361FD700DC791
                            SHA-512:D16542A1CCDC3F5C2A20300B7E38F43F94F7753E0E99F08EB7240D4F286B263815AD481B29F4E96F268E24BA17C5E135E356448685E1BF65B2B63CE6146AA54C
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fo_FO DATE_FORMAT "%d/%m-%Y". ::msgcat::mcset fo_FO TIME_FORMAT "%T". ::msgcat::mcset fo_FO TIME_FORMAT_12 "%T". ::msgcat::mcset fo_FO DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1205
                            Entropy (8bit):4.313638548211754
                            Encrypted:false
                            SSDEEP:24:4azu8qW09HSZ2p60wTyVz5bGzJzzTK+VUuG4CNnvxvB:46JYY5moleiUb42vlB
                            MD5:B475F8E7D7065A67E73B1E5CDBF9EB1F
                            SHA1:1B689EDC29F8BC4517936E5D77A084083F12AE31
                            SHA-256:7A87E418B6D8D14D8C11D63708B38D607D28F7DDBF39606C7D8FBA22BE7892CA
                            SHA-512:EA77EFF9B23A02F59526499615C08F1314A91AB41561856ED7DF45930FDD8EC11A105218890FD012045C4CC40621C226F94BDC3BEB62B83EA8FAA7AEC20516E7
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr DAYS_OF_WEEK_ABBREV [list \. "dim."\. "lun."\. "mar."\. "mer."\. "jeu."\. "ven."\. "sam."]. ::msgcat::mcset fr DAYS_OF_WEEK_FULL [list \. "dimanche"\. "lundi"\. "mardi"\. "mercredi"\. "jeudi"\. "vendredi"\. "samedi"]. ::msgcat::mcset fr MONTHS_ABBREV [list \. "janv."\. "f\u00e9vr."\. "mars"\. "avr."\. "mai"\. "juin"\. "juil."\. "ao\u00fbt"\. "sept."\. "oct."\. "nov."\. "d\u00e9c."\. ""]. ::msgcat::mcset fr MONTHS_FULL [list \. "janvier"\. "f\u00e9vrier"\. "mars"\. "avril"\. "mai"\. "juin"\. "juillet"\. "ao\u00fbt"\. "septembre"\. "octobre"\. "novembre"\. "d\u00e9cembre"\. ""]. ::msgcat::mcset fr BCE "a

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fr_be.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.863262857917797
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoXqH5oIX3vG5oIX3v6X5og+3vnFDoAov:4EnLzu81qHd3v63v6Y3v9dy
                            MD5:483652B6A3D8010C3CDB6CAD0AD95E72
                            SHA1:8FCDB01D0729E9F1A0CAC56F79EDB79A37734AF5
                            SHA-256:980E703DFB1EEDE7DE48C958F6B501ED4251F69CB0FBCE0FCA85555F5ACF134A
                            SHA-512:0282B8F3884BB4406F69AF2D2F44E431FB8077FEA86D09ED5607BC0932A049853D0C5CAF0B57EF0289F42A8265F76CC4B10111A28B1E0E9BD54E9319B25D8DB6
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_BE DATE_FORMAT "%d/%m/%y". ::msgcat::mcset fr_BE TIME_FORMAT "%T". ::msgcat::mcset fr_BE TIME_FORMAT_12 "%T". ::msgcat::mcset fr_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fr_ca.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.843031408533295
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmooI9jo13vG5o13v6X5o1+3vnFDoAov:4EnLzu8eI9Q3vB3v613v9dy
                            MD5:017D816D73DAB852546169F3EC2D16F2
                            SHA1:3145BB54D9E1E4D9166186D5B43F411CE0250594
                            SHA-256:F16E212D5D1F6E83A9FC4E56874E4C7B8F1947EE882610A73199480319EFA529
                            SHA-512:4D4EF395B15F750F16EC64162BE8AB4B082C6CD1877CA63D5EA4A5E940A7F98E46D792115FD105B293DC43714E8662BC4411E14E93F09769A064622E52EDE258
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CA DATE_FORMAT "%Y-%m-%d". ::msgcat::mcset fr_CA TIME_FORMAT "%T". ::msgcat::mcset fr_CA TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CA DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\fr_ch.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):281
                            Entropy (8bit):4.866549204705568
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoFt2poF+3vG5oF+3v6X5o++3vnFDoAov:4EnLzu8btn+3vB+3v6+3v9dy
                            MD5:8B27EFF0D45F536852E7A819500B7F93
                            SHA1:CAED7D4334BAD8BE586A1AEEE270FB6913A03512
                            SHA-256:AB160BFDEB5C3ADF071E01C78312A81EE4223BBF5470AB880972BBF5965291F3
                            SHA-512:52DD94F524C1D9AB13F5933265691E8C44B2946F507DE30D789FDCFEA7839A4076CB55A01CEB49194134D7BC84E4F490341AAB9DFB75BB960B03829D6550872B
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset fr_CH DATE_FORMAT "%d. %m. %y". ::msgcat::mcset fr_CH TIME_FORMAT "%T". ::msgcat::mcset fr_CH TIME_FORMAT_12 "%T". ::msgcat::mcset fr_CH DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ga.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1141
                            Entropy (8bit):4.24180563443443
                            Encrypted:false
                            SSDEEP:24:4azu8qppr5xqPs5Jpwe3zESbs5JpbxK+dfJ:46ct5XGe3zwXu4fJ
                            MD5:88D5CB026EBC3605E8693D9A82C2D050
                            SHA1:C2A613DC7C367A841D99DE15876F5E7A8027BBF8
                            SHA-256:057C75C1AD70653733DCE43EA5BF151500F39314E8B0236EE80F8D5DB623627F
                            SHA-512:253575BFB722CF06937BBE4E9867704B95EFE7B112B370E1430A2027A1818BD2560562A43AD2D067386787899093B25AE84ABFE813672A15A649FEF487E31F7A
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga DAYS_OF_WEEK_ABBREV [list \. "Domh"\. "Luan"\. "M\u00e1irt"\. "C\u00e9ad"\. "D\u00e9ar"\. "Aoine"\. "Sath"]. ::msgcat::mcset ga DAYS_OF_WEEK_FULL [list \. "D\u00e9 Domhnaigh"\. "D\u00e9 Luain"\. "D\u00e9 M\u00e1irt"\. "D\u00e9 C\u00e9adaoin"\. "D\u00e9ardaoin"\. "D\u00e9 hAoine"\. "D\u00e9 Sathairn"]. ::msgcat::mcset ga MONTHS_ABBREV [list \. "Ean"\. "Feabh"\. "M\u00e1rta"\. "Aib"\. "Beal"\. "Meith"\. "I\u00fail"\. "L\u00fan"\. "MF\u00f3mh"\. "DF\u00f3mh"\. "Samh"\. "Noll"\. ""]. ::msgcat::mcset ga MONTHS_FULL [list \. "Ean\u00e1ir"\. "Feabhra"\. "M\u00e1rta"\. "Aibre\u00e1n"\. "M\u00ed na Bealtaine"\. "Meith"\. "I\u00fail"\. "L\u00fanasa"

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ga_ie.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.7755422576113595
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmobHAyg0obHAqo+3vG5obHAqo+3v6X5obHAy9+3vnFDoAov:4EnLzu8s33vj3v6r3v9dy
                            MD5:04452D43DA05A94414973F45CDD12869
                            SHA1:AEEDCC2177B592A0025A1DBCFFC0EF3634DBF562
                            SHA-256:2072E48C98B480DB5677188836485B4605D5A9D99870AC73B5BFE9DCC6DB46F4
                            SHA-512:5A01156FD5AB662EE9D626518B4398A161BAF934E3A618B3A18839A944AEEAEE6FE1A5279D7750511B126DB3AD2CC992CDA067573205ACBC211C34C8A099305F
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ga_IE DATE_FORMAT "%d.%m.%y". ::msgcat::mcset ga_IE TIME_FORMAT "%T". ::msgcat::mcset ga_IE TIME_FORMAT_12 "%T". ::msgcat::mcset ga_IE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\gl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):950
                            Entropy (8bit):4.037076523160125
                            Encrypted:false
                            SSDEEP:24:4azu8LpP8ihyz/ptFOBViNef9kekIsnyFo0:46J0i0zRtUB0c9dkVneo0
                            MD5:B940E67011DDBAD6192E9182C5F0CCC0
                            SHA1:83A284899785956ECB015BBB871E7E04A7C36585
                            SHA-256:C71A07169CDBE9962616D28F38C32D641DA277E53E67F8E3A69EB320C1E2B88C
                            SHA-512:28570CB14452CA5285D97550EA77C9D8F71C57DE6C1D144ADB00B93712F588AF900DA32C10C3A81C7A2DEE11A3DC843780D24218F53920AB72E90321677CC9E8
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Lun"\. "Mar"\. "M\u00e9r"\. "Xov"\. "Ven"\. "S\u00e1b"]. ::msgcat::mcset gl DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Luns"\. "Martes"\. "M\u00e9rcores"\. "Xoves"\. "Venres"\. "S\u00e1bado"]. ::msgcat::mcset gl MONTHS_ABBREV [list \. "Xan"\. "Feb"\. "Mar"\. "Abr"\. "Mai"\. "Xu\u00f1"\. "Xul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset gl MONTHS_FULL [list \. "Xaneiro"\. "Febreiro"\. "Marzo"\. "Abril"\. "Maio"\. "Xu\u00f1o"\. "Xullo"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Decembro"\. ""].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\gl_es.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.839318757139709
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoPhkgvNLoPxsF3v6aZoPhk9+3vR6HK:4EnLzu8NrvNEK3v6a2J3voq
                            MD5:3FCDF0FC39C8E34F6270A646A996F663
                            SHA1:6999E82148E1D1799C389BCC6C6952D5514F4A4B
                            SHA-256:BC2B0424CF27BEF67F309E2B6DFFEF4D39C46F15D91C15E83E070C7FD4E20C9C
                            SHA-512:CDB9ED694A7E555EB321F559E9B0CC0998FD526ADEF33AD08C56943033351D70900CD6EC62D380E23AB9F65CCFB85F4EEEB4E17FA8CC05E56C2AC57FBEDE721E
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gl_ES DATE_FORMAT "%d %B %Y". ::msgcat::mcset gl_ES TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gl_ES DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\gv.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1037
                            Entropy (8bit):4.13549698574103
                            Encrypted:false
                            SSDEEP:24:4azu81WjLHkFQSMnKIeCPHy3CAVfbku5SJ:460jwyLTySI4J
                            MD5:3350E1228CF7157ECE68762F967F2F32
                            SHA1:2D0411DA2F6E0441B1A8683687178E9EB552B835
                            SHA-256:75AA686FF901C9E66E51D36E8E78E5154B57EE9045784568F6A8798EA9689207
                            SHA-512:1D0B44F00A5E6D7B8CECB67EAF060C6053045610CF7246208C8E63E7271C7780587A184D38ECFDFDCFB976F9433FEFDA0BAF8981FCD197554D0874ED1E6B6428
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv DAYS_OF_WEEK_ABBREV [list \. "Jed"\. "Jel"\. "Jem"\. "Jerc"\. "Jerd"\. "Jeh"\. "Jes"]. ::msgcat::mcset gv DAYS_OF_WEEK_FULL [list \. "Jedoonee"\. "Jelhein"\. "Jemayrt"\. "Jercean"\. "Jerdein"\. "Jeheiney"\. "Jesarn"]. ::msgcat::mcset gv MONTHS_ABBREV [list \. "J-guer"\. "T-arree"\. "Mayrnt"\. "Avrril"\. "Boaldyn"\. "M-souree"\. "J-souree"\. "Luanistyn"\. "M-fouyir"\. "J-fouyir"\. "M.Houney"\. "M.Nollick"\. ""]. ::msgcat::mcset gv MONTHS_FULL [list \. "Jerrey-geuree"\. "Toshiaght-arree"\. "Mayrnt"\. "Averil"\. "Boaldyn"\. "Mean-souree"\. "Jerrey-souree"\. "Luanistyn"\. "Mean-fouyir"\. "Jerrey-fouyir"\. "Mee Houney"\.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\gv_gb.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.890913756172577
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoQbtvvNLoQLE3v6aZoQbto+3vR6HK:4EnLzu8CbtvvNBLE3v6avbtF3voq
                            MD5:A65040748621B18B1F88072883891280
                            SHA1:4D0ED6668A99BAC9B273B0FA8BC74EB6BB9DDFC8
                            SHA-256:823AF00F4E44613E929D32770EDB214132B6E210E872751624824DA5F0B78448
                            SHA-512:16FFD4107C3B85619629B2CD8A48AB9BC3763FA6E4FE4AE910EDF3B42209CEEB8358D4E7E531C2417875D05E5F801BB19B10130FA8BF70E44CFD8F1BA06F6B6E
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset gv_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset gv_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset gv_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\he.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1938
                            Entropy (8bit):4.234997703698801
                            Encrypted:false
                            SSDEEP:24:4azu8Hdd4CLxLtmCLoCLHCL3CLXLICLP1ptzLzCJCLt5LL53h5Lq+p5LcL3pLzCt:4655ftB9hMcGlhO8/n/0ecOfC3
                            MD5:FFD5D8007D78770EA0E7E5643F1BD20A
                            SHA1:40854EB81EE670086D0D0C0C2F0F9D8406DF6B47
                            SHA-256:D27ADAF74EBB18D6964882CF931260331B93AE4B283427F9A0DB147A83DE1D55
                            SHA-512:EFBDADE1157C7E1CB8458CBA89913FB44DC2399AD860FCAEDA588B99230B0934EDAAF8BAB1742E03F06FA8047D3605E8D63BB23EC4B32155C256D07C46ABBFEE
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset he DAYS_OF_WEEK_ABBREV [list \. "\u05d0"\. "\u05d1"\. "\u05d2"\. "\u05d3"\. "\u05d4"\. "\u05d5"\. "\u05e9"]. ::msgcat::mcset he DAYS_OF_WEEK_FULL [list \. "\u05d9\u05d5\u05dd \u05e8\u05d0\u05e9\u05d5\u05df"\. "\u05d9\u05d5\u05dd \u05e9\u05e0\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05dc\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e8\u05d1\u05d9\u05e2\u05d9"\. "\u05d9\u05d5\u05dd \u05d7\u05de\u05d9\u05e9\u05d9"\. "\u05d9\u05d5\u05dd \u05e9\u05d9\u05e9\u05d9"\. "\u05e9\u05d1\u05ea"]. ::msgcat::mcset he MONTHS_ABBREV [list \. "\u05d9\u05e0\u05d5"\. "\u05e4\u05d1\u05e8"\. "\u05de\u05e8\u05e5"\. "\u05d0\u05e4\u05e8"\. "\u05de\u05d0\u05d9"\. "\u05d9\u05d5\u05e0"\. "\u05d9\u05d5\u05dc"\. "\u05d0\u05d5\u05d2"\. "\u05e1\u05e4\u05d8"\.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\hi.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1738
                            Entropy (8bit):4.1505681803025185
                            Encrypted:false
                            SSDEEP:24:4azu8dVYe48VcOVcz1HtDVcqiVca4mGE18VcRBkEVcRfVcRMsVcqiVca4mGE18VI:465v4bNVO7GQbBkDuM4O7GQbBkDuh3x
                            MD5:349823390798DF68270E4DB46C3CA863
                            SHA1:814F9506FCD8B592C22A47023E73457C469B2F53
                            SHA-256:FAFE65DB09BDCB863742FDA8705BCD1C31B59E0DD8A3B347EA6DEC2596CEE0E9
                            SHA-512:4D12213EA9A3EAD6828E21D3B5B73931DC922EBE8FD2373E3A3E106DF1784E0BCE2C9D1FBEAE0D433449BE6D28A0F2F50F49AB8C208E69D413C6787ADF52915E
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0932\u0935\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset hi MONTHS_ABBREV [list \. "\u091c\u0928\u0935\u0930\u0940"\. "\u092b\u093c\u0930\u0935\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u0905\u092a\u094d\u0930\u0947\u0932"\. "\u092e\u0908"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u093e\u0908"\. "\u0905\u0917\u0938\u094d\u0924"\. "\u0938\u093f\u0924\u092e\u094d\u092c\u0930"\. "\u0905\u0915\u094d\u091f\u0942\u092c\u0930"\. "\u0928\u0935\u092e\u094d\u092c\u093

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\hi_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.882853646266983
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmocv+9/Loz3v6rZoco+3v+6f6HK:4EnLzu8+vWq3v6rpF3vmq
                            MD5:BC86C58492BCB8828489B871D2A727F0
                            SHA1:22EEC74FC011063071A40C3860AE8EF38D898582
                            SHA-256:29C7CA358FFFCAF94753C7CC2F63B58386234B75552FA3272C2E36F253770C3F
                            SHA-512:ABFE093952144A285F7A86800F5933F7242CB224D917B4BAA4FD2CA48792BEFCBEE9AB7073472510B53D31083719EC68A77DD896410B3DC3C6E2CCD60C2E92F9
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hi_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset hi_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset hi_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\hr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1121
                            Entropy (8bit):4.291836444825864
                            Encrypted:false
                            SSDEEP:24:4azu84VBVgqoLpYDThoLZDT25KNWg1gqNvEKvOAl:46nNYPSLZP2ZVqJTO+
                            MD5:46FD3DF765F366C60B91FA0C4DE147DE
                            SHA1:5E006D1ACA7BBDAC9B8A65EFB26FAFC03C6E9FDE
                            SHA-256:9E14D8F7F54BE953983F198C8D59F38842C5F73419A5E81BE6460B3623E7307A
                            SHA-512:3AC26C55FB514D9EA46EF57582A2E0B64822E90C889F4B83A62EE255744FEBE0A012079DD764E0F6C7338B3580421C5B6C8575E0B85632015E3689CF58D9EB77
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hr DAYS_OF_WEEK_ABBREV [list \. "ned"\. "pon"\. "uto"\. "sri"\. "\u010det"\. "pet"\. "sub"]. ::msgcat::mcset hr DAYS_OF_WEEK_FULL [list \. "nedjelja"\. "ponedjeljak"\. "utorak"\. "srijeda"\. "\u010detvrtak"\. "petak"\. "subota"]. ::msgcat::mcset hr MONTHS_ABBREV [list \. "sij"\. "vel"\. "o\u017eu"\. "tra"\. "svi"\. "lip"\. "srp"\. "kol"\. "ruj"\. "lis"\. "stu"\. "pro"\. ""]. ::msgcat::mcset hr MONTHS_FULL [list \. "sije\u010danj"\. "velja\u010da"\. "o\u017eujak"\. "travanj"\. "svibanj"\. "lipanj"\. "srpanj"\. "kolovoz"\. "rujan"\. "listopad"\. "studeni"\. "prosinac"\. ""]. ::msgcat::mcset hr DATE_FORMAT "

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\hu.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1327
                            Entropy (8bit):4.447184847972284
                            Encrypted:false
                            SSDEEP:24:4azu8Xjv5ZemNruwcVNtZHTE9wocxPvt9vq:46fBZemNqwIZHTEE3t5q
                            MD5:0561E62941F6ED8965DFC4E2B424E028
                            SHA1:C622B21C0DBA83F943FBD10C746E5FABE20235B2
                            SHA-256:314F4180C05DE4A4860F65AF6460900FFF77F12C08EDD728F68CA0065126B9AE
                            SHA-512:CAD01C963145463612BBAE4B9F5C80B83B228C0181C2500CE8CE1394E1A32CCA3587221F1406F6343029059F5AD47E8FD5514535DCEA45BBA6B2AE76993DFFBD
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset hu DAYS_OF_WEEK_ABBREV [list \. "V"\. "H"\. "K"\. "Sze"\. "Cs"\. "P"\. "Szo"]. ::msgcat::mcset hu DAYS_OF_WEEK_FULL [list \. "vas\u00e1rnap"\. "h\u00e9tf\u0151"\. "kedd"\. "szerda"\. "cs\u00fct\u00f6rt\u00f6k"\. "p\u00e9ntek"\. "szombat"]. ::msgcat::mcset hu MONTHS_ABBREV [list \. "jan."\. "febr."\. "m\u00e1rc."\. "\u00e1pr."\. "m\u00e1j."\. "j\u00fan."\. "j\u00fal."\. "aug."\. "szept."\. "okt."\. "nov."\. "dec."\. ""]. ::msgcat::mcset hu MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "m\u00e1rcius"\. "\u00e1prilis"\. "m\u00e1jus"\. "j\u00fanius"\. "j\u00falius"\. "augusztus"\. "szeptember"\. "okt\u00f3ber"\. "nove

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\id.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):914
                            Entropy (8bit):3.9322448438499125
                            Encrypted:false
                            SSDEEP:24:4azu8acGEXctI9tdb/7579g6tdhUgQbVg:46GBEXKI9tdHtdwg
                            MD5:CE834C7E0C3170B733122FF8BF38C28D
                            SHA1:693ACC2A0972156B984106AFD07911AF14C4F19C
                            SHA-256:1F1B0F5DEDE0263BD81773A78E98AF551F36361ACCB315B618C8AE70A5FE781E
                            SHA-512:23BFC6E2CDB7BA75AAC3AA75869DF4A235E4526E8E83D73551B3BC2CE89F3675EBFA75BC94177F2C2BD6AC58C1B125BE65F8489BC4F85FA701415DB9768F7A80
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id DAYS_OF_WEEK_ABBREV [list \. "Min"\. "Sen"\. "Sel"\. "Rab"\. "Kam"\. "Jum"\. "Sab"]. ::msgcat::mcset id DAYS_OF_WEEK_FULL [list \. "Minggu"\. "Senin"\. "Selasa"\. "Rabu"\. "Kamis"\. "Jumat"\. "Sabtu"]. ::msgcat::mcset id MONTHS_ABBREV [list \. "Jan"\. "Peb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Agu"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset id MONTHS_FULL [list \. "Januari"\. "Pebruari"\. "Maret"\. "April"\. "Mei"\. "Juni"\. "Juli"\. "Agustus"\. "September"\. "Oktober"\. "November"\. "Desember"\. ""].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\id_id.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.857986813915644
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo0kGvNLo0F/W3v6aZo0kT+3vR6HK:4EnLzu8NGvNS3v6aQK3voq
                            MD5:A285817AAABD5203706D5F2A34158C03
                            SHA1:18FD0178051581C9F019604499BF91B16712CC91
                            SHA-256:DB81643BA1FD115E9D547943A889A56DFC0C81B63F21B1EDC1955C6884C1B2F5
                            SHA-512:0B6C684F2E5122681309A6212980C95C14172723F12D4864AF8A8A913DC7081BC42AC39CF087D29770B4A1F0B3B1F712856CBF05D1975FFFC008C16A91081A00
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset id_ID DATE_FORMAT "%d %B %Y". ::msgcat::mcset id_ID TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset id_ID DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\is.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1255
                            Entropy (8bit):4.391152464169964
                            Encrypted:false
                            SSDEEP:24:4azu8qVXVDWpXMVmDz1ZVcWVzbQ1/xZ9b3eYXvhv3eT3:462hVW5JDz1ZVUbpfV83
                            MD5:6695839F1C4D2A92552CB1647FD14DA5
                            SHA1:04CB1976846A78EA9593CB3706C9D61173CE030C
                            SHA-256:6767115FFF2DA05F49A28BAD78853FAC6FC716186B985474D6D30764E1727C40
                            SHA-512:208766038A6A1D748F4CB2660F059AD355A5439EA6D8326F4F410B2DFBBDEECB55D4CE230C01C519B08CAB1CF5E5B3AC61E7BA86020A7BDA1AFEA624F3828521
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset is DAYS_OF_WEEK_ABBREV [list \. "sun."\. "m\u00e1n."\. "\u00feri."\. "mi\u00f0."\. "fim."\. "f\u00f6s."\. "lau."]. ::msgcat::mcset is DAYS_OF_WEEK_FULL [list \. "sunnudagur"\. "m\u00e1nudagur"\. "\u00feri\u00f0judagur"\. "mi\u00f0vikudagur"\. "fimmtudagur"\. "f\u00f6studagur"\. "laugardagur"]. ::msgcat::mcset is MONTHS_ABBREV [list \. "jan."\. "feb."\. "mar."\. "apr."\. "ma\u00ed"\. "j\u00fan."\. "j\u00fal."\. "\u00e1g\u00fa."\. "sep."\. "okt."\. "n\u00f3v."\. "des."\. ""]. ::msgcat::mcset is MONTHS_FULL [list \. "jan\u00faar"\. "febr\u00faar"\. "mars"\. "apr\u00edl"\. "ma\u00ed"\. "j\u00fan\u00ed"\. "j\u00fal\u00ed"\. "\u00e1g\u00fast"\.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\it.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1240
                            Entropy (8bit):4.207511774275323
                            Encrypted:false
                            SSDEEP:24:4azu8iYJcc8jYShjLhQ6I3S68gvNvlNUhsFNlVGvNmv5svc:46Wi38jBJLhQ6I3EgFtNo4NlVGlw5Kc
                            MD5:8E205D032206D794A681E2A994532FA6
                            SHA1:47098672D339624474E8854EB0512D54A0CA49E7
                            SHA-256:C7D84001855586A0BAB236A6A5878922D9C4A2EA1799BF18544869359750C0DF
                            SHA-512:139219DBD014CCA15922C45C7A0468F62E864F18CC16C7B8506258D1ECD766E1EFF6EAE4DFDAF72898B9AF1A5E6CE8D7BB0F1A93A6604D2539F2645C9ED8D146
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it DAYS_OF_WEEK_ABBREV [list \. "dom"\. "lun"\. "mar"\. "mer"\. "gio"\. "ven"\. "sab"]. ::msgcat::mcset it DAYS_OF_WEEK_FULL [list \. "domenica"\. "luned\u00ec"\. "marted\u00ec"\. "mercoled\u00ec"\. "gioved\u00ec"\. "venerd\u00ec"\. "sabato"]. ::msgcat::mcset it MONTHS_ABBREV [list \. "gen"\. "feb"\. "mar"\. "apr"\. "mag"\. "giu"\. "lug"\. "ago"\. "set"\. "ott"\. "nov"\. "dic"\. ""]. ::msgcat::mcset it MONTHS_FULL [list \. "gennaio"\. "febbraio"\. "marzo"\. "aprile"\. "maggio"\. "giugno"\. "luglio"\. "agosto"\. "settembre"\. "ottobre"\. "novembre"\. "dicembre"\. ""]. ::msgcat::mcset it BCE "aC". ::msgc

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\it_ch.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):244
                            Entropy (8bit):4.851375233848049
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoi5jLWNLoyJ+3vULoia+3vjLtA6:4EnLzu8m3WNJ+3v23v3t3
                            MD5:8666E24230AED4DC76DB93BE1EA07FF6
                            SHA1:7C688C8693C76AEE07FB32637CD58E47A85760F3
                            SHA-256:2EE356FFA2491A5A60BDF7D7FEBFAC426824904738615A0C1D07AEF6BDA3B76F
                            SHA-512:BCCE87FB94B28B369B9EE48D792A399DB8250D0D3D73FC05D053276A7475229EF1555D5E516D780092496F0E5F229A9912A45FB5A88C024FCEBF08E654D37B07
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset it_CH DATE_FORMAT "%e. %B %Y". ::msgcat::mcset it_CH TIME_FORMAT "%H:%M:%S". ::msgcat::mcset it_CH DATE_TIME_FORMAT "%e. %B %Y %H:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ja.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1664
                            Entropy (8bit):4.88149888596689
                            Encrypted:false
                            SSDEEP:24:4azu8VcQHxbtVLKMwvtFwvQv4fTweLvDvTwS0Zu+jqgv:46RbItt4mCEebzES0njqq
                            MD5:430DEB41034402906156D7E23971CD2C
                            SHA1:0952FFBD241B5111714275F5CD8FB5545067FFEC
                            SHA-256:38DCA9B656241884923C451A369B90A9F1D76F9029B2E98E04784323169C3251
                            SHA-512:AE5DF1B79AE34DF4CC1EB00406FFF49541A95E2C732E3041CCE321F2F3FA6461BB45C6524A5FEB77E18577206CBD88A83FBF20B4B058BAE9B889179C93221557
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ja DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u6708"\. "\u706b"\. "\u6c34"\. "\u6728"\. "\u91d1"\. "\u571f"]. ::msgcat::mcset ja DAYS_OF_WEEK_FULL [list \. "\u65e5\u66dc\u65e5"\. "\u6708\u66dc\u65e5"\. "\u706b\u66dc\u65e5"\. "\u6c34\u66dc\u65e5"\. "\u6728\u66dc\u65e5"\. "\u91d1\u66dc\u65e5"\. "\u571f\u66dc\u65e5"]. ::msgcat::mcset ja MONTHS_FULL [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"]. ::msgcat::mcset ja BCE "\u7d00\u5143\u524d". ::msgcat::mcset ja CE "\u897f\u66a6". ::msgcat::mcset ja AM "\u5348\u524d". ::msgcat::mcset ja PM "\u5348\u5f8c". ::msgcat::mcset ja DATE_FORMAT "%Y/%m/%

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\kl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):978
                            Entropy (8bit):4.013253613061898
                            Encrypted:false
                            SSDEEP:24:4azu83jGeo9sbjCjS3jCwjLj+zSsS9CfzTA2Qcl:46OOsJzTvl
                            MD5:AE55E001BBE3272CE13369C836139EF3
                            SHA1:D912A0AEBA08BC97D80E9B7A55CE146956C90BCC
                            SHA-256:1B00229DF5A979A040339BBC72D448F39968FEE5CC24F07241C9F6129A9B53DD
                            SHA-512:E53E8DB56AD367E832A121D637CA4755E6C8768C063E4BE43E6193C5F71ED7AA10F7223AC85750C0CAD543CF4A0BFE578CBA2877F176A5E58DCA2BAA2F7177FB
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl DAYS_OF_WEEK_ABBREV [list \. "sab"\. "ata"\. "mar"\. "pin"\. "sis"\. "tal"\. "arf"]. ::msgcat::mcset kl DAYS_OF_WEEK_FULL [list \. "sabaat"\. "ataasinngorneq"\. "marlunngorneq"\. "pingasunngorneq"\. "sisamanngorneq"\. "tallimanngorneq"\. "arfininngorneq"]. ::msgcat::mcset kl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset kl MONTHS_FULL [list \. "januari"\. "februari"\. "martsi"\. "aprili"\. "maji"\. "juni"\. "juli"\. "augustusi"\. "septemberi"\. "oktoberi"\. "novemberi"\. "decemberi"\. ""].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\kl_gl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.83493357349932
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoEpb53FD/LoEpLE3vG5oEpLE3v6X5oEpba+3vnFDoAov:4EnLzu8KF3FD/1w3vMw3v6T/3v9dy
                            MD5:4B8E5B6EB7C27A02DBC0C766479B068D
                            SHA1:E97A948FFE6C8DE99F91987155DF0A81A630950E
                            SHA-256:F99DA45138A8AEBFD92747FC28992F0C315C6C4AD97710EAF9427263BFFA139C
                            SHA-512:D726494A6F4E1FB8C71B8B56E9B735C1837D8D22828D006EF386E41AD15CD1E4CF14DAC01966B9AFE41F7B6A44916EFC730CF038B4EC393043AE9021D11DACF2
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kl_GL DATE_FORMAT "%d %b %Y". ::msgcat::mcset kl_GL TIME_FORMAT "%T". ::msgcat::mcset kl_GL TIME_FORMAT_12 "%T". ::msgcat::mcset kl_GL DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ko.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1566
                            Entropy (8bit):4.552910804130986
                            Encrypted:false
                            SSDEEP:24:4azu8cVBfHVnYgY+YGkYeY02Y7YkMXjDHMXjqKKyvtuvFd8vUPvwEq:46ojlmpYEY7XjDsXj+0t4zaU3wt
                            MD5:A4C37AF81FC4AA6003226A95539546C1
                            SHA1:A18A7361783896C691BD5BE8B3A1FCCCCB015F43
                            SHA-256:F6E2B0D116D2C9AC90DDA430B6892371D87A4ECFB6955318978ED6F6E9D546A6
                            SHA-512:FBE6BA258C250BD90FADCC42AC18A17CC4E7B040F160B94075AF1F42ECD43EEA6FE49DA52CF9B5BBB5D965D6AB7C4CC4053A78E865241F891E13F94EB20F0472
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko DAYS_OF_WEEK_ABBREV [list \. "\uc77c"\. "\uc6d4"\. "\ud654"\. "\uc218"\. "\ubaa9"\. "\uae08"\. "\ud1a0"]. ::msgcat::mcset ko DAYS_OF_WEEK_FULL [list \. "\uc77c\uc694\uc77c"\. "\uc6d4\uc694\uc77c"\. "\ud654\uc694\uc77c"\. "\uc218\uc694\uc77c"\. "\ubaa9\uc694\uc77c"\. "\uae08\uc694\uc77c"\. "\ud1a0\uc694\uc77c"]. ::msgcat::mcset ko MONTHS_ABBREV [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\. "9\uc6d4"\. "10\uc6d4"\. "11\uc6d4"\. "12\uc6d4"\. ""]. ::msgcat::mcset ko MONTHS_FULL [list \. "1\uc6d4"\. "2\uc6d4"\. "3\uc6d4"\. "4\uc6d4"\. "5\uc6d4"\. "6\uc6d4"\. "7\uc6d4"\. "8\uc6d4"\.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ko_kr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):346
                            Entropy (8bit):5.015790750376121
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo56SFZhjNo56m5Ybo56TGMZo56a/W3v6mfvLo56TT+3vOAEP:4EnLzu8r62vjs6m5YS6TGN6a+3v6o66J
                            MD5:9C7E97A55A957AB1D1B5E988AA514724
                            SHA1:592F8FF9FABBC7BF48539AF748DCFC9241AED82D
                            SHA-256:31A4B74F51C584354907251C55FE5CE894D2C9618156A1DC6F5A979BC350DB17
                            SHA-512:9D04DF2A87AFE24C339E1A0F6358FE995CBCAF8C7B08A1A7953675E2C2C1EDBCAF297B23C2B9BEC398DFEE6D1D75CE32E31389A7199466A38BC83C8DBBA67C77
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ko_KR BCE "\uae30\uc6d0\uc804". ::msgcat::mcset ko_KR CE "\uc11c\uae30". ::msgcat::mcset ko_KR DATE_FORMAT "%Y.%m.%d". ::msgcat::mcset ko_KR TIME_FORMAT_12 "%P %l:%M:%S". ::msgcat::mcset ko_KR DATE_TIME_FORMAT "%Y.%m.%d %P %l:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\kok.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1958
                            Entropy (8bit):4.1451019501109965
                            Encrypted:false
                            SSDEEP:24:4azu8Z448VcOVczWdSVcqVcR0q4vTqBBiXCVcqVcR0q4vTqBBiaMv:46u48h0qpBBaR0qpBBVu
                            MD5:E7938CB3AF53D42B4142CB104AB04B3B
                            SHA1:6205BD2336857F368CABF89647F54D94E093A77B
                            SHA-256:D236D5B27184B1E813E686D901418117F22D67024E6944018FC4B633DF9FF744
                            SHA-512:CE77CE2EC773F3A1A3CD68589C26F7089E8133ADE601CE899EEB0B13648051344A94E69AEC2C8C58349456E52B11EB7545C8926E3F08DB643EE551C641FF38DB
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok DAYS_OF_WEEK_FULL [list \. "\u0906\u0926\u093f\u0924\u094d\u092f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u093e\u0930"\. "\u092c\u0941\u0927\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset kok MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\kok_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):254
                            Entropy (8bit):4.8580653411441155
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo5VsNv+9/Lo5VsU3v6rZo5VsNo+3v+6f6HK:4EnLzu8rVsNvWiVsU3v6rAVsNF3vmq
                            MD5:A3B27D44ED430AEC7DF2A47C19659CC4
                            SHA1:700E4B9C395B540BFCE9ABDC81E6B9B758893DC9
                            SHA-256:BEE07F14C7F4FC93B62AC318F89D2ED0DD6FF30D2BF21C2874654FF0292A6C4B
                            SHA-512:79E9D8B817BDB6594A7C95991B2F6D7571D1C2976E74520D28223CF9F05EAA2128A44BC83A94089F09011FFCA9DB5E2D4DD74B59DE2BADC022E1571C595FE36C
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kok_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset kok_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset kok_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\kw.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):966
                            Entropy (8bit):3.9734955453120504
                            Encrypted:false
                            SSDEEP:12:4EnLzu8z4md0eKwCW44mtls79cp32AqghoPx9ab43gWgw3SeWOdSyECYf5AQZ0eD:4azu806vCmgs7aB2seFkhq+9
                            MD5:413A264B40EEBEB28605481A3405D27D
                            SHA1:9C2EFA6326C62962DCD83BA8D16D89616D2C5B77
                            SHA-256:F49F4E1C7142BF7A82FC2B9FC075171AE45903FE69131478C15219D72BBAAD33
                            SHA-512:CF0559DB130B8070FEC93A64F5317A2C9CDE7D5EAFD1E92E76EAAE0740C6429B7AB7A60BD833CCA4ABCC0AADEBC6A68F854FF654E0707091023D275404172427
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw DAYS_OF_WEEK_ABBREV [list \. "Sul"\. "Lun"\. "Mth"\. "Mhr"\. "Yow"\. "Gwe"\. "Sad"]. ::msgcat::mcset kw DAYS_OF_WEEK_FULL [list \. "De Sul"\. "De Lun"\. "De Merth"\. "De Merher"\. "De Yow"\. "De Gwener"\. "De Sadorn"]. ::msgcat::mcset kw MONTHS_ABBREV [list \. "Gen"\. "Whe"\. "Mer"\. "Ebr"\. "Me"\. "Evn"\. "Gor"\. "Est"\. "Gwn"\. "Hed"\. "Du"\. "Kev"\. ""]. ::msgcat::mcset kw MONTHS_FULL [list \. "Mys Genver"\. "Mys Whevrel"\. "Mys Merth"\. "Mys Ebrel"\. "Mys Me"\. "Mys Evan"\. "Mys Gortheren"\. "Mye Est"\. "Mys Gwyngala"\. "Mys Hedra"\. "Mys Du"\. "Mys Kevardhu"\. ""].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\kw_gb.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.914818138642697
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoh6AvvNLoh633v6aZoh6Ao+3vR6HK:4EnLzu8z6AvvN6633v6aY6AF3voq
                            MD5:D325ADCF1F81F40D7B5D9754AE0542F3
                            SHA1:7A6BCD6BE5F41F84B600DF355CB00ECB9B4AE8C0
                            SHA-256:7A8A539C8B990AEFFEA06188B98DC437FD2A6E89FF66483EF334994E73FD0EC9
                            SHA-512:A05BBB3F80784B9C8BBA3FE618FEE154EE40D240ED4CFF7CD6EEE3D97BC4F065EFF585583123F1FFD8ABA1A194EB353229E15ED5CD43759D4D356EC5BE8DCD73
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset kw_GB DATE_FORMAT "%d %B %Y". ::msgcat::mcset kw_GB TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset kw_GB DATE_TIME_FORMAT "%d %B %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\lt.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1255
                            Entropy (8bit):4.4416408590245
                            Encrypted:false
                            SSDEEP:24:4azu8FHYI4/+HYZoNPW43VvJZb3lSuRnixx/x5JfbiMQeTVYkG2CvRksvQ:46hHNHhu43VxZb3lSuRwxZ5VbiMQeTVL
                            MD5:73F0A9C360A90CB75C6DA7EF87EF512F
                            SHA1:582EB224C9715C8336B4D1FCE7DDEC0D89F5AD71
                            SHA-256:510D8EED3040B50AFAF6A3C85BC98847F1B4D5D8A685C5EC06ACC2491B890101
                            SHA-512:B5482C7448BFC44B05FCF7EB0642B0C7393F4438082A507A94C13F56F12A115A5CE7F0744518BB0B2FAF759D1AD7744B0BEDB98F563C2A4AB11BC4619D7CEA22
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lt DAYS_OF_WEEK_ABBREV [list \. "Sk"\. "Pr"\. "An"\. "Tr"\. "Kt"\. "Pn"\. "\u0160t"]. ::msgcat::mcset lt DAYS_OF_WEEK_FULL [list \. "Sekmadienis"\. "Pirmadienis"\. "Antradienis"\. "Tre\u010diadienis"\. "Ketvirtadienis"\. "Penktadienis"\. "\u0160e\u0161tadienis"]. ::msgcat::mcset lt MONTHS_ABBREV [list \. "Sau"\. "Vas"\. "Kov"\. "Bal"\. "Geg"\. "Bir"\. "Lie"\. "Rgp"\. "Rgs"\. "Spa"\. "Lap"\. "Grd"\. ""]. ::msgcat::mcset lt MONTHS_FULL [list \. "Sausio"\. "Vasario"\. "Kovo"\. "Baland\u017eio"\. "Gegu\u017e\u0117s"\. "Bir\u017eelio"\. "Liepos"\. "Rugpj\u016b\u010dio"\. "Rugs\u0117jo"\. "Spalio"\. "Lapkri\u010dio"\. "G

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\lv.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1219
                            Entropy (8bit):4.39393801727056
                            Encrypted:false
                            SSDEEP:24:4azu8lmZG0me3AEcGo49bJcpF9gT9PCbF5uld0vVcASAr8svJ5vk3:46TGAE8Q/PG5dv//Lk3
                            MD5:D5DEB8EFFE6298858F9D1B9FAD0EA525
                            SHA1:973DF40D0464BCE10EB5991806D9990B65AB0F82
                            SHA-256:FD95B38A3BEBD59468BDC2890BAC59DF31C352E17F2E77C82471E1CA89469802
                            SHA-512:F024E3D6D30E8E5C3316364A905C8CCAC87427BFC2EC10E72065F1DD114A112A61FDECDF1C4EC9C3D8BB9A54D18ED4AE9D57B07DA4AFFE480DE12F3D54BED928
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset lv DAYS_OF_WEEK_ABBREV [list \. "Sv"\. "P"\. "O"\. "T"\. "C"\. "Pk"\. "S"]. ::msgcat::mcset lv DAYS_OF_WEEK_FULL [list \. "sv\u0113tdiena"\. "pirmdiena"\. "otrdiena"\. "tre\u0161diena"\. "ceturdien"\. "piektdiena"\. "sestdiena"]. ::msgcat::mcset lv MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maijs"\. "J\u016bn"\. "J\u016bl"\. "Aug"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset lv MONTHS_FULL [list \. "janv\u0101ris"\. "febru\u0101ris"\. "marts"\. "apr\u012blis"\. "maijs"\. "j\u016bnijs"\. "j\u016blijs"\. "augusts"\. "septembris"\. "oktobris"\. "novembris"\. "decembris"\. ""]. ::msgcat

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\mk.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2105
                            Entropy (8bit):4.237536682442766
                            Encrypted:false
                            SSDEEP:48:46UcQdZnlcQfAQPWQEHKr9nGUeDjDpxpWQ1Q3QuQoQLX9TSQ2QIQPQHp7+8i:hNdR7cr9nMvXI0i7F89TSn1KX
                            MD5:CD589758D4F4B522781A10003D3E1791
                            SHA1:D953DD123D54B02BAF4B1AE0D36081CDFCA38444
                            SHA-256:F384DD88523147CEF42AA871D323FC4CBEE338FF67CC5C95AEC7940C0E531AE3
                            SHA-512:2EA1E71CD1E958F83277006343E85513D112CBB3C22CBFF29910CB1FC37F2389B3F1DCB2533EC59F9E642624869E5C61F289FDC010B55C6EECEF378F2D92DB0B
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0435\u0434."\. "\u043f\u043e\u043d."\. "\u0432\u0442."\. "\u0441\u0440\u0435."\. "\u0447\u0435\u0442."\. "\u043f\u0435\u0442."\. "\u0441\u0430\u0431."]. ::msgcat::mcset mk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0435\u043b\u0430"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0440\u0442\u043e\u043a"\. "\u043f\u0435\u0442\u043e\u043a"\. "\u0441\u0430\u0431\u043e\u0442\u0430"]. ::msgcat::mcset mk MONTHS_ABBREV [list \. "\u0458\u0430\u043d."\. "\u0444\u0435\u0432."\. "\u043c\u0430\u0440."\. "\u0430\u043f\u0440."\. "\u043c\u0430\u0458."\. "\u0458\u0443\u043d."\. "\u0458\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\mr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1807
                            Entropy (8bit):4.160320823510059
                            Encrypted:false
                            SSDEEP:24:4azu8ocYe48VcOVczyVczoRSVcqVcR0q4vTqBBiPNVcqVcR0q4vTqBBil:46R48h0qpBBkI0qpBBe
                            MD5:791408BAE710B77A27AD664EC3325E1C
                            SHA1:E760B143A854838E18FFB66500F4D312DD80634E
                            SHA-256:EB2E2B7A41854AF68CEF5881CF1FBF4D38E70D2FAB2C3F3CE5901AA5CC56FC15
                            SHA-512:FE91EF67AB9313909FE0C29D5FBE2298EE35969A26A63D94A406BFDA7BCF932F2211F94C0E3C1D718DBC2D1145283C768C23487EEB253249ACFE76E8D1F1D1E5
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr DAYS_OF_WEEK_FULL [list \. "\u0930\u0935\u093f\u0935\u093e\u0930"\. "\u0938\u094b\u092e\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u092e\u0902\u0917\u0933\u0935\u093e\u0930"\. "\u0917\u0941\u0930\u0941\u0935\u093e\u0930"\. "\u0936\u0941\u0915\u094d\u0930\u0935\u093e\u0930"\. "\u0936\u0928\u093f\u0935\u093e\u0930"]. ::msgcat::mcset mr MONTHS_ABBREV [list \. "\u091c\u093e\u0928\u0947\u0935\u093e\u0930\u0940"\. "\u092b\u0947\u092c\u0943\u0935\u093e\u0930\u0940"\. "\u092e\u093e\u0930\u094d\u091a"\. "\u090f\u092a\u094d\u0930\u093f\u0932"\. "\u092e\u0947"\. "\u091c\u0942\u0928"\. "\u091c\u0941\u0932\u0948"\. "\u0913\u0917\u0938\u094d\u091f"\. "\u0938\u0947\u092a\u094d\u091f\u0947\u0902\u092c\u0930"\. "\u0913\u0915\u094d\u091f\u094b\u092c\u0930"\.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\mr_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.847742455062573
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoGNv+9/LoGU3v6rZoGNo+3v+6f6HK:4EnLzu8GvWe3v6r5F3vmq
                            MD5:899E845D33CAAFB6AD3B1F24B3F92843
                            SHA1:FC17A6742BF87E81BBD4D5CB7B4DCED0D4DD657B
                            SHA-256:F75A29BB323DB4354B0C759CB1C8C5A4FFC376DFFD74274CA60A36994816A75C
                            SHA-512:99D05FCE8A9C9BE06FDA8B54D4DE5497141F6373F470B2AB24C2D00B9C56031350F5DCDA2283A0E6F5B09FF21218FC3C7E2A6AB8ECC5BB020546FD62BDC8FF99
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mr_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset mr_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset mr_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ms.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):910
                            Entropy (8bit):3.9292866027924838
                            Encrypted:false
                            SSDEEP:12:4EnLzu82mCBuvFYcEfmt1qWjefjESRsToOqrlHvFguSixTRs1OAfC67:4azu82nBuHEfKxjeby7cl9gbZUAfCc
                            MD5:441CC737D383D8213F64B62A5DBEEC3E
                            SHA1:34FBE99FB25A0DCA2FDA2C008AC8127BA2BC273B
                            SHA-256:831F611EE851A64BF1BA5F9A5441EC1D50722FA9F15B4227707FE1927F754DE4
                            SHA-512:0474B2127890F63814CD9E77D156B5E4FC45EB3C17A57719B672AC9E3A6EEA9934F0BE158F76808B34A11DA844AB900652C18E512830278DFED2666CD005FBE5
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms DAYS_OF_WEEK_ABBREV [list \. "Aha"\. "Isn"\. "Sei"\. "Rab"\. "Kha"\. "Jum"\. "Sab"]. ::msgcat::mcset ms DAYS_OF_WEEK_FULL [list \. "Ahad"\. "Isnin"\. "Selasa"\. "Rahu"\. "Khamis"\. "Jumaat"\. "Sabtu"]. ::msgcat::mcset ms MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mac"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ogos"\. "Sep"\. "Okt"\. "Nov"\. "Dis"\. ""]. ::msgcat::mcset ms MONTHS_FULL [list \. "Januari"\. "Februari"\. "Mac"\. "April"\. "Mei"\. "Jun"\. "Julai"\. "Ogos"\. "September"\. "Oktober"\. "November"\. "Disember"\. ""].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ms_my.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):259
                            Entropy (8bit):4.770028367699931
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoChFflD/LoChF+3v6xH5oCh++3vflm6PYv:4EnLzu8IPflD/ne3v6Tl3vflm6q
                            MD5:8261689A45FB754158B10B044BDC4965
                            SHA1:6FFC9B16A0600D9BC457322F1316BC175309C6CA
                            SHA-256:D05948D75C06669ADDB9708BC5FB48E6B651D4E62EF1B327EF8A3F605FD5271C
                            SHA-512:0321A5C17B3E33FDE9480AC6014B373D1663219D0069388920D277AA61341B8293883517C900030177FF82D65340E6C9E3ED051B27708DD093055E3BE64B2AF3
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ms_MY DATE_FORMAT "%A %d %b %Y". ::msgcat::mcset ms_MY TIME_FORMAT_12 "%I:%M:%S %z". ::msgcat::mcset ms_MY DATE_TIME_FORMAT "%A %d %b %Y %I:%M:%S %z %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\mt.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):690
                            Entropy (8bit):4.48913642143724
                            Encrypted:false
                            SSDEEP:12:4EnLzu8+YmWjjRgWfjxBTo4erxy1IGZzNN+3v6amK3vZsq:4azu8+YZjjRXbfNedy1IG5N6vjmsvGq
                            MD5:CE7E67A03ED8C3297C6A5B634B55D144
                            SHA1:3DA5ACC0F52518541810E7F2FE57751955E12BDA
                            SHA-256:D115718818E3E3367847CE35BB5FF0361D08993D9749D438C918F8EB87AD8814
                            SHA-512:3754AA7B7D27A813C6113D2AA834A951FED1B81E4DACE22C81E0583F29BBC73C014697F39A2067DEC622D98EACD70D26FD40F80CF6D09E1C949F01FADED52C74
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset mt DAYS_OF_WEEK_ABBREV [list \. "\u0126ad"\. "Tne"\. "Tli"\. "Erb"\. "\u0126am"\. "\u0120im"]. ::msgcat::mcset mt MONTHS_ABBREV [list \. "Jan"\. "Fra"\. "Mar"\. "Apr"\. "Mej"\. "\u0120un"\. "Lul"\. "Awi"\. "Set"\. "Ott"\. "Nov"]. ::msgcat::mcset mt BCE "QK". ::msgcat::mcset mt CE "". ::msgcat::mcset mt DATE_FORMAT "%A, %e ta %B, %Y". ::msgcat::mcset mt TIME_FORMAT_12 "%l:%M:%S %P". ::msgcat::mcset mt DATE_TIME_FORMAT "%A, %e ta %B, %Y %l:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\nb.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1157
                            Entropy (8bit):4.24006506188001
                            Encrypted:false
                            SSDEEP:24:4azu8CKEj4/xasSpfiTBtHQT1V/W3WNfvZv3l:46KU/0s2iTeVOiHN1
                            MD5:D5509ABF5CBFB485C20A26FCC6B1783E
                            SHA1:53A298FBBF09AE2E223B041786443A3D8688C9EB
                            SHA-256:BC401889DD934C49D10D99B471441BE2B536B1722739C7B0AB7DE7629680F602
                            SHA-512:BDAFBA46EF44151CFD9EF7BC1909210F6DB2BAC20C31ED21AE3BE7EAC785CD4F545C4590CF551C0D066F982E2050F5844BDDC569F32C5804DBDE657F4511A6FE
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nb DAYS_OF_WEEK_ABBREV [list \. "s\u00f8"\. "ma"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f8"]. ::msgcat::mcset nb DAYS_OF_WEEK_FULL [list \. "s\u00f8ndag"\. "mandag"\. "tirsdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f8rdag"]. ::msgcat::mcset nb MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nb MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nb BCE "f.Kr.". ::msgcat::mcset nb CE "e.Kr.".

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\nl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1079
                            Entropy (8bit):4.158523842311663
                            Encrypted:false
                            SSDEEP:24:4azu84LFiS8LMKZoNfSZTNTQhFCNZvtWvg:46Oi5LMKZASZTEF2Ntgg
                            MD5:98820DFF7E1C8A9EAB8C74B0B25DEB5D
                            SHA1:5357063D5699188E544D244EC4AEFDDF7606B922
                            SHA-256:49128B36B88E380188059C4B593C317382F32E29D1ADC18D58D14D142459A2BB
                            SHA-512:26AB945B7BA00433BEC85ACC1D90D1D3B70CE505976CABE1D75A7134E00CD591AC27463987C515EEA079969DBCF200DA9C8538CAAF178A1EE17C9B0284260C45
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl DAYS_OF_WEEK_ABBREV [list \. "zo"\. "ma"\. "di"\. "wo"\. "do"\. "vr"\. "za"]. ::msgcat::mcset nl DAYS_OF_WEEK_FULL [list \. "zondag"\. "maandag"\. "dinsdag"\. "woensdag"\. "donderdag"\. "vrijdag"\. "zaterdag"]. ::msgcat::mcset nl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mrt"\. "apr"\. "mei"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset nl MONTHS_FULL [list \. "januari"\. "februari"\. "maart"\. "april"\. "mei"\. "juni"\. "juli"\. "augustus"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset nl DATE_FORMAT "%e %B %Y". ::msgcat::mcset nl TIME_FORM

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\nl_be.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.817188474504631
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmo4gPI5og9X3vG5og9X3v6X5o49+3vnFDoAov:4EnLzu8WgAhF3v8F3v6JI3v9dy
                            MD5:B08E30850CA849068D06A99B4E216892
                            SHA1:11B5E95FF4D822E76A1B9C28EEC2BC5E95E5E362
                            SHA-256:9CD54EC24CBDBEC5E4FE543DDA8CA95390678D432D33201FA1C32B61F8FE225A
                            SHA-512:9AF147C2F22B11115E32E0BFD0126FE7668328E7C67B349A781F42B0022A334E53DDF3FCCC2C34C91BFBB45602A002D0D7B569B5E1FE9F0EE6C4570400CB0B0C
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nl_BE DATE_FORMAT "%d-%m-%y". ::msgcat::mcset nl_BE TIME_FORMAT "%T". ::msgcat::mcset nl_BE TIME_FORMAT_12 "%T". ::msgcat::mcset nl_BE DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\nn.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1148
                            Entropy (8bit):4.207752506572597
                            Encrypted:false
                            SSDEEP:24:4azu8eNsP2/xhsSpf2TBtHQT15j63WN7v9v3l:46it/vs22Te5OiL51
                            MD5:2266607EF358B632696C7164E61358B5
                            SHA1:A380863A8320DAB1D5A2D60C22ED5F7DB5C7BAF7
                            SHA-256:5EE93A8C245722DEB64B68EFF50C081F24DA5DE43D999C006A10C484E1D3B4ED
                            SHA-512:2A8DEF754A25736D14B958D8B0CEA0DC41C402A9EFA25C9500BA861A7E8D74C79939C1969AC694245605C17D33AD3984F6B9ACCA4BE03EFC41A878772BB5FD86
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset nn DAYS_OF_WEEK_ABBREV [list \. "su"\. "m\u00e5"\. "ty"\. "on"\. "to"\. "fr"\. "lau"]. ::msgcat::mcset nn DAYS_OF_WEEK_FULL [list \. "sundag"\. "m\u00e5ndag"\. "tysdag"\. "onsdag"\. "torsdag"\. "fredag"\. "laurdag"]. ::msgcat::mcset nn MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "mai"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "des"\. ""]. ::msgcat::mcset nn MONTHS_FULL [list \. "januar"\. "februar"\. "mars"\. "april"\. "mai"\. "juni"\. "juli"\. "august"\. "september"\. "oktober"\. "november"\. "desember"\. ""]. ::msgcat::mcset nn BCE "f.Kr.". ::msgcat::mcset nn CE "e.Kr.". ::msgca

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\pl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1211
                            Entropy (8bit):4.392723231340452
                            Encrypted:false
                            SSDEEP:12:4EnLzu854moKR4mtPoTckd8EnO6z3K4jwxI1LRhtm3ni8FwxIBgdE4RsMZmB0CLs:4azu8yNgyJxPEyRhonO+AjTg0Okvpvn
                            MD5:31A9133E9DCA7751B4C3451D60CCFFA0
                            SHA1:FB97A5830965716E77563BE6B7EB1C6A0EA6BF40
                            SHA-256:C39595DDC0095EB4AE9E66DB02EE175B31AC3DA1F649EB88FA61B911F838F753
                            SHA-512:329EE7FE79783C83361A0C5FFFD7766B64B8544D1AD63C57AEAA2CC6A526E01D9C4D7765C73E88F86DAE57477459EA330A0C42F39E441B50DE9B0F429D01EAE8
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pl DAYS_OF_WEEK_ABBREV [list \. "N"\. "Pn"\. "Wt"\. "\u015ar"\. "Cz"\. "Pt"\. "So"]. ::msgcat::mcset pl DAYS_OF_WEEK_FULL [list \. "niedziela"\. "poniedzia\u0142ek"\. "wtorek"\. "\u015broda"\. "czwartek"\. "pi\u0105tek"\. "sobota"]. ::msgcat::mcset pl MONTHS_ABBREV [list \. "sty"\. "lut"\. "mar"\. "kwi"\. "maj"\. "cze"\. "lip"\. "sie"\. "wrz"\. "pa\u017a"\. "lis"\. "gru"\. ""]. ::msgcat::mcset pl MONTHS_FULL [list \. "stycze\u0144"\. "luty"\. "marzec"\. "kwiecie\u0144"\. "maj"\. "czerwiec"\. "lipiec"\. "sierpie\u0144"\. "wrzesie\u0144"\. "pa\u017adziernik"\. "listopad"\. "grudzie\u0144"\. ""]. ::msgcat::m

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\pt.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1127
                            Entropy (8bit):4.325163993882846
                            Encrypted:false
                            SSDEEP:24:4azu8pYpzzktTYyUgC0CIKjblie5f9kwAAs+CFsFoD6GADvtU6svO:46dCzWTh2AA9/2F4oD6GAztU6KO
                            MD5:D827F76D1ED6CB89839CAC2B56FD7252
                            SHA1:140D6BC1F6CEF5FD0A390B3842053BF54B54B4E2
                            SHA-256:9F2BFFA3B4D8783B2CFB2CED9CC4319ACF06988F61829A1E5291D55B19854E88
                            SHA-512:B662336699E23E371F0148EDD742F71874A7A28DFA81F0AFAE91C8C9494CEA1904FEA0C21264CF2A253E0FB1360AD35B28CFC4B74E4D7B2DBB0E453E96F7EB93
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt DAYS_OF_WEEK_ABBREV [list \. "Dom"\. "Seg"\. "Ter"\. "Qua"\. "Qui"\. "Sex"\. "S\u00e1b"]. ::msgcat::mcset pt DAYS_OF_WEEK_FULL [list \. "Domingo"\. "Segunda-feira"\. "Ter\u00e7a-feira"\. "Quarta-feira"\. "Quinta-feira"\. "Sexta-feira"\. "S\u00e1bado"]. ::msgcat::mcset pt MONTHS_ABBREV [list \. "Jan"\. "Fev"\. "Mar"\. "Abr"\. "Mai"\. "Jun"\. "Jul"\. "Ago"\. "Set"\. "Out"\. "Nov"\. "Dez"\. ""]. ::msgcat::mcset pt MONTHS_FULL [list \. "Janeiro"\. "Fevereiro"\. "Mar\u00e7o"\. "Abril"\. "Maio"\. "Junho"\. "Julho"\. "Agosto"\. "Setembro"\. "Outubro"\. "Novembro"\. "Dezembro"\. ""]. ::msgcat::mcset pt DATE_FO

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\pt_br.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):279
                            Entropy (8bit):4.8127929329126085
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmofm6GPWHFLofAW3vG5ofAW3v6X5ofm6T+3vnFDoAov:4EnLzu8hNGgF493vr93v6uNK3v9dy
                            MD5:4EE34960147173A12020A583340E92F8
                            SHA1:78D91A80E2426A84BC88EE97DA28EC0E4BE8DE45
                            SHA-256:E383B20484EE90C00054D52DD5AF473B2AC9DC50C14D459A579EF5F44271D256
                            SHA-512:EDFF8FB9A86731FFF005AFBBBB522F69B2C6033F59ECCD5E35A8B6A9E0F9AF23C52FFDCC22D893915AD1854E8104C81DA8C5BD8C794C7E645AFB82001B4BFC24
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset pt_BR DATE_FORMAT "%d-%m-%Y". ::msgcat::mcset pt_BR TIME_FORMAT "%T". ::msgcat::mcset pt_BR TIME_FORMAT_12 "%T". ::msgcat::mcset pt_BR DATE_TIME_FORMAT "%a %d %b %Y %T %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ro.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1172
                            Entropy (8bit):4.279005910896047
                            Encrypted:false
                            SSDEEP:24:4azu8/0oFUBZNk1Mkp3pFukZEoVYfPcF+T1vWFMvUvWI3:46kNkKkpLEoSfPcFgvWFqSWI3
                            MD5:0F5C8A7022DB1203442241ABEB5901FF
                            SHA1:C54C8BF05E8E6C2C0901D3C88C89DDCF35A26924
                            SHA-256:D2E14BE188350D343927D5380EB5672039FE9A37E9A9957921B40E4619B36027
                            SHA-512:13ACF499FA803D4446D8EC67119BC8257B1F093084B83D854643CEA918049F96C8FA08DC5F896EECA80A5FD552D90E5079937B1A3894D89A589E468172856163
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ro DAYS_OF_WEEK_ABBREV [list \. "D"\. "L"\. "Ma"\. "Mi"\. "J"\. "V"\. "S"]. ::msgcat::mcset ro DAYS_OF_WEEK_FULL [list \. "duminic\u0103"\. "luni"\. "mar\u0163i"\. "miercuri"\. "joi"\. "vineri"\. "s\u00eemb\u0103t\u0103"]. ::msgcat::mcset ro MONTHS_ABBREV [list \. "Ian"\. "Feb"\. "Mar"\. "Apr"\. "Mai"\. "Iun"\. "Iul"\. "Aug"\. "Sep"\. "Oct"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset ro MONTHS_FULL [list \. "ianuarie"\. "februarie"\. "martie"\. "aprilie"\. "mai"\. "iunie"\. "iulie"\. "august"\. "septembrie"\. "octombrie"\. "noiembrie"\. "decembrie"\. ""]. ::msgcat::mcset ro BCE "d.C.". ::msgcat::mcset ro CE

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ru.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2039
                            Entropy (8bit):4.225775794669275
                            Encrypted:false
                            SSDEEP:48:46CpQ7kvicQfAQPlQoBBCZAitBmZ/QhQoQaQPTeQgQonQ4FQEWFkt3Wd:hCpgkvzRo6QBw53weFHXFgIGd
                            MD5:3A7181CE08259FF19D2C27CF8C6752B3
                            SHA1:97DFFB1E224CEDB5427841C3B59F85376CD4423B
                            SHA-256:C2A3A0BE5BC5A46A6A63C4DE34E317B402BAD40C22FB2936E1A4F53C1E2F625F
                            SHA-512:CC9620BA4601E53B22CCFC66A0B53C26224158379DF6BA2D4704A2FE11222DFBDAE3CA9CF51576B4084B8CCA8DB13FDE81396E38F94BCD0C8EA21C5D77680394
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru DAYS_OF_WEEK_ABBREV [list \. "\u0412\u0441"\. "\u041f\u043d"\. "\u0412\u0442"\. "\u0421\u0440"\. "\u0427\u0442"\. "\u041f\u0442"\. "\u0421\u0431"]. ::msgcat::mcset ru DAYS_OF_WEEK_FULL [list \. "\u0432\u043e\u0441\u043a\u0440\u0435\u0441\u0435\u043d\u044c\u0435"\. "\u043f\u043e\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u0438\u043a"\. "\u0432\u0442\u043e\u0440\u043d\u0438\u043a"\. "\u0441\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440\u0433"\. "\u043f\u044f\u0442\u043d\u0438\u0446\u0430"\. "\u0441\u0443\u0431\u0431\u043e\u0442\u0430"]. ::msgcat::mcset ru MONTHS_ABBREV [list \. "\u044f\u043d\u0432"\. "\u0444\u0435\u0432"\. "\u043c\u0430\u0440"\. "\u0430\u043f\u0440"\. "\u043c\u0430\u0439"\. "\u0438\u044e\u043d"\. "\u0438\u

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ru_ua.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):242
                            Entropy (8bit):4.8961185447535
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoVAgWFLoVY9X3vtfNrFLoVA9+3vW6Q9:4EnLzu8DFWFgaX3vtNS/3vWH9
                            MD5:E719F47462123A8E7DABADD2D362B4D8
                            SHA1:332E4CC96E7A01DA7FB399EA14770A5C5185B9F2
                            SHA-256:AE5D3DF23F019455F3EDFC3262AAC2B00098881F09B9A934C0D26C0AB896700C
                            SHA-512:93C19D51B633A118AB0D172C5A0991E5084BD54B2E61469D800F80B251A57BD1392BA66FD627586E75B1B075A7C9C2C667654F5783C423819FBDEA640A210BFA
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ru_UA DATE_FORMAT "%d.%m.%Y". ::msgcat::mcset ru_UA TIME_FORMAT "%k:%M:%S". ::msgcat::mcset ru_UA DATE_TIME_FORMAT "%d.%m.%Y %k:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\sh.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1160
                            Entropy (8bit):4.287536872407747
                            Encrypted:false
                            SSDEEP:24:4azu8YYy/FY+Cnwj4EbJK5O9g+tQhgQmy/L6GWGvtlMsvWT9:46al4ETw/rWQtVWh
                            MD5:C7BBD44BD3C30C6116A15C77B15F8E79
                            SHA1:37CD1477A3318838E8D5C93D596A23F99C8409F2
                            SHA-256:00F119701C9F3EBA273701A6A731ADAFD7B8902F6BCCF34E61308984456E193A
                            SHA-512:DAFBDA53CF6AD57A4F6A078E9EF8ED3CACF2F8809DC2AEFB812A4C3ACCD51D954C52079FA26828D670BF696E14989D3FE3C249F1E612B7C759770378919D8BBC
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sh DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Uto"\. "Sre"\. "\u010cet"\. "Pet"\. "Sub"]. ::msgcat::mcset sh DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljak"\. "Utorak"\. "Sreda"\. "\u010cetvrtak"\. "Petak"\. "Subota"]. ::msgcat::mcset sh MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Maj"\. "Jun"\. "Jul"\. "Avg"\. "Sep"\. "Okt"\. "Nov"\. "Dec"\. ""]. ::msgcat::mcset sh MONTHS_FULL [list \. "Januar"\. "Februar"\. "Mart"\. "April"\. "Maj"\. "Juni"\. "Juli"\. "Avgust"\. "Septembar"\. "Oktobar"\. "Novembar"\. "Decembar"\. ""]. ::msgcat::mcset sh BCE "p. n. e.". ::msgcat::mcset sh CE "n. e."

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\sk.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1203
                            Entropy (8bit):4.335103779497533
                            Encrypted:false
                            SSDEEP:24:4azu834j4PV3sSAT3fk3TEJbAT3T1cPyF3eYuCvte/v3eG:46TUG3sPk3TEkcPyFpuEtenJ
                            MD5:B2EF88014D274C8001B36739F5F566CE
                            SHA1:1044145C1714FD44D008B13A31BC778DFBE47950
                            SHA-256:043DECE6EA7C83956B3300B95F8A0E92BADAA8FC29D6C510706649D1D810679A
                            SHA-512:820EB42D94BEE21FDB990FC27F7900CF676AFC59520F3EE78FB72D6D7243A17A234D4AE964E5D52AD7CBC7DD9A593F672BAD8A80EC48B25B344AA6950EF52ECF
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sk DAYS_OF_WEEK_ABBREV [list \. "Ne"\. "Po"\. "Ut"\. "St"\. "\u0160t"\. "Pa"\. "So"]. ::msgcat::mcset sk DAYS_OF_WEEK_FULL [list \. "Nede\u013ee"\. "Pondelok"\. "Utorok"\. "Streda"\. "\u0160tvrtok"\. "Piatok"\. "Sobota"]. ::msgcat::mcset sk MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sk MONTHS_FULL [list \. "janu\u00e1r"\. "febru\u00e1r"\. "marec"\. "apr\u00edl"\. "m\u00e1j"\. "j\u00fan"\. "j\u00fal"\. "august"\. "september"\. "okt\u00f3ber"\. "november"\. "december"\. ""]. ::msgcat::mcset sk BCE

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\sl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1164
                            Entropy (8bit):4.26110325084843
                            Encrypted:false
                            SSDEEP:24:4azu8PyUpd4+RfscasS9CErTByism1KSCvt1vJo6:462U/ENsqrTtVEtRx
                            MD5:2566BDE28B17C526227634F1B4FC7047
                            SHA1:BE6940EC9F4C5E228F043F9D46A42234A02F4A03
                            SHA-256:BD488C9D791ABEDF698B66B768E2BF24251FFEAF06F53FB3746CAB457710FF77
                            SHA-512:CC684BFC82CA55240C5B542F3F63E0FF43AEF958469B3978E414261BC4FADB50A0AE3554CF2468AC88E4DDB70D2258296C0A2FBB69312223EED56C7C03FEC17C
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sl DAYS_OF_WEEK_ABBREV [list \. "Ned"\. "Pon"\. "Tor"\. "Sre"\. "\u010cet"\. "Pet"\. "Sob"]. ::msgcat::mcset sl DAYS_OF_WEEK_FULL [list \. "Nedelja"\. "Ponedeljek"\. "Torek"\. "Sreda"\. "\u010cetrtek"\. "Petek"\. "Sobota"]. ::msgcat::mcset sl MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "avg"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sl MONTHS_FULL [list \. "januar"\. "februar"\. "marec"\. "april"\. "maj"\. "junij"\. "julij"\. "avgust"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sl BCE "pr.n.\u0161.". ::msgcat::mcset sl CE "p

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\sq.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1267
                            Entropy (8bit):4.339253133089184
                            Encrypted:false
                            SSDEEP:24:4azu82qJw7W5wO6jwbNU7FtHhoJCLov4v2:46iWrvGtBo6+O2
                            MD5:931A009F7E8A376972DE22AD5670EC88
                            SHA1:44AEF01F568250851099BAA8A536FBBACD3DEBBB
                            SHA-256:CB27007E138315B064576C17931280CFE6E6929EFC3DAFD7171713D204CFC3BF
                            SHA-512:47B230271CD362990C581CD6C06B0BCEA23E10E03D927C7C28415739DB3541D69D1B87DF554E9B4F00ECCAAB0F6AC0565F9EB0DEA8B75C54A90B2D53C928D379
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sq DAYS_OF_WEEK_ABBREV [list \. "Die"\. "H\u00ebn"\. "Mar"\. "M\u00ebr"\. "Enj"\. "Pre"\. "Sht"]. ::msgcat::mcset sq DAYS_OF_WEEK_FULL [list \. "e diel"\. "e h\u00ebn\u00eb"\. "e mart\u00eb"\. "e m\u00ebrkur\u00eb"\. "e enjte"\. "e premte"\. "e shtun\u00eb"]. ::msgcat::mcset sq MONTHS_ABBREV [list \. "Jan"\. "Shk"\. "Mar"\. "Pri"\. "Maj"\. "Qer"\. "Kor"\. "Gsh"\. "Sht"\. "Tet"\. "N\u00ebn"\. "Dhj"\. ""]. ::msgcat::mcset sq MONTHS_FULL [list \. "janar"\. "shkurt"\. "mars"\. "prill"\. "maj"\. "qershor"\. "korrik"\. "gusht"\. "shtator"\. "tetor"\. "n\u00ebntor"\. "dhjetor"\. ""]. ::msgcat::mcset sq BCE "p.e.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\sr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2035
                            Entropy (8bit):4.24530896413441
                            Encrypted:false
                            SSDEEP:48:46qoQCSdQqQP4QSsIVKP10NupiuQxQaQLlKnM28nGtfR:hjIX15VKP6NmBU3YKnFbp
                            MD5:5CA16D93718AAA813ADE746440CF5CE6
                            SHA1:A142733052B87CA510B8945256399CE9F873794C
                            SHA-256:313E8CDBBC0288AED922B9927A7331D0FAA2E451D4174B1F5B76C5C9FAEC8F9B
                            SHA-512:4D031F9BA75D45EC89B2C74A870CCDA41587650D7F9BC91395F68B70BA3CD7A7105E70C19D139D20096533E06F5787C00EA850E27C4ADCF5A28572480D39B639
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sr DAYS_OF_WEEK_ABBREV [list \. "\u041d\u0435\u0434"\. "\u041f\u043e\u043d"\. "\u0423\u0442\u043e"\. "\u0421\u0440\u0435"\. "\u0427\u0435\u0442"\. "\u041f\u0435\u0442"\. "\u0421\u0443\u0431"]. ::msgcat::mcset sr DAYS_OF_WEEK_FULL [list \. "\u041d\u0435\u0434\u0435\u0459\u0430"\. "\u041f\u043e\u043d\u0435\u0434\u0435\u0459\u0430\u043a"\. "\u0423\u0442\u043e\u0440\u0430\u043a"\. "\u0421\u0440\u0435\u0434\u0430"\. "\u0427\u0435\u0442\u0432\u0440\u0442\u0430\u043a"\. "\u041f\u0435\u0442\u0430\u043a"\. "\u0421\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset sr MONTHS_ABBREV [list \. "\u0408\u0430\u043d"\. "\u0424\u0435\u0431"\. "\u041c\u0430\u0440"\. "\u0410\u043f\u0440"\. "\u041c\u0430\u0458"\. "\u0408\u0443\u043d"\. "\u0408\u0443\u043b"\.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\sv.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1167
                            Entropy (8bit):4.2825791311526515
                            Encrypted:false
                            SSDEEP:24:4azu8JLmAQVm/xTsS9CfxTlijQkcjKxFvivn:46hVQc/psJxT8kyhkn
                            MD5:496D9183E2907199056CA236438498E1
                            SHA1:D9C3BB4AEBD9BFD942593694E796A8C2FB9217B8
                            SHA-256:4F32E1518BE3270F4DB80136FAC0031C385DD3CE133FAA534F141CF459C6113A
                            SHA-512:FA7FDEDDC42C36D0A60688CDBFE9A2060FE6B2644458D1EBFC817F1E5D5879EB3E3C78B5E53E9D3F42E2E4D84C93C4A7377170986A437EFF404F310D1D72F135
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sv DAYS_OF_WEEK_ABBREV [list \. "s\u00f6"\. "m\u00e5"\. "ti"\. "on"\. "to"\. "fr"\. "l\u00f6"]. ::msgcat::mcset sv DAYS_OF_WEEK_FULL [list \. "s\u00f6ndag"\. "m\u00e5ndag"\. "tisdag"\. "onsdag"\. "torsdag"\. "fredag"\. "l\u00f6rdag"]. ::msgcat::mcset sv MONTHS_ABBREV [list \. "jan"\. "feb"\. "mar"\. "apr"\. "maj"\. "jun"\. "jul"\. "aug"\. "sep"\. "okt"\. "nov"\. "dec"\. ""]. ::msgcat::mcset sv MONTHS_FULL [list \. "januari"\. "februari"\. "mars"\. "april"\. "maj"\. "juni"\. "juli"\. "augusti"\. "september"\. "oktober"\. "november"\. "december"\. ""]. ::msgcat::mcset sv BCE "f.Kr.". ::msgcat::mcset sv C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\sw.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):991
                            Entropy (8bit):4.024338627988864
                            Encrypted:false
                            SSDEEP:12:4EnLzu8r4mc4Go/4mtVfqRvodJ3fjESBToOqe3lHvFgdF6A3ixTZ6OM5mSYoC6Vy:4azu88kGDiq1qhbJ75V9gZSpgmSm9
                            MD5:4DB24BA796D86ADF0441D2E75DE0C07E
                            SHA1:9935B36FF2B1C6DFDE3EC375BC471A0E93D1F7E3
                            SHA-256:6B5AB8AE265DB436B15D32263A8870EC55C7C0C07415B3F9BAAC37F73BC704E5
                            SHA-512:BE7ED0559A73D01537A1E51941ED19F0FEC3F14F9527715CB119E89C97BD31CC6102934B0349D8D0554F5EDD9E3A02978F7DE4919C000A77BD353F7033A4A95B
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset sw DAYS_OF_WEEK_ABBREV [list \. "Jpi"\. "Jtt"\. "Jnn"\. "Jtn"\. "Alh"\. "Iju"\. "Jmo"]. ::msgcat::mcset sw DAYS_OF_WEEK_FULL [list \. "Jumapili"\. "Jumatatu"\. "Jumanne"\. "Jumatano"\. "Alhamisi"\. "Ijumaa"\. "Jumamosi"]. ::msgcat::mcset sw MONTHS_ABBREV [list \. "Jan"\. "Feb"\. "Mar"\. "Apr"\. "Mei"\. "Jun"\. "Jul"\. "Ago"\. "Sep"\. "Okt"\. "Nov"\. "Des"\. ""]. ::msgcat::mcset sw MONTHS_FULL [list \. "Januari"\. "Februari"\. "Machi"\. "Aprili"\. "Mei"\. "Juni"\. "Julai"\. "Agosti"\. "Septemba"\. "Oktoba"\. "Novemba"\. "Desemba"\. ""]. ::msgcat::mcset sw BCE "KK". ::msgcat::mcset sw CE "BK".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ta.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1835
                            Entropy (8bit):4.018233695396
                            Encrypted:false
                            SSDEEP:24:4azu83w0xn8dnzhmmlmYgtg+CKf6CO5ztFSLt8tCtGtv+CKf6CO5ztFSLt8tCtNu:46k0dgmmlmYgtE/t1H
                            MD5:2D9C969318D1740049D28EBBD4F62C1D
                            SHA1:121665081AFC33DDBCF679D7479BF0BC47FEF716
                            SHA-256:30A142A48E57F194ECC3AA9243930F3E6E1B4E8B331A8CDD2705EC9C280DCCBB
                            SHA-512:7C32907C39BFB89F558692535041B2A7FA18A64E072F5CF9AB95273F3AC5A7C480B4F953B13484A07AA4DA822613E27E78CC7B02ACE7A61E58FDB5507D7579C3
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta DAYS_OF_WEEK_FULL [list \. "\u0b9e\u0bbe\u0baf\u0bbf\u0bb1\u0bc1"\. "\u0ba4\u0bbf\u0b99\u0bcd\u0b95\u0bb3\u0bcd"\. "\u0b9a\u0bc6\u0bb5\u0bcd\u0bb5\u0bbe\u0baf\u0bcd"\. "\u0baa\u0bc1\u0ba4\u0ba9\u0bcd"\. "\u0bb5\u0bbf\u0baf\u0bbe\u0bb4\u0ba9\u0bcd"\. "\u0bb5\u0bc6\u0bb3\u0bcd\u0bb3\u0bbf"\. "\u0b9a\u0ba9\u0bbf"]. ::msgcat::mcset ta MONTHS_ABBREV [list \. "\u0b9c\u0ba9\u0bb5\u0bb0\u0bbf"\. "\u0baa\u0bc6\u0baa\u0bcd\u0bb0\u0bb5\u0bb0\u0bbf"\. "\u0bae\u0bbe\u0bb0\u0bcd\u0b9a\u0bcd"\. "\u0b8f\u0baa\u0bcd\u0bb0\u0bb2\u0bcd"\. "\u0bae\u0bc7"\. "\u0b9c\u0bc2\u0ba9\u0bcd"\. "\u0b9c\u0bc2\u0bb2\u0bc8"\. "\u0b86\u0b95\u0bb8\u0bcd\u0b9f\u0bcd"\. "\u0b9a\u0bc6\u0baa\u0bcd\u0b9f\u0bae\u0bcd\u0baa\u0bb0\u0bcd"\. "\u0b85\u0b95\u0bcd\u0b9f\u0bcb\u0baa\u0bb0\u0bcd"\. "\u0ba8\u0bb

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\ta_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):251
                            Entropy (8bit):4.815592015875268
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmosDv+9/LosK3v6rZosDo+3v+6f6HK:4EnLzu8eDvWbK3v6r5DF3vmq
                            MD5:293456B39BE945C55536A5DD894787F0
                            SHA1:94DEF0056C7E3082E58266BCE436A61C045EA394
                            SHA-256:AA57D5FB5CC3F59EC6A3F99D7A5184403809AA3A3BC02ED0842507D4218B683D
                            SHA-512:AB763F2932F2FF48AC18C8715F661F7405607E1818B53E0D0F32184ABE67714F03A39A9D0637D0D93CE43606C3E1D702D2A3F8660C288F61DFE852747B652B59
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset ta_IN DATE_FORMAT "%d %M %Y". ::msgcat::mcset ta_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset ta_IN DATE_TIME_FORMAT "%d %M %Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\te.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2102
                            Entropy (8bit):4.034298184367717
                            Encrypted:false
                            SSDEEP:48:46x9mcib30Rgu1je5YdnULEP8l1je5YdnULEPt:hnIb39ufbufV
                            MD5:0B9B124076C52A503A906059F7446077
                            SHA1:F43A0F6CCBDDBDD5EA140C7FA55E9A82AB910A03
                            SHA-256:42C34D02A6079C4D0D683750B3809F345637BC6D814652C3FB0B344B66B70C79
                            SHA-512:234B9ACA1823D1D6B82583727B4EA68C014D59916B410CB9B158FA1954B6FC3767A261BD0B9F592AF0663906ADF11C2C9A3CC0A325CB1FF58F42A884AF7CB015
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te DAYS_OF_WEEK_ABBREV [list \. "\u0c06\u0c26\u0c3f"\. "\u0c38\u0c4b\u0c2e"\. "\u0c2e\u0c02\u0c17\u0c33"\. "\u0c2c\u0c41\u0c27"\. "\u0c17\u0c41\u0c30\u0c41"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30"\. "\u0c36\u0c28\u0c3f"]. ::msgcat::mcset te DAYS_OF_WEEK_FULL [list \. "\u0c06\u0c26\u0c3f\u0c35\u0c3e\u0c30\u0c02"\. "\u0c38\u0c4b\u0c2e\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2e\u0c02\u0c17\u0c33\u0c35\u0c3e\u0c30\u0c02"\. "\u0c2c\u0c41\u0c27\u0c35\u0c3e\u0c30\u0c02"\. "\u0c17\u0c41\u0c30\u0c41\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c41\u0c15\u0c4d\u0c30\u0c35\u0c3e\u0c30\u0c02"\. "\u0c36\u0c28\u0c3f\u0c35\u0c3e\u0c30\u0c02"]. ::msgcat::mcset te MONTHS_ABBREV [list \. "\u0c1c\u0c28\u0c35\u0c30\u0c3f"\. "\u0c2b\u0c3f\u0c2c\u0c4d\u0c30\u0c35\u0c30\u0c3f"\. "\u0c2e\u0c3e\u0c30\u0c4d\u0c1a\u

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\te_in.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):411
                            Entropy (8bit):5.01781242466238
                            Encrypted:false
                            SSDEEP:12:4EnLzu8CjZWsn0sEjoD0sLvUFS3v6r5F3vMq:4azu84Z1nnEjoDnLvUFEvS5NvMq
                            MD5:443E34E2E2BC7CB64A8BA52D99D6B4B6
                            SHA1:D323C03747FE68E9B73F7E5C1E10B168A40F2A2F
                            SHA-256:88BDAF4B25B684B0320A2E11D3FE77DDDD25E3B17141BD7ED1D63698C480E4BA
                            SHA-512:5D8B267530EC1480BF3D571AABC2DA7B4101EACD7FB03B49049709E39D665DD7ACB66FD785BA2B5203DDC54C520434219D2D9974A1E9EE74C659FFAEA6B694E0
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset te_IN AM "\u0c2a\u0c42\u0c30\u0c4d\u0c35\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN PM "\u0c05\u0c2a\u0c30\u0c3e\u0c39\u0c4d\u0c28". ::msgcat::mcset te_IN DATE_FORMAT "%d/%m/%Y". ::msgcat::mcset te_IN TIME_FORMAT_12 "%I:%M:%S %P". ::msgcat::mcset te_IN DATE_TIME_FORMAT "%d/%m/%Y %I:%M:%S %P %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\th.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2305
                            Entropy (8bit):4.324407451316591
                            Encrypted:false
                            SSDEEP:48:46P4QX/wQT0H/u3rPc8JD57XWWND8QM70xJi53Ljtef:hQ556rVDWZcLOO
                            MD5:D145F9DF0E339A2538662BD752F02E16
                            SHA1:AFD97F8E8CC14D306DEDD78F8F395738E38A8569
                            SHA-256:F9641A6EBE3845CE5D36CED473749F5909C90C52E405F074A6DA817EF6F39867
                            SHA-512:E17925057560462F730CF8288856E46FA1F1D2A10B5D4D343257B7687A3855014D5C65B6C85AC55A7C77B8B355DB19F053C74B91DFA7BE7E9F933D9D4DA117F7
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset th DAYS_OF_WEEK_ABBREV [list \. "\u0e2d\u0e32."\. "\u0e08."\. "\u0e2d."\. "\u0e1e."\. "\u0e1e\u0e24."\. "\u0e28."\. "\u0e2a."]. ::msgcat::mcset th DAYS_OF_WEEK_FULL [list \. "\u0e27\u0e31\u0e19\u0e2d\u0e32\u0e17\u0e34\u0e15\u0e22\u0e4c"\. "\u0e27\u0e31\u0e19\u0e08\u0e31\u0e19\u0e17\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e2d\u0e31\u0e07\u0e04\u0e32\u0e23"\. "\u0e27\u0e31\u0e19\u0e1e\u0e38\u0e18"\. "\u0e27\u0e31\u0e19\u0e1e\u0e24\u0e2b\u0e31\u0e2a\u0e1a\u0e14\u0e35"\. "\u0e27\u0e31\u0e19\u0e28\u0e38\u0e01\u0e23\u0e4c"\. "\u0e27\u0e31\u0e19\u0e40\u0e2a\u0e32\u0e23\u0e4c"]. ::msgcat::mcset th MONTHS_ABBREV [list \. "\u0e21.\u0e04."\. "\u0e01.\u0e1e."\. "\u0e21\u0e35.\u0e04."\. "\u0e40\u0e21.\u0e22."\. "\u0e1e.\u0e04."\. "\u0e21\u0e34.\u0e22."\. "\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\tr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1133
                            Entropy (8bit):4.32041719596907
                            Encrypted:false
                            SSDEEP:24:4azu80VAFVsNTib5vk5CfYTnGk65GmogWFLNvoKvWI3:46j8NTgwVTnlSJWFLJvWI3
                            MD5:3AFAD9AD82A9C8B754E2FE8FC0094BAB
                            SHA1:4EE3E2DF86612DB314F8D3E7214D7BE241AA1A32
                            SHA-256:DF7C4BA67457CB47EEF0F5CA8E028FF466ACDD877A487697DC48ECAC7347AC47
                            SHA-512:79A6738A97B7DB9CA4AE9A3BA1C3E56BE9AC67E71AE12154FD37A37D78892B6414A49E10E007DE2EB314942DC017B87FAB7C64B74EC9B889DAEBFF9B3B78E644
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset tr DAYS_OF_WEEK_ABBREV [list \. "Paz"\. "Pzt"\. "Sal"\. "\u00c7ar"\. "Per"\. "Cum"\. "Cmt"]. ::msgcat::mcset tr DAYS_OF_WEEK_FULL [list \. "Pazar"\. "Pazartesi"\. "Sal\u0131"\. "\u00c7ar\u015famba"\. "Per\u015fembe"\. "Cuma"\. "Cumartesi"]. ::msgcat::mcset tr MONTHS_ABBREV [list \. "Oca"\. "\u015eub"\. "Mar"\. "Nis"\. "May"\. "Haz"\. "Tem"\. "A\u011fu"\. "Eyl"\. "Eki"\. "Kas"\. "Ara"\. ""]. ::msgcat::mcset tr MONTHS_FULL [list \. "Ocak"\. "\u015eubat"\. "Mart"\. "Nisan"\. "May\u0131s"\. "Haziran"\. "Temmuz"\. "A\u011fustos"\. "Eyl\u00fcl"\. "Ekim"\. "Kas\u0131m"\. "Aral\u0131k"\. ""]. ::msgcat::mcset tr D

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\uk.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2113
                            Entropy (8bit):4.227105489438195
                            Encrypted:false
                            SSDEEP:48:46+ytFoQAQPHUKPo6eQ4QBuQ0WbQcJeyFQDWZlQD1QbS7XQn1Q7mDaSAJQ7GMLzM:hIpP5tzYhTUhAgEAE+
                            MD5:458A38F894B296C83F85A53A92FF8520
                            SHA1:CE26187875E334C712FDAB73E6B526247C6FE1CF
                            SHA-256:CF2E78EF3322F0121E958098EF5F92DA008344657A73439EAC658CB6BF3D72BD
                            SHA-512:3B8730C331CF29EF9DEDBC9D5A53C50D429931B8DA01EE0C20DAE25B995114966DB9BC576BE0696DEC088DB1D88B50DE2C376275AB5251F49F6544E546BBC531
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset uk DAYS_OF_WEEK_ABBREV [list \. "\u043d\u0434"\. "\u043f\u043d"\. "\u0432\u0442"\. "\u0441\u0440"\. "\u0447\u0442"\. "\u043f\u0442"\. "\u0441\u0431"]. ::msgcat::mcset uk DAYS_OF_WEEK_FULL [list \. "\u043d\u0435\u0434\u0456\u043b\u044f"\. "\u043f\u043e\u043d\u0435\u0434\u0456\u043b\u043e\u043a"\. "\u0432\u0456\u0432\u0442\u043e\u0440\u043e\u043a"\. "\u0441\u0435\u0440\u0435\u0434\u0430"\. "\u0447\u0435\u0442\u0432\u0435\u0440"\. "\u043f'\u044f\u0442\u043d\u0438\u0446\u044f"\. "\u0441\u0443\u0431\u043e\u0442\u0430"]. ::msgcat::mcset uk MONTHS_ABBREV [list \. "\u0441\u0456\u0447"\. "\u043b\u044e\u0442"\. "\u0431\u0435\u0440"\. "\u043a\u0432\u0456\u0442"\. "\u0442\u0440\u0430\u0432"\. "\u0447\u0435\u0440\u0432"\. "\u043b\u0438\u043f"\. "\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\vi.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1421
                            Entropy (8bit):4.382223858419589
                            Encrypted:false
                            SSDEEP:24:4azu8pNu9UT5xDHy2W82yGWnf/oxHFBSWWS1D/avSv16:46Oixzy2IyhwZ17cU16
                            MD5:3BD0AB95976D1B80A30547E4B23FD595
                            SHA1:B3E5DC095973E46D8808326B2A1FC45046B5267F
                            SHA-256:9C69094C0BD52D5AE8448431574EAE8EE4BE31EC2E8602366DF6C6BF4BC89A58
                            SHA-512:2A68A7ADC385EDEA02E4558884A24DCC6328CC9F7D459CC03CC9F2D2F58CF6FF2103AD5B45C6D05B7E13F28408C6B05CDDF1DF60E822E5095F86A49052E19E59
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset vi DAYS_OF_WEEK_ABBREV [list \. "Th 2"\. "Th 3"\. "Th 4"\. "Th 5"\. "Th 6"\. "Th 7"\. "CN"]. ::msgcat::mcset vi DAYS_OF_WEEK_FULL [list \. "Th\u01b0\u0301 hai"\. "Th\u01b0\u0301 ba"\. "Th\u01b0\u0301 t\u01b0"\. "Th\u01b0\u0301 n\u0103m"\. "Th\u01b0\u0301 s\u00e1u"\. "Th\u01b0\u0301 ba\u0309y"\. "Chu\u0309 nh\u00e2\u0323t"]. ::msgcat::mcset vi MONTHS_ABBREV [list \. "Thg 1"\. "Thg 2"\. "Thg 3"\. "Thg 4"\. "Thg 5"\. "Thg 6"\. "Thg 7"\. "Thg 8"\. "Thg 9"\. "Thg 10"\. "Thg 11"\. "Thg 12"\. ""]. ::msgcat::mcset vi MONTHS_FULL [list \. "Th\u00e1ng m\u00f4\u0323t"\. "Th\u00e1ng hai"\. "Th\u00e1ng ba"\. "Th\u00e1ng t\u01b0"\. "Th\u00e1ng n\u0103m"\. "Th\u00e1ng s\

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\zh.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text, with very long lines (1598)
                            Category:dropped
                            Size (bytes):3330
                            Entropy (8bit):4.469203967086526
                            Encrypted:false
                            SSDEEP:48:468jDI/Tw71xDqwPqDa8c3FLbYmhyvMDKbW0YGLuoEyzag29dL:hn7wRdNL
                            MD5:9C33FFDD4C13D2357AB595EC3BA70F04
                            SHA1:A87F20F7A331DEFC33496ECDA50D855C8396E040
                            SHA-256:EF81B41EC69F67A394ECE2B3983B67B3D0C8813624C2BFA1D8A8C15B21608AC9
                            SHA-512:E31EEE90660236BCD958F3C540F56B2583290BAD6086AE78198A0819A92CF2394C62DE3800FDDD466A8068F4CABDFBCA46A648D419B1D0103381BF428D721B13
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh DAYS_OF_WEEK_ABBREV [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh DAYS_OF_WEEK_FULL [list \. "\u661f\u671f\u65e5"\. "\u661f\u671f\u4e00"\. "\u661f\u671f\u4e8c"\. "\u661f\u671f\u4e09"\. "\u661f\u671f\u56db"\. "\u661f\u671f\u4e94"\. "\u661f\u671f\u516d"]. ::msgcat::mcset zh MONTHS_ABBREV [list \. "\u4e00\u6708"\. "\u4e8c\u6708"\. "\u4e09\u6708"\. "\u56db\u6708"\. "\u4e94\u6708"\. "\u516d\u6708"\. "\u4e03\u6708"\. "\u516b\u6708"\. "\u4e5d\u6708"\. "\u5341\u6708"\. "\u5341\u4e00\u6708"\. "\u5341\u4e8c\u6708"\. ""]. ::msgcat::mcset zh MONTHS_FULL [list \.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\zh_cn.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):312
                            Entropy (8bit):5.1281364096481665
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoX5HoHJ+3vtfNrFLoHJ+3v6MY+oXa+3vYq9:4EnLzu8d5eJ+3vtNEJ+3v6L1L3vYq9
                            MD5:EB94B41551EAAFFA5DF4F406C7ACA3A4
                            SHA1:B0553108BDE43AA7ED362E2BFFAF1ABCA1567491
                            SHA-256:85F91CF6E316774AA5D0C1ECA85C88E591FD537165BB79929C5E6A1CA99E56C8
                            SHA-512:A0980A6F1AD9236647E4F18CC104999DB2C523153E8716FD0CFE57320E906DF80378A5C0CDE132F2C53F160F5304EAF34910D7D1BB5753987D74AFBC0B6F75F3
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_CN DATE_FORMAT "%Y-%m-%e". ::msgcat::mcset zh_CN TIME_FORMAT "%k:%M:%S". ::msgcat::mcset zh_CN TIME_FORMAT_12 "%P%I\u65f6%M\u5206%S\u79d2". ::msgcat::mcset zh_CN DATE_TIME_FORMAT "%Y-%m-%e %k:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\zh_hk.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):752
                            Entropy (8bit):4.660158381384211
                            Encrypted:false
                            SSDEEP:12:4EnLzu8qmDBHZLX+TyW4OU5yPgM9Lz+SC3WwLNMW3v6G3v3Ww+:4azu8qyFOw3WwLrvTv3Ww+
                            MD5:D8C6BFBFCE44B6A8A038BA44CB3DB550
                            SHA1:FBD609576E65B56EDA67FD8A1801A27B43DB5486
                            SHA-256:D123E0B4C2614F680808B58CCA0C140BA187494B2C8BCF8C604C7EB739C70882
                            SHA-512:3455145CF5C77FC847909AB1A283452D0C877158616C8AA7BDFFC141B86B2E66F9FF45C3BB6A4A9D758D2F8FFCB1FE919477C4553EFE527C0EDC912EBBCAABCD
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_HK DAYS_OF_WEEK_ABBREV [list \. "\u65e5"\. "\u4e00"\. "\u4e8c"\. "\u4e09"\. "\u56db"\. "\u4e94"\. "\u516d"]. ::msgcat::mcset zh_HK MONTHS_ABBREV [list \. "1\u6708"\. "2\u6708"\. "3\u6708"\. "4\u6708"\. "5\u6708"\. "6\u6708"\. "7\u6708"\. "8\u6708"\. "9\u6708"\. "10\u6708"\. "11\u6708"\. "12\u6708"\. ""]. ::msgcat::mcset zh_HK DATE_FORMAT "%Y\u5e74%m\u6708%e\u65e5". ::msgcat::mcset zh_HK TIME_FORMAT_12 "%P%I:%M:%S". ::msgcat::mcset zh_HK DATE_TIME_FORMAT "%Y\u5e74%m\u6708%e\u65e5 %P%I:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\zh_sg.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):339
                            Entropy (8bit):5.020358587042703
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoOpxoPpSocvNLohX3v6ZhLoh+3v6fJ:4EnLzu8WvNo3v6b3vu
                            MD5:E0BC93B8F050D6D80B8173FF4FA4D7B7
                            SHA1:231FF1B6F859D0261F15D2422DF09E756CE50CCB
                            SHA-256:2683517766AF9DA0D87B7A862DE9ADEA82D9A1454FC773A9E3C1A6D92ABA947A
                            SHA-512:8BA6EAC5F71167B83A58B47123ACF7939C348FE2A0CA2F092FE9F60C0CCFB901ADA0E8F2101C282C39BAE86C918390985731A8F66E481F8074732C37CD50727F
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_SG AM "\u4e0a\u5348". ::msgcat::mcset zh_SG PM "\u4e2d\u5348". ::msgcat::mcset zh_SG DATE_FORMAT "%d %B %Y". ::msgcat::mcset zh_SG TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_SG DATE_TIME_FORMAT "%d %B %Y %P %I:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\msgs\zh_tw.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):346
                            Entropy (8bit):5.08314435797197
                            Encrypted:false
                            SSDEEP:6:SlSyEtJLlpuoo6dmoAykaRULH/XRxvBoAyjZRULH5oAyU/G0OZoAyxW3v6ZhLoAR:4EnLzu8I5xEOKRWW3v6w3v8AC
                            MD5:9CD17E7F28186E0E71932CC241D1CBB1
                            SHA1:AF1EE536AABB8198BA88D3474ED49F76A37E89FF
                            SHA-256:D582406C51A3DB1EADF6507C50A1F85740FDA7DA8E27FC1438FEB6242900CB12
                            SHA-512:4712DD6A27A09EA339615FC3D17BC8E4CD64FF12B2B8012E01FD4D3E7789263899FA05EDDB77044DC7B7D32B3DC55A52B8320D93499DF9A6799A8E4D07174525
                            Malicious:false
                            Preview:# created by tools/loadICU.tcl -- do not edit.namespace eval ::tcl::clock {. ::msgcat::mcset zh_TW BCE "\u6c11\u570b\u524d". ::msgcat::mcset zh_TW CE "\u6c11\u570b". ::msgcat::mcset zh_TW DATE_FORMAT "%Y/%m/%e". ::msgcat::mcset zh_TW TIME_FORMAT_12 "%P %I:%M:%S". ::msgcat::mcset zh_TW DATE_TIME_FORMAT "%Y/%m/%e %P %I:%M:%S %z".}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\opt0.4\optparse.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):32718
                            Entropy (8bit):4.5415166585248645
                            Encrypted:false
                            SSDEEP:768:UczgW5gzrui4sKDt9C7sGbHMmjJbuQH8A2Q:VgTrrvf7sGbHDFSQH8/Q
                            MD5:1A7DF33BC47D63F9CE1D4FF70A974FA3
                            SHA1:513EC2215E2124D9A6F6DF2549C1442109E117C0
                            SHA-256:C5D74E1C927540A3F524E6B929D0956EFBA0797FB8D55918EF69D27DF57DEDA3
                            SHA-512:F671D5A46382EDFBDA49A6EDB9E6CF2D5CEBD83CE4ADD6B717A478D52748332D41DA3743182D4555B801B96A318D29DFC6AC36B32983ADB32D329C24F8A3D713
                            Malicious:false
                            Preview:# optparse.tcl --.#.# (private) Option parsing package.# Primarily used internally by the safe:: code..#.#.WARNING: This code will go away in a future release.#.of Tcl. It is NOT supported and you should not rely.#.on it. If your code does rely on this package you.#.may directly incorporate this code into your application...package require Tcl 8.2.# When this version number changes, update the pkgIndex.tcl file.# and the install directory in the Makefiles..package provide opt 0.4.6..namespace eval ::tcl {.. # Exported APIs. namespace export OptKeyRegister OptKeyDelete OptKeyError OptKeyParse \. OptProc OptProcArgGiven OptParse \.. Lempty Lget \. Lassign Lvarpop Lvarpop1 Lvarset Lvarincr \. SetMax SetMin...################# Example of use / 'user documentation' ###################.. proc OptCreateTestProc {} {...# Defines ::tcl::OptParseTest as a test proc with parsed arguments..# (can't be defined before the code below is

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\opt0.4\pkgIndex.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):607
                            Entropy (8bit):4.652658850873767
                            Encrypted:false
                            SSDEEP:12:jHxJRuMopS42wyGlTajUA43KXks4L1GbyvX6VxQ+pBbX:bvRmS42wyGlTah9XkbL7X6VxBB
                            MD5:92FF1E42CFC5FECCE95068FC38D995B3
                            SHA1:B2E71842F14D5422A9093115D52F19BCCA1BF881
                            SHA-256:EB9925A8F0FCC7C2A1113968AB0537180E10C9187B139C8371ADF821C7B56718
                            SHA-512:608D436395D055C5449A53208F3869B8793DF267B8476AD31BCDD9659A222797814832720C495D938E34BF7D253FFC3F01A73CC0399C0DFB9C85D2789C7F11C0
                            Malicious:false
                            Preview:# Tcl package index file, version 1.1.# This file is generated by the "pkg_mkIndex -direct" command.# and sourced either when an application starts up or.# by a "package unknown" script. It invokes the.# "package ifneeded" command to set up package-related.# information so that packages will be loaded automatically.# in response to "package require" commands. When this.# script is sourced, the variable $dir must contain the.# full path name of this file's directory...if {![package vsatisfies [package provide Tcl] 8.2]} {return}.package ifneeded opt 0.4.6 [list source [file join $dir optparse.tcl]].

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\package.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):22959
                            Entropy (8bit):4.836555290409911
                            Encrypted:false
                            SSDEEP:384:I72oQXm9jcLyBLWueSzvAXMiow90l3NhETrh4NLTluYhoNL3ZAqYi:I72oQXmgyBCqvAcFw2dhOrh4NZVhoN3F
                            MD5:55E2DB5DCF8D49F8CD5B7D64FEA640C7
                            SHA1:8FDC28822B0CC08FA3569A14A8C96EDCA03BFBBD
                            SHA-256:47B6AF117199B1511F6103EC966A58E2FD41F0ABA775C44692B2069F6ED10BAD
                            SHA-512:824C210106DE7EAE57A480E3F6E3A5C8FB8AC4BBF0A0A386D576D3EB2A3AC849BDFE638428184056DA9E81767E2B63EFF8E18068A1CF5149C9F8A018F817D3E5
                            Malicious:false
                            Preview:# package.tcl --.#.# utility procs formerly in init.tcl which can be loaded on demand.# for package management..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval tcl::Pkg {}..# ::tcl::Pkg::CompareExtension --.#.# Used internally by pkg_mkIndex to compare the extension of a file to a given.# extension. On Windows, it uses a case-insensitive comparison because the.# file system can be file insensitive..#.# Arguments:.# fileName.name of a file whose extension is compared.# ext..(optional) The extension to compare against; you must.#..provide the starting dot..#..Defaults to [info sharedlibextension].#.# Results:.# Returns 1 if the extension matches, 0 otherwise..proc tcl::Pkg::CompareExtension {fileName {ext {}}} {. global tcl_platform. if {$ext eq ""} {set ext

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\parray.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):816
                            Entropy (8bit):4.833285375693491
                            Encrypted:false
                            SSDEEP:12:TcS2n1RBbgZKaNHaeYFSxYmXqt9IGUafZwXgEImK7k35IpbdELS8/McjbPgnE:TcHn5sZKGkwa/JxfJmRGNc93j7CE
                            MD5:FCDAF75995F2CCE0A5D5943E9585590D
                            SHA1:A0B1BD4E68DCE1768D3C5E0D3C7B31E28021D3BA
                            SHA-256:EBE5A2B4CBBCD7FD3F7A6F76D68D7856301DB01B350C040942A7B806A46E0014
                            SHA-512:A632D0169EE3B6E6B7EF73F5FBA4B7897F9491BDB389D78165E297252424546EFB43895D3DD530864B9FCF2ECF5BCE7DA8E55BA5B4F20E23E1E45ADDAF941C11
                            Malicious:false
                            Preview:# parray:.# Print the contents of a global array on stdout..#.# Copyright (c) 1991-1993 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..proc parray {a {pattern *}} {. upvar 1 $a array. if {![array exists array]} {..return -code error "\"$a\" isn't an array". }. set maxl 0. set names [lsort [array names array $pattern]]. foreach name $names {..if {[string length $name] > $maxl} {.. set maxl [string length $name]..}. }. set maxl [expr {$maxl + [string length $a] + 2}]. foreach name $names {..set nameString [format %s(%s) $a $name]..puts stdout [format "%-*s = %s" $maxl $nameString $array($name)]. }.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\safe.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):33439
                            Entropy (8bit):4.750571844372246
                            Encrypted:false
                            SSDEEP:768:OovFcXxzYqZ1//L2J4lb77BvnthiV0EnoQI4MnNhGQmzY3wKIYkA:OovFcqqZF2J4lb7Rrg0EnoQI4INhGrzu
                            MD5:325A573F30C9EA70FD891E85664E662C
                            SHA1:6EC3F21EBCFD269847C43891DAD96189FACF20E4
                            SHA-256:89B74D2417EB27FEEA32B8666B08D28BC1FFE5DCF1652DBD8799F7555D79C71F
                            SHA-512:149FE725A3234A2F8C3EE1B03119440E3CB16586F04451B6E62CED0097B1AD227C97B55F5A66631033A888E860AB61CAF7DDD014696276BC9226D87F15164E2F
                            Malicious:false
                            Preview:# safe.tcl --.#.# This file provide a safe loading/sourcing mechanism for safe interpreters..# It implements a virtual path mecanism to hide the real pathnames from the.# slave. It runs in a master interpreter and sets up data structure and.# aliases that will be invoked when used from a slave interpreter..#.# See the safe.n man page for details..#.# Copyright (c) 1996-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...#.# The implementation is based on namespaces. These naming conventions are.# followed:.# Private procs starts with uppercase..# Public procs are exported and starts with lowercase.#..# Needed utilities package.package require opt 0.4.1..# Create the safe namespace.namespace eval ::safe {. # Exported API:. namespace export interpCreate interpInit interpConfigure interpDelete \..interpAddToAccessPath interpFindInAccessPath setLogCmd.}..# Helper function to

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tclIndex

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5415
                            Entropy (8bit):4.701682771925196
                            Encrypted:false
                            SSDEEP:96:esataNULULUVUhU5U1UIUZUJeUpgURUFD15Q0AkU6PkrBkGUjZKspDzmK5SMFTub:eNtEACkiwM3g4ePOiD15Q0AkU6PkrBko
                            MD5:E127196E9174B429CC09C040158F6AAB
                            SHA1:FF850F5D1BD8EFC1A8CB765FE8221330F0C6C699
                            SHA-256:ABF7D9D1E86DE931096C21820BFA4FD70DB1F55005D2DB4AA674D86200867806
                            SHA-512:C4B98EBC65E25DF41E6B9A93E16E608CF309FA0AE712578EE4974D84F7F33BCF2A6ED7626E88A343350E13DA0C5C1A88E24A87FCBD44F7DA5983BB3EF036A162
                            Malicious:false
                            Preview:# Tcl autoload index file, version 2.0.# -*- tcl -*-.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(auto_reset) [list source [file join $dir auto.tcl]].set auto_index(tcl_findLibrary) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex) [list source [file join $dir auto.tcl]].set auto_index(auto_mkindex_old) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::init) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::cleanup) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::mkindex) [list source [file join $dir auto.tcl]].set auto_index(::auto_mkindex_parser::hook) [list source [file join $dir auto.tcl]].set auto_in

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tm.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):11633
                            Entropy (8bit):4.706526847377957
                            Encrypted:false
                            SSDEEP:192:CnjVD6gOGFpvXKPrzYkWo55z3ovPvKvaWZPZ9W6TV9ujpZw7K3mQ4auPltqQvu9:CGQvX+XYkn59YvPSvDJTV9174zuPltBC
                            MD5:F9ED2096EEA0F998C6701DB8309F95A6
                            SHA1:BCDB4F7E3DB3E2D78D25ED4E9231297465B45DB8
                            SHA-256:6437BD7040206D3F2DB734FA482B6E79C68BCC950FBA80C544C7F390BA158F9B
                            SHA-512:E4FB8F28DC72EA913F79CEDF5776788A0310608236D6607ADC441E7F3036D589FD2B31C446C187EF5827FD37DCAA26D9E94D802513E3BF3300E94DD939695B30
                            Malicious:false
                            Preview:# -*- tcl -*-.#.# Searching for Tcl Modules. Defines a procedure, declares it as the primary.# command for finding packages, however also uses the former 'package unknown'.# command as a fallback..#.# Locates all possible packages in a directory via a less restricted glob. The.# targeted directory is derived from the name of the requested package, i.e..# the TM scan will look only at directories which can contain the requested.# package. It will register all packages it found in the directory so that.# future requests have a higher chance of being fulfilled by the ifneeded.# database without having to come to us again..#.# We do not remember where we have been and simply rescan targeted directories.# when invoked again. The reasoning is this:.#.# - The only way we get back to the same directory is if someone is trying to.# [package require] something that wasn't there on the first scan..#.# Either.# 1) It is there now: If we rescan, you get it; if not you don't..#.# This co

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Abidjan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):141
                            Entropy (8bit):4.951583909886815
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52DcsG/kXGm2OHnFvpsYvUdSalHFLd:SlSWB9X52DBGTm2OHnFvmYValHf
                            MD5:6FB79707FD3A183F8A3C780CA2669D27
                            SHA1:E703AB552B4231827ACD7872364C36C70988E4C0
                            SHA-256:A5DC7BFB4F569361D438C8CF13A146CC2641A1A884ACF905BB51DA28FF29A900
                            SHA-512:CDD3AD9AFFD246F4DFC40C1699E368FB2924E73928060B1178D298DCDB11DBD0E88BC10ED2FED265F7F7271AC5CCE14A60D65205084E9249154B8D54C2309E52
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Abidjan) {. {-9223372036854775808 -968 0 LMT}. {-1830383032 0 0 GMT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Accra

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1393
                            Entropy (8bit):3.9087586646312253
                            Encrypted:false
                            SSDEEP:12:MBp52DUsmdHvdDZxdCjFaEu3MEANKSgI3u2VuTSr0l+pU4Y4Y0gK:cQ9elDZxdCwEu3MEANKSgsrVkvY64Y4
                            MD5:FFEDB06126D6DA9F3BECA614428F51E9
                            SHA1:2C549D1CF8636541D42BDC56D8E534A222E4642C
                            SHA-256:567A0AD3D2C9E356A2E38A76AF4D5C4B8D5B950AF7B648A027FE816ACAE455AE
                            SHA-512:E057EA59A47C881C60B2196554C9B24C00CB26345CA7E311B5409F6FBB31EBEDD13C41A4C3B0B68AE8B93F4819158D94610DE795112E77209F391AC31332BA2A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Accra) {. {-9223372036854775808 -52 0 LMT}. {-1640995148 0 0 GMT}. {-1556841600 1200 1 GMT}. {-1546388400 0 0 GMT}. {-1525305600 1200 1 GMT}. {-1514852400 0 0 GMT}. {-1493769600 1200 1 GMT}. {-1483316400 0 0 GMT}. {-1462233600 1200 1 GMT}. {-1451780400 0 0 GMT}. {-1430611200 1200 1 GMT}. {-1420158000 0 0 GMT}. {-1399075200 1200 1 GMT}. {-1388622000 0 0 GMT}. {-1367539200 1200 1 GMT}. {-1357086000 0 0 GMT}. {-1336003200 1200 1 GMT}. {-1325550000 0 0 GMT}. {-1304380800 1200 1 GMT}. {-1293927600 0 0 GMT}. {-1272844800 1200 1 GMT}. {-1262391600 0 0 GMT}. {-1241308800 1200 1 GMT}. {-1230855600 0 0 GMT}. {-1209772800 1200 1 GMT}. {-1199319600 0 0 GMT}. {-1178150400 1200 1 GMT}. {-1167697200 0 0 GMT}. {-1146614400 1200 1 GMT}. {-1136161200 0 0 GMT}. {-1115078400 1200 1 GMT}. {-1104625200 0 0 GMT}. {-1083542400 1200 1 GMT}. {-1073

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Addis_Ababa

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.766991307890532
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DczqIVDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DnaDkr
                            MD5:C203A97FC500E408AC841A6A5B21E14E
                            SHA1:ED4C4AA578A16EB83220F37199460BFE207D2B44
                            SHA-256:3EBC66964609493524809AD0A730FFFF036C38D9AB3770412841F80DFFC717D5
                            SHA-512:2F1A4500F49AFD013BCA70089B1E24748D7E45D41F2C9D3D9AFDCC1778E750FFB020D34F622B071E80F80CC0FEFF080E8ACC1E7A8ABE8AD12C0F1A1DAA937FE5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Addis_Ababa) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Algiers

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1041
                            Entropy (8bit):4.110061823095588
                            Encrypted:false
                            SSDEEP:12:MBp52D7AmdHh5PMybVSqSFvvqXFaLSaSxmvWo/fmvCkQ6eW6Xs8QQB1r5Q:cQIefMyb8BF6XFaLSxktf1PW6X4q1K
                            MD5:8221A83520B1D3DE02E886CFB1948DE3
                            SHA1:0806A0898FDE6F5AE502C64515A1345D71B1F7D2
                            SHA-256:5EE3B25676E813D89ED866D03B5C3388567D8307A2A60D1C4A34D938CBADF710
                            SHA-512:2B8A837F7CF6DE43DF4072BF4A54226235DA8B8CA78EF55649C7BF133B2E002C614FE7C693004E3B17C25FBCECAAD5CD9B0A8CB0A5D32ADF68EA019203EE8704
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Algiers) {. {-9223372036854775808 732 0 LMT}. {-2486679072 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1531443600 0 0 WET}. {-956365200 3600 1 WEST}. {-950486400 0 0 WET}. {-942012000 3600 0 CET}. {-812502000 7200 1 CEST}. {-796262400 3600 0 CET}. {-781052400 7200 1 CEST}. {-766630800 3600 0 CET}. {-733280400 0 0 WET}. {-439430400 3600 0 CET}. {-212029200 0 0 WET}. {41468400 3600 1 WEST}. {54774000 0 0 WET}. {231724800 3600 1 WEST}. {246240000 3600 0 CET}. {259545600 7200 1 CEST}. {275274000 3600 0 CET}. {309740400 0 0 WET}. {325468800 3600 1 WEST}. {3418020

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Asmara

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.750118730136804
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcjEUEH+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DGs+Dkr
                            MD5:F8CEC826666174899C038EC9869576ED
                            SHA1:4CAA32BB070F31BE919F5A03141711DB22072E2C
                            SHA-256:D9C940B3BE2F9E424BC6F69D665C21FBCA7F33789E1FE1D27312C0B38B75E097
                            SHA-512:DA890F5A6806AE6774CFC061DFD4AE069F78212AB063287146245692383022AABB3637DEB49C1D512DA3499DC4295541962DAC05729302B3314E7BF306E6CB41
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmara) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Asmera

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.755468133981916
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcjAWDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2D8Dkr
                            MD5:8B5DCBBDB2309381EAA8488E1551655F
                            SHA1:65065868620113F759C5D37B89843A334E64D210
                            SHA-256:F7C8CEE9FA2A4BF9F41ABA18010236AC4CCD914ACCA9E568C87EDA0503D54014
                            SHA-512:B8E61E6D5057CD75D178B292CD19CBCED2A127099D95046A7448438BCC035DE4066FDD637E9055AC3914E4A8EAA1B0123FA0E90E4F7042B2C4551BB009F1D2E9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Asmera) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Bamako

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.83500517532947
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcxAQDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DwNDBP
                            MD5:FCBE668127DFD81CB0F730C878EB2F1A
                            SHA1:F27C9D96A04A12AC7423A60A756732B360D6847D
                            SHA-256:6F462C2C5E190EFCA68E882CD61D5F3A8EF4890761376F22E9905B1B1B6FDE9F
                            SHA-512:B0E6E4F5B46A84C2D02A0519831B98F336AA79079FF2CB9F290D782335FB4FB39A3453520424ED3761D801B9FBE39228B1D045C40EDD70B29801C26592F9805A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Bamako) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Bangui

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.834042129935993
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcx2m/2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dw/2D4v
                            MD5:7A017656AB8048BD67250207CA265717
                            SHA1:F2BB86BC7B7AB886738A33ADA37C444D6873DB94
                            SHA-256:E31F69E16450B91D79798C1064FEA18DE89D5FE343D2DE4A5190BCF15225E69D
                            SHA-512:695FA7369341F1F4BC1B629CDAB1666BEFE2E7DB32D75E5038DC17526A3CCE293DB36AFEB0955B06F5834D43AEF140F7A66EC52598444DBE8C8B70429DBE5FC5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Bangui) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Banjul

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.839691887198201
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcx79FHp4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dw7J4V
                            MD5:149DD4375235B088386A2D187ED03FFB
                            SHA1:5E879B778E2AB110AC7815D3D62A607A76AAB93B
                            SHA-256:1769E15721DAFF477E655FF7A8491F4954FB2F71496287C6F9ED265FE5588E00
                            SHA-512:4F997EDE6F04A89240E0950D605BB43D6814DCCA433F3A75F330FA13EE8729A10D20E9A0AAD6E6912370E350ABD5A65B878B914FCC9A5CA8503E3A5485E57B3E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Banjul) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Bissau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):169
                            Entropy (8bit):4.797400281087303
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52Dc5ixXGm2OHGVkevUdSaw7FFFkhSVPVFd:SlSWB9X52D4fm2OHCkeVawBFF2mh
                            MD5:BA4959590575031330280A4ADC7017D1
                            SHA1:34FBC2AFD2E13575D286062050D98ABC4BF7C7A6
                            SHA-256:2C06A94A43AC7F0079E6FE371F0D5A06A7BF23A868AC3B10135BFC4266CD2D4E
                            SHA-512:65E6161CB6AF053B53C7ABE1E4CAAD4F40E350D52BADCB95EB37138268D17CF48DDB0CA771F450ECD8E6A57C99BE2E8C2227A28B5C4AF3DE7F6D74F255118F04
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Bissau) {. {-9223372036854775808 -3740 0 LMT}. {-1830380400 -3600 0 -01}. {157770000 0 0 GMT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Blantyre

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.856245693637169
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62Dc8ycXp75h4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DAmp1T
                            MD5:3F6E187410D0109D05410EFC727FB5E5
                            SHA1:CAB54D985823218E01EDF9165CABAB7A984EE93E
                            SHA-256:9B2EEB0EF36F851349E254E1745D11B65CB30A16A2EE4A87004765688A5E0452
                            SHA-512:E12D6DBEA8DE9E3FB236011B962FFE1AEB95E3353B13303C343565B60AA664508D51A011C66C3CE2460C52A901495F46D0500C9B74E19399AE66231E5D6200A0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Blantyre) $TZData(:Africa/Maputo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Brazzaville

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.853052123353996
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DciE0TMJZp4DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2D4qGp4e
                            MD5:4F5159996C16A171D9B011C79FDDBF63
                            SHA1:51BCA6487762E42528C845CCA33173B3ED707B3F
                            SHA-256:E73ADC4283ECA7D8504ABC6CB28D98EB071ED867F77DE9FADA777181533AD1D0
                            SHA-512:6E5D4DF903968395DFDB834FBD4B2A0294E945A9939D05BED8533674EA0ACE8393731DDCDFACF7F2C9A00D38DC8F5EDB173B4025CF05122B0927829D07ED203F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Brazzaville) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Bujumbura

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.900915013374923
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DclbDcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DkbDE/
                            MD5:9E81B383C593422481B5066CF23B8CE1
                            SHA1:8DD0408272CBE6DF1D5051CB4D9319B5A1BD770E
                            SHA-256:9ADCD7CB6309049979ABF8D128C1D1BA35A02F405DB8DA8C39D474E8FA675E38
                            SHA-512:9939ED703EC26350DE9CC59BF7A8C76B6B3FE3C67E47CCDDE86D87870711224ADEEC61D93AC7926905351B8333AD01FF235276A5AB766474B5884F8A0329C2CB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Bujumbura) $TZData(:Africa/Maputo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Cairo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3720
                            Entropy (8bit):3.687670811431724
                            Encrypted:false
                            SSDEEP:48:5hRg1oCSY0WF6yU0yWZVYbZ0F0ZeTvc0jDlSBFX84aKqITVuV09ONWHr0L0335Kw:Fu0oVy0FUeLIvQV8c0OvOakCUUO
                            MD5:1B38D083FC54E17D82935D400051F571
                            SHA1:AE34C08176094F4C4BFEB4E1BBAE6034BCD03A11
                            SHA-256:11283B69DE0D02EAB1ECF78392E3A4B32288CCFEF946F0432EC83327A51AEDDC
                            SHA-512:581161079EC0F77EEB119C96879FD586AE49997BAD2C5124C360BCACF9136FF0A6AD70AE7D4C88F96BC94EEB87F628E8890E65DB9B0C96017659058D35436307
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Cairo) {. {-9223372036854775808 7509 0 LMT}. {-2185409109 7200 0 EET}. {-929844000 10800 1 EEST}. {-923108400 7200 0 EET}. {-906170400 10800 1 EEST}. {-892868400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857790000 7200 0 EET}. {-844308000 10800 1 EEST}. {-825822000 7200 0 EET}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EET}. {-779853600 10800 1 EEST}. {-762663600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 72

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Casablanca

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1567
                            Entropy (8bit):3.593430930151928
                            Encrypted:false
                            SSDEEP:48:5qSFbS4PUuMfMSAdZXfSGjX6JAzS26WZrW0SKQYXRWXpSjv:YmG0HZPcOQy1p
                            MD5:9DB3A6EB1162C5D814B98265FB58D004
                            SHA1:63ACAD6C18B49EF6794610ADED9865C8600A4D5C
                            SHA-256:EF30CFFD1285339F4CC1B655CB4CB8C5D864C4B575D66F18919A35C084AA4E5F
                            SHA-512:0581F6640BDDD8C33E82983F2186EB0952946C70A4B3F524EC78D1BE3EC1FA10BC3672A99CBA3475B28C0798D62A14F298207160F04EE0861EDDA352DA2BCCA0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Casablanca) {. {-9223372036854775808 -1820 0 LMT}. {-1773012580 0 0 +00}. {-956361600 3600 1 +00}. {-950490000 0 0 +00}. {-942019200 3600 1 +00}. {-761187600 0 0 +00}. {-617241600 3600 1 +00}. {-605149200 0 0 +00}. {-81432000 3600 1 +00}. {-71110800 0 0 +00}. {141264000 3600 1 +00}. {147222000 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {448243200 3600 0 +01}. {504918000 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Ceuta

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7277
                            Entropy (8bit):3.744402699283941
                            Encrypted:false
                            SSDEEP:96:/N8d9VA1URbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAT:/AHAiRNH4Mn82rlo6XIZ9ALeBO
                            MD5:261E339A2575F28099CD783B52F0980C
                            SHA1:F7EB8B3DAE9C07382D5123225B3EAA4B5BFD47D6
                            SHA-256:9C7D0E75AFC5681579D1018D7259733473EEDFFAF7313016B60159CB2A4DCAB5
                            SHA-512:8E622174CB6DB4D0172DBC2E408867F03EBB7D1D54AA51D99C4465945CFF369AAFAF17D1D0F9277E69CBE3AD6AAF9A0C6EE056017474DF171E94BD28BBA9C04A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ceuta) {. {-9223372036854775808 -1276 0 LMT}. {-2177452800 0 0 WET}. {-1630112400 3600 1 WEST}. {-1616810400 0 0 WET}. {-1451692800 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427673600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316390400 3600 1 WEST}. {-1301270400 0 0 WET}. {-1293840000 0 0 WET}. {-94694400 0 0 WET}. {-81432000 3600 1 WEST}. {-71110800 0 0 WET}. {141264000 3600 1 WEST}. {147222000 0 0 WET}. {199756800 3600 1 WEST}. {207702000 0 0 WET}. {231292800 3600 1 WEST}. {244249200 0 0 WET}. {265507200 3600 1 WEST}. {271033200 0 0 WET}. {448243200 3600 0 CET}. {504918000 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Conakry

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):180
                            Entropy (8bit):4.832452688412801
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcmMM1+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DCM1+V
                            MD5:DC007D4B9C02AAD2DBD48E73624B893E
                            SHA1:9BEE9D21566D6C6D4873EFF9429AE3D3F85BA4E4
                            SHA-256:3BF37836C9358EC0ABD9691D8F59E69E8F6084A133A50650239890C458D4AA41
                            SHA-512:45D3BC383A33F7079A6D04079112FD73DB2DDBB7F81BFF8172FABCAA949684DC31C8B156E647F77AF8BA26581D3812D510C250CDC4D7EEEC788DDB2B77CD47E8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Conakry) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Dakar

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.8075658510312484
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcXXMFBx/2DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DKXEB4
                            MD5:CDA180DB8DF825268DB06298815C96F0
                            SHA1:20B082082CFA0DF49C0DF4FD698EBD061280A2BB
                            SHA-256:95D31A4B3D9D9977CBDDD55275492A5A954F431B1FD1442C519255FBC0DBA615
                            SHA-512:2D35698DE3BF1E90AB37C84ED4E3D0B57F02555A8AEB98659717EEC1D5EED17044D446E12B5AAC12A9721A3F9667343C5CACD7AB00BF986285B8084FF9384654
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Dakar) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Dar_es_Salaam

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):186
                            Entropy (8bit):4.795449330458551
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2Dc8bEH+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DJbVDkr
                            MD5:AF8E3E86312E3A789B82CECEDDB019CE
                            SHA1:6B353BAB18E897151BF274D6ACF410CDFF6F00F0
                            SHA-256:F39E4CABE33629365C2CEF6037871D698B942F0672F753212D768E865480B822
                            SHA-512:9891AA26C4321DD5C4A9466F2EE84B14F18D3FFD71D6E8D2DE5CAFE4DC563D85A934B7B4E55926B30181761EF8C9B6C97746F522718BAE9DCBE4BDDE70C42B53
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Dar_es_Salaam) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Djibouti

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.779330261863059
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcRHKQ1BQDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DOrkDkr
                            MD5:1440C37011F8F31213AE5833A3FCD5E1
                            SHA1:9EEE9D7BB3A1E29EDDE90D7DBE63ED50513A909B
                            SHA-256:A4E0E775206EDBA439A454649A7AC94AE3AFEADC8717CBD47FD7B8AC41ADB06F
                            SHA-512:D82FF9C46C8845A6F15DC96AF8D98866C601EF0B4F7F5F0260AD571DD46931E90443FFEB5910D5805C5A43F6CC8866116066565646AE2C96E1D260999D1641F0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Djibouti) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Douala

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.800219030063992
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcnKe2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dml2D4v
                            MD5:18C0C9E9D5154E20CC9301D5012066B9
                            SHA1:8395E917261467EC5C27034C980EDD05F2242F40
                            SHA-256:0595C402B8499FC1B67C196BEE24BCA4DE14D3E10B8DBBD2840D2B4C88D9DF28
                            SHA-512:C53540E25B76DF8EC3E2A5F27B473F1D6615BFBD043E133867F3391B057D8552350F912DF55DD11C1357765EF76D8E286BBBE839F28295D09751243DC0201BDF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Douala) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\El_Aaiun

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1281
                            Entropy (8bit):3.6551425401331312
                            Encrypted:false
                            SSDEEP:24:cQbe5T7pkNUSMSA7ZXgUSGjX6JAWqS26WZrW0SKQYJZRWXpSjv:5opMfMSA7ZXfSGjX6JAzS26WZrW0SKQm
                            MD5:8E9FF3CB18879B1C69A04F45715D24BB
                            SHA1:EF391BF1C3E1DEC08D8158B82B2FB0ED3E69866E
                            SHA-256:A6CFC4359B7E2D650B1851D805FF5CD4562D0D1253793EA0978819B9A2FCC0E2
                            SHA-512:6BFF03EE8973E2204181967987930EECDD39789DB353DB2EFC786027A8013CFF4835FAB9E3F0AF935D2A2D49CCEBE565FD481BA230EDF4D22A7848D4781C877C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/El_Aaiun) {. {-9223372036854775808 -3168 0 LMT}. {-1136070432 -3600 0 -01}. {198291600 0 0 +00}. {199756800 3600 1 +00}. {207702000 0 0 +00}. {231292800 3600 1 +00}. {244249200 0 0 +00}. {265507200 3600 1 +00}. {271033200 0 0 +00}. {1212278400 3600 1 +00}. {1220223600 0 0 +00}. {1243814400 3600 1 +00}. {1250809200 0 0 +00}. {1272758400 3600 1 +00}. {1281222000 0 0 +00}. {1301788800 3600 1 +00}. {1312066800 0 0 +00}. {1335664800 3600 1 +00}. {1342749600 0 0 +00}. {1345428000 3600 1 +00}. {1348970400 0 0 +00}. {1367114400 3600 1 +00}. {1373162400 0 0 +00}. {1376100000 3600 1 +00}. {1382839200 0 0 +00}. {1396144800 3600 1 +00}. {1403920800 0 0 +00}. {1406944800 3600 1 +00}. {1414288800 0 0 +00}. {1427594400 3600 1 +00}. {1434247200 0 0 +00}. {1437271200 3600 1 +00}. {1445738400 0 0 +00}. {1459044000 3600 1 +00}. {146509200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Freetown

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.817633094200984
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcu5sp4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dk4DBP
                            MD5:035B36DF91F67179C8696158F58D0CE8
                            SHA1:E43BFF33090324110048AC19CBA16C4ED8D8B3FE
                            SHA-256:3101942D9F3B2E852C1D1EA7ED85826AB9EA0F8953B9A0E6BAC32818A2EC9EDD
                            SHA-512:A7B52154C6085E5D234D6D658BA48D2C8EC093A429C3907BE7D16654F6EE9EBE8E3100187650956E5164B18340AB0C0979C1F4FA90EFE0CC423FBA5F14F45215
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Freetown) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Gaborone

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.8512443534123255
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcHK0o/4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DAV+4G
                            MD5:BA2C7443CFCB3E29DB84FEC16B3B3843
                            SHA1:2BA7D68C48A79000B1C27588A20A751AA04C5779
                            SHA-256:28C1453496C2604AA5C42A88A060157BDFE22F28EDD1FBC7CC63B02324ED8445
                            SHA-512:B275ABAADA7352D303EFEAD66D897BE3099A33B80EA849F9F1D98D522AA9A3DC44E1D979C0ABF2D7886BACF2F86D25837C971ECE6B2AF731BE2EE0363939CBDE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Gaborone) $TZData(:Africa/Maputo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Harare

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.835896095919456
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62Dc0B5h4DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62Dlfh4G
                            MD5:59137CFDB8E4B48599FB417E0D8A4A70
                            SHA1:F13F9932C0445911E395377FB51B859E4F72862A
                            SHA-256:E633C6B619782DA7C21D548E06E6C46A845033936346506EA0F2D4CCCDA46028
                            SHA-512:2DCEB9A9FA59512ADCDE4946F055718A8C8236A912F6D521087FC348D52FFF462B5712633FDA5505876C500F5FD472381B3AC90CF1AEDF0C96EA08E0A0D3B7BA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Harare) $TZData(:Africa/Maputo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Johannesburg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):298
                            Entropy (8bit):4.638948195674004
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52DWbAm2OHePP1mXs0//HF20706VcF206KsF:MBp52DWkmdHePP1mcUvFxJVcFEKsF
                            MD5:256740512DCB35B4743D05CC24C636DB
                            SHA1:1FD418712B3D7191549BC0808CF180A682AF7FC1
                            SHA-256:768E9B2D9BE96295C35120414522FA6DD3EDA4500FE86B6D398AD452CAF6FA4B
                            SHA-512:DCFF6C02D1328297BE24E0A640F5823BFD23BDE67047671AC18EB0B1F450C717E273B27A48857F54A18D6877AB8132AAED94B2D87D2F962DA43FE473FC3DDC94
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Johannesburg) {. {-9223372036854775808 6720 0 LMT}. {-2458173120 5400 0 SAST}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {-829526400 10800 1 SAST}. {-813805200 7200 0 SAST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Juba

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1059
                            Entropy (8bit):3.9545766161038602
                            Encrypted:false
                            SSDEEP:24:cQresZkn0Vb0iluy8pLXeKXhCvN9U0TlW50qCPR8jYJRFp0Q8SdAri/8+u8Wb2:5on010ilux1XeKXhCvN9U0TMGqCp8jYH
                            MD5:79FCA072C6AABA65FB2DC83F33BFA17E
                            SHA1:AC86AA9B0EAACAB1E4FDB14AECD8D884F8329A5A
                            SHA-256:C084565CC6C217147C00DCA7D885AC917CFC8AF4A33CBA146F28586AD6F9832C
                            SHA-512:9F19DEA8E21CE3D3DCA0AFC5588203DBB6F5A13BBE10CFDA0CEBE4A417384B85DB3BFFC48687EF7AD27268715FC154E235C106EC91875BA646C6759D285F1027
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Juba) {. {-9223372036854775808 7588 0 LMT}. {-1230775588 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1 CAST

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Kampala

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):180
                            Entropy (8bit):4.787605387034664
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcJEl2DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DIEl2Dkr
                            MD5:8CF1CA04CD5FC03D3D96DC49E98D42D4
                            SHA1:4D326475E9216089C872D5716C54DEB94590FCDE
                            SHA-256:A166E17E3A4AB7C5B2425A17F905484EBFDBA971F88A221155BCA1EC5D28EA96
                            SHA-512:1301B9469ED396198A2B87CBA254C66B148036C0117D7D4A8286CB8729296AD735DF16581AEF0715CEE24213E91970F181824F3A64BCF91435FDAD85DCD78C84
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Kampala) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Khartoum

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1091
                            Entropy (8bit):3.9616554773567083
                            Encrypted:false
                            SSDEEP:24:cQWe9hXn0Vb0iluy8pLXeKXhCvN9U0TlW50qCPR8jYJRFp0Q8SdAri/8+u8WbVgM:5vn010ilux1XeKXhCvN9U0TMGqCp8jYs
                            MD5:A00B0C499DE60158C9990CFE9628FEA4
                            SHA1:44B768C63E170331396B4B81ABF0E3EDD8B0D864
                            SHA-256:FCFF440D525F3493447C0ACFE32BB1E8BCDF3F1A20ADC3E0F5D2B245E2DB10E9
                            SHA-512:30BF22857AA4C26FC6178C950AB6EAB472F2AC77D2D8EB3A209DCDEF2DDC8312B0AB6DA3428936CA16225ABE652DDB8536D870DB1905027AD7BD7FF245871556
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Khartoum) {. {-9223372036854775808 7808 0 LMT}. {-1230775808 7200 0 CAT}. {10360800 10800 1 CAST}. {24786000 7200 0 CAT}. {41810400 10800 1 CAST}. {56322000 7200 0 CAT}. {73432800 10800 1 CAST}. {87944400 7200 0 CAT}. {104882400 10800 1 CAST}. {119480400 7200 0 CAT}. {136332000 10800 1 CAST}. {151016400 7200 0 CAT}. {167781600 10800 1 CAST}. {182552400 7200 0 CAT}. {199231200 10800 1 CAST}. {214174800 7200 0 CAT}. {230680800 10800 1 CAST}. {245710800 7200 0 CAT}. {262735200 10800 1 CAST}. {277246800 7200 0 CAT}. {294184800 10800 1 CAST}. {308782800 7200 0 CAT}. {325634400 10800 1 CAST}. {340405200 7200 0 CAT}. {357084000 10800 1 CAST}. {371941200 7200 0 CAT}. {388533600 10800 1 CAST}. {403477200 7200 0 CAT}. {419983200 10800 1 CAST}. {435013200 7200 0 CAT}. {452037600 10800 1 CAST}. {466635600 7200 0 CAT}. {483487200 10800 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Kigali

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.8623059127375585
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcCJRx+DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DRX+Da
                            MD5:32AE0D7A7E7F0DF7AD0054E959A53B09
                            SHA1:AE455C96401EBB1B2BDE5674A71A182D9E12D7BD
                            SHA-256:7273FA039D250CABAE2ACCE926AB483B0BF16B0D77B9C2A7B499B9BDFB9E1CBB
                            SHA-512:DC8E89A75D7212D398A253E6FF3D10AF72B7E14CBC07CA53C6CB01C8CE40FB12375E50AD4291C973C872566F8D875D1E1A2CF0A38F02C91355B957095004563E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Kigali) $TZData(:Africa/Maputo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Kinshasa

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.816805447465336
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcqQFeDcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DdD4v
                            MD5:90EC372D6C8677249C8C2841432F0FB7
                            SHA1:5D5E549496962420F56897BC01887B09EC863D78
                            SHA-256:56F7CA006294049FA92704EDEAD78669C1E9EABE007C41F722E972BE2FD58A37
                            SHA-512:93FD7C8F5C6527DCCFBF21043AB5EED21862A22DA1FDB3ED7635723060C9252D76541DAD3A76EBF8C581A82A6DBEF2766DD428ACE3A9D6A45954A787B686B1CA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Kinshasa) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Lagos

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):141
                            Entropy (8bit):4.965079502032549
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52DcGemFFkXGm2OHWTdvUQDWTFWZRYvCn:SlSWB9X52D4mFJm2OHWTdRDWTGRLn
                            MD5:51D7AC832AE95CFDE6098FFA6FA2B1C7
                            SHA1:9DA61FDA03B4EFDA7ACC3F83E8AB9495706CCEF1
                            SHA-256:EEDA5B96968552C12B916B39217005BF773A99CA17996893BC87BCC09966B954
                            SHA-512:128C8D3A0AA7CF4DFAE326253F236058115028474BF122F14AB9461D910A03252FEEB420014CA91ACFBF94DF05FBFCADE98217FC59A86A2581BB68CDC83E88C8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Lagos) {. {-9223372036854775808 816 0 LMT}. {-1588464816 3600 0 WAT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Libreville

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.816649832558406
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcr7bp4DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dgfp4Di
                            MD5:D1387B464CFCFE6CB2E10BA82D4EEE0E
                            SHA1:F672B694551AB4228D4FC938D0CC2DA635EB8878
                            SHA-256:BEE63E4DF9D03D2F5E4100D0FCF4E6D555173083A4470540D4ADC848B788A2FC
                            SHA-512:DEB95AAB852772253B60F83DA9CE5E24144386DFBFB1F1E9A77905511181EC84FD13B00200602D6C276820527206EE0078DDE81CC0F1B1276B8BF4360C2CDB1E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Libreville) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Lome

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.813464796454866
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2Dcih4DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DNh4DB
                            MD5:D2AA823E78DD8E0A0C83508B6378DE5D
                            SHA1:C26E03EF84C3C0B6001F0D4471907A94154E6850
                            SHA-256:345F3F9422981CC1591FBC1B5B17A96F2F00F0C191DF23582328D44158041CF0
                            SHA-512:908F8D096DA6A336703E7601D03477CECBCDC8D404C2410C7F419986379A14943BB61B0D92D87160D5F1EF5B229971B2B9D122D2B3F70746CED0D4D6B10D7412
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Lome) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Luanda

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.807298951345495
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DccLtBQDcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DXQD4v
                            MD5:E851465BCA70F325B0B07E782D6A759E
                            SHA1:3B3E0F3FD7AF99F941A3C70A2A2564C9301C8CFB
                            SHA-256:F7E1DCBAE881B199F2E2BF18754E145DDED230518C691E7CB34DAE3C922A6063
                            SHA-512:5F655B45D7A16213CE911EDAD935C1FEE7A947C0F5157CE20712A00B2A12A34AE51D5C05A392D2FF3A0B2DA7787D6C614FF100DDE7788CA01AAE21F10DD1CC3A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Luanda) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Lubumbashi

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):180
                            Entropy (8bit):4.893308860167744
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcfpT0DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62D8pT0G
                            MD5:CD638B7929FB8C474293D5ECF1FE94D3
                            SHA1:149AD0F3CF8AC1795E84B97CFF5CEB1FD26449C4
                            SHA-256:41D32824F28AE235661EE0C959E0F555C44E3E78604D6D2809BBA2254FD47258
                            SHA-512:D762C49B13961A01526C0DD9D7A55E202448E1B46BA64F701FB2E0ABE0F44B2C3DF743864B9E62DC07FD6CEA7197945CE246C89CDACB1FEC0F924F3ECC46B170
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lubumbashi) $TZData(:Africa/Maputo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Lusaka

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.857012096036922
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsfKGyVAIgNGEjKKW62DcOf+DcfKu:SlSWB9IZaM3y7fYVAIgNTj5W62DkDE/
                            MD5:3769866ADC24DA6F46996E43079C3545
                            SHA1:546FA9C76A1AE5C6763B31FC7214B8A2B18C3C52
                            SHA-256:5BAF390EA1CE95227F586423523377BABD141F0B5D4C31C6641E59C6E29FFAE0
                            SHA-512:DEA8CAB330F6321AD9444DB9FEC58E2CBCC79404B9E5539EABB52DBC9C3AC01BA1E8A3E1EC32906F02E4E4744271D84B626A5C32A8CD8B22210C42DD0E774A9C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Maputo)]} {. LoadTimeZoneFile Africa/Maputo.}.set TZData(:Africa/Lusaka) $TZData(:Africa/Maputo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Malabo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.807416212132411
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2Dcn2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2D42D4v
                            MD5:37C13E1D11C817BA70DDC84E768F8891
                            SHA1:0765A45CC37EB71F4A5D2B8D3359AEE554C647FF
                            SHA-256:8F4F0E1C85A33E80BF7C04CF7E0574A1D829141CC949D2E38BDCC174337C5BAE
                            SHA-512:1E31BBA68E85A8603FBDD27DA68382CBC6B0E1AB0763E86516D3EFD15CFF106DE02812756F504AEE799BF6742423DF5732352D488B3F05B889BE5E48594F558D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Malabo) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Maputo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):4.906945970372021
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52DcfKUXGm2OHoVvXdSF2iv:SlSWB9X52DESm2OHoVPdM
                            MD5:5497C01E507E7C392944946FCD984852
                            SHA1:4C3FD215E931CE36FF095DD9D23165340D6EECFE
                            SHA-256:C87A6E7B3B84CFFA4856C4B6C37C5C8BA5BBB339BDDCD9D2FD34CF17E5553F5D
                            SHA-512:83A2AA0ED1EB22056FFD3A847FB63DD09302DA213FE3AB660C41229795012035B5EA64A3236D3871285A8E271458C2DA6FCD599E5747F2F842E742C11222671A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Maputo) {. {-9223372036854775808 7820 0 LMT}. {-2109291020 7200 0 CAT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Maseru

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):194
                            Entropy (8bit):4.91873415322653
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7HbsvFVAIgNTzbDJL2DZQs+DWbBn:MBaIMaHw4NHnJL2DZiDWt
                            MD5:71A4197C8062BBFCCC62DCEFA87A25F9
                            SHA1:7490FAA5A0F5F20F456E71CBF51AA6DEB1F1ACC8
                            SHA-256:4B33414E2B59E07028E9742FA4AE34D28C08FD074DDC6084EDB1DD179198B3C1
                            SHA-512:A71CCB957FB5102D493320F48C94ADB642CCAA5F7F28BDDE05D1BB175C29BCBAC4D19DBC481AC0C80CE48F8E3840746C126CBC9CE511CA48D4E53DE22B3D66E7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Maseru) $TZData(:Africa/Johannesburg).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Mbabane

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):195
                            Entropy (8bit):4.911369740193625
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7HbsvFVAIgNTzbDJL2DzjEHp4DWbBn:MBaIMaHw4NHnJL2DzjEJ4DWt
                            MD5:8F4C02CE326FAEEBD926F94B693BFF9E
                            SHA1:9E8ABB12E4CFE341F24F5B050C75DDE3D8D0CB53
                            SHA-256:029AD8C75A779AED71FD233263643DADE6DF878530C47CF140FC8B7755DDA616
                            SHA-512:4B7D2D1D8DA876ABCD1E44FD5E4C992287F2B62B7C7BC3D6FD353E6312053F6762DBD11C0F27056EF8E37C8A2AF8E5111CF09D4EB6BB32EC1FF77F4C0C37917B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Johannesburg)]} {. LoadTimeZoneFile Africa/Johannesburg.}.set TZData(:Africa/Mbabane) $TZData(:Africa/Johannesburg).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Mogadishu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):182
                            Entropy (8bit):4.828470940863702
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt2DcBEBXCEeDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL2DFSVDkr
                            MD5:B686E9408AB6EC58F3301D954A068C7E
                            SHA1:C1259C31F93EB776F0F401920F076F162F3FFB2D
                            SHA-256:79DB89294DAE09C215B9F71C61906E49AFAA5F5F27B4BC5B065992A45B2C183D
                            SHA-512:CF96C687D33E68EB498A63EC262FC968858504410F670C6F492532F7C22F507BEACD41888B0A7527C30974DC545CCA9C015898E2D7C0C6D14C14C88F8BBED5C5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Africa/Mogadishu) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Monrovia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):200
                            Entropy (8bit):4.81604007062907
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52D3NwTm2OHrFGxYPlHIgafTwG5B:MBp52D3NwTmdHhmYPdIgar5B
                            MD5:8F9D1916FF86E2F8C5C9D4ABCC405D53
                            SHA1:286BFEC8F7CE6729F84FD6CFEE6A40B7277A4DFF
                            SHA-256:182F2608422FF14C53DC8AC1EDFFE054AE011275C1B5C2423E286AD95910F44C
                            SHA-512:7EEF6840E54313EF1127694F550986BF97BB1C8BD51DED0AB6D5842B74B5BF0406C65B293F1106E69DDFA0B01AD46756492DEDD9ECCBD077BB75FDA95A9E1912
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Monrovia) {. {-9223372036854775808 -2588 0 LMT}. {-2776979812 -2588 0 MMT}. {-1604359012 -2670 0 MMT}. {63593070 0 0 GMT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Nairobi

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):235
                            Entropy (8bit):4.70181156382821
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52DkWJm2OHsvT5X26V/7VVpVCgekKB9TQ4U/w:MBp52DdJmdHsvVXHVVnmQ4U/w
                            MD5:B6562D5A53E05FAAD80671C88A9E01D3
                            SHA1:0014B14CFDDE47E603962935F8297C4C46533084
                            SHA-256:726980DCC13E0596094E01B8377E17029A2FCCE6FE93538C61E61BA620DD0971
                            SHA-512:D9C2838C89B0537C7F7A7319600D69D09AC004BD72358B452425A3B4861140246F71A94F004C2EF739620E81062F37ED9DA6D518F74956630006DD5674925A63
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Nairobi) {. {-9223372036854775808 8836 0 LMT}. {-1309746436 10800 0 EAT}. {-1262314800 9000 0 +0230}. {-946780200 9900 0 +0245}. {-315629100 10800 0 EAT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Ndjamena

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):200
                            Entropy (8bit):4.8064239600480985
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52DjXm2OHNseVaxCXGFaS1HkFWTvLn:MBp52DjXmdHPVX8aS2yzn
                            MD5:459DA3ECBE5C32019D1130DDEAB10BAA
                            SHA1:DD1F6653A7B7B091A57EC59E271197CEC1892594
                            SHA-256:F36F8581755E1B40084442C43C60CC904C908285C4D719708F2CF1EADB778E2E
                            SHA-512:FF74D540157DE358E657E968C9C040B8FE5C806D22782D878575BFAC68779303E6071DC84D6773BC06D299AC971B0EB6B38CA50439161574B5A50FF6F1704046
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Ndjamena) {. {-9223372036854775808 3612 0 LMT}. {-1830387612 3600 0 WAT}. {308703600 7200 1 WAST}. {321314400 3600 0 WAT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Niamey

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.822255424633636
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcdhA9Ff2DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2Dsh2f2e
                            MD5:3142A6EAC3F36C872E7C32F8AF43A0F8
                            SHA1:0EACF849944A55D4AB8198DDD0D3C5494D1986DA
                            SHA-256:1704A1A82212E6DB71DA54E799D81EFA3279CD53A6BFA980625EE11126603B4C
                            SHA-512:BB3DADC393D0CF87934629BBFAFAD3AD9149B80843FC5447670812357CC4DFBCAF71F7104EBF743C06517BB42111B0DB9028B22F401A50E17085431C9200DAB2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Niamey) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Nouakchott

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):183
                            Entropy (8bit):4.862257004762335
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcboGb+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2Dqbb+V
                            MD5:6849FA8FFC1228286B08CE0950FEB4DD
                            SHA1:7F8E8069BA31E2E549566011053DA01DEC5444E9
                            SHA-256:2071F744BC880E61B653E2D84CED96D0AD2485691DDE9FFD38D3063B91E4F41F
                            SHA-512:30211297C2D8255D4B5195E9781931861A4DF55C431FFC6F83FE9C00A0089ED56179C07D33B1376C5DE8C0A9ABF2CFE473EF32AD14239DFD9599EA66BC286556
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Nouakchott) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Ouagadougou

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.872638989714255
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcXCZDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2D1DBP
                            MD5:7FF39BAAF47859EE3CD60F3E2C6DFC7D
                            SHA1:5CFC8B14222554156985031C7E9507CE3311F371
                            SHA-256:47E40BDBAC36CDB847C2E533B9D58D09FE1DBA2BED49C49BC75DD9086A63C6EB
                            SHA-512:DEEA0982593AE7757E70BD2E933B20B65CD9613891DC734AA4E6EC14D12AD119D2C69BA38E6FA4AE836C6CE14E57F35AE7F53345ACA4CF70AD67680E49BC6B7C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Ouagadougou) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Porto-Novo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.845403930433216
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsGe4FVAIgNGESIRL2DcyTKM0DcGev:SlSWB9IZaM3y7V4FVAIgNT9L2DQD4v
                            MD5:9A4C8187E8AC86B1CF4177702A2D933A
                            SHA1:6B54BBBE6D7ABC780EE11922F3AC50CDE3740A1F
                            SHA-256:6292CC41FE34D465E3F38552BDE22F456E16ABCBAC0E0B813AE7566DF3725E83
                            SHA-512:8008DB5E6F4F8144456021BB6B112B24ADB1194B1D544BBCB3E101E0684B63F4673F06A264C651A4BC0296CB81F7B4D73D47EAC7E1EC98468908E8B0086B2DDD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Lagos)]} {. LoadTimeZoneFile Africa/Lagos.}.set TZData(:Africa/Porto-Novo) $TZData(:Africa/Lagos).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Sao_Tome

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):200
                            Entropy (8bit):4.8463501042309645
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52DcOFwFkXGm2OHzT5vXbeaFnvUdSa5FF1IEvWZvZYvCn:SlSWB9X52DIJm2OHH5PzdVacbLn
                            MD5:D28C0D0628DE3E5D9662A3376B20D5B4
                            SHA1:464351F257655F10732CA9A1E59CF6587B33F8A1
                            SHA-256:B9F317EAA504A195BD658BA7EE9EE22D816BF46A1FFDB8D8DA573D311A5FF78A
                            SHA-512:B056E7A16CE8E5CC420F88AF26E893348117306D66ED2DF4C6A6C2CA9F48783714E08AACF94BC646A1B4A2B3FB2080A4E53EDF4633C9AE259BBBA3F8ABE4DEE3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Sao_Tome) {. {-9223372036854775808 1616 0 LMT}. {-2713912016 -2205 0 LMT}. {-1830384000 0 0 GMT}. {1514768400 3600 0 WAT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Timbuktu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.85737401659099
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2DcHdDcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2DwdDBP
                            MD5:AF295B9595965712D77952D692F02C6B
                            SHA1:BC6737BD9BFD52FE538376A1441C59FB4FC1A038
                            SHA-256:13A06D69AEB38D7A2D35DF3802CEE1A6E15FA1F5A6648328A9584DD55D11E58C
                            SHA-512:E47C5EA2DFBC22CF9EAC865F67D01F5593D3CDDB51FDE24CDD13C8957B70F50111675D8E94CA859EC9B6FAA109B3EFA522C3985A69FE5334156FEE66B607006E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Africa/Timbuktu) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Tripoli

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):920
                            Entropy (8bit):4.074538534246205
                            Encrypted:false
                            SSDEEP:12:MBp52D0mdHrjWC+fGZni8hRSUNvoTC3yJ/Z9vPdq8UwLVFoBZdEthEK7st5kS1R:cQIevhR5FNgTbJ3b3D0WeXR
                            MD5:A53F5CD6FE7C2BDD8091E38F26EEA4D1
                            SHA1:90FB5EE343FCC78173F88CA59B35126CC8C07447
                            SHA-256:D2FCC1AD3BFE20954795F2CDFFFE96B483E1A82640B79ADAA6062B96D143E3C7
                            SHA-512:965E42972994AE79C9144323F87C904F393BA0CDF75186C346DA77CFAA1A2868C68AF8F2F1D63D5F06C5D1D4B96BA724DD4BC0DF7F5C4BD77E379AA674AE12DA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tripoli) {. {-9223372036854775808 3164 0 LMT}. {-1577926364 3600 0 CET}. {-574902000 7200 1 CEST}. {-512175600 7200 1 CEST}. {-449888400 7200 1 CEST}. {-347158800 7200 0 EET}. {378684000 3600 0 CET}. {386463600 7200 1 CEST}. {402271200 3600 0 CET}. {417999600 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {465429600 3600 0 CET}. {481590000 7200 1 CEST}. {496965600 3600 0 CET}. {512953200 7200 1 CEST}. {528674400 3600 0 CET}. {544230000 7200 1 CEST}. {560037600 3600 0 CET}. {575852400 7200 1 CEST}. {591660000 3600 0 CET}. {607388400 7200 1 CEST}. {623196000 3600 0 CET}. {641775600 7200 0 EET}. {844034400 3600 0 CET}. {860108400 7200 1 CEST}. {875919600 7200 0 EET}. {1352505600 3600 0 CET}. {1364515200 7200 1 CEST}. {1382662800 7200 0 EET}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Tunis

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1072
                            Entropy (8bit):4.074604685883076
                            Encrypted:false
                            SSDEEP:12:MBp52DgmdHjPbwSRjneMVyDKCNFWLFyBXS9/3S3K/CBmvyncSuZSqLS2C6oPwVFD:cQUejbwSRyS2Uyc+FcJLKgzmcx9b
                            MD5:1899EDCB30CDDE3A13FB87C026CD5D87
                            SHA1:4C7E25A36E0A62F3678BCD720FCB8911547BAC8D
                            SHA-256:F0E01AA40BB39FE64A2EB2372E0E053D59AA65D64496792147FEFBAB476C4EC3
                            SHA-512:FD22A2A7F9F8B66396152E27872CCBA6DA967F279BAF21BC91EF76E86B59505B3C21D198032B853427D9FFAB394FBB570F849B257D6F6821916C9AB29E7C37A1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Tunis) {. {-9223372036854775808 2444 0 LMT}. {-2797202444 561 0 PMT}. {-1855958961 3600 0 CET}. {-969242400 7200 1 CEST}. {-950493600 3600 0 CET}. {-941940000 7200 1 CEST}. {-891136800 3600 0 CET}. {-877827600 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-842918400 3600 0 CET}. {-842223600 7200 1 CEST}. {-828230400 3600 0 CET}. {-812502000 7200 1 CEST}. {-796269600 3600 0 CET}. {-781052400 7200 1 CEST}. {-766634400 3600 0 CET}. {231202800 7200 1 CEST}. {243903600 3600 0 CET}. {262825200 7200 1 CEST}. {276044400 3600 0 CET}. {581122800 7200 1 CEST}. {591145200 3600 0 CET}. {606870000 7200 1 CEST}. {622594800 3600 0 CET}. {641516400 7200 1 CEST}. {654649200 3600 0 CET}. {1114902000 7200 1 CEST}. {1128038400 3600 0 CET}. {1143334800 7200 1 CEST}. {1162083600 3600 0 CET}. {1174784400 7200 1 CEST}. {1193533200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Africa\Windhoek

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1591
                            Entropy (8bit):3.915421470240155
                            Encrypted:false
                            SSDEEP:48:5qtCmcMxTFD9nJivm/8ySy/tnwfn8OIxJJSV1AnNlKQmX0UTjJx2MgXgprKfks1/:QCj6tXww023zn/
                            MD5:18BD78EB14E153DAAAAE70B0A6A2510C
                            SHA1:A91BA216A2AB62B138B1F0247D75FBA14A5F05C0
                            SHA-256:639A57650A4EA5B866EAAA2EEC0562233DC92CF9D6955AC387AD954391B850B1
                            SHA-512:88F34732F843E95F2A2AD4FAA0B5F945DD69B65FDDB4BB7DD957B95283B7AE995F52050B45A6332864C1C5CC4611390F6827D82569D343B5E1B9DDFE0AE5A633
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Africa/Windhoek) {. {-9223372036854775808 4104 0 LMT}. {-2458170504 5400 0 +0130}. {-2109288600 7200 0 SAST}. {-860976000 10800 1 SAST}. {-845254800 7200 0 SAST}. {637970400 7200 0 CAT}. {764200800 3600 1 WAT}. {778640400 7200 0 CAT}. {796780800 3600 1 WAT}. {810090000 7200 0 CAT}. {828835200 3600 1 WAT}. {841539600 7200 0 CAT}. {860284800 3600 1 WAT}. {873594000 7200 0 CAT}. {891734400 3600 1 WAT}. {905043600 7200 0 CAT}. {923184000 3600 1 WAT}. {936493200 7200 0 CAT}. {954633600 3600 1 WAT}. {967942800 7200 0 CAT}. {986083200 3600 1 WAT}. {999392400 7200 0 CAT}. {1018137600 3600 1 WAT}. {1030842000 7200 0 CAT}. {1049587200 3600 1 WAT}. {1062896400 7200 0 CAT}. {1081036800 3600 1 WAT}. {1094346000 7200 0 CAT}. {1112486400 3600 1 WAT}. {1125795600 7200 0 CAT}. {1143936000 3600 1 WAT}. {1157245200 7200 0 CAT}. {1175385600 3600 1 WAT}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Adak

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8171
                            Entropy (8bit):3.783938143940452
                            Encrypted:false
                            SSDEEP:96:DGWQm82ctfc/TVu7pAmKABmAlJD1NPaTsrEe50IC:DGWQm67pAmKABmiD1R2sG
                            MD5:DD838D2C8CF84B775BBCBA7868E7FFB5
                            SHA1:509CFC15E2CBFC2F183B4A3CDEC42C8427EBA825
                            SHA-256:01A88ADE038DDD264B74ED921441642CAA93830CEF9594F70188CCF6D19C4664
                            SHA-512:9D520CADC0134E7812B5643311246CED011A22D50240A03260478C90B69EC325AE5BD7548BA266E00253AC3288605A912C5DBB026EA1516CB2030F302BFCDF0E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Adak) {. {-9223372036854775808 44002 0 LMT}. {-3225223727 -42398 0 LMT}. {-2188944802 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Anchorage

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8410
                            Entropy (8bit):3.882284820226162
                            Encrypted:false
                            SSDEEP:96:RWFxXw34N+YXSUKC8aaIqDPRs/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:Rsd6M/4h5sBPy+CMt/ElALLVuAH
                            MD5:30468928CFDD0B6AAC8EA5BF84956E21
                            SHA1:0B146D4D789CD49F0A7FEDFFE85FFD31C0926D9C
                            SHA-256:202A45DEBFD6E92EF21E2FFF37281C1DE5B4AF4C79DC59A642013EBB37FE5AF0
                            SHA-512:721049A2C751BC3F90B0D757C85F59971B46C70942B2F8A20B0E0E0834B89BBE9A5F16D20AEB5F58C1B6268D71DD5F39F9135C60FDE692E3E472598E054C1D96
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Anchorage) {. {-9223372036854775808 50424 0 LMT}. {-3225223727 -35976 0 LMT}. {-2188951224 -36000 0 AST}. {-883576800 -36000 0 AST}. {-880200000 -32400 1 AWT}. {-769395600 -32400 1 APT}. {-765378000 -36000 0 AST}. {-86882400 -36000 0 AHST}. {-31500000 -36000 0 AHST}. {-21470400 -32400 1 AHDT}. {-5749200 -36000 0 AHST}. {9979200 -32400 1 AHDT}. {25700400 -36000 0 AHST}. {41428800 -32400 1 AHDT}. {57754800 -36000 0 AHST}. {73483200 -32400 1 AHDT}. {89204400 -36000 0 AHST}. {104932800 -32400 1 AHDT}. {120654000 -36000 0 AHST}. {126705600 -32400 1 AHDT}. {152103600 -36000 0 AHST}. {162388800 -32400 1 AHDT}. {183553200 -36000 0 AHST}. {199281600 -32400 1 AHDT}. {215607600 -36000 0 AHST}. {230731200 -32400 1 AHDT}. {247057200 -36000 0 AHST}. {262785600 -32400 1 AHDT}. {278506800 -36000 0 AHST}. {294235200 -32400 1 AHDT}. {309956400 -360

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Anguilla

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):203
                            Entropy (8bit):4.9101657646476164
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290/8J5290e/:MBaIMY9QpI290/8m90O
                            MD5:F7D915076ABE4FF032E13F8769D38433
                            SHA1:F930A8943E87105EE8523F640EA6F65BD4C9CE78
                            SHA-256:9D368458140F29D95CAB9B5D0259DE27B52B1F2E987B4FA1C12F287082F4FE56
                            SHA-512:63C99FFA65F749B7637D0DF5A73A21AC34DFEAD364479DE992E215258A82B9C15AB0D45AAF29BD2F259766346FDB901412413DD44C5D45BB8DF6B582C34F48B3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Anguilla) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Antigua

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):202
                            Entropy (8bit):4.90033942341457
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290//MFe90e/:MBaIMY9QpI290//V90O
                            MD5:25CA3996DDB8F1964D3008660338BA72
                            SHA1:B66D73B5B38C2CCCA78232ADC3572BBBEB79365D
                            SHA-256:A2ABBD9BCFCE1DB1D78C99F4993AC0D414A08DB4AC5CE915B81119E17C4DA76F
                            SHA-512:A25AFE4FD981F458FE194A5D87C35BE5FC7D4426C1EEE8311AE655BB53364CD4AAC0710C0D7E6A91C0F248E2A6916902F4FD43A220CFF7A6474B77D93CF35C81
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Antigua) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Araguaina

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1722
                            Entropy (8bit):3.6435096006301833
                            Encrypted:false
                            SSDEEP:48:5s4h19U2dBUGrmO7XGtN3kh0VKnNIVkHZU7WWhKRWRN:Cm19U2zUGrpzGtVE0VKnyVkHZWWWhKRG
                            MD5:6349567E3ED0FD11DD97056D2CFF11EE
                            SHA1:404F1B311D7072A6372351366BA15BB94F3AC7D2
                            SHA-256:41C816E9C0217A01D9288014013CD1D315B2CEB719F8BB310670D02B664A4462
                            SHA-512:782910DFA0FF8FEDB94D622271FA0FF983BC50A4FEE95FFC8EC3E89FB123B82C26701D81A994A8248F1C1CA0B1EF49C2752C4D7B498A0A623D79E2B6753DA432
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Araguaina) {. {-9223372036854775808 -11568 0 LMT}. {-1767214032 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Buenos_Aires

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1981
                            Entropy (8bit):3.6790048972731686
                            Encrypted:false
                            SSDEEP:48:5Wcap0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWvXydhSTP:vC0ZB9yRwhS+/po/lKENURMo8XvCWvX1
                            MD5:93B8CF61EDC7378C39BE33A77A4222FC
                            SHA1:8A01D2B22F8FC163B0FDCED4305C3FA08336AF7D
                            SHA-256:35E05545A12E213DCBC0C2F7FDCA5C79CD522E7D2684EDF959E8A0A991BEF3C8
                            SHA-512:68333AB0C9348AF0994DB26FB6D34FF67ABF56AF1FBABB77F2C9EFF20E9A2DB2B59C5B81DF0C42299DE459B03DF13E07071B84576E62597920D1848F1E1FC9E3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Buenos_Aires) {. {-9223372036854775808 -14028 0 LMT}. {-2372097972 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Catamarca

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2009
                            Entropy (8bit):3.6543367491742913
                            Encrypted:false
                            SSDEEP:48:5f4p0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSTK+:No0ZB9yRwhS+/po/lKENURMo8XvCWg7r
                            MD5:7FCA355F863158D180B3179782A6E8C8
                            SHA1:CDFBC98923F7315388009F22F9C37626B677321F
                            SHA-256:C3FE34E5BE68503D78D63A2AFB5C970584D0854C63648D7FE6E2412A4E5B008F
                            SHA-512:6C2F9598C714BEBA7A538AAB7FA68C1962001C426C80B21F2A9560C72BCEA87B956821E68AF30B4576C1ECDB07E33D616934BD49943DA2E45841B10D483833C5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Catamarca) {. {-9223372036854775808 -15788 0 LMT}. {-2372096212 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378080

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\ComodRivadavia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):237
                            Entropy (8bit):4.672788403288451
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/MMXAIVAIgp/MMXs290/MquQ90/MMXAv:MBaIMY/Mhp/MP290/MquQ90/MH
                            MD5:42D568B6100D68F9E5698F301F4EC136
                            SHA1:E0A5F43A80EB0FAAFBD45127DCAF793406A4CF3A
                            SHA-256:D442E5BBB801C004A7903F6C217149FCDA521088705AC9FECB0BC3B3058981BF
                            SHA-512:99580239B40247AF75FFAA44E930CDECB71F6769E3597AC85F19A8816F7D0859F6A0D5499AFAC2FA35C32BA05B75B27C77F36DE290DD0D442C0769D6F41E96DA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Argentina/ComodRivadavia) $TZData(:America/Argentina/Catamarca).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Cordoba

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1976
                            Entropy (8bit):3.659938468164974
                            Encrypted:false
                            SSDEEP:48:5zxpp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSTP:1xT0ZB9yRwhS+/po/lKENURMo8XvCWgJ
                            MD5:C6A4EED52A2829671089F9E84D986BFB
                            SHA1:F5BBDD0C3347C7519282249AA48543C01DA95B7A
                            SHA-256:50541A1FBACAD2C93F08CD402A609C4984AF66E27DB9FAA7F64FDA93DDC57939
                            SHA-512:52EA5BB27C91C753275EAC90E082EEBE98B5997B830D8DD579174558355E3FED0AAF4AA02679B0866591951F04F358AFB113423872D57820143E75FEB4415B60
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Cordoba) {. {-9223372036854775808 -15408 0 LMT}. {-2372096592 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Jujuy

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1974
                            Entropy (8bit):3.659895575974408
                            Encrypted:false
                            SSDEEP:48:5rCp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCfSWnzydhSR:FK0ZB9yRwhS+/po/lKENURMo8XvCfbzD
                            MD5:A7F2318729F0B4B04C9176CB5257691E
                            SHA1:0EAD91CBDC640DB67F64A34209359674AC47062A
                            SHA-256:E33962F99E6022ED1825898990B38C10F505DE6EC44DAFB00C75E3A7C1A61C8A
                            SHA-512:CB80580383309CCA4837556ED0444F2B931E1B3B13582023BFB715393C94C4F1279D8EC18CACB06BB13E3D32A535495DF2D093E225DF7B6DFFD3571A3B3573B2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Jujuy) {. {-9223372036854775808 -15672 0 LMT}. {-2372096328 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\La_Rioja

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2037
                            Entropy (8bit):3.655968476161033
                            Encrypted:false
                            SSDEEP:48:5J6p0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWXXydhSTK+:Hi0ZB9yRwhS+/po/lKENURMo8XvCWXXr
                            MD5:49BB6DAD5560E7C6EAEA6F3CF9EB1F67
                            SHA1:56E0D9DD4E6B12522A75F0ABFEBB6AE019614CB5
                            SHA-256:13CBECD826DD5DE4D8576285FC6C4DE39F2E9CF03F4A61F75316776CAED9F878
                            SHA-512:CA7EF1A94A6635EAB644C5EAAC2B890E7401745CFA97609BDA410D031B990C87EB2F97160731A45B5A8ADE48D883EAB529AE2379406852129102F0FDF92247D8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/La_Rioja) {. {-9223372036854775808 -16044 0 LMT}. {-2372095956 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Mendoza

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2009
                            Entropy (8bit):3.649537276151328
                            Encrypted:false
                            SSDEEP:48:5Yep0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCpSGSldhSTS:C+0ZB9yRwhS+/po/lKENURMo8XvCpVap
                            MD5:69F8A1AC33BE03C008EC5FEBD1CE4CAA
                            SHA1:858362EFEA0C68C1EC9295A9FCE647B41DBF429D
                            SHA-256:B02DDE8DCF8E68B2B1DBF66ADF5B247E9833FEC347DFBC487C391FADA5706AD3
                            SHA-512:8373EAEEBF5EA028CC0673B10E9DFE84F4DFC2F9E9E8320D59E6CE6125643B31F5E61FC894E420A8D7E9C2FF242617DF911ABF0884AF5B32316A098C8524772D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Mendoza) {. {-9223372036854775808 -16516 0 LMT}. {-2372095484 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Rio_Gallegos

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2012
                            Entropy (8bit):3.6703415662732746
                            Encrypted:false
                            SSDEEP:48:5mpp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWvXydhSTK+:oT0ZB9yRwhS+/po/lKENURMo8XvCWvXr
                            MD5:AC8E561F7573280594BDD898324E9442
                            SHA1:7DC6248ED29719700189FF3A69D06AAC7B54EB6B
                            SHA-256:0833962C0DE220BC601D764EE14442E98F83CB581816B74E5867540348227250
                            SHA-512:2FDD23ABA891EBEF01944F3C8F1A9E6844C182B0EB2CBEC0F942F268BAE51F0D7775370E262B500FE7151210F8849DD54BA5CEB2160AE03A5747A48A10933F05
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Rio_Gallegos) {. {-9223372036854775808 -16612 0 LMT}. {-2372095388 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-73378

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Salta

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1945
                            Entropy (8bit):3.653135248071002
                            Encrypted:false
                            SSDEEP:48:5Vgp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSTQO:7w0ZB9yRwhS+/po/lKENURMo8XvCWg7D
                            MD5:70FB90E24FEEF5211C9488C938295F02
                            SHA1:5C903A669B51A1635284AD80877E0C6789D8EB26
                            SHA-256:FBDACFA5D82DC23ECDD9D9F8A4EF71F7DBB579BF4A621C545062A7AE0296141D
                            SHA-512:4C36B34B2203F6D4C78CC6F0E061BF35C4B98121D50096C8015EBA6DBEFA989DD2F2E32436EEE3055F1CF466BC3D4FD787A89873EEE4914CB51B273E335C90C3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Salta) {. {-9223372036854775808 -15700 0 LMT}. {-2372096300 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800 -1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\San_Juan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2037
                            Entropy (8bit):3.6597750686514887
                            Encrypted:false
                            SSDEEP:48:5jXup0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWXXydhSTH:1+0ZB9yRwhS+/po/lKENURMo8XvCWXXh
                            MD5:BBB4D4B341E7FEC2E5A937267AADCD0F
                            SHA1:9AB509F97DCBAAE5ACA7F67853E86429438ED8DC
                            SHA-256:BAC6CC41865DD3D4F042FE6106176279F3DEB9127BE0146AF75AE1E47098AF43
                            SHA-512:49E32BD5BDBA773D99C883080660B431E8D4C806164C0354C848CF3AB0042797DBE7F6226BA234634A1DF254B0464ED5F714B054454520263536B0A77D7053D9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Juan) {. {-9223372036854775808 -16444 0 LMT}. {-2372095556 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\San_Luis

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2013
                            Entropy (8bit):3.6516068215670687
                            Encrypted:false
                            SSDEEP:48:58kp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCp1ESWn0SK4:K80ZB9yRwhS+/po/lKENURMo8XvCpmTr
                            MD5:767F99822C382327A318EAC0779321F3
                            SHA1:1352B21F20C7F742D57CB734013143C9B58DA221
                            SHA-256:B4590DF5AC1993E10F508CC5183809775F5248B565400BA05AE5F87B69D4E26B
                            SHA-512:C8FF21DC573DE5CB327DDA536391071012A038B8266C4E39922EC0F0EC975000E5D7AFBBE81D1C28DB8733E8B01E1E4D6BE0968D9EFCFC50DB102CC09BDABEA6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/San_Luis) {. {-9223372036854775808 -15924 0 LMT}. {-2372096076 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Tucuman

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2036
                            Entropy (8bit):3.653313944168433
                            Encrypted:false
                            SSDEEP:48:5yM9Ep0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWg7ydhSU:b9c0ZB9yRwhS+/po/lKENURMo8XvCWgi
                            MD5:892E23EEB82C4EF52CB830C607E3DD6D
                            SHA1:9A9334DC1F9FBA0152C1B5CAA954F2FF1775B78C
                            SHA-256:F3D19E51463B4D04BE1CD4F36CD9DD5E3954B6186ADD6A176B78C3C4F399CCA1
                            SHA-512:4FCC3F61E261D57788756921AE21E54D387AB533ACF56182579B9082EC0791CD655D50BEDDAF996233CDBDE549F743855C191BCB581EF3D7877C4CE26B14EEC2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Tucuman) {. {-9223372036854775808 -15652 0 LMT}. {-2372096348 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Argentina\Ushuaia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2007
                            Entropy (8bit):3.6562927023582197
                            Encrypted:false
                            SSDEEP:48:56Yp0SaS2SeSNS2S/SwS8gSvJ1/SKSHSRCSiS9SDS+SGwRShoSdXvCWvXydhSTHd:QI0ZB9yRwhS+/po/lKENURMo8XvCWvXz
                            MD5:EA31C60D08FFE56504DEC62A539F51D9
                            SHA1:79F31368AC9C141B5F0F5804A0D903C12B75A386
                            SHA-256:4E3A4539FE0D8E0401C8304E5A79F40C420333C92BF1227BCBB5DB242444ECD6
                            SHA-512:EB58A3122DE8FC7887622D3716E1D9D615625FC47C30BA0BD8112894B595263F04B37D43E142C43251C48D2CD703BB6F56966B965C5475DA83F2C290B6F564E8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Argentina/Ushuaia) {. {-9223372036854775808 -16392 0 LMT}. {-2372095608 -15408 0 CMT}. {-1567453392 -14400 0 -04}. {-1233432000 -10800 0 -04}. {-1222981200 -14400 0 -04}. {-1205956800 -10800 1 -04}. {-1194037200 -14400 0 -04}. {-1172865600 -10800 1 -04}. {-1162501200 -14400 0 -04}. {-1141329600 -10800 1 -04}. {-1130965200 -14400 0 -04}. {-1109793600 -10800 1 -04}. {-1099429200 -14400 0 -04}. {-1078257600 -10800 1 -04}. {-1067806800 -14400 0 -04}. {-1046635200 -10800 1 -04}. {-1036270800 -14400 0 -04}. {-1015099200 -10800 1 -04}. {-1004734800 -14400 0 -04}. {-983563200 -10800 1 -04}. {-973198800 -14400 0 -04}. {-952027200 -10800 1 -04}. {-941576400 -14400 0 -04}. {-931032000 -10800 1 -04}. {-900882000 -14400 0 -04}. {-890337600 -10800 1 -04}. {-833749200 -14400 0 -04}. {-827265600 -10800 1 -04}. {-752274000 -14400 0 -04}. {-733780800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Aruba

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):182
                            Entropy (8bit):4.760006229014668
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx09CvjHVAIg209CvjvQ2IAcGE/nVIAcGE9Cvju:SlSWB9IZaM3y79CzVAIgp9CE290/V90J
                            MD5:84605CB5AC93D51FF8C0C3D46B6A566F
                            SHA1:8B56DBDAD33684743E5828EFBD638F082E9AA20D
                            SHA-256:680651D932753C9F9E856018B7C1B6D944536111900CB56685ABA958DE9EC9C1
                            SHA-512:A5FA747C4743130308A8D8832AD33CF10B2DA2F214DEE129CAC9543D6F88FF232B4387026976578D037DF7816D0F4177835866A35F497438DD2526FEBACA2AF6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Aruba) $TZData(:America/Curacao).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Asuncion

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7685
                            Entropy (8bit):3.4198614734785875
                            Encrypted:false
                            SSDEEP:192:57TOr5dwtvNJZWDQ2eBTVSZKnb0Yg6f5xgTK5IQPyP8D3rVPe9DptTkhXXkbCkCg:5P7J1A
                            MD5:625A707182C6E0027D49F0FFD775AC51
                            SHA1:6423A50DB875051656A1C3C5B6C6AF556F8FBE0A
                            SHA-256:CD884C5C99949F5723DC94FBFF011B97AE0989EF2EDE089B30C2CD4893AFCE08
                            SHA-512:C5787953997D7D1B583AEE7F68FCC255AC1FAC5C9A7025C8093F274206A0C8163DE221B4823F7750B5B30AF32D673F88D5956C0E510851EBA72CC2360AC35D18
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Asuncion) {. {-9223372036854775808 -13840 0 LMT}. {-2524507760 -13840 0 AMT}. {-1206389360 -14400 0 -04}. {86760000 -10800 0 -03}. {134017200 -14400 0 -04}. {162878400 -14400 0 -04}. {181368000 -10800 1 -04}. {194497200 -14400 0 -04}. {212990400 -10800 1 -04}. {226033200 -14400 0 -04}. {244526400 -10800 1 -04}. {257569200 -14400 0 -04}. {276062400 -10800 1 -04}. {291783600 -14400 0 -04}. {307598400 -10800 1 -04}. {323406000 -14400 0 -04}. {339220800 -10800 1 -04}. {354942000 -14400 0 -04}. {370756800 -10800 1 -04}. {386478000 -14400 0 -04}. {402292800 -10800 1 -04}. {418014000 -14400 0 -04}. {433828800 -10800 1 -04}. {449636400 -14400 0 -04}. {465451200 -10800 1 -04}. {481172400 -14400 0 -04}. {496987200 -10800 1 -04}. {512708400 -14400 0 -04}. {528523200 -10800 1 -04}. {544244400 -14400 0 -04}. {560059200 -10800 1 -04}. {57586

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Atikokan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):332
                            Entropy (8bit):4.582750266902939
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5290/qlfbm2OHvcFGxYP329V/uFn/TUs/uFn/lHIs8/kRm5/uFb/C/iin:MBp5290/emdHLYP323/uFn/9/uFn/dBs
                            MD5:66777BB05E04E030FABBC70649290851
                            SHA1:97118A1C4561FC1CC9B7D18EE2C7D805778970B8
                            SHA-256:2C6BBDE21C77163CD32465D773F6EBBA3332CA1EAEEF88BB95F1C98CBCA1562D
                            SHA-512:B00F01A72A5306C71C30B1F0742E14E23202E03924887B2418CA6F5513AE59E12BC45F62B614716BBE50A7BEA8D62310E1B67BB39B84F7B1B40C5D2D19086B7C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Atikokan) {. {-9223372036854775808 -21988 0 LMT}. {-2366733212 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765388800 -18000 0 EST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Atka

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):172
                            Entropy (8bit):4.761501750421919
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0/yO5pVAIg20/yOvYvt2IAcGE/ol7x+IAcGE/yOun:SlSWB9IZaM3y7/ykVAIgp/y9F290/ola
                            MD5:E641C6615E1EF015427202803761AADD
                            SHA1:E254129517335E60D82DFE00C6D5AF722D36565A
                            SHA-256:9C546927B107BB4AB345F618A91C0F8C03D8A366028B2F0FCBF0A3CE29E6588E
                            SHA-512:B7D34B1EA0D6722D7BFCD91F082D79EE009B97A2B5684D76A3F04CB59079637134275CF9A0306B9F4423A03CC0C2AB43994207D1B209161C893C2C6F3F3B6311
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:America/Atka) $TZData(:America/Adak).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Bahia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1944
                            Entropy (8bit):3.6123892296166242
                            Encrypted:false
                            SSDEEP:48:534h19U2dBUGrmO7XGtN3kh0OjmimtnNIVkHZU7WWhw5N:Nm19U2zUGrpzGtVE0OjmicnyVkHZWWWK
                            MD5:E52095DB1E77EC4553A0AF56665CDE51
                            SHA1:CED0966E8D89443F2CCBBE9F44DA683F7D2D688B
                            SHA-256:30A4658BD46F88A1585ACABB9EB6BA03DB929EAF7D2F430BC4864D194A6CC0DD
                            SHA-512:D6F3D51393F9D8F6414023A8435213EC6BD4FCAA5084B664B828CCDE8D57821E3E284B3D5A27414B4C2AB0B71E31D775D1F924C926C849F591D361DAA8681D8A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia) {. {-9223372036854775808 -9244 0 LMT}. {-1767216356 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {602

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Bahia_Banderas

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6625
                            Entropy (8bit):3.791871111929614
                            Encrypted:false
                            SSDEEP:192:NqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sOVEmbwBlhcCLfYkNRfsNz:NqZL/1dCYDDCxyH4RxGIJkYWXsWwav7S
                            MD5:6A18936EC3AA0FCEC8A230ADAF90FF1E
                            SHA1:B13B8BF1FD2EEED44F63A0DC71F0BCE8AC15C783
                            SHA-256:974481F867DEA51B6D8C6C21432F9F6F7D6A951EC1C34B49D5445305A6FB29B7
                            SHA-512:75AA7A3AE63ED41AFF6CF0F6DC3CA649786A86A64293E715962B003383D31A8AD2B99C72CE6B788EC4DFF1AF7820F011B3F1FD353B37C326EF02289CE4A061BF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bahia_Banderas) {. {-9223372036854775808 -25260 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Barbados

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):413
                            Entropy (8bit):4.429320498710922
                            Encrypted:false
                            SSDEEP:12:MBp5290eNJmdH9Gcvm/uFkCFP/K/uFkCFks/v/h/uFkCFFoI/qZ/uFkCF3dX/r:cQT7enmSkC9/KSkCT/BSkCLl/wSkCj/r
                            MD5:49EED111AB16F289E7D2D145A2641720
                            SHA1:2F0A37524209FC26421C2951F169B4352250ED9E
                            SHA-256:E7415944397EF395DDBD8EACB6D68662908A25E2DB18E4A3411016CBB6B8AFC6
                            SHA-512:3AD4511798BA763C4E4A549340C807FE2FDF6B107C74A977E425734BBADDFF44ADAA68B5AE1F96170902A10208BC4BBF551C596EB1A3E292071549B8F3012A35
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Barbados) {. {-9223372036854775808 -14309 0 LMT}. {-1451678491 -14309 0 BMT}. {-1199217691 -14400 0 AST}. {234943200 -10800 1 ADT}. {244616400 -14400 0 AST}. {261554400 -10800 1 ADT}. {276066000 -14400 0 AST}. {293004000 -10800 1 ADT}. {307515600 -14400 0 AST}. {325058400 -10800 1 ADT}. {338706000 -14400 0 AST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Belem

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):996
                            Entropy (8bit):3.799419505060255
                            Encrypted:false
                            SSDEEP:24:cQYe3wc4h1u80V2dBUGphmC17ewGtN3kN:5VB4h19U2dBUGrmO7XGtN3kN
                            MD5:2F3314B71810C1AC0280F292F09F37BE
                            SHA1:B8702125A9768AE530354CE2A765BC07BABAEF34
                            SHA-256:9ECA949D328915C6CB02A2E6084F3E0730D49F1C53C6D6AA12751F852C51BF02
                            SHA-512:C4E1ADD2E580BFD4100EE776305530BCEA017D57A65205881536A1CDDA3A299816C133B5B1F4B40A99E47BB94AE2A7E727F3D24D06131705818CC0C1AA12E5BD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belem) {. {-9223372036854775808 -11636 0 LMT}. {-1767213964 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {590032800 -10800 0 -03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Belize

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1854
                            Entropy (8bit):3.8463726575443573
                            Encrypted:false
                            SSDEEP:24:cQMeVyJOCSSVTSuWcLwX1QIXVlXco0bKdTu/pUHQGyUrROSTgltVJyODrUSn/mJO:5hxKj4jDMtVpIM/mjM/sQ
                            MD5:1BFD01ECF77E031C23BDA5ED371E061F
                            SHA1:7A38C5665A834B812613E4D10FE4D1E45F606407
                            SHA-256:BDF09D97876E3A3C0422C655562252806B4EF914679FDCAB6DD78BD2B84DD932
                            SHA-512:D7A2C2645129C4BAB1F0170A29A084396AD8CF07237DE339512C3A5C7227B017BF1D4B78EBD5A7274CAF1D172ECB2DB6F912887BFF1C6AC73E9D645E333A75A3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Belize) {. {-9223372036854775808 -21168 0 LMT}. {-1822500432 -21600 0 CST}. {-1616954400 -19800 1 -0530}. {-1606069800 -21600 0 CST}. {-1585504800 -19800 1 -0530}. {-1574015400 -21600 0 CST}. {-1554055200 -19800 1 -0530}. {-1542565800 -21600 0 CST}. {-1522605600 -19800 1 -0530}. {-1511116200 -21600 0 CST}. {-1490551200 -19800 1 -0530}. {-1479666600 -21600 0 CST}. {-1459101600 -19800 1 -0530}. {-1448217000 -21600 0 CST}. {-1427652000 -19800 1 -0530}. {-1416162600 -21600 0 CST}. {-1396202400 -19800 1 -0530}. {-1384713000 -21600 0 CST}. {-1364752800 -19800 1 -0530}. {-1353263400 -21600 0 CST}. {-1333303200 -19800 1 -0530}. {-1321813800 -21600 0 CST}. {-1301248800 -19800 1 -0530}. {-1290364200 -21600 0 CST}. {-1269799200 -19800 1 -0530}. {-1258914600 -21600 0 CST}. {-1238349600 -19800 1 -0530}. {-1226860200 -21600 0 CST}. {-1206900000 -1980

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Blanc-Sablon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):331
                            Entropy (8bit):4.599775510303771
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5290Am2OHff4YPawmX/bVVFUFkCFVUP/GH6/XVVFUFkIZVVFUFkeF3k/g:MBp5290AmdHff4YPawY/b/uFkCFVUP/L
                            MD5:5ACBD50E1CB87B4E7B735A8B5281917B
                            SHA1:3E92C60B365C7E1F9BF5F312B007CBFD4175DB8F
                            SHA-256:E61F3762B827971147772A01D51763A18CC5BED8F736000C64B4BDFF32973803
                            SHA-512:9284FFDF115C7D7E548A06A6513E3591F88EE3E5197106B71B54CD82F27890D12773381218BCA69720F074A6762282F25830422DFA402FF19301D6834FD9FF7D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Blanc-Sablon) {. {-9223372036854775808 -13708 0 LMT}. {-2713896692 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {14400 -14400 0 AST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Boa_Vista

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1159
                            Entropy (8bit):3.7116873200926586
                            Encrypted:false
                            SSDEEP:24:cQETmex8Sos/USws/QSI/LHSD/vOSy/WS3o/aS2/vSh/TSSX/WcSp/ySZd/YlSjx:5EqSaSwXS4SqSbS3JSySxSxcSESAlSQE
                            MD5:0858FCA5A59C9C6EE38B7E8A61307412
                            SHA1:685597A5FD8BFEBF3EC558DB8ABF11903F63E05E
                            SHA-256:825E89E4B35C9BA92CF53380475960C36307BF11FD87057891DF6EEBA984A88D
                            SHA-512:7369EE42CD73CFD635505BF784E16A36C9BBDE0BDAAAB405CB8401EBC508F4CE0B0155206756C1905E915756F1D3CDC381C6B9C357A01EAE0ECC4C448978844A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boa_Vista) {. {-9223372036854775808 -14560 0 LMT}. {-1767211040 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Bogota

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):237
                            Entropy (8bit):4.649012348678967
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5290bJqm2OHDgPcuknTEXPKV93kR/uFeEV/KV9C:MBp5290bUmdHDgPcukT8O93Y/uF7/O9C
                            MD5:4B3B0F66FB3BC69A5AB5DA79D02F7E34
                            SHA1:79B84C0578BBB0E4C07E99977D02EDE45F11CC8A
                            SHA-256:E7C45CA67F1BA913E7DC1632C166973FDA8DA4734F8BCF3AB1157A45454C8D7B
                            SHA-512:96289B4D179F146D6C5FB5DDAA4336CBCB60CF27BABCC20B9691387920897B293903DF41F5D9DE7237A689013A9266134B32AB4B4656796419B46E8378D84358
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Bogota) {. {-9223372036854775808 -17776 0 LMT}. {-2707671824 -17776 0 BMT}. {-1739041424 -18000 0 -05}. {704869200 -14400 1 -05}. {733896000 -18000 0 -05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Boise

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8324
                            Entropy (8bit):3.772029913040983
                            Encrypted:false
                            SSDEEP:96:e45eG5cnWsGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:xGnWdVUC2mWBNwWTxyWR
                            MD5:239425659E7345C757E6A44ABF258A22
                            SHA1:9659217B4D55795333DFA5E08451B69D17F514AD
                            SHA-256:6D6D377DDF237B1C5AB012DDDEB5F4FAA39D1D51240AA5C4C34EE96556D2D2F4
                            SHA-512:3891D7BC1F84FF6B01B6C2DF6F0413C9E168E5B84CE445030F1B871766DD38B2FF7418501AB7C0DCEAB8381E538D65DF4E7708502EE924546A28DF1AC9BB7129
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Boise) {. {-9223372036854775808 -27889 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-1471788000 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126255600 -25200 0 MST}. {129114000 -21600 0 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {2307

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Buenos_Aires

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):234
                            Entropy (8bit):4.775296176809929
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/MQA+zJFVAIgp/MQA+z2L290BFzk5h490/MQA+zq:MBaIMY/MV+z6p/MV+z2L290rzy490/Mz
                            MD5:861DAA3C2FFF1D3E9F81FB5C63EA71F1
                            SHA1:8E219E63E6D7E702FD0644543E05778CE786601A
                            SHA-256:1D32F22CF50C7586CB566E45988CA05538E61A05DF09FD8F824D870717832307
                            SHA-512:71B47C369DF1958C560E71B114616B999FB4B091FAA6DD203B29D2555FFE419D6FC5EF82FA810DC56E6F00722E13B03BFBED2516B4C5C2321F21E03F0198B91B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Buenos_Aires)]} {. LoadTimeZoneFile America/Argentina/Buenos_Aires.}.set TZData(:America/Buenos_Aires) $TZData(:America/Argentina/Buenos_Aires).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Cambridge_Bay

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7487
                            Entropy (8bit):3.787618233072156
                            Encrypted:false
                            SSDEEP:96:OGoGm+4ILQzXN+C2mWBNQMsmNTxf6AeO+cblX:P7YUC2mWBNwWTxyWR
                            MD5:839C797E403B4C102D466B1E759A6CC4
                            SHA1:D95864FF269AD16B35CDAAC95AE03D8306B8DE1F
                            SHA-256:37E219C4C7AEBCC8919293114280A247E8072F2760E69F083E9FDD6BE460B9BC
                            SHA-512:A74F3B3C83815F62F6BDF4199EA471872AE539D6C0C595BA41E6D2DF033075D74CC00995C8F99C3ADD4B1E5E04A12D663BE9BED4CE600FC5F067D7CDDED4D7F5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cambridge_Bay) {. {-9223372036854775808 0 0 -00}. {-1577923200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Campo_Grande

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7652
                            Entropy (8bit):3.4267759764212906
                            Encrypted:false
                            SSDEEP:192:ylD7ZYOtu7D/fVLF5H1RuSFuY66DCM/rDAWicDqRp5RepgK3i8kmmkniko1Kg+R7:n4jF17vArp
                            MD5:87CB052D17717B696F3D9158B237E4FB
                            SHA1:79B3947A50ED15C908CFC2D699D2B7F11468E7B2
                            SHA-256:113E8ADCECE14A96261A59E0C26073EA5CFF864C4FF2DA6FAB5C61129A549043
                            SHA-512:2BF788FD51E7268A1989F1C564E7B81B002B876381AEC561564D4BCE8D76C9D3F621A2F1AB26C1EAB5E5C64A3C41A536A1E21A5322D678CB11CB608333515144
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Campo_Grande) {. {-9223372036854775808 -13108 0 LMT}. {-1767212492 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Cancun

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1365
                            Entropy (8bit):3.9551252054637245
                            Encrypted:false
                            SSDEEP:24:cQseeRb/uyV3XVP/upG/u/yRXiSn/Q8Sn/mfSn/yISn/PSn/zI3Sn/RSn/lfSn/A:5i7XEaRyM/BM/mfM/1M/PM/zmM/RM/l/
                            MD5:2EC91D30699B64FA8199004F97C63645
                            SHA1:4C4E00857B1FB3970E7C16C4EFAA9347ED2C3629
                            SHA-256:4EB4C729FF11E170D683310422D8F10BCE78992CF13DACCB06662308C76CCA3B
                            SHA-512:D7811C32E4D2B3B9FAEE730D580BC813EC41B63765DE34BB3A30A0D9BBEF2F090E2DA59C6D9A4D8FC91885DDEA2B6E3B1FD3FD434E42D805AF66E578E66AE6FE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cancun) {. {-9223372036854775808 -20824 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {828860400 -14400 1 EDT}. {846396000 -18000 0 EST}. {860310000 -14400 1 EDT}. {877845600 -18000 0 EST}. {891759600 -14400 1 EDT}. {902041200 -18000 0 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Caracas

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):274
                            Entropy (8bit):4.527582804527589
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52909+ET2m2OHXP8Hk4lvFVFQVgIUF/R/OGWnVVFQVg2vR/O9:MBp5290QmdHXPy/ltvAYFZ/OGqVvA9/K
                            MD5:D47486658B408AAF7F91569435B49D19
                            SHA1:C69EDC17F2E77723A5C711342822BF21ECCB9C8E
                            SHA-256:555A66624909220ACCCB35D852079D44944E188A81DF6A07CBA7433AC2478E5E
                            SHA-512:35A4AF702405BD36F6EF7E42F1E1AEAD841A5710D04306C1C3390B3CC134E88F1221F284F489F6926C58E8FD50BD7E6BE0E5904AAE2ACBEA817EFCE0AAE61169
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Caracas) {. {-9223372036854775808 -16064 0 LMT}. {-2524505536 -16060 0 CMT}. {-1826739140 -16200 0 -0430}. {-157750200 -14400 0 -04}. {1197183600 -16200 0 -0430}. {1462086000 -14400 0 -04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Catamarca

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):222
                            Entropy (8bit):4.615632762186706
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/MMXAIVAIgp/MMXs29094SXAFB5290/MMXAv:MBaIMY/Mhp/MP290mh5290/MH
                            MD5:359226FA8A7EAFCA0851F658B4EBBCDC
                            SHA1:611A24C24462DF5994B5D043E65770B778A6443B
                            SHA-256:F2782781F1FB7FD12FF85D36BB244887D1C2AD52746456B3C3FEAC2A63EC2157
                            SHA-512:6F9DD2D1662103EC5A34A8858BDFA69AC9F74D3337052AB47EA61DC4D76216886A0644CF1284940E8862A09CBA3E0A87784DFDB6414434C92E45004AAF312614
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Catamarca)]} {. LoadTimeZoneFile America/Argentina/Catamarca.}.set TZData(:America/Catamarca) $TZData(:America/Argentina/Catamarca).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Cayenne

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.781235086647991
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52IAcGE91pkXGm2OHEFvpoevUdR4FIUPvGDUwXvp3VVFVGHC:SlSWB9X52909zm2OHEdGeG4vOIw/ZVVF
                            MD5:1FFD7817EE1DC55EF72AD686749AE9CE
                            SHA1:AE972D5395F3562F052780AD014BA2C0767943B6
                            SHA-256:9CE77C0A01BFDA002EE3B2DCEF316DB7C9AC80B270DFC3A0D7769021E731D849
                            SHA-512:480D8D56F7B8829F6E82D8AFF1A0A161C3C45402D85A588027E98F2FA20C6E6F35549FFC5F38F0EEA9C4190A70B334066FCD406D39FF06EE7B7855AF75CD0FC3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cayenne) {. {-9223372036854775808 -12560 0 LMT}. {-1846269040 -14400 0 -04}. {-71092800 -10800 0 -03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Cayman

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):180
                            Entropy (8bit):4.723325073771884
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0u55DdVAIg20u5AF2IAcGE91mr4IAcGEu5un:SlSWB9IZaM3y7oDdVAIgpX2909Yr490/
                            MD5:E03755B574F4962030DB1E21D1317963
                            SHA1:5B5FA4787DA7AE358EFEA81787EB2AB48E4D7247
                            SHA-256:8E85F05135DB89CB304689081B22535002DBD184D5DCDBF6487CD0A2FBE4621E
                            SHA-512:8B85E51BD8DC04AE768A4D42F8DF0E0D60F23FAB2607E3DCAD4E10695E50C2A3F2124DA7E3A87E97DB7AF090EF70C9A5B5C2D34F7D1B6F74FEFEA9148FEB15AB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Panama)]} {. LoadTimeZoneFile America/Panama.}.set TZData(:America/Cayman) $TZData(:America/Panama).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Chicago

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):11003
                            Entropy (8bit):3.728817385585057
                            Encrypted:false
                            SSDEEP:192:rXxbWziyUZB4ME9Hmp7EYQYMWUJ2eQzURWu3OabMQxXI6X8x3X3D2DgOMIOdXkqq:rXxbWziyUZB4ME9Hmp7EYQYMWUJ2eQzg
                            MD5:6175956F3052F3BE172F6110EF6342EE
                            SHA1:532E2600DFAFAACCD3A187A233956462383401A6
                            SHA-256:FC172494A4943F8D1C3FC35362D96F3D12D6D352984B93BC1DE7BDCB7C85F15E
                            SHA-512:36B47003183EB9D7886F9980538DB3BDDC231BB27D4F14006CDBE0CB9042215A02559D97085679F8320DED6109FC7745DC43859EBA99B87365B09C4526D28193
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chicago) {. {-9223372036854775808 -21036 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-1563724800 -18000 1 CDT}. {-1551632400 -21600 0 CST}. {-1538928000 -18000 1 CDT}. {-1520182800 -21600 0 CST}. {-1504454400 -18000 1 CDT}. {-1491757200 -21600 0 CST}. {-1473004800 -18000 1 CDT}. {-1459702800 -21600 0 CST}. {-1441555200 -18000 1 CDT}. {-1428253200 -21600 0 CST}. {-1410105600 -18000 1 CDT}. {-1396803600 -21600 0 CST}. {-1378656000 -18000 1 CDT}. {-1365354000 -21600 0 CST}. {-1347206400 -18000 1 CDT}. {-1333904400 -21600 0 CST}. {-1315152000 -18000 1 CDT}. {-1301850000 -21600 0 CST}. {-1283702400 -18000 1 CDT}. {-1270400400 -21600 0 CST}. {-1252252800 -18000 1 CDT}. {-1238950800 -21600 0 CST}. {-1220803200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Chihuahua

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6593
                            Entropy (8bit):3.795313170000037
                            Encrypted:false
                            SSDEEP:96:LJNfzBT8tRkfKxhzY720zaOXmlITHjLc1cb:dN18tRkfKv+2wB9h
                            MD5:B0CA4CFF6571AFBFF25FAC72CDDB5B08
                            SHA1:1BF3ACEC369AEA504AAA248459A115E61CF79C4B
                            SHA-256:C689A3BEED80D26EAB96C95C85874428F80699F7E136A44377776E52B5855D00
                            SHA-512:398496EBA4344EDF78AFBF51BD6024481D3A12546D0EE597B7C593A1CD1BF575AFDE62FFADE7A0DDFEDA79CF235612E6F4DA74D7305A6E48F5942EA10D8A4F8E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Chihuahua) {. {-9223372036854775808 -25460 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -25

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Coral_Harbour

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):193
                            Entropy (8bit):4.822360211437507
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/qlfSwFVAIgp/qlfAvt2909qEac90/qlfu:MBaIMY/TwQp/tvt290Fac90/j
                            MD5:2541EC94D1EA371AB1361118EEC98CC6
                            SHA1:950E460C1BB680B591BA3ADA0CAA73EF07C229FE
                            SHA-256:50E6EE06C0218FF19D5679D539983CEB2349E5D25F67FD05E142921431DC63D6
                            SHA-512:2E6B66815565A9422015CAB8E972314055DC4141B5C21B302ABD671F30D0FBAE1A206F3474409826B65C30EDBEDD46E92A99251AB6316D59B09FC5A8095E7562
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Atikokan)]} {. LoadTimeZoneFile America/Atikokan.}.set TZData(:America/Coral_Harbour) $TZData(:America/Atikokan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Cordoba

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):214
                            Entropy (8bit):4.74004515366486
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/MdVAIgp/MOF29093+90/Msn:MBaIMY/M4p/MOF290c90/Ms
                            MD5:89870B2001C2EE737755A692E7CA2F18
                            SHA1:F67F6C22BF681C105068BEEB494A59B3809C5ED8
                            SHA-256:38C3DD7DAF75DBF0179DBFC387CE7E64678232497AF0DACF35DC76050E9424F7
                            SHA-512:EFA8A5A90BE6FAAA7C6F5F39CBBBA3C7D44C7943E1BB1B0F7E966FEE4F00F0E4BF1D999A377D4E5230271B120B059EB020BD93E7DA46CF1FFA54AB13D7EC3FFE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Cordoba) $TZData(:America/Argentina/Cordoba).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Costa_Rica

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):416
                            Entropy (8bit):4.443696146912203
                            Encrypted:false
                            SSDEEP:12:MBp5290l0TmdHd5PZ6kibvI8/uFn/mSU/uFn/i/uFn/4Y8/uFn//DVn:cQmAed9Z6n5Sn/mtSn/iSn/4JSn/bh
                            MD5:D47A1FBA5AD701E1CA168A356D0DA0A9
                            SHA1:6738EA6B4F54CC76B9723917AA373034F6865AF1
                            SHA-256:51F08C1671F07D21D69E2B7868AA5B9BDBFA6C31D57EB84EB5FF37A06002C5CD
                            SHA-512:DB6AD81466500F22820941DF3369155BA03CFA42FA9D267984A28A6D15F88E1A71625E3DC578370B5F97727355EBB7C338482FA33A7701ADB85A160C09BAD232
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Costa_Rica) {. {-9223372036854775808 -20173 0 LMT}. {-2524501427 -20173 0 SJMT}. {-1545071027 -21600 0 CST}. {288770400 -18000 1 CDT}. {297234000 -21600 0 CST}. {320220000 -18000 1 CDT}. {328683600 -21600 0 CST}. {664264800 -18000 1 CDT}. {678344400 -21600 0 CST}. {695714400 -18000 1 CDT}. {700635600 -21600 0 CST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Creston

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):211
                            Entropy (8bit):4.798554218839104
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52909ovTm2OHpcHvvPagcyEXC/vHcQCi:MBp52900mdHpcHPagPECvHl
                            MD5:9E3726148A53940507998FA1A5EEE6DB
                            SHA1:2493B72DF895ED2AE91D09D43BDDADDB41E4DEBC
                            SHA-256:E809F227E92542C6FB4BAC82E6079661EEF7700964079AA4D7E289B5B400EC49
                            SHA-512:F5ED4085160A06DE672DB93CEE700C420D0438DE9AC3548B291DA236AA8CCC84F97270DA3956E49432AE1E281CCECEB6DF92E71EB305106655B4DF231E04B558
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Creston) {. {-9223372036854775808 -27964 0 LMT}. {-2713882436 -25200 0 MST}. {-1680454800 -28800 0 PST}. {-1627833600 -25200 0 MST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Cuiaba

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7646
                            Entropy (8bit):3.4194836403778353
                            Encrypted:false
                            SSDEEP:192:+lD7ZYOtu7D/fVLF5H1RuSFuY66DCVDAWicDqRp5RepgK3i8kmmkniko1Kg+R4hu:3jF17vArp
                            MD5:7309EBE8210C3C84C24D459289484EFA
                            SHA1:31EFE19E3CA2DB512C7AC9CAFD72991EF0517FD3
                            SHA-256:FE7543FF576D7EDC3A3FF82759E5C244DE8EB57A95744E20610CEDF6E29AB4C9
                            SHA-512:41C94E4093F015B61ACEFCEA067C101AA1ECB855789CFDB8FA4D17589D20868FB7A1456D21C90B5261445D970E5E7F134CBAF17EA926278C9E6DFC471D29F896
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Cuiaba) {. {-9223372036854775808 -13460 0 LMT}. {-1767212140 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {592977600 -1080

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Curacao

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.858195118945703
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52IAcGE9CvjEwcXGm2OHCevUd5xF9vFVFIVgYd/iQG3VFpRR/r:SlSWB9X52909C4wTm2OHjyxzFQVgIUFp
                            MD5:CE0F18F27502E771B27236C5BF7D3317
                            SHA1:D2E68415B8544A8BAC2A4F335854FC048BD4B34C
                            SHA-256:118EC9D89937FDA05FCE45F694F8C3841664BBE9DFADB86347B375BF437F9BD6
                            SHA-512:B04B5DAB30384FF05ABFC235DA4F9BFE96F400076DEB7CBBA0938F93E66BFF5E86B18E95E9BC0448D812722C8F2D4AFD78AC75180FD80D992F96DFA0CEC156AC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Curacao) {. {-9223372036854775808 -16547 0 LMT}. {-1826738653 -16200 0 -0430}. {-157750200 -14400 0 AST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Danmarkshavn

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1089
                            Entropy (8bit):3.793747183330894
                            Encrypted:false
                            SSDEEP:24:cQZefXQgiu2kPIw1Dtc7UXxH9vC0gdtiyW8RWK79ET7cSXKIuXvY:52XQgiu2kgw1DtuyxdvC0gdtiyW8RB7S
                            MD5:E83072C1351121C5CFD74E110ECA9B4B
                            SHA1:360B468851EBFF266E4A8F40FE5D196BC6809E65
                            SHA-256:6A12AD52CBCF0B3F8BB449C7BC51A784BE560F4BD13545D04426E76B2511D8F9
                            SHA-512:539C53AA1D02E3AABF65873CA830782697AC9D55EC6694B68B95C325608F8703882B1182215D2B4E2B6066784AC880BCF0F4EBC5A72B2E637BD9B2C3A61D2979
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Danmarkshavn) {. {-9223372036854775808 -4480 0 LMT}. {-1686091520 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Dawson

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7609
                            Entropy (8bit):3.785302701923574
                            Encrypted:false
                            SSDEEP:96:nxr+C2ZCHtffWsBNwj/lpmlOxGcKcnRH31t+ucgge:nx/Nf+aNwj/lpmlOxnKcndIG
                            MD5:4DBA9C83ECAD5B5A099CC1AA78D391B0
                            SHA1:FFCC77D7964BD16BD8A554FB437BCF4F2FC8958E
                            SHA-256:3A89A6834DDBE4A3A6A1CB8C1A1F9579259E7FD6C6C55DE21DCD4807753D8E48
                            SHA-512:21212AFE8917C0F3BBED433B510C4FCE671B0DA887A1C7338A18CD5409B1A95E766510A9E636E5AA3AB0BA21D7D2C00A462FEBB10D4567A343B85AFE6A3E2394
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson) {. {-9223372036854775808 -33460 0 LMT}. {-2188996940 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1 PDT}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Dawson_Creek

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1876
                            Entropy (8bit):3.9458112723626755
                            Encrypted:false
                            SSDEEP:24:cQ4eJ58IlJ14RsT8X+km8VnynhBZ2c4Y+O4A5W5xDICW2n7oZA8QZFaIOvkty1H2:5DH0yIRkf12fZGJ5LB6xfZ89Y
                            MD5:D7E4978775F290809B7C042674F46903
                            SHA1:E94DB1EBB6A1594ED1A5AEA48B52395482D06085
                            SHA-256:2E6CFFE8E0C1FE93F55B1BD01F96AA1F3CE645BC802C061CB4917318E30C4494
                            SHA-512:1FF3CD58A4C4DEC7538F0816E93E6577C51B0045CF36190FF4D327E81FB8282ADDB0EF20BD78A838ABD507EBAD1C187F2A20CC7840E2325B9C326EC449897B45
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Dawson_Creek) {. {-9223372036854775808 -28856 0 LMT}. {-2713881544 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Denver

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8629
                            Entropy (8bit):3.76966035849006
                            Encrypted:false
                            SSDEEP:96:4cGbc2sGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:4c2dVUC2mWBNwWTxyWR
                            MD5:F641A7F5DE8FCF4ADC1E5A1A2C9DEC53
                            SHA1:B013EBBE8002C91C0C45A2D389245A1A9194077A
                            SHA-256:DF5459068DB3C771E41BE8D62FB89A2822CB2A33CF9A5640C6C666AB20ECE608
                            SHA-512:C2EA07FF21FD6D1A45A87C6AD85DD3929C2B56E66A52D23103DDFF7B2B3B6433EC5EBFC17BED0F9C0A9AF036F0DF965E12EA3D4463207A128AEF5F6BC12970D7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Denver) {. {-9223372036854775808 -25196 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-1577898000 -25200 0 MST}. {-1570374000 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1538924400 -21600 1 MDT}. {-1534089600 -25200 0 MST}. {-883587600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-757357200 -25200 0 MST}. {-147884400 -21600 1 MDT}. {-131558400 -25200 0 MST}. {-116434800 -21600 1 MDT}. {-100108800 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Detroit

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8010
                            Entropy (8bit):3.742999180017181
                            Encrypted:false
                            SSDEEP:96:FVzApQaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:FVspQrn+qvOTFhPI1jFIL
                            MD5:177B0815E8BD6BFA6E62895FE12A61E5
                            SHA1:EC2400FA644023D6B3100B52381DB65EAF2606F0
                            SHA-256:402EC5AB0E99EF6EBB33F4D482EEA5198EC686C7EAE75FC4F7D9B4EF4AC0A9E9
                            SHA-512:CFA4226A21FDB23C723335F7385EA15436D8A0752EE50C67DA4C1D839BFFD4792EE9AB6E408498CD06C6B8A99A96E95E0B591F7EA17B41C1895ED396438C6D5A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Detroit) {. {-9223372036854775808 -19931 0 LMT}. {-2051202469 -21600 0 CST}. {-1724083200 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-757364400 -18000 0 EST}. {-684349200 -14400 1 EDT}. {-671047200 -18000 0 EST}. {94712400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {157784400 -18000 0 EST}. {167814000 -14400 0 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Dominica

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):203
                            Entropy (8bit):4.856609165175433
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290TL3290e/:MBaIMY9QpI290Tr290O
                            MD5:F85ADC16127A74C9B35D16C631E11F4F
                            SHA1:F7716E20F546AA04697FB0F4993A14BAFDD1825E
                            SHA-256:67ACF237962E3D12E0C746AEDC7CDBC8579DC7C0A7998AC6B6E169C58A687C17
                            SHA-512:89E8F9DC6A306912B2DAEE77705E2DCD76E32F403352C23ED6BE34F8BEBB12C3604C20DA11DB921553D20E3FC43EC7984C7103D8D1396AB83B104E70BA6D13B1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Dominica) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Edmonton

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8435
                            Entropy (8bit):3.7724320820194475
                            Encrypted:false
                            SSDEEP:96:7tGVgeb0Gm+qI1zXN+C2mWBNQMsmNTxf6AeO+cblX:7heJ/UC2mWBNwWTxyWR
                            MD5:FECBDD64036247B2FBB723ADD8F798F6
                            SHA1:60B1719958AD6151CDB174A319A396D5F48C7CF1
                            SHA-256:EC95041E0A97B37A60EF16A6FA2B6BCB1EBEFABBC9468B828D0F467595132BC2
                            SHA-512:7CF94EC5040F4C8FA3C6ED30CFDAB59A199C18AA0CDA9A66D1A477F15563D2B7CB872CEEF1E2295E0F3B9A85508A03AEC29E3ECEBE11D9B089A92794D510BA00
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Edmonton) {. {-9223372036854775808 -27232 0 LMT}. {-1998663968 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1600614000 -21600 1 MDT}. {-1596816000 -25200 0 MST}. {-1567954800 -21600 1 MDT}. {-1551628800 -25200 0 MST}. {-1536505200 -21600 1 MDT}. {-1523203200 -25200 0 MST}. {-1504450800 -21600 1 MDT}. {-1491753600 -25200 0 MST}. {-1473001200 -21600 1 MDT}. {-1459699200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {136371600 -21600 1 MDT}. {152092800 -25200 0 MST}. {167821200 -21600 1 MDT}. {183542400

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Eirunepe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1189
                            Entropy (8bit):3.7118381376452767
                            Encrypted:false
                            SSDEEP:24:cQOX9eptXyss/u/C5/ukCI/uiCk/u8CHe/uOCXs/um4Co/uN3Cc/ux8CL/uiFCyL:5OXUCs5IlTToo4mdGFtapG8dtedJ9fO2
                            MD5:D6945DF73BA7E12D3B23889CC34F6CFB
                            SHA1:8C1317F3EF82225A14751318DFDA8904F908C457
                            SHA-256:71F15943EAD942224B8807CCBB21F9AE34F04619FD76176404633BDB49D9E88C
                            SHA-512:088C2D7BE44650A044B7632337A1FF8C3CF8A6188F24507C846B9B648FE796466B22D4A322B602B75C2943653FC43C7B9A99AE0AACF9AB7BCC86388EC3953F8A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Eirunepe) {. {-9223372036854775808 -16768 0 LMT}. {-1767208832 -18000 0 -05}. {-1206950400 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1175367600 -14400 1 -05}. {-1159819200 -18000 0 -05}. {-633812400 -14400 1 -05}. {-622062000 -18000 0 -05}. {-602276400 -14400 1 -05}. {-591825600 -18000 0 -05}. {-570740400 -14400 1 -05}. {-560203200 -18000 0 -05}. {-539118000 -14400 1 -05}. {-531345600 -18000 0 -05}. {-191358000 -14400 1 -05}. {-184190400 -18000 0 -05}. {-155156400 -14400 1 -05}. {-150062400 -18000 0 -05}. {-128890800 -14400 1 -05}. {-121118400 -18000 0 -05}. {-99946800 -14400 1 -05}. {-89582400 -18000 0 -05}. {-68410800 -14400 1 -05}. {-57960000 -18000 0 -05}. {499755600 -14400 1 -05}. {511243200 -18000 0 -05}. {530600400 -14400 1 -05}. {540273600 -18000 0 -05}. {562136400 -14400 1 -05}. {571204800 -18000 0 -05}. {590040000 -18

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\El_Salvador

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):269
                            Entropy (8bit):4.7060952459188305
                            Encrypted:false
                            SSDEEP:6:SlSWB9X529078iwTm2OHvJ4YRIgdrV/uFn/acD3/uFn/sVn:MBp5290785mdHx4YlB/uFn/z/uFn/U
                            MD5:77BE2E0759A3B7227B4DAC601A670D03
                            SHA1:1FB09211F291E5B1C5CC9848EB53106AF48EE830
                            SHA-256:40994535FE02326EA9E373F54CB60804BA7AE7162B52EA5F73497E7F72F2D482
                            SHA-512:EB5E6A4A912053E399F6225A02DDC524A223D4A5724165CAD9009F1FA10B042F971E52CE17B395A86BC80FCC6897FD2CCC3B00708506FEF39E4D71812F5DF595
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/El_Salvador) {. {-9223372036854775808 -21408 0 LMT}. {-1546279392 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Ensenada

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.786739478919165
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qfSwVAIg20qfo2IAcGE7JM7QIAcGEqfu:SlSWB9IZaM3y7eHVAIgpeo2907390eu
                            MD5:74AB4664E80A145D808CAB004A22859B
                            SHA1:2AF7665C4E155A227B3F76D1C4BC87854C25A6CB
                            SHA-256:BDD0893AA5D170F388B1E93CE5FE2EDF438866707E52033E49898AFC499F86C5
                            SHA-512:CCC2E75E07BA1CAAFD1149A22D07668D191594272922AA2A1CE6DE628A8FF49AD90AA8BFE75C005328820C700B991AD87A6F40DEB5AD519B2708D8F7BF04E5A0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Ensenada) $TZData(:America/Tijuana).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Fort_Nelson

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4427
                            Entropy (8bit):3.8109873978594053
                            Encrypted:false
                            SSDEEP:48:5aIl06OIRkf12fZGJ5LB6xfZ89Cf5udCLA9ZClqs/K+ff0t9:sIlWf/5LB6xR89C8CgZCHtffW9
                            MD5:90BBD338049233FAC5596CC63AA0D5B6
                            SHA1:D96282F5B57CBF823D5A1C1FDDE7907B74DAD770
                            SHA-256:DD21597BA97FD6591750E83CC00773864D658F32653017C4B52285670FFE52E3
                            SHA-512:3B0F5801E55EBBB7B4C0F74DDBD3469B8F4C2BFC1B44CC80B0D36DA2152C837C8176695945F61FA75664C04F1266BCA0564815307A2C27E783CD3348C4451E4A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fort_Nelson) {. {-9223372036854775808 -29447 0 LMT}. {-2713880953 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-725817600 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-3

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Fort_Wayne

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):226
                            Entropy (8bit):4.730673843485836
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBL290HXYAp4903GK1:MBaIMY3GK7Hp3GKBL290Hz4903GK1
                            MD5:4685E4E850E0B6669F72B8E1B4314A0A
                            SHA1:BC6CCD58A2977A1E125B21D7B8FD57E800E624E1
                            SHA-256:D35F335D6F575F95CEA4FF53382C0BE0BE94BE7EB8B1E0CA3B7C50E8F7614E4E
                            SHA-512:867003B33A5FC6E42D546FBFC7A8AB351DE72232B89BA1BEC6DB566F6DCE135E65C08DE9112837190EB21D677E2F83E7E0F6049EC70CB9E36F223DE3A68E000A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Fort_Wayne) $TZData(:America/Indiana/Indianapolis).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Fortaleza

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1375
                            Entropy (8bit):3.695923796037783
                            Encrypted:false
                            SSDEEP:24:cQVeVc4h1u80V2dBUGphmC17ewGtN3rvIh0VBHZDIOXqWoN:5b4h19U2dBUGrmO7XGtN3kh0VBHZUwqX
                            MD5:2BCCE3C71898F3D7F2327419950C5838
                            SHA1:CE45568E951C227CB3D88D20B337E5E1E1D4B1EF
                            SHA-256:AA2CF8DA8D63FC4DE912A4F220CF7E49379021F5E51ABA1AFCFC7C9164D5A381
                            SHA-512:420066E5D39446AA53547CBF1A015A4745F02D1059B2530B7735AC4C28BD2BFC431AEB7531C2C49C2BDF8E31405F15717D88DE0DE3F5F42BAA96A8289A014D06
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Fortaleza) {. {-9223372036854775808 -9240 0 LMT}. {-1767216360 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Glace_Bay

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8099
                            Entropy (8bit):3.737123408653655
                            Encrypted:false
                            SSDEEP:192:C1V2eXXnqvlrPGgFEUlpde9pXbO53oVmM7IEc2fVGYu2yeB/T/eleWmBk81kS/kQ:CDJv
                            MD5:3A839112950BFDFD3B5FBD440A2981E4
                            SHA1:FFDF034F7E26647D1C18C1F6C49C776AD5BA93ED
                            SHA-256:3D0325012AB7076FB31A68E33EE0EABC8556DFA78FBA16A3E41F986D523858FF
                            SHA-512:1E06F4F607252C235D2D69E027D7E0510027D8DB0EE49CF291C39D6FD010868EF6899437057DA489DD30981949243DDFA6599FD07CE80E05A1994147B78A76CE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Glace_Bay) {. {-9223372036854775808 -14388 0 LMT}. {-2131646412 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-536443200 -14400 0 AST}. {-526500000 -10800 1 ADT}. {-513198000 -14400 0 AST}. {-504907200 -14400 0 AST}. {63086400 -14400 0 AST}. {73461600 -10800 1 ADT}. {89182800 -14400 0 AST}. {104911200 -10800 1 ADT}. {120632400 -14400 0 AST}. {126244800 -14400 0 AST}. {136360800 -10800 1 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Godthab

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7186
                            Entropy (8bit):3.4539479411234977
                            Encrypted:false
                            SSDEEP:192:HzC1RFbvHQbnRJ2N+f4hQAa3/paCxwPQg07VvN/W5ylGiGJ3G5cGKQWaT7dZV4gF:t5lfDARzJXC
                            MD5:F7C502D77495455080AC3125CE2B42EA
                            SHA1:B4883AF71068903AFA372DBFA9E73A39B658A8FF
                            SHA-256:058FBB47D5CD3001C0E5A0B5D92ACE1F8A720527A673A78AB71925198AC0ACA1
                            SHA-512:B0361D7FB7B02C996B9E608F9B8B1D8DB76FC7D298FA9AC841C4C51A0469FF05A06E0F7829E6C7D810D13BDF3B792A9547B70F6721CA9D7544CBD94028364CAB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Godthab) {. {-9223372036854775808 -12416 0 LMT}. {-1686083584 -10800 0 -03}. {323845200 -7200 0 -02}. {338950800 -10800 0 -03}. {354675600 -7200 1 -02}. {370400400 -10800 0 -03}. {386125200 -7200 1 -02}. {401850000 -10800 0 -03}. {417574800 -7200 1 -02}. {433299600 -10800 0 -03}. {449024400 -7200 1 -02}. {465354000 -10800 0 -03}. {481078800 -7200 1 -02}. {496803600 -10800 0 -03}. {512528400 -7200 1 -02}. {528253200 -10800 0 -03}. {543978000 -7200 1 -02}. {559702800 -10800 0 -03}. {575427600 -7200 1 -02}. {591152400 -10800 0 -03}. {606877200 -7200 1 -02}. {622602000 -10800 0 -03}. {638326800 -7200 1 -02}. {654656400 -10800 0 -03}. {670381200 -7200 1 -02}. {686106000 -10800 0 -03}. {701830800 -7200 1 -02}. {717555600 -10800 0 -03}. {733280400 -7200 1 -02}. {749005200 -10800 0 -03}. {764730000 -7200 1 -02}. {780454800 -10800 0 -03

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Goose_Bay

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10015
                            Entropy (8bit):3.780383775128893
                            Encrypted:false
                            SSDEEP:192:z9zdvd8mSGDcfnrpbXXMqvlrPGgFEUlpd8ESeYPiVFuT/eleWmBk81kS/kV6kefD:z9zdvd7SGgcESeYPiV2Jv
                            MD5:77DEEF08876F92042F71E1DEFA666857
                            SHA1:7E21B51B3ED8EBEB85193374174C6E2BCA7FEB7F
                            SHA-256:87E9C6E265BFA58885FBEC128263D5E5D86CC32B8FFEDECAFE96F773192C18BE
                            SHA-512:C9AB8C9147354A388AEC5FE04C6C5317481478A07893461706CDC9FD5B42E31733EAC01C95C357F3C5DC3556C49F20374F58A6E0A120755D5E96744DE3A95A81
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Goose_Bay) {. {-9223372036854775808 -14500 0 LMT}. {-2713895900 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1096921748 -12600 0 NST}. {-1072989000 -12600 0 NST}. {-1061670600 -9000 1 NDT}. {-1048973400 -12600 0 NST}. {-1030221000 -9000 1 NDT}. {-1017523800 -12600 0 NST}. {-998771400 -9000 1 NDT}. {-986074200 -12600 0 NST}. {-966717000 -9000 1 NDT}. {-954624600 -12600 0 NST}. {-935267400 -9000 1 NDT}. {-922570200 -12600 0 NST}. {-903817800 -9000 1 NDT}. {-891120600 -12600 0 NST}. {-872368200 -9000 0 NWT}. {-769395600 -9000 1 NPT}. {-765401400 -12600 0 NST}. {-757369800 -12600 0 NST}. {-746044200 -9000 1 NDT}. {-733347000 -12600 0 NST}. {-714594600 -9000 1 NDT}. {-701897400 -12600 0 NST}. {-683145000 -9000 1 NDT}. {-670447800 -12600 0 NST}. {-6516954

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Grand_Turk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7307
                            Entropy (8bit):3.755018614919114
                            Encrypted:false
                            SSDEEP:96:hrZaC3Xm8sHRyvOTFhP5S+ijFnRaJeaX1eyDt:htrn+cvOTFhPI1jFIL
                            MD5:8582299C1262010B6843306D65DB436C
                            SHA1:70DB6B507D7F51B1E2C96E087CD7987EB69E9A1D
                            SHA-256:7CFBA4D1B1E6106A0EC6D6B5600791D6A33AD527B7D47325C3AB9524B17B1829
                            SHA-512:CC12912C38D85B23242C69211BA2B58167C55836D51DB02E6D820CDBD6368F835893AF656FC81F73EA745FD786E9134EC4A3E8D325D1515A01540E8A7EBEF03B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Grand_Turk) {. {-9223372036854775808 -17072 0 LMT}. {-2524504528 -18430 0 KMT}. {-1827687170 -18000 0 EST}. {284014800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Grenada

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):202
                            Entropy (8bit):4.877543794488217
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX2905Qb90e/:MBaIMY9QpI290Ob90O
                            MD5:C62E81B423F5BA10709D331FEBAB1839
                            SHA1:F7BC5E7055E472DE33DED5077045F680843B1AA7
                            SHA-256:0806C0E907DB13687BBAD2D22CEF5974D37A407D00E0A97847EC12AF972BCFF3
                            SHA-512:7D7090C3A6FEBE67203EB18E06717B39EC62830757BAD5A40E0A7F97572ABB81E81CAB614AA4CD3089C3787DAA6293D6FED0137BB57EF3AE358A92FCDDCF52A8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Grenada) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Guadeloupe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):205
                            Entropy (8bit):4.914669229343752
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX2905AJLr490e/:MBaIMY9QpI290qJLr490O
                            MD5:026A098D231C9BE8557A7F4A673C1BE2
                            SHA1:192EECA778E1E713053D37353AF6D3C168D2BFF5
                            SHA-256:FFE0E204D43000121944C57D2B2A846E792DDC73405C02FC5E8017136CD55BCB
                            SHA-512:B49BD0FC12CC8D475E7E5116B8BDEA1584912BFA433734451F4338E42B5E042F3EC259E81C009E85798030E21F658158FA9F4EFC60078972351F706F852425E3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Guadeloupe) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Guatemala

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):385
                            Entropy (8bit):4.450029420195016
                            Encrypted:false
                            SSDEEP:12:MBp52906GdJmdHKznI2f/uFn/z/uFn/w67Rd3/uFn/4Bx/uFn/xAQ:cQ8JeQXfSn/zSn/w67Rd3Sn/4HSn/j
                            MD5:6E3FD9D19E0CD26275B0F95412F13F4C
                            SHA1:A1B6D6219DEBDBC9B5FFF5848E5DF14F8F4B1158
                            SHA-256:1DC103227CA0EDEEBA8EE8A41AE54B3E11459E4239DC051B0694CF7DF3636F1A
                            SHA-512:BF615D16BB55186AFC7216B47250EE84B7834FD08077E29E0A8F49C65AACAAD8D27539EA751202EBFF5E0B00702EC59B0A7D95F5FB585BFED68AC6206416110D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guatemala) {. {-9223372036854775808 -21724 0 LMT}. {-1617040676 -21600 0 CST}. {123055200 -18000 1 CDT}. {130914000 -21600 0 CST}. {422344800 -18000 1 CDT}. {433054800 -21600 0 CST}. {669708000 -18000 1 CDT}. {684219600 -21600 0 CST}. {1146376800 -18000 1 CDT}. {1159678800 -21600 0 CST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Guayaquil

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):240
                            Entropy (8bit):4.690879495223713
                            Encrypted:false
                            SSDEEP:6:SlSWB9X529056m2OHHjGeP5lahicKpKV91EX/uFkfF/KV9C:MBp5290smdHHLP5C/gO9U/uFEF/O9C
                            MD5:58E0902DC63F2F584AD72E6855A68BB8
                            SHA1:C8ED225C95DB512CB860D798E6AF648A321B82E7
                            SHA-256:D940627FFCBE6D690E34406B62EE4A032F116DF1AB81631E27A61E16BD4051E2
                            SHA-512:EF2523F2C55890BE4CE78DA2274833647587CF6F48B144C8261EB69B24BA73946B63244F03FEDF37A990FCAFECB2D88F4ECE302993F115C06323721E570EDD99
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guayaquil) {. {-9223372036854775808 -19160 0 LMT}. {-2524502440 -18840 0 QMT}. {-1230749160 -18000 0 -05}. {722926800 -14400 1 -05}. {728884800 -18000 0 -05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Guyana

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):4.687194013851928
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52905R3Lm2OHRjGeTShVy4yViUKcVVFAH/MIB/O9:MBp5290LLmdHVTiy4yVi7c/OH/MG/O9
                            MD5:CF5AD3AFBD735A42E3F7D85064C16AFC
                            SHA1:B8160F8D5E677836051643622262F13E3AE1B0BE
                            SHA-256:AF2EC2151402DF377E011618512BBC25A5A6AC64165E2C42212E2C2EC182E8F1
                            SHA-512:F69F10822AB115D25C0B5F705D294332FAAA66EB0BA2D98A6610A35E1FA5ED05F02B3DDBB4E37B9B4A77946C05E28C98113DBF11EDF8DB2661A2D8ED40711182
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Guyana) {. {-9223372036854775808 -13960 0 LMT}. {-1730578040 -13500 0 -0345}. {176010300 -10800 0 -03}. {662698800 -14400 0 -04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Halifax

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10763
                            Entropy (8bit):3.724988391778253
                            Encrypted:false
                            SSDEEP:192:Y7Z1hubfVmv0SqJXDiFHrbm96qddObEn/RDzWRfQFQ4XL8vG+81VcfnrpbXXnqvo:823ZLYvuOZJv
                            MD5:7DE8E355A725B3D9B3FD06A838B9715F
                            SHA1:41C6AAEA03FC7FEED50CFFFC4DFF7F35E2B1C23D
                            SHA-256:5F65F38FFA6B05C59B21DB98672EB2124E4283530ACB01B22093EAEFB256D116
                            SHA-512:4C61A15DDF28124343C1E6EFE068D15E48F0662534486EC38A4E2731BE085CDA5856F884521EF32A6E0EDD610A8A491A722220BDD1BAF2A9652D8457778AF696
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Halifax) {. {-9223372036854775808 -15264 0 LMT}. {-2131645536 -14400 0 AST}. {-1696276800 -10800 1 ADT}. {-1680469200 -14400 0 AST}. {-1640980800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1609444800 -14400 0 AST}. {-1566763200 -10800 1 ADT}. {-1557090000 -14400 0 AST}. {-1535486400 -10800 1 ADT}. {-1524949200 -14400 0 AST}. {-1504468800 -10800 1 ADT}. {-1493413200 -14400 0 AST}. {-1472414400 -10800 1 ADT}. {-1461963600 -14400 0 AST}. {-1440964800 -10800 1 ADT}. {-1429390800 -14400 0 AST}. {-1409515200 -10800 1 ADT}. {-1396731600 -14400 0 AST}. {-1376856000 -10800 1 ADT}. {-1366491600 -14400 0 AST}. {-1346616000 -10800 1 ADT}. {-1333832400 -14400 0 AST}. {-1313956800 -10800 1 ADT}. {-1303678800 -14400 0 AST}. {-1282507200 -10800 1 ADT}. {-1272661200 -14400 0 AST}. {-1251057600 -10800 1 ADT}. {-1240088400

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Havana

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8444
                            Entropy (8bit):3.7372403334059547
                            Encrypted:false
                            SSDEEP:192:VXA0Bc0tTJtNliQ4sxgpuG4c2JPTxUw9Or2ocrPGSyM9Gk4LK46MCf7VkXgySCWv:VXA0Bc0tTJtNliQ4sxSuG4c2JPTxUw9F
                            MD5:C436FDCDBA98987601FEFC2DBFD5947B
                            SHA1:A04CF2A5C9468C634AED324CB79F9EE3544514B7
                            SHA-256:32F8B4D03E4ACB466353D72DAA2AA9E1E42D454DBBA001D0B880667E6346B8A1
                            SHA-512:56C25003685582AF2B8BA4E32EFF03EF10F4360D1A12E0F1294355000161ADDF7024CBD047D1830AB884BE2C385FD8ABE8DA5C30E9A0671C22E84EE3BF957D85
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Havana) {. {-9223372036854775808 -19768 0 LMT}. {-2524501832 -19776 0 HMT}. {-1402813824 -18000 0 CST}. {-1311534000 -14400 1 CDT}. {-1300996800 -18000 0 CST}. {-933534000 -14400 1 CDT}. {-925675200 -18000 0 CST}. {-902084400 -14400 1 CDT}. {-893620800 -18000 0 CST}. {-870030000 -14400 1 CDT}. {-862171200 -18000 0 CST}. {-775681200 -14400 1 CDT}. {-767822400 -18000 0 CST}. {-744231600 -14400 1 CDT}. {-736372800 -18000 0 CST}. {-144702000 -14400 1 CDT}. {-134251200 -18000 0 CST}. {-113425200 -14400 1 CDT}. {-102542400 -18000 0 CST}. {-86295600 -14400 1 CDT}. {-72907200 -18000 0 CST}. {-54154800 -14400 1 CDT}. {-41457600 -18000 0 CST}. {-21495600 -14400 1 CDT}. {-5774400 -18000 0 CST}. {9954000 -14400 1 CDT}. {25675200 -18000 0 CST}. {41403600 -14400 1 CDT}. {57729600 -18000 0 CST}. {73458000 -14400 1 CDT}. {87364800 -18000 0 CST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Hermosillo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):595
                            Entropy (8bit):4.2803367804689785
                            Encrypted:false
                            SSDEEP:12:MBp5290ebmdH5NWw+Ux++vTQtFlvm0tFXtFjV5a:cQBe5gfUT7UFltF9FjV5a
                            MD5:9D1A1746614CE2CEE26D066182938CDC
                            SHA1:967590403A84E80ED299B8D548A2B37C8EEB21CE
                            SHA-256:493DB3E7B56B2E6B266A5C212CD1F75F1E5CF57533DA03BB1C1F2449543B9F48
                            SHA-512:DFAE6BC48F2E4B75DD6744AEE57D31D6A6E764D02DCA5731C7B516AD87B9BAB2FEB355A012EC38BDD53008B501B0744953EB7E0677F02B9EAF083D2E66042B37
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Hermosillo) {. {-9223372036854775808 -26632 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {915174000 -25200 0 MST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Indianapolis

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6996
                            Entropy (8bit):3.799188069575817
                            Encrypted:false
                            SSDEEP:96:uRXxWMzJ2eQzURWu3N7sHRwvOTFhP5S+ijFnRaJeaX1eyDt:uRXxWUJ2eQzURWu3NOqvOTFhPI1jFIL
                            MD5:154A332C3ACF6D6F358B07D96B91EBD1
                            SHA1:FC16E7CBE179B3AB4E0C2A61AB5E0E8C23E50D50
                            SHA-256:C0C7964EBF9EA332B46D8B928B52FDE2ED15ED2B25EC664ACD33DA7BF3F987AE
                            SHA-512:5831905E1E6C6FA9DD309104B3A2EE476941D6FF159764123A477E2690C697B0F19EDEA0AD0CD3BBBECF96D64DC4B981027439E7865FCB1632661C8539B3BD6C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Indianapolis) {. {-9223372036854775808 -20678 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1577901600 -21600 0 CST}. {-900259200 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Knox

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8470
                            Entropy (8bit):3.7546412701514034
                            Encrypted:false
                            SSDEEP:192:AXxr2eQzURWu3Oab9BxXI6X8xYIIOdXkqbfkeTzZSJw5/9/yuvQ+hcr8bYkzbXw6:AXxr2eQzUwu3Oab9BxXI6XUYIIOdXkqv
                            MD5:E8AFD9E320A7F4310B413F8086462F31
                            SHA1:7BEE624AAC096E9C280B4FC84B0671381C657F6C
                            SHA-256:BE74C1765317898834A18617352DF3B2952D69DE4E294616F1554AB95824DAF0
                            SHA-512:C76620999A293FA3A93CA4615AB78F19395F12CC08C242F56BFD4C4CAF8BC769DDEBF33FF10F7DA5A3EFD8ED18792362780188636075419014A8C099A897C43C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Knox) {. {-9223372036854775808 -20790 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-725824800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-415818000 -21600 0 CST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Marengo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7037
                            Entropy (8bit):3.786429098558221
                            Encrypted:false
                            SSDEEP:96:FXx3knO559B18XWRh0ksHRwvOTFhP5S+ijFnRaJeaX1eyDt:FXxUnO559B2XWRh0pqvOTFhPI1jFIL
                            MD5:456422A0D5BE8FBF5DBD0E75D8650894
                            SHA1:737AC21F019A7E89689B9C8B465C8482FF4F403E
                            SHA-256:C92D86CACFF85344453E1AFBC124CE11085DE7F6DC52CB4CBE6B89B01D5FE2F3
                            SHA-512:372AEBB2F13A50536C36A025881874E5EE3162F0168B71B2083965BECBBFCA3DAC726117D205D708CC2B4F7ABE65CCC2B3FE6625F1403D97001950524D545470
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Marengo) {. {-9223372036854775808 -20723 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-599594400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Petersburg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7364
                            Entropy (8bit):3.79636789874872
                            Encrypted:false
                            SSDEEP:192:pXxS559B2XW6X8x3X3D2D8IOdXkqbfkeTzlbaqvOTFhPI1jFIL:pXxS559B2XW6XU3X3D2D8IOdXkqbfNT2
                            MD5:9614153F9471187A2F92B674733369A0
                            SHA1:199E8D5018A374EDB9592483CE4DDB30712006E3
                            SHA-256:5323EBC8D450CC1B53AED18AD209ADEB3A6EEB5A00A80D63E26DB1C85B6476ED
                            SHA-512:2A1E26D711F62C51A5EE7014584FAF41C1780BD62573247D45D467500C6AB9A9EAD5A382A1986A9D768D7BB927E4D391EA1B7A4AD9A54D3B05D8AD2385156C33
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Petersburg) {. {-9223372036854775808 -20947 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-473364000 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-292438800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-257965200 -21600 0 CST}. {-242236800 -18000 1 CDT}. {-226515600 -21600 0 CST}. {-210787200 -18000 1 CDT}. {-195066000 -21600 0 CST}. {-179337600 -18000 1 CDT}. {-163616400 -21600 0 CST

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Tell_City

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6992
                            Entropy (8bit):3.7768650637181533
                            Encrypted:false
                            SSDEEP:192:CXxjL36559B2XI6XE3X3D2E0bYkzbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3g:CXxjL36559B2XI6XE3X3D2E0bYkzbXw6
                            MD5:D0F40504B578D996E93DAE6DA583116A
                            SHA1:4D4D24021B826BFED2735D42A46EEC1C9EBEA8E3
                            SHA-256:F4A0572288D2073D093A256984A2EFEC6DF585642EA1C4A2860B38341D376BD8
                            SHA-512:BA9D994147318FF5A53D45EC432E118B5F349207D58448D568E0DB316452EF9FD620EE4623FD4EAD123BC2A6724E1BAE2809919C58223E6FD4C7A20F004155E0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Tell_City) {. {-9223372036854775808 -20823 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Vevay

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6350
                            Entropy (8bit):3.782861360101505
                            Encrypted:false
                            SSDEEP:96:K9Xx3+lsHRwvOTFhP5S+ijFnRaJeaX1eyDt:6XxuoqvOTFhPI1jFIL
                            MD5:35A64C161E0083DCE8CD1E8E1D6EBE85
                            SHA1:9BC295C23783C07587D82DA2CC25C1A4586284B2
                            SHA-256:75E89796C6FB41D75D4DDA6D94E4D27979B0572487582DC980575AF6656A7822
                            SHA-512:7BAF735DA0DE899653F60EED6EEF53DD8A1ABC6F61F052B8E37B404BC9B37355E94563827BC296D8E980C4247864A57A117B7B1CB58A2C242991BBDC8FE7174E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vevay) {. {-9223372036854775808 -20416 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-495043200 -18000 0 EST}. {-31518000 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {1136091600 -18000 0 EST}. {1143961200 -14400 1 EDT}. {1162101600 -18000 0 EST}. {1173596400 -14400 1 EDT}. {1194156000 -18000 0 EST}. {1205046000 -14400 1 EDT}. {1225605600 -18000 0 EST}. {1236495600 -14400 1 EDT}. {1257055200 -18000 0 EST}. {1268550000 -14400 1 EDT}. {1289109600 -18000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Vincennes

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6992
                            Entropy (8bit):3.795913753683276
                            Encrypted:false
                            SSDEEP:192:TXxjL36559B2XI6XE3X3D2E0baqvOTFhPI1jFIL:TXxjL36559B2XI6XE3X3D2E0bZ3+
                            MD5:AD8B44BD0DBBEB06786B2B281736A82B
                            SHA1:7480D3916F0ED66379FC534F20DC31001A3F14AF
                            SHA-256:18F35F24AEF9A937CD9E91E723F611BC5D802567A03C5484FAB7AEEC1F2A0ED0
                            SHA-512:7911EC3F1FD564C50DEAF074ED99A502A9B5262B63E3E0D2901E21F27E90FBD5656A53831E61B43A096BA1FF18BB4183CCCE2B903782C2189DAAFDD7A90B3083
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Vincennes) {. {-9223372036854775808 -21007 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-462996000 -18000 1 CDT}. {-450291600 -21600 0 CST}. {-431539200 -18000 1 CDT}. {-418237200 -21600 0 CST}. {-400089600 -18000 1 CDT}. {-386787600 -21600 0 CST}. {-368640000 -18000 1 CDT}. {-355338000 -21600 0 CST}. {-337190400 -18000 1 CDT}. {-323888400 -21600 0 CST}. {-305740800 -18000 1 CDT}. {-289414800 -21600 0 CST}. {-273686400 -18000 1 CDT}. {-260989200 -21600 0 CST}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indiana\Winamac

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7170
                            Entropy (8bit):3.7942292979267767
                            Encrypted:false
                            SSDEEP:192:YXxjJ2eQzURWu3Oab9B2XWR0/qvOTFhPI1jFIL:YXxjJ2eQzUwu3Oab9B2XWR0M3+
                            MD5:40D8E05D8794C9D11DF018E3C8B8D7C0
                            SHA1:58161F320CB46EC72B9AA6BAD9086F18B2E0141B
                            SHA-256:A13D6158CCD4283FE94389FD341853AD90EA4EC505D37CE23BD7A6E7740F03F6
                            SHA-512:BC45B6EFF1B879B01F517D4A4012D0AFBA0F6A9D92E862EF9A960FE07CBE216C8C929FE790044C566DC95981EC4BEAB3DCBD45A1FE597606CF601214A78AEA08
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Indiana/Winamac) {. {-9223372036854775808 -20785 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620841600 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-447267600 -21600 0 CST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Indianapolis

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):228
                            Entropy (8bit):4.655121947675421
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBL2903GfJ4903GK1:MBaIMY3GK7Hp3GKBL2903GfJ4903GK1
                            MD5:CB79BE371FAB0B0A5EBEB1BA101AA8BA
                            SHA1:6A24348AB24D6D55A8ABDEE1500ED03D5D1357F3
                            SHA-256:6AABF28AC5A766828DD91F2EE2783F50E9C6C6307D8942FCD4DFAE21DB2F1855
                            SHA-512:156E1E7046D7A0938FE4BF40BC586F0A7BEF1B0ED7B887665E9C6041980B511F079AA739B7BD42A89794CB9E82DB6629E81DD39D2F8161DFABDED539E272FB6E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:America/Indianapolis) $TZData(:America/Indiana/Indianapolis).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Inuvik

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7389
                            Entropy (8bit):3.778898781146325
                            Encrypted:false
                            SSDEEP:96:/ZGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:/EVUC2mWBNwWTxyWR
                            MD5:EFEFB694C4F54583C0ED45A955E823AF
                            SHA1:6FF35D151E8E1DED0DC362671FFF904B3CFF59B4
                            SHA-256:72C48C0CCC1B8C1BD80E5BB5B8879A07A2DBE82317667568523BBE1F855E4883
                            SHA-512:52BDACF02C5A595927FF9B7DC0151367C81B259C8831A91F66A0C10D5271DCDF834763F44868CCF7EDA497295D9D55C49C8F8FD43EEC383C29BC3CABAA4B6B0F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Inuvik) {. {-9223372036854775808 0 0 -00}. {-536457600 -28800 0 PST}. {-147888000 -21600 1 PDDT}. {-131558400 -28800 0 PST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {688550400 -25200 0 MST}. {702464400 -21600 1 MDT}. {720000000 -25200 0 MST}. {733914000 -

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Iqaluit

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7421
                            Entropy (8bit):3.7475594770809835
                            Encrypted:false
                            SSDEEP:96:0/GC3XmzdsHRwvOTFhP5S+ijFnRaJeaX1eyDt:0/Pn0gqvOTFhPI1jFIL
                            MD5:67B9C859DCD38D60EB892500D7287387
                            SHA1:E91BE702B1D97039528A3F540D1FFFF553683CE9
                            SHA-256:34D907D9F2B36DC562DCD4E972170011B4DA98F9F6EDA819C50C130A51F1DBED
                            SHA-512:239B0BA842C1432DB5A6DE4E0A63CDE4B4800FC76AE237B0E723116426F0700FFF418634FB1B5641B87E7792709E16A9ED679E37A570E9D723E3561C2B6B45B5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Iqaluit) {. {-9223372036854775808 0 0 -00}. {-865296000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-147898800 -10800 1 EDDT}. {-131569200 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}. {499240800 -18000 0 EST}. {514969200 -14400 1 EDT}. {530690400 -18000 0 EST}. {544604400 -14400 1 EDT}. {562140000 -18000 0 EST}. {576054000 -14400 1 EDT}. {594194400 -18000 0 EST}. {607503600 -14400 1 EDT}. {625644000 -18000 0 EST}. {638953200 -14400 1 EDT}. {657093600 -18000 0 EST}. {671007600 -14400 1 EDT}. {688543200 -18000 0 EST}. {702457200 -14400 1 EDT}. {71999280

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Jamaica

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):818
                            Entropy (8bit):4.132568007446054
                            Encrypted:false
                            SSDEEP:24:cQ1ewtWFD/u/Ip/uJD/u2lR/utzN54i/uhU/ufUF5/uDBq/u63gU/u3Zh/u4u8H:5htWFYIgxmzfwuFqBG3g/k8H
                            MD5:5C35FFB7D73B7F46DB4A508CF7AB1C54
                            SHA1:5C631104044E9413C86F95E072A630C2AD9EA56D
                            SHA-256:7FDD008C250308942D0D1DE485B05670A6A4276CB61F5F052385769B7E1906C1
                            SHA-512:7B3FF2C945598DDBF43B0BD0650192D6C70B333BF89916013C35F56DC1489CB65A72BA70FB0AE7341C71A71D4B73805F9D597A5B5FA525F4BFB1DF0F582641AE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Jamaica) {. {-9223372036854775808 -18430 0 LMT}. {-2524503170 -18430 0 KMT}. {-1827687170 -18000 0 EST}. {126248400 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {441781200 -18000 0 EST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Jujuy

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):206
                            Entropy (8bit):4.89710274358395
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/MI1VAIgp/MI+290pPGe90/MIE:MBaIMY/Mvp/Mh290h390/MB
                            MD5:320C83EFE59FD60EB9F5D4CF0845B948
                            SHA1:5A71DFAE7DF9E3D8724DFA533A37744B9A34FFEC
                            SHA-256:67740B2D5427CFCA70FB53ABD2356B62E01B782A51A805A324C4DFAD9ACA0CFA
                            SHA-512:D7A6378372386C45C907D3CB48B923511A719794B0C0BFA3694DBCE094A46A48249720653836C2F10CBB2178DD8EEEEA6B5019E4CC6C6B650FD7BE256BE1CA99
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Jujuy)]} {. LoadTimeZoneFile America/Argentina/Jujuy.}.set TZData(:America/Jujuy) $TZData(:America/Argentina/Jujuy).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Juneau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8406
                            Entropy (8bit):3.8821515247187883
                            Encrypted:false
                            SSDEEP:96:sL19jPaps/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:sB9jPP/4h5sBPy+CMt/ElALLVuAH
                            MD5:7D338E0224E7DDC690766CDC3E436805
                            SHA1:89BB26B7731AC40DE75FFCD854BA4D30A0F1B716
                            SHA-256:B703FC5AA56667A5F27FD80E5042AFE0F22F5A7EF7C5174646B2C10297E16810
                            SHA-512:7B52EDD2FE3ECAB682138EC867B4D654A08BEA9C4A3BB20E1ED69F03DD9EF91A3B707C78D25CA5A32938152157E98188A253AD2D2D283EF24ECE7352BCB88B67
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Juneau) {. {-9223372036854775808 54139 0 LMT}. {-3225223727 -32261 0 LMT}. {-2188954939 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Kentucky\Louisville

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9332
                            Entropy (8bit):3.769996646995791
                            Encrypted:false
                            SSDEEP:192:wmXxSkUArUfxLURWu3O5bMQxXI6Xah0drn+qvOTFhPI1jFIL:wmXxSkUArUfxLUwu3O5bMQxXI6Xah2n8
                            MD5:D9BC20AFD7DA8643A2091EB1A4B48CB3
                            SHA1:9B567ABF6630E7AB231CAD867AD541C82D9599FF
                            SHA-256:B4CC987A6582494779799A32A9FB3B4A0D0298425E71377EB80E2FB4AAAEB873
                            SHA-512:0BC769A53E63B41341C25A0E2093B127064B589F86483962BD24DB4082C4466E12F4CD889B82AD0134C992E984EF0897113F28321522B57BA45A98C15FF7E172
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Louisville) {. {-9223372036854775808 -20582 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-1546279200 -21600 0 CST}. {-1535904000 -18000 1 CDT}. {-1525280400 -21600 0 CST}. {-905097600 -18000 1 CDT}. {-891795600 -21600 0 CST}. {-883591200 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-744224400 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-684349200 -18000 1 CDT}. {-652899600 -18000 1 CDT}. {-620845200 -18000 1 CDT}. {-608144400 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Kentucky\Monticello

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8279
                            Entropy (8bit):3.785637200740036
                            Encrypted:false
                            SSDEEP:192:jFPXxEOdXkqbfkeTzZSJw5/9/yuvQ+hcrD57X0N41+gqvOTFhPI1jFIL:5PXxEOdXkqbfNTzZSJw5/9/yuvQ6crD9
                            MD5:0C6F5C9D1514DF2D0F8044BE27080EE2
                            SHA1:70CBA0561E4319027C60FB0DCF29C9783BFE8A75
                            SHA-256:1515460FBA496FE8C09C87C51406F4DA5D77C11D1FF2A2C8351DF5030001450F
                            SHA-512:17B519BCC044FE6ED2F16F2DFBCB6CCE7FA83CF17B9FC4A40FDA21DEFBA9DE7F022A50CF5A264F3090D57D51362662E01C3C60BD125430AEECA0887BB8520DB1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Kentucky/Monticello) {. {-9223372036854775808 -20364 0 LMT}. {-2717647200 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-63136800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Knox_IN

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):199
                            Entropy (8bit):4.8191308888643345
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y73GKXFVAIgp3GK4N2901iZ903GKk:MBaIMY3GKXQp3GKe290Q903GKk
                            MD5:465D405C9720EB7EC4BB007A279E88ED
                            SHA1:7D80B8746816ECF4AF45166AED24C731B60CCFC6
                            SHA-256:BE85C86FBD7D396D2307E7DCC945214977829E1314D1D71EFAE509E98AC15CF7
                            SHA-512:C476022D2CC840793BF7B5841051F707A30CCAB1022E30FB1E45B420077417F517BEDA5564EFB154283C7C018A9CA09D10845C6A1BFE2A2DE7C939E307BDCE6F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:America/Knox_IN) $TZData(:America/Indiana/Knox).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Kralendijk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):4.810917109656368
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx09CvjHVAIg209CvjvQ2IAcGE1QOa0IAcGE9Cvju:SlSWB9IZaM3y79CzVAIgp9CE2901Qv0k
                            MD5:4763D6524D2D8FC62720BCD020469FF6
                            SHA1:EE567965467E4F3BDFE4094604E526A49305FDD8
                            SHA-256:A794B43E498484FFD83702CFB9250932058C01627F6F6F4EE1432C80A9B37CD6
                            SHA-512:37462E0A3C24D5BAEBDD1ADCF8EE94EA07682960D710D57D5FD05AF9C5F09FF30312528D79516A16A0A84A2D351019DBB33308FC39EC468033B18FB0AC872C13
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Kralendijk) $TZData(:America/Curacao).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\La_Paz

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):210
                            Entropy (8bit):4.853705210019575
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52IAcGEyUMWkXGm2OHpJvvvX+nFp1vZSsXxyFYMUmBXlVvG9:SlSWB9X5290Xm2OHphvPKZpyFMmBVVO9
                            MD5:FE113AA98220A177DA9DD5BF588EB317
                            SHA1:083F2C36FF97185E2078B389F6DB2B3B04E95672
                            SHA-256:AF2A931C2CC39EED49710B9AFDBB3E56F1E4A1A5B9B1C813565BE43D6668493A
                            SHA-512:B6A34966F4150E3E3785563DFEB543726868923DB3980F693B4F2504B773A6CFD4102225C24897C81F1B3D22F35D1BE92D5ECE19F03028AC485A6B975896BB8F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/La_Paz) {. {-9223372036854775808 -16356 0 LMT}. {-2524505244 -16356 0 CMT}. {-1205954844 -12756 1 BST}. {-1192307244 -14400 0 -04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Lima

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):444
                            Entropy (8bit):4.171707948838632
                            Encrypted:false
                            SSDEEP:12:MBp5290BbmdH4VPvut/O9F/O9BQXR/uFEC3/O9Ge/uFAs/O92/O9PF/O9R8/O9Tu:cQye8mV6FC4R/u1Cp/u2sC2CdC6CTSPV
                            MD5:D20722EC3E24AA65C23DB94006246684
                            SHA1:3E9D446FFA6163ED658D947BB582C9F566374777
                            SHA-256:593FEBC924D0DE7DA5FC482952282F1B1E3432D7509798F475B13743047286DA
                            SHA-512:326E300C837981DEFC497B5E467EA70DC2F6F10765FAB39977A2F03F3BEF0A0917EFD0524E2B66CBCFE0EE424273594437E098C6503EFC73002673678016C605
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Lima) {. {-9223372036854775808 -18492 0 LMT}. {-2524503108 -18516 0 LMT}. {-1938538284 -14400 0 -05}. {-1002052800 -18000 0 -05}. {-986756400 -14400 1 -05}. {-971035200 -18000 0 -05}. {-955306800 -14400 1 -05}. {-939585600 -18000 0 -05}. {512712000 -18000 0 -05}. {544248000 -18000 0 -05}. {638942400 -18000 0 -05}. {765172800 -18000 0 -05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Los_Angeles

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9409
                            Entropy (8bit):3.767062784666229
                            Encrypted:false
                            SSDEEP:192:lBY5PBFx/9jgNf+aNwj/lpmlOxnKcndIG:lBY5PBFx/9wfefnK6
                            MD5:A661407CC08E68459018A636C8EF0EC1
                            SHA1:5524A613B07C4B4CA7404504EAD917E5B0A00112
                            SHA-256:C39E5A4C1482B13E862B4D36F4F4590BDF230BE44BAC30BDAB015CDBE02BE9C9
                            SHA-512:F5BD08D99E0B54911AC3ABFD413A1D98A0EB7F39A41E348E17D38EA9226A9320BA0CFE9CEB0954D158AB9B8761F0A9ECFB6F82DF033CD9B2234BC71A2D163B3A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Los_Angeles) {. {-9223372036854775808 -28378 0 LMT}. {-2717640000 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-687967140 -25200 1 PDT}. {-662655600 -28800 0 PST}. {-620838000 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589388400 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557938800 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526489200 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495039600 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463590000 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431535600 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400086000 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368636400 -25200 1 PDT}. {-355330800 -28800 0 PST}. {

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Louisville

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):223
                            Entropy (8bit):4.866250035215905
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y71PiKp4ozFVAIgp1PiKp4zL290hp4901PiKp4/:MBaIMYPyJpPyzL290P490Py/
                            MD5:3BAD2D8B6F2ECB3EC0BFA16DEAEBADC3
                            SHA1:2E8D7A5A29733F94FF247E7E62A7D99D5073AFDC
                            SHA-256:242870CE8998D1B4E756FB4CD7097FF1B41DF8AA6645E0B0F8EB64AEDC46C13C
                            SHA-512:533A6A22A11C34BCE3772BD85B6A5819CCCD98BF7ECED9E751191E5D1AD3B84F34D70F30936CFE501C2FA3F6AAC7ABB9F8843B7EB742C6F9C2AD4C22D5C73740
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Kentucky/Louisville)]} {. LoadTimeZoneFile America/Kentucky/Louisville.}.set TZData(:America/Louisville) $TZData(:America/Kentucky/Louisville).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Lower_Princes

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):4.81236985301262
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx09CvjHVAIg209CvjvQ2IAcGEyOqdVM1h4IAcGE9Cva:SlSWB9IZaM3y79CzVAIgp9CE290h48hf
                            MD5:EBB062CC0AA5C21F7C4278B79B9EAE6C
                            SHA1:6DFC8303BBE1FB990D7CB258E7DBC6270A5CFE64
                            SHA-256:4842420076033349DD9560879505326FFAB91BED75D6C133143FFBBFB8725975
                            SHA-512:5087C6257CA797317D049424324F5DC31BBD938436DCEB4CF4FE3D2520F7745F1C023E3EC48689957E389900EF2AACB3F5E9E49FD154DF51FF89F9A7173818CD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Curacao)]} {. LoadTimeZoneFile America/Curacao.}.set TZData(:America/Lower_Princes) $TZData(:America/Curacao).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Maceio

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1487
                            Entropy (8bit):3.655866753080831
                            Encrypted:false
                            SSDEEP:24:cQGEecc4h1u80V2dBUGphmC17ewGtN3rvIh0VKngBHZDIOXqWoN:5K4h19U2dBUGrmO7XGtN3kh0VKngBHZy
                            MD5:3BC7560FE4E357A36D53F6DCC1E6F176
                            SHA1:F9F647E5021344A3A350CD895A26B049331E7CF1
                            SHA-256:184EC961CA5D1233A96A030D75D0D47A4111717B793EE25C82C0540E25168BDD
                            SHA-512:0805146230F55E12D7524F3F4EDB53D9C6C41C6926FA0603B3958AA82E85C9531D8CBDF4DFF085189908F293A2B29FDFA1BAEFB0FDADF34134D6C4D2FCF19397
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Maceio) {. {-9223372036854775808 -8572 0 LMT}. {-1767217028 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {60

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Managua

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):590
                            Entropy (8bit):4.233264210289004
                            Encrypted:false
                            SSDEEP:12:MBp5290znTsmdHOYPprva6/wLAyM/uFn/V8/uFn/3Y/oA2P/RASx/uFn/G/uFn/M:cQGnoeOshRIpMSn/V8Sn/3YVgJvxSn/6
                            MD5:6BF9AB156020E7AC62F93F561B314CB8
                            SHA1:7484A57EADCFD870490395BB4D6865A2E024B791
                            SHA-256:D45B4690B43C46A7CD8001F8AE950CD6C0FF7B01CD5B3623E3DD92C62FD5E473
                            SHA-512:CF02E62650679D8E2D58D0D70DE2322CAAA6508AF4FF7A60E415AA8AA3A9D26D1A191CFAE986ACAF0AEF1DFC4C2E34F9A5B6EDC2018E0B7E9000917D429FB587
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Managua) {. {-9223372036854775808 -20708 0 LMT}. {-2524500892 -20712 0 MMT}. {-1121105688 -21600 0 CST}. {105084000 -18000 0 EST}. {161758800 -21600 0 CST}. {290584800 -18000 1 CDT}. {299134800 -21600 0 CST}. {322034400 -18000 1 CDT}. {330584400 -21600 0 CST}. {694260000 -18000 0 EST}. {717310800 -21600 0 CST}. {725868000 -18000 0 EST}. {852094800 -21600 0 CST}. {1113112800 -18000 1 CDT}. {1128229200 -21600 0 CST}. {1146384000 -18000 1 CDT}. {1159682400 -21600 0 CST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Manaus

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1127
                            Entropy (8bit):3.6965365214193797
                            Encrypted:false
                            SSDEEP:24:cQGnveI8Sos/USws/QSI/LHSD/vOSy/WS3o/aS2/vSh/TSSX/WcSp/ySZd/YlSjc:5rSaSwXS4SqSbS3JSySxSxcSESAlSQSk
                            MD5:BFCC0D7639AE2D973CDBD504E99A58B8
                            SHA1:E8C43C5B026891D3E9B291446ABC050E7A100C71
                            SHA-256:1237FF765AA4C5530E5250F928DFAB5BB687C72C990A37B87E9DB8135C5D9CBD
                            SHA-512:DAD87E612161A136606E50944C50401AFD4C11D51A016704BDD070E52ED3BAC56E0E7BCFD83E7DA392FC8D2278E5F9EF6C0C466372F58AFA1005C4156CDA189D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Manaus) {. {-9223372036854775808 -14404 0 LMT}. {-1767211196 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -1440

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Marigot

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):202
                            Entropy (8bit):4.890561068654966
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290zzJ/90e/:MBaIMY9QpI290zzN90O
                            MD5:3340CD9706ECBB2C6BCB16F1D75C5428
                            SHA1:FE230B53F0DCCE15C14C91F43796E46DA5C1A2CE
                            SHA-256:BC2F908758F074D593C033F7B1C7D7B4F81618A4ED46E7907CD434E0CCFEE9F4
                            SHA-512:016AB54B9E99600A296D99A036A555BB79E3C5FDB0F1BEB516AFFE17B7763D864CB076B9C2D95547ED44BA2F6FC372CDFF25708C5423E1CF643AB6F0AA78E0E3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Marigot) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Martinique

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):242
                            Entropy (8bit):4.7982301339896285
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5290zlJm2OHfueP9dMQR5OfT/VVFUFkCFeR/r:MBp5290znmdHfnP9dMQR5Gb/uFkCFO/r
                            MD5:2F7A1415403071E5D2E545C1DAA96A15
                            SHA1:6A8FB2ABAD2B2D25AF569624C6C9AAE9821EF70B
                            SHA-256:40F3C68A518F294062AC3DD5361BB9884308E1C490EF11D2CFDC93CB219C3D26
                            SHA-512:3E4D94AB6A46E6C3BB97304F3A5596A06041C0E0935CC840F4A6EB56D0892778F853959A742C5B832CD8F07AB9B74539C45599F22C080577503B2E34B6CE28C5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Martinique) {. {-9223372036854775808 -14660 0 LMT}. {-2524506940 -14660 0 FFMT}. {-1851537340 -14400 0 AST}. {323841600 -10800 1 ADT}. {338958000 -14400 0 AST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Matamoros

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6526
                            Entropy (8bit):3.7582526108760064
                            Encrypted:false
                            SSDEEP:192:t+vN41+z6stuNEsRZLbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaANIsr2:taN41+z6stuNEsRZLbXwDTIRqfh57TlE
                            MD5:2BBAA150389EAAE284D905A159A61167
                            SHA1:0001B50C25FC0CDF015A60150963AAF895EEDEEF
                            SHA-256:A7966B95DBE643291FB68E228B60E2DC780F8155E064D96B670C8290F104E4AB
                            SHA-512:87CE18E7E4C2C59A953CD47005EF406F4923730459996B1BF09B04FFD9CD5F963A9E50299ECCDBF4B24C565412B706B1ABC39890D659E6F409F1BA50308E57F9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Matamoros) {. {-9223372036854775808 -24000 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Mazatlan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6619
                            Entropy (8bit):3.788952004807415
                            Encrypted:false
                            SSDEEP:96:W7ezBT8tRkfKxhzY720zaOXmlITHjLc1cb:X8tRkfKv+2wB9h
                            MD5:4D63766E65BF3E772CCEC2D6DB3E2D3E
                            SHA1:DB541D2908159C7EF98F912D8DBC36755FFD13F3
                            SHA-256:81CEA4A397AF6190FD250325CF513976B3508209AE3A88FDFD55490A5016A36D
                            SHA-512:DFAF1B3547B1B1B78B33F1F0F5E9624C693492687EC5D060FC4C6CBE2AFBB61B2E9B618133636DD62364D28B2450F741561AADFDE7B811F579BBC7247343A041
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mazatlan) {. {-9223372036854775808 -25540 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-873828000 -25200 0 MST}. {-661539600 -28800 0 PST}. {28800 -25200 0 MST}. {828867600 -21600 1 MDT}. {846403200 -25200 0 MST}. {860317200 -21600 1 MDT}. {877852800 -25200 0 MST}. {891766800 -21600 1 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Mendoza

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):214
                            Entropy (8bit):4.76389929825594
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/MBVAIgp/Ma290zpH+90/MI:MBaIMY/Mcp/Ma290zpe90/MI
                            MD5:A6EFD8F443D4CB54A5FB238D4D975808
                            SHA1:8F25C6C0EA9D73DC8D1964C4A28A4E2E783880CC
                            SHA-256:39B34B406339F06A8D187F8CCC1B6BF2550E49329F7DCE223619190F560E75F8
                            SHA-512:4B5D48472D56AF19B29AD2377573CC8CB3ED9EF1AF53C00C907B6576FA852EA3D1E9F9B3A78A280DC44F8ADBE5B81D6AEC2609BE08FFA08507CD0F4139878F46
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Mendoza)]} {. LoadTimeZoneFile America/Argentina/Mendoza.}.set TZData(:America/Mendoza) $TZData(:America/Argentina/Mendoza).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Menominee

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8136
                            Entropy (8bit):3.7460641906933345
                            Encrypted:false
                            SSDEEP:192:oXxj07ffkeTzZSJw5/9/yuvQ+hcrD57X0N41+IestuNEbYkzbXwDTIRqfhXbdXvC:oXxj07ffNTzZSJw5/9/yuvQ6crD57X0w
                            MD5:0D0DC4A816CDAE4707CDF4DF51A18D30
                            SHA1:7ED2835AA8F723B958A6631092019A779554CADE
                            SHA-256:3C659C1EAC7848BBE8DF00F857F8F81D2F64B56BD1CEF3495641C53C007434FA
                            SHA-512:930F2FDC2C1EAE4106F9B37A16BCBBAF618A2CCBBA98C712E8215555CF09B9303D71842DEC38EFAF930DB71E14E8208B14E41E10B54EF98335E01435D0FC3518
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Menominee) {. {-9223372036854775808 -21027 0 LMT}. {-2659759773 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-757360800 -21600 0 CST}. {-747244800 -18000 1 CDT}. {-733942800 -21600 0 CST}. {-116438400 -18000 1 CDT}. {-100112400 -21600 0 CST}. {-21484800 -18000 0 EST}. {104914800 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Merida

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6435
                            Entropy (8bit):3.757504464563519
                            Encrypted:false
                            SSDEEP:192:gN41+z6stuNEsRZjWqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sOVEmR:gN41+z6stuNEsRZjWqZL/1dCYDDCxyHo
                            MD5:A7C5CFE3FA08D4CEDF6324457EA5766E
                            SHA1:83BB96398C0B1B34771940C8F7A19CB78C5EF72F
                            SHA-256:A1D7DE7285DC78ADDE1B0A04E05DA44D0D46D4696F67A682D0D28313A53825FE
                            SHA-512:092DD7CEF6A5861472965E082171937EEDCFB3AE1821E3C88AA1BDFAB1EC48F765CAC497E3E5C78C19653C78B087C7CE28A8AB76F9073558963234901EF4B4A4
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Merida) {. {-9223372036854775808 -21508 0 LMT}. {-1514743200 -21600 0 CST}. {377935200 -18000 0 EST}. {407653200 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 CDT}. {1225004400 -21600 0 CST}. {1238918400 -18000 1 CD

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Metlakatla

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6462
                            Entropy (8bit):3.906655458013535
                            Encrypted:false
                            SSDEEP:96:XP19jJ+h5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:X99jIh5sBPy+CMt/ElALLVuAH
                            MD5:897140EE4C46A300FBA4B66692A77D2B
                            SHA1:D5F2F3C8561A19EA0C5DAF0236696D5DB98D4220
                            SHA-256:8B48C28A0AB6728CEDBCC82197355A5F9DD7D73E270EE949D996BB788777623B
                            SHA-512:17E52B3C00C4EDE3B2FA10A4BE0601889B12581D31936D075E85118F37329716C4083D2B16F7081F7AA73EC9774ED7B4CF67615BE6090F8A506BF77AADE0CAFD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Metlakatla) {. {-9223372036854775808 54822 0 LMT}. {-3225223727 -31578 0 LMT}. {-2188955622 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Mexico_City

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6807
                            Entropy (8bit):3.761365047166545
                            Encrypted:false
                            SSDEEP:192:VeE7nN41+zKstuNEsRZjWqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sQ:VeE7nN41+zKstuNEsRZjWqZL/1dCYDDK
                            MD5:C675DA8A44A9841C417C585C2661EF13
                            SHA1:147DDE5DD00E520DA889AC9931088E6232CE6FEA
                            SHA-256:82B9AAD03408A9DFC0B6361EC923FEAEF97DBB4B3129B772B902B9DAE345D63E
                            SHA-512:00615A5EC0D08BABF009C3CAAF3D631B1F4E2E4324E91B0F29ADD7E61B51C80D5D495D20BD131A9370C3005B2E510C8A4E4869A5032D82BC33C875E909CDE086
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Mexico_City) {. {-9223372036854775808 -23796 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {-975261600 -18000 1 CDT}. {-963169200 -21600 0 CST}. {-917114400 -18000 1 CDT}. {-907354800 -21600 0 CST}. {-821901600 -18000 1 CWT}. {-810068400 -21600 0 CST}. {-627501600 -18000 1 CDT}. {-612990000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001836800 -21600 0 CST}. {1014184800 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Miquelon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6846
                            Entropy (8bit):3.44227328239419
                            Encrypted:false
                            SSDEEP:192:FxfUaXYEn/wGm3eADKja4PcCYCJ7j7Ub0ZixJpF8pnmpRipo1kay2DfhJ+Nwz/ad:DeTntbDs
                            MD5:0C7122725D98CDE5CB9B22624D24A26C
                            SHA1:1889279EBE1377DB3460B706CAA4ECF803651517
                            SHA-256:86BB088047FB5A6041C7B0792D15F9CB453F49A54F78529CC415B7FF2C41265A
                            SHA-512:C23D3AE8D579FAC56521A0C06178550C4976E906A4CD149554821A2550B0EAB43344C6536166271EAA22EC77AF8529D9164696D7A5A740B02FA34C4272D43F26
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Miquelon) {. {-9223372036854775808 -13480 0 LMT}. {-1850328920 -14400 0 AST}. {326001600 -10800 0 -03}. {536468400 -10800 0 -02}. {544597200 -7200 1 -02}. {562132800 -10800 0 -02}. {576046800 -7200 1 -02}. {594187200 -10800 0 -02}. {607496400 -7200 1 -02}. {625636800 -10800 0 -02}. {638946000 -7200 1 -02}. {657086400 -10800 0 -02}. {671000400 -7200 1 -02}. {688536000 -10800 0 -02}. {702450000 -7200 1 -02}. {719985600 -10800 0 -02}. {733899600 -7200 1 -02}. {752040000 -10800 0 -02}. {765349200 -7200 1 -02}. {783489600 -10800 0 -02}. {796798800 -7200 1 -02}. {814939200 -10800 0 -02}. {828853200 -7200 1 -02}. {846388800 -10800 0 -02}. {860302800 -7200 1 -02}. {877838400 -10800 0 -02}. {891752400 -7200 1 -02}. {909288000 -10800 0 -02}. {923202000 -7200 1 -02}. {941342400 -10800 0 -02}. {954651600 -7200 1 -02}. {972792000 -10800 0 -

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Moncton

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10165
                            Entropy (8bit):3.73501024949866
                            Encrypted:false
                            SSDEEP:192:XYtQYUKXZRMavqQS8L2En/RDmzTWRf2oFnoF8l988fL8vG+81VcfnrpbX+qvlrPf:gQYzCO4alKqYvuOdeYP/Jv
                            MD5:C1F34BD1FB4402481FFA5ABEE1573085
                            SHA1:46B9AD38086417554549C36A40487140256BED57
                            SHA-256:A4C2F586D7F59A192D6D326AD892C8BE20753FB4D315D506F4C2ED9E3F657B9A
                            SHA-512:115D3E65A6A3834E748ED1917CF03A835F74EC0F8DB789C2B99EB78879EA3A5A2AFEB35981BA221D868E6A5B579374CFB3F865ACF6D4271B918EBCC2C3C69579
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Moncton) {. {-9223372036854775808 -15548 0 LMT}. {-2715882052 -18000 0 EST}. {-2131642800 -14400 0 AST}. {-1632074400 -10800 1 ADT}. {-1615143600 -14400 0 AST}. {-1167595200 -14400 0 AST}. {-1153681200 -10800 1 ADT}. {-1145822400 -14400 0 AST}. {-1122231600 -10800 1 ADT}. {-1114372800 -14400 0 AST}. {-1090782000 -10800 1 ADT}. {-1082923200 -14400 0 AST}. {-1059332400 -10800 1 ADT}. {-1051473600 -14400 0 AST}. {-1027882800 -10800 1 ADT}. {-1020024000 -14400 0 AST}. {-996433200 -10800 1 ADT}. {-988574400 -14400 0 AST}. {-965674800 -10800 1 ADT}. {-955396800 -14400 0 AST}. {-934743600 -10800 1 ADT}. {-923947200 -14400 0 AST}. {-904503600 -10800 1 ADT}. {-891892800 -14400 0 AST}. {-883598400 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}. {-747252000 -10800 1 ADT}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Monterrey

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6496
                            Entropy (8bit):3.75909042772931
                            Encrypted:false
                            SSDEEP:192:Xc+vN41+z6stuNEsRZjWqZL/1dCYDXEaXTuXMEXiH4RxGIJkYWXsWwav7jNf4sOt:saN41+z6stuNEsRZjWqZL/1dCYDDCxyI
                            MD5:255A5A8E27CA1F0127D71E09033C6D9B
                            SHA1:4F1C5E6D3F9E5BC9F8958FA50C195FDADD0F4022
                            SHA-256:C753DEF7056E26D882DCD842729816890D42B6C7E31522111467C0C39A24B2F2
                            SHA-512:96A67C3CC54EC39086D4DF681DDA39B4167FE80F0C45600045480F28C282071915F793BD672146119A22E0C15339F162DFF9DF326E7132E723684EF079666F58
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Monterrey) {. {-9223372036854775808 -24076 0 LMT}. {-1514743200 -21600 0 CST}. {568015200 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {599637600 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {891763200 -18000 1 CDT}. {909298800 -21600 0 CST}. {923212800 -18000 1 CDT}. {941353200 -21600 0 CST}. {954662400 -18000 1 CDT}. {972802800 -21600 0 CST}. {989136000 -18000 1 CDT}. {1001833200 -21600 0 CST}. {1018166400 -18000 1 CDT}. {1035702000 -21600 0 CST}. {1049616000 -18000 1 CDT}. {1067151600 -21600 0 CST}. {1081065600 -18000 1 CDT}. {1099206000 -21600 0 CST}. {1112515200 -18000 1 CDT}. {1130655600 -21600 0 CST}. {1143964800 -18000 1 CDT}. {1162105200 -21600 0 CST}. {1175414400 -18000 1 CDT}. {1193554800 -21600 0 CST}. {1207468800 -18000 1 C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Montevideo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2840
                            Entropy (8bit):3.549378422404712
                            Encrypted:false
                            SSDEEP:48:5JJjQSSSGEcS2SrPZSMSEkS/StSneSOSnx7EXnF9XXGGLgvA/Sa8h1liqZovoJqP:X9QV0cduTSe+J1ix7inFBXGGUvA/Sa8A
                            MD5:87A9F18CE5E5EE97D943316EE93DC664
                            SHA1:C221C82FA644943AF05C5737B4A68418BEFE66D7
                            SHA-256:E8DB201FDAF1FD43BE39422062CEB2A25F25764934C481A95CD7BB3F93949495
                            SHA-512:AC7D6BA85A37585BEC2101AAF0F46B04BF49F56B449A2BEC4E32D009576CA4D0CB687981EFA96DA8DAB00453F0020925E5FB9681BF8071AC6EFFC4F938E0D891
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Montevideo) {. {-9223372036854775808 -13491 0 LMT}. {-1942690509 -13491 0 MMT}. {-1567455309 -14400 0 -04}. {-1459627200 -10800 0 -0330}. {-1443819600 -12600 0 -0330}. {-1428006600 -10800 1 -0330}. {-1412283600 -12600 0 -0330}. {-1396470600 -10800 1 -0330}. {-1380747600 -12600 0 -0330}. {-1141590600 -10800 1 -0330}. {-1128286800 -12600 0 -0330}. {-1110141000 -10800 1 -0330}. {-1096837200 -12600 0 -0330}. {-1078691400 -10800 1 -0330}. {-1065387600 -12600 0 -0330}. {-1047241800 -10800 1 -0330}. {-1033938000 -12600 0 -0330}. {-1015187400 -10800 1 -0330}. {-1002488400 -12600 0 -0330}. {-983737800 -10800 1 -0330}. {-971038800 -12600 0 -0330}. {-954707400 -10800 1 -0330}. {-938984400 -12600 0 -0330}. {-920838600 -10800 1 -0330}. {-907534800 -12600 0 -0330}. {-896819400 -10800 1 -0330}. {-853621200 -9000 0 -03}. {-845847000 -10800 0 -03}. {-33

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Montreal

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.696915330047381
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qMKLRXIVAIg20qMKLRI62IAcGEzQ21h4IAcGEqMKR:SlSWB9IZaM3y7RQ+VAIgpRQ+6290zQg2
                            MD5:F4631583229AD8B12C548E624AAF4A9F
                            SHA1:C56022CEACBD910C9CBF8C39C974021294AEE9DA
                            SHA-256:884575BE85D1276A1AE3426F33153B3D4787AC5238FDBE0991C6608E7EB0DF07
                            SHA-512:48FB9910D8A75AD9451C860716746D38B29319CA04DF9E8690D62FB875A5BEBCC7A8C546A60878821BD68A83271C69671D483C3133E4F807F2C3AC899CEBF065
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:America/Montreal) $TZData(:America/Toronto).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Montserrat

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):205
                            Entropy (8bit):4.865859395466201
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290zQ1HK90e/:MBaIMY9QpI290zQ490O
                            MD5:705E51A8FB38AA8F9714256AFB55DA8A
                            SHA1:97D96BE4C08F128E739D541A43057F08D24DDDCF
                            SHA-256:0FED15D7D58E8A732110FF6765D0D148D15ACBB0251EE867CE7596933E999865
                            SHA-512:4D7E42ECDB16F7A8A62D9EDA1E365325F3CBFAA1EF0E9FEE2790E24BA8DEAAA716D41F9389B849C69DC3973DA61D575146932FB2C8AC81579C65C18E45AE386E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Montserrat) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Nassau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8260
                            Entropy (8bit):3.7353311910027376
                            Encrypted:false
                            SSDEEP:96:JUzoaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:Gzorn+qvOTFhPI1jFIL
                            MD5:6F9F530A792FC34E2B0CEE4BC3DB3809
                            SHA1:4DF8A4A6993E47DD5A710BEE921D88FEF44858E7
                            SHA-256:9F62117DDA0A21D37B63C9083B3C50572399B22D640262F427D68123078B32F9
                            SHA-512:C2BF93FDBE8430113FA63561D1A08145DCF31CD679AB7230098993C7A19EF0F29F486C962656F8A62505CB1BFE993FBD3BB5FB0BAE7B6E7E190DE2865C445408
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nassau) {. {-9223372036854775808 -18570 0 LMT}. {-1825095030 -18000 0 EST}. {-179341200 -14400 1 EDT}. {-163620000 -18000 0 EST}. {-147891600 -14400 1 EDT}. {-131565600 -18000 0 EST}. {-116442000 -14400 1 EDT}. {-100116000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {189320400 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\New_York

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):11004
                            Entropy (8bit):3.725417189649631
                            Encrypted:false
                            SSDEEP:96:iNXYUiZrbgZ8UMr5UwdaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:23iZrbgZ8UMr2wdrn+qvOTFhPI1jFIL
                            MD5:C9D78AB6CF796A9D504BE2903F00B49C
                            SHA1:A6C0E4135986A1A6F36B62276BFAB396DA1A4A9B
                            SHA-256:1AB6E47D96BC34F57D56B936233F58B5C748B65E06AFF6449C3E3C317E411EFE
                            SHA-512:6D20B13F337734CB58198396477B7C0E9CB89ED4D7AB328C22A4A528CAF187D10F42540DBB4514A0C139E6F4AE9A1A71AED02E3735D1D4F12C5314014C0C1EB6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/New_York) {. {-9223372036854775808 -17762 0 LMT}. {-2717650800 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-1577905200 -18000 0 EST}. {-1570381200 -14400 1 EDT}. {-1551636000 -18000 0 EST}. {-1536512400 -14400 1 EDT}. {-1523210400 -18000 0 EST}. {-1504458000 -14400 1 EDT}. {-1491760800 -18000 0 EST}. {-1473008400 -14400 1 EDT}. {-1459706400 -18000 0 EST}. {-1441558800 -14400 1 EDT}. {-1428256800 -18000 0 EST}. {-1410109200 -14400 1 EDT}. {-1396807200 -18000 0 EST}. {-1378659600 -14400 1 EDT}. {-1365357600 -18000 0 EST}. {-1347210000 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-122080680

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Nipigon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7836
                            Entropy (8bit):3.7462966187089535
                            Encrypted:false
                            SSDEEP:96:rEa2raC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:rYrrn+qvOTFhPI1jFIL
                            MD5:3D389AA51D3E29E8A1E8ED07646AA0DD
                            SHA1:2E3DF9406B14662ADEDDC0F891CD81DF23D98157
                            SHA-256:3A0FB897E5CCB31B139E009B909053DCE36BB5791ACF23529D874AFA9F0BB405
                            SHA-512:AFF7B30355ECB6EBD43D1E6C943C250AB98CC82BDC8DDC7595769E4CE188A23591AEFCF18A028CC6479CF6AA20F65980E37C74F6CEE907537366136FAF29B66E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nipigon) {. {-9223372036854775808 -21184 0 LMT}. {-2366734016 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-923252400 -14400 1 EDT}. {-880218000 -14400 0 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600 -18000 0 EST}. {388566000 -14400 1 EDT}. {404892000 -18000 0 EST}. {420015600 -14400 1 EDT}. {436341600 -18000 0 EST}. {452070000 -14400 1 EDT}. {467791200 -18000 0 EST}. {483519600 -14400 1 EDT}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Nome

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8404
                            Entropy (8bit):3.88589736733708
                            Encrypted:false
                            SSDEEP:96:OWmWQm825s/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:OWmWQmI/4h5sBPy+CMt/ElALLVuAH
                            MD5:F5E89780553D3D30A32CF65746CA9A69
                            SHA1:43D8B6E3C5D719599A680E1E6D4FF913D2700D7E
                            SHA-256:5BDA4867EC7707E9D5E07AD3E558DA7C1E44EC1135E85A8F1809441A54B22BE5
                            SHA-512:D1239FF5277055DD8787BF58ED14DBDC229FC46EDDF21E034CA77DEA439631974F44FCE63EF12483520ADB83AD235642AE480230544A7284A8BDAA5296486563
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Nome) {. {-9223372036854775808 46702 0 LMT}. {-3225223727 -39698 0 LMT}. {-2188947502 -39600 0 NST}. {-883573200 -39600 0 NST}. {-880196400 -36000 1 NWT}. {-769395600 -36000 1 NPT}. {-765374400 -39600 0 NST}. {-757342800 -39600 0 NST}. {-86878800 -39600 0 BST}. {-31496400 -39600 0 BST}. {-21466800 -36000 1 BDT}. {-5745600 -39600 0 BST}. {9982800 -36000 1 BDT}. {25704000 -39600 0 BST}. {41432400 -36000 1 BDT}. {57758400 -39600 0 BST}. {73486800 -36000 1 BDT}. {89208000 -39600 0 BST}. {104936400 -36000 1 BDT}. {120657600 -39600 0 BST}. {126709200 -36000 1 BDT}. {152107200 -39600 0 BST}. {162392400 -36000 1 BDT}. {183556800 -39600 0 BST}. {199285200 -36000 1 BDT}. {215611200 -39600 0 BST}. {230734800 -36000 1 BDT}. {247060800 -39600 0 BST}. {262789200 -36000 1 BDT}. {278510400 -39600 0 BST}. {294238800 -36000 1 BDT}. {309960000 -3

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Noronha

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1349
                            Entropy (8bit):3.6915980783248976
                            Encrypted:false
                            SSDEEP:24:cQ8eHNxrW3YrEnBrur9rTPBrJ2r+KrDv1rn1rHhr33rPxN4brSJrrh4rEgtXrH1W:5PxrW3YrEnBruxrT5rJ2r+KrDv1rn1r/
                            MD5:10B0C457561BA600E9A39CE20CD22B72
                            SHA1:07946FBB04D0C8D7CA92204E3E2DF3AB755196AB
                            SHA-256:96AEE3A529C11C8DBDE3431C65C8C2315DBCFB5686957419EFCEB3D49208AB11
                            SHA-512:A60AFB3DD064EAB9C4AE5F0A112DA5A7903BDB99DCF78BB99FE13DBB72310E8D47A2A62A58DAD2AB4F33971001F5B9787D663649E05FBD47B75994113CD5E8ED
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Noronha) {. {-9223372036854775808 -7780 0 LMT}. {-1767217820 -7200 0 -02}. {-1206961200 -3600 1 -02}. {-1191366000 -7200 0 -02}. {-1175378400 -3600 1 -02}. {-1159830000 -7200 0 -02}. {-633823200 -3600 1 -02}. {-622072800 -7200 0 -02}. {-602287200 -3600 1 -02}. {-591836400 -7200 0 -02}. {-570751200 -3600 1 -02}. {-560214000 -7200 0 -02}. {-539128800 -3600 1 -02}. {-531356400 -7200 0 -02}. {-191368800 -3600 1 -02}. {-184201200 -7200 0 -02}. {-155167200 -3600 1 -02}. {-150073200 -7200 0 -02}. {-128901600 -3600 1 -02}. {-121129200 -7200 0 -02}. {-99957600 -3600 1 -02}. {-89593200 -7200 0 -02}. {-68421600 -3600 1 -02}. {-57970800 -7200 0 -02}. {499744800 -3600 1 -02}. {511232400 -7200 0 -02}. {530589600 -3600 1 -02}. {540262800 -7200 0 -02}. {562125600 -3600 1 -02}. {571194000 -7200 0 -02}. {592970400 -3600 1 -02}. {602038800 -7200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\North_Dakota\Beulah

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8278
                            Entropy (8bit):3.7975723806562063
                            Encrypted:false
                            SSDEEP:192:raF2dVtXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaANIsrXHEK5Dac5TE35:OFcVtXwDTIRqfh57Tlto//q7u379zlqw
                            MD5:15AABAE9ABE4AF7ABEADF24A510E9583
                            SHA1:3DEF11310D02F0492DF09591A039F46A8A72D086
                            SHA-256:B328CC893D217C4FB6C84AA998009940BFBAE240F944F40E7EB900DEF1C7A5CF
                            SHA-512:7A12A25EB6D6202C47CFDD9F3CE71342406F0EDA3D1D68B842BCFE97EFF1F2E0C11AD34D4EE0A61DF7E0C7E8F400C8CCA73230BDB3C677F8D15CE5CBA44775D7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Beulah) {. {-9223372036854775808 -24427 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\North_Dakota\Center

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8278
                            Entropy (8bit):3.7834920003907664
                            Encrypted:false
                            SSDEEP:192:LF2dK7X0N41+IestuNEbYkzbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaT:LFcK7X0N41+IestuNEbYkzbXwDTIRqfK
                            MD5:AC804124F4CE4626F5C1FDA2BC043011
                            SHA1:4B3E8CC90671BA543112CEE1AB5450C6EA4615DF
                            SHA-256:E90121F7D275FDCC7B8DCDEC5F8311194D432510FEF5F5F0D6F211A4AACB78EF
                            SHA-512:056EF65693C16CB58EC5A223528C636346DB37B75000397D03663925545979792BBC50B20B5AA20139ECE9A9D6B73DA80C2319AA4F0609D6FC1A6D30D0567C58
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/Center) {. {-9223372036854775808 -24312 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MS

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\North_Dakota\New_Salem

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8281
                            Entropy (8bit):3.795939700557522
                            Encrypted:false
                            SSDEEP:192:uF2dyuNEbYkzbXwDTIRqfhXbdXvDXpVXVto//q7u379zlq3LtVBaANIsrXHEK5Da:uFcyuNEbYkzbXwDTIRqfh57Tlto//q7k
                            MD5:E26FC508DFD73B610C5543487C763FF5
                            SHA1:8FBDE67AF561037AAA2EDF93E9456C7E534F4B5A
                            SHA-256:387D3C57EDE8CCAAD0655F19B35BC0D124C016D16F06B6F2498C1151E4792778
                            SHA-512:8A10B7370D1521EDF18AB4D5192C930ABC68AB9AE718ADF3D175EACE9A1F5DAC690A76B02EFB4059374761962D8C2660497F8E951DFE9812FB3CFCFDF9165E45
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/North_Dakota/New_Salem) {. {-9223372036854775808 -24339 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Ojinaga

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6621
                            Entropy (8bit):3.7945318113967823
                            Encrypted:false
                            SSDEEP:48:5gUFM/6M/Mp5tyTc8Ln4ypZ9giGuWGwZIoktiz+hL5Cw5feQ5BT5rBSNNOVQoh/5:KJNfzo+C2mWBNQMsmNTxf6AeO+cblX
                            MD5:D88A28F381C79410D816F8D2D1610A02
                            SHA1:81949A1CACD5907CA5A8649385C03813EEFCDDE0
                            SHA-256:F65C0F8532387AFE703FACDEE325BF8D7F3D1232DEE92D65426FF917DD582CB3
                            SHA-512:9A9B0C65ECDFF690EF2933B323B3A1CF2D67D0A43F285BB9FEEFF275316148A07F5AC044C48F64E3D8CFA7C1DE44AF220A6855DC01225F8BFFF63AEC946B944A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Ojinaga) {. {-9223372036854775808 -25060 0 LMT}. {-1514739600 -25200 0 MST}. {-1343066400 -21600 0 CST}. {-1234807200 -25200 0 MST}. {-1220292000 -21600 0 CST}. {-1207159200 -25200 0 MST}. {-1191344400 -21600 0 CST}. {820476000 -21600 0 CST}. {828864000 -18000 1 CDT}. {846399600 -21600 0 CST}. {860313600 -18000 1 CDT}. {877849200 -21600 0 CST}. {883634400 -21600 0 CST}. {891766800 -21600 0 MDT}. {909302400 -25200 0 MST}. {923216400 -21600 1 MDT}. {941356800 -25200 0 MST}. {954666000 -21600 1 MDT}. {972806400 -25200 0 MST}. {989139600 -21600 1 MDT}. {1001836800 -25200 0 MST}. {1018170000 -21600 1 MDT}. {1035705600 -25200 0 MST}. {1049619600 -21600 1 MDT}. {1067155200 -25200 0 MST}. {1081069200 -21600 1 MDT}. {1099209600 -25200 0 MST}. {1112518800 -21600 1 MDT}. {1130659200 -25200 0 MST}. {1143968400 -21600 1 MDT}. {1162108800 -2520

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Panama

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.924365872261203
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52IAcGEu5fcXGm2OHGf8xYvX5BidhZSsc1HRX1vain:SlSWB9X5290WTm2OHDxYP5GhZE3X1iin
                            MD5:771816CABF25492752C5DA76C5EF74A5
                            SHA1:6494F467187F99C9A51AB670CD8DC35078D63904
                            SHA-256:0E323D15EA84D4B6E838D5DCD99AEE68666AF97A770DA2AF84B7BDCA4AB1DBBA
                            SHA-512:C32D918E121D800B9DFD5CE1F13A4BF2505C0EDCE0085639C8EDF48073E0888906F1A28EF375BDCF549DB14CD33F7C405E28BC35DDF22445C224FBC64146B4EC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Panama) {. {-9223372036854775808 -19088 0 LMT}. {-2524502512 -19176 0 CMT}. {-1946918424 -18000 0 EST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Pangnirtung

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7484
                            Entropy (8bit):3.768929501362495
                            Encrypted:false
                            SSDEEP:192:i2KFEUlpde9pXbO53or0gqvOTFhPI1jFIL:n0r3+
                            MD5:2701DA468F9F1C819301374E807AAA27
                            SHA1:F08D7525639EA752D52F36A6D14F14C5514CED8E
                            SHA-256:6C7DFDE581AC9DE7B4ED6A525A40F905B7550BD2AE7E55D7E2E1B81B771D030B
                            SHA-512:98BD9EDD40D2982E20A169B8B8E8D411382E5707634BB4F8365CFFF73DB17B8C042D7ED1A59B9511A3A7EB587895119532CCED69F5EFBC49D74FFDC9CA91966F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Pangnirtung) {. {-9223372036854775808 0 0 -00}. {-1546300800 -14400 0 AST}. {-880221600 -10800 1 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-147902400 -7200 1 ADDT}. {-131572800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050400 -10800 1 ADT}. {594190800 -14400 0 AST}. {607500000 -10800 1 ADT}. {625640400 -14400 0 AST}. {638949600 -10800 1 ADT}. {657090000 -14400 0 AST}. {671004000 -10800 1 ADT}. {688539600 -14400 0 AST}. {702

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Paramaribo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):244
                            Entropy (8bit):4.731092370398455
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5290oldJm2OHeke3FIMVTvVOzGXg/VVFAHC:MBp5290olLmdHeV3qSv4zX/OHC
                            MD5:5D11C2A86B0CDE60801190BFC8FA5E0B
                            SHA1:38A63200995E359E61F1DEA00C5716938ED7A499
                            SHA-256:D2078D8D396D5189E1D3555628960990FD63694D08256FF814EE841E01A3F56E
                            SHA-512:D4D83019E5AE05C3FCDE3518672DC08925C0DECC9FCA6927D75ADA969647CE8EF2D1C67FFD1A075969309CD1B1AADDF15DB21ABDAF241EAA450D2C9E038AEF6A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Paramaribo) {. {-9223372036854775808 -13240 0 LMT}. {-1861906760 -13252 0 PMT}. {-1104524348 -13236 0 PMT}. {-765317964 -12600 0 -0330}. {465449400 -10800 0 -03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Phoenix

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):479
                            Entropy (8bit):4.379302206927978
                            Encrypted:false
                            SSDEEP:12:MBp5290OQmdH514YPFotFg4tFQxRgmjtFdRb2:cQCeksFsFgcFQxBhF7b2
                            MD5:1B5C5CBC4168FCCC9100487D3145AF6D
                            SHA1:6E9E3074B783108032469C8E601D2C63A573B840
                            SHA-256:9E28F87C0D9EE6AD6791A220742C10C135448965E1F66A7EB04D6477D8FA11B0
                            SHA-512:4A6527FF5C7F0A0FDC574629714399D9A475EDC1338BF4C9EEEEDCC8CA23E14D2DE4DCA421D46FABA813A65236CD7B8ADBE103B641A763C6BC508738BF73A58C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Phoenix) {. {-9223372036854775808 -26898 0 LMT}. {-2717643600 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-820519140 -25200 0 MST}. {-796841940 -25200 0 MST}. {-94669200 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-56221200 -25200 0 MST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Port-au-Prince

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6398
                            Entropy (8bit):3.770736282266079
                            Encrypted:false
                            SSDEEP:48:5IV1C8phBVSWroLMEbF8xzqXtWl5Hm0RU+5oaIOWIF4IPWFeB/5udPOcBqYZ4vxl:mKXrvOTFhP5S+ijFnRaJeaX1eyDt
                            MD5:7802A7D0CAEECF52062EA9AAC665051A
                            SHA1:D965CD157A99FD258331A45F5E86B8F17A444D2B
                            SHA-256:3D1BEDC932E5CB6315438C7EF060824C927C547009EEA25E8CF16C9D8C4A28B6
                            SHA-512:4D369FF44CC1B1CBA75C0249B032581BA792830479D22C418C5B0599975E715B8983D93F52B00793F2A419F530BC8877D2DA251393592FD6B865499A97875FD8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port-au-Prince) {. {-9223372036854775808 -17360 0 LMT}. {-2524504240 -17340 0 PPMT}. {-1670483460 -18000 0 EST}. {421218000 -14400 1 EDT}. {436334400 -18000 0 EST}. {452062800 -14400 1 EDT}. {467784000 -18000 0 EST}. {483512400 -14400 1 EDT}. {499233600 -18000 0 EST}. {514962000 -14400 1 EDT}. {530683200 -18000 0 EST}. {546411600 -14400 1 EDT}. {562132800 -18000 0 EST}. {576050400 -14400 1 EDT}. {594194400 -18000 0 EST}. {607500000 -14400 1 EDT}. {625644000 -18000 0 EST}. {638949600 -14400 1 EDT}. {657093600 -18000 0 EST}. {671004000 -14400 1 EDT}. {688543200 -18000 0 EST}. {702453600 -14400 1 EDT}. {719992800 -18000 0 EST}. {733903200 -14400 1 EDT}. {752047200 -18000 0 EST}. {765352800 -14400 1 EDT}. {783496800 -18000 0 EST}. {796802400 -14400 1 EDT}. {814946400 -18000 0 EST}. {828856800 -14400 1 EDT}. {846396000 -18000 0 EST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Port_of_Spain

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):155
                            Entropy (8bit):5.077805073731929
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52IAcGEuPXGkXGm2OHUnvUdxKzVvwvYv:SlSWB9X5290eSm2OHkzVr
                            MD5:8169D55899164E2168EF50E219115727
                            SHA1:42848A510C120D4E834BE61FC76A1C539BA88C8A
                            SHA-256:6C8718C65F99AB43377609705E773C93F7993FBB3B425E1989E8231308C475AF
                            SHA-512:1590D42E88DD92542CADC022391C286842C156DA4795877EA67FEF045E0A831615C3935E08098DD71CF29C972EDC79084FFCC9AFAB7813AE74EEE14D6CFEFB9D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Port_of_Spain) {. {-9223372036854775808 -14764 0 LMT}. {-1825098836 -14400 0 AST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Porto_Acre

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):196
                            Entropy (8bit):4.818272118524638
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7thtedVAIgpthKQ290msh490thB:MBaIMYdxpR290v490x
                            MD5:1C0C736D0593654230FCBB0DC275313B
                            SHA1:00518615F97BCFF2F6862116F4DF834B70E2D4CA
                            SHA-256:5C97E6DF0FC03F13A0814274A9C3A983C474000AE3E78806B38DF9208372FD54
                            SHA-512:2252D17CB4F770124586BBF35974077212B92C1587071C9F552F1EFAC15CBF92128E61C456F9F5154D212F7D66CC5BD85B76B1187D5A6F24E89E14EDF322D67F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:America/Porto_Acre) $TZData(:America/Rio_Branco).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Porto_Velho

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1016
                            Entropy (8bit):3.7660008200834842
                            Encrypted:false
                            SSDEEP:24:cQQe478Sos/USws/QSI/LHSD/vOSy/WS3o/aS2/vSh/TSSX/WcSp/ySZd/YlSj/f:5bSaSwXS4SqSbS3JSySxSxcSESAlSQSv
                            MD5:5E4CB713378D22D90A1A86F0AF33D6E8
                            SHA1:CF4B2A68873BF778257D40AEA887D4BCBEE6CC72
                            SHA-256:6D7F49E0A67C69A3945DA4BC780653C8D875650536A810610A6518080CC483DB
                            SHA-512:06559B6E80BCDD42120398E19CCB3AEE8A1B08E09D0DF07DB9CCD68A863A7670D6D6457018CE3D9E23FE359D3E2EC0D249134EE0D969C0312665975B67DB8E80
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Porto_Velho) {. {-9223372036854775808 -15336 0 LMT}. {-1767210264 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Puerto_Rico

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):273
                            Entropy (8bit):4.728240676465187
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5290pbm2OH9VPMGoeVVFrZVVFUFkeF3k/eJpR/r:MBp5290lmdHvPMpe/ZZ/uFkeF3k/eJ/D
                            MD5:2FB893819124F19A7068F802D6A59357
                            SHA1:6B35C198F74FF5880714A3182407858193CE37A4
                            SHA-256:F05530CFBCE7242847BE265C2D26C8B95B00D927817B050A523FFB139991B09E
                            SHA-512:80739F431F6B3548EFD4F70FE3630F66F70CB29B66845B8072D26393ADD7DAB22675BE6DA5FBDC7561D4F3F214816AAD778B6CD0EE45264B4D6FFA48B3AC7C43
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Puerto_Rico) {. {-9223372036854775808 -15865 0 LMT}. {-2233035335 -14400 0 AST}. {-873057600 -10800 0 AWT}. {-769395600 -10800 1 APT}. {-765399600 -14400 0 AST}. {-757368000 -14400 0 AST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Punta_Arenas

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3576
                            Entropy (8bit):3.5316229197228632
                            Encrypted:false
                            SSDEEP:96:Yv9+P8pYraRo+kP0pDrMb6UHlRnHqhTxxJAHXEa9c0yq/g2tw5E8fIk5iWpOFZAd:YoP8pYraRo+kP0pDrMb60RnHqhTxxJAw
                            MD5:1FFFED9AA83AA3CA9E7330AA27E8D188
                            SHA1:9B45F2662C1F3F0799ED4221E843483674878F43
                            SHA-256:FECDC08709D5852A07D8F5C7DD7DBDBCD3D864A0893248E3D3932A2F848EB4B2
                            SHA-512:8F6D51F94A91168EE092972316E150C2B487808EA3506F77FD028F84436FE29AD5BAD50A8DB65BCFB524D5A12DC1C66C5C0BC9A7FC6AE8A0EAAED6F4BA5ADED7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Punta_Arenas) {. {-9223372036854775808 -17020 0 LMT}. {-2524504580 -16966 0 SMT}. {-1892661434 -18000 0 -05}. {-1688410800 -16966 0 SMT}. {-1619205434 -14400 0 -04}. {-1593806400 -16966 0 SMT}. {-1335986234 -18000 0 -05}. {-1335985200 -14400 1 -05}. {-1317585600 -18000 0 -05}. {-1304362800 -14400 1 -05}. {-1286049600 -18000 0 -05}. {-1272826800 -14400 1 -05}. {-1254513600 -18000 0 -05}. {-1241290800 -14400 1 -05}. {-1222977600 -18000 0 -05}. {-1209754800 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1178132400 -14400 0 -04}. {-870552000 -18000 0 -05}. {-865278000 -14400 0 -04}. {-718056000 -18000 0 -05}. {-713649600 -14400 0 -04}. {-36619200 -10800 1 -04}. {-23922000 -14400 0 -04}. {-3355200 -10800 1 -04}. {7527600 -14400 0 -04}. {24465600 -10800 1 -04}. {37767600 -14400 0 -04}. {55915200 -10800 1 -04}. {69217200 -14400 0 -04}. {87

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Rainy_River

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7840
                            Entropy (8bit):3.75014960690837
                            Encrypted:false
                            SSDEEP:192:k+iBktTzZSJw5/9/yuvQ+hcrD57X0N41+IestuNEbYkzbXwDTIRqfhXbdXvDXpVS:k+iBmTzZSJw5/9/yuvQ6crD57X0N41+a
                            MD5:9C10496730E961187C33C1AE91C8A60D
                            SHA1:A77E3508859FB6F76A7445CD13CD42348CB4EBC7
                            SHA-256:136F0A49742F30B05B7C6BF3BF014CC999104F4957715D0BEB39F5440D5216DF
                            SHA-512:70936E65D0B439F6BE6E31E27032F10BA2EB54672647DA615744ABC7A767F197F0C7FDBCCEE0D335CBCECB6855B7BD899D1A5B97BA5083FFA42AF5F30343EA7F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rainy_River) {. {-9223372036854775808 -22696 0 LMT}. {-2366732504 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-923248800 -18000 1 CDT}. {-880214400 -18000 0 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {136368000 -18000 1 CDT}. {152089200 -21600 0 CST}. {167817600 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -21600 0 CST}. {294220800 -18000 1 CDT}. {309942000 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Rankin_Inlet

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7366
                            Entropy (8bit):3.749928775816306
                            Encrypted:false
                            SSDEEP:192:vw5/9/yuvQ+hcrD57X0N41+IstuNEbYkzbXwDTIRqfhXbdXvDXpVXVto//q7u37N:vw5/9/yuvQ6crD57X0N41+IstuNEbYkJ
                            MD5:54F6D5098A0CF940F066EADEEA234A57
                            SHA1:20B9FE5F6F70E97420A6D9939AA43C4CCFA8231B
                            SHA-256:AA68088E41A018002E5CE12B14F8910E5ECE5F26D5854092E351BAAC2F90DB2B
                            SHA-512:9EC1AF599604CEE266D9A4377B6CDABF94E61D0177CBC2158122406BF551AE0E3EE4CF147B28A382277B015CCB8F4405DB3EB3AE6425431EBB43CCDE08AEA3E1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rankin_Inlet) {. {-9223372036854775808 0 0 -00}. {-410227200 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {75205

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Recife

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1372
                            Entropy (8bit):3.6943875149362064
                            Encrypted:false
                            SSDEEP:24:cQHJeHQc4h1u80V2dBUGphmC17ewGtN3rvIh0VBHZDIykqWoN:5Kh4h19U2dBUGrmO7XGtN3kh0VBHZUnk
                            MD5:1567A3F3419D1A4FCF817A6EDC11769E
                            SHA1:2970F9EDD76B77A843D31F518587C17A05EC4C43
                            SHA-256:3F62246DF3A378815772D9D942033FB235B048B62F5EF52A3DCD6DB3871E0DB5
                            SHA-512:567BEAC48AE0FEEB32FE40EEA73EB4601DBDBF72FA963777E5F5C3E9972E2AD7A359301E80E574592AFB3045414A177D0ABD38DF958BD5317B02D4DFD2DCE607
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Recife) {. {-9223372036854775808 -8376 0 LMT}. {-1767217224 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-191365200 -7200 1 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}. {592974000 -7200 1 -03}. {60

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Regina

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1723
                            Entropy (8bit):3.956012642028802
                            Encrypted:false
                            SSDEEP:48:56ecDOBDgE+hIZVEa3lGw+6yZgTX+rNO46wYDW:86VlGS8
                            MD5:7D955B277C43D51F19377A91B987FAF9
                            SHA1:F2F3E11E955C3E58E21654F3D841B5B1528C0913
                            SHA-256:A1FA7BF002B3BA8DCA4D52AA0BB41C047DDAF88B2E542E1FCF81CB3AAF91AA75
                            SHA-512:719DEE7A932EDB9255D711E82AC0CA3FCFB07AF3EFE2EE0D887D7137F6059BEBE07F85D910CC0005391D244B4EADA16257BE49787938386FD4B5DB6D8E31D513
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Regina) {. {-9223372036854775808 -25116 0 LMT}. {-2030202084 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1251651600 -21600 1 MDT}. {-1238349600 -25200 0 MST}. {-1220202000 -21600 1 MDT}. {-1206900000 -25200 0 MST}. {-1188752400 -21600 1 MDT}. {-1175450400 -25200 0 MST}. {-1156698000 -21600 1 MDT}. {-1144000800 -25200 0 MST}. {-1125248400 -21600 1 MDT}. {-1111946400 -25200 0 MST}. {-1032714000 -21600 1 MDT}. {-1016992800 -25200 0 MST}. {-1001264400 -21600 1 MDT}. {-986148000 -25200 0 MST}. {-969814800 -21600 1 MDT}. {-954093600 -25200 0 MST}. {-937760400 -21600 1 MDT}. {-922039200 -25200 0 MST}. {-906310800 -21600 1 MDT}. {-890589600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-748450800 -21600 1 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Resolute

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7362
                            Entropy (8bit):3.7460671071064846
                            Encrypted:false
                            SSDEEP:192:iw5/9/yuvQ+hcrD57X0N41+IstuNESkzbXwDTIRqfhXbdXvDXpVXVto//q7u379L:iw5/9/yuvQ6crD57X0N41+IstuNESkzV
                            MD5:07FFF43B350D520D13D91701618AD72E
                            SHA1:8D4B36A6D3257509C209D0B78B58982709FB8807
                            SHA-256:39E13235F87A1B8621ADA62C9AD2EBF8E17687C5533658E075EFA70A04D5C78D
                            SHA-512:37397A2621F0A1EA6B46F6769D583CAEA9703924A2C652B8B58FA4C7DBA8E789BA8FE442FB2C77504E495617591FB138AD733063E3A4A0153ED2B26D4B863018
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Resolute) {. {-9223372036854775808 0 0 -00}. {-704937600 -21600 0 CST}. {-147895200 -14400 1 CDDT}. {-131565600 -21600 0 CST}. {325670400 -18000 1 CDT}. {341391600 -21600 0 CST}. {357120000 -18000 1 CDT}. {372841200 -21600 0 CST}. {388569600 -18000 1 CDT}. {404895600 -21600 0 CST}. {420019200 -18000 1 CDT}. {436345200 -21600 0 CST}. {452073600 -18000 1 CDT}. {467794800 -21600 0 CST}. {483523200 -18000 1 CDT}. {499244400 -21600 0 CST}. {514972800 -18000 1 CDT}. {530694000 -21600 0 CST}. {544608000 -18000 1 CDT}. {562143600 -21600 0 CST}. {576057600 -18000 1 CDT}. {594198000 -21600 0 CST}. {607507200 -18000 1 CDT}. {625647600 -21600 0 CST}. {638956800 -18000 1 CDT}. {657097200 -21600 0 CST}. {671011200 -18000 1 CDT}. {688546800 -21600 0 CST}. {702460800 -18000 1 CDT}. {719996400 -21600 0 CST}. {733910400 -18000 1 CDT}. {752050800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Rio_Branco

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1075
                            Entropy (8bit):3.7557219407321303
                            Encrypted:false
                            SSDEEP:24:cQYEeH5yyss/u/C5/ukCI/uiCk/u8CHe/uOCXs/um4Co/uN3Cc/ux8CL/uiFCy/i:5q5xs5IlTToo4mdGFtapG8dtedkFL
                            MD5:9AA66AEB91380EFD3313338A2DCBE432
                            SHA1:2D86915D1F331CC7050BBFAAE3315CE1440813C1
                            SHA-256:53DB45CF4CB369DA06C31478A793E787541DA0E77C042EBC7A10175A6BB6EFF6
                            SHA-512:C9B4F6544B4A1E77BFF6D423A9AD5E003E32FA77B00ECC2A7AF6D2279ACC849ABE331E5DE27C450A6BF86ECC2450CEBFAB4880AB69C54649D4C7EE0AF05CD377
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Rio_Branco) {. {-9223372036854775808 -16272 0 LMT}. {-1767209328 -18000 0 -05}. {-1206950400 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1175367600 -14400 1 -05}. {-1159819200 -18000 0 -05}. {-633812400 -14400 1 -05}. {-622062000 -18000 0 -05}. {-602276400 -14400 1 -05}. {-591825600 -18000 0 -05}. {-570740400 -14400 1 -05}. {-560203200 -18000 0 -05}. {-539118000 -14400 1 -05}. {-531345600 -18000 0 -05}. {-191358000 -14400 1 -05}. {-184190400 -18000 0 -05}. {-155156400 -14400 1 -05}. {-150062400 -18000 0 -05}. {-128890800 -14400 1 -05}. {-121118400 -18000 0 -05}. {-99946800 -14400 1 -05}. {-89582400 -18000 0 -05}. {-68410800 -14400 1 -05}. {-57960000 -18000 0 -05}. {499755600 -14400 1 -05}. {511243200 -18000 0 -05}. {530600400 -14400 1 -05}. {540273600 -18000 0 -05}. {562136400 -14400 1 -05}. {571204800 -18000 0 -05}. {590040000 -

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Rosario

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):214
                            Entropy (8bit):4.752946571641783
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7/MdVAIgp/MOF290rI5290/Msn:MBaIMY/M4p/MOF290r190/Ms
                            MD5:4FC460A084DF33A73F2F87B7962B0084
                            SHA1:45E70D5D68FC2DE0ACFF76B062ADA17E0021460F
                            SHA-256:D1F5FFD2574A009474230E0AA764256B039B1D78D91A1CB944B21776377B5B70
                            SHA-512:40045420FE88FA54DE4A656534C0A51357FBAB3EA3B9120DA15526A9DEC7EEC2C9799F4D9A72B6050474AD67490BC28540FDA0F17B7FCAF125D41CBCA96ECCDE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Argentina/Cordoba)]} {. LoadTimeZoneFile America/Argentina/Cordoba.}.set TZData(:America/Rosario) $TZData(:America/Argentina/Cordoba).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Santa_Isabel

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):189
                            Entropy (8bit):4.820569634622523
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qfSwVAIg20qfo2IAcGEtX2exp4IAcGEqfu:SlSWB9IZaM3y7eHVAIgpeo290tX2U49Q
                            MD5:75EA3845AFED3FBBF8496824A353DA32
                            SHA1:207A1520F041B09CCD5034E6E87D3F7A4FBD460E
                            SHA-256:2FACC167377FC1F592D2926829EB2980F58BE38D50424F64DFA04A2ECBBE1559
                            SHA-512:B9D4DB95CEA1DADCE27264BBD198676465854E9C55D6BB175966D860D9AF7014F6635A945510602C0A9FBF08596B064DAE7D30589886960F06B2F8E69786CFF6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:America/Santa_Isabel) $TZData(:America/Tijuana).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Santarem

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1043
                            Entropy (8bit):3.7336343389566795
                            Encrypted:false
                            SSDEEP:24:cQceUh8Sos/USws/QSI/LHSD/vOSy/WS3o/aS2/vSh/TSSX/WcSp/ySZd/YlSj/X:57SaSwXS4SqSbS3JSySxSxcSESAlSQSn
                            MD5:8F5EAA4F5099B82EDD68893C5D99A0EF
                            SHA1:1B21DAD0CD54E083A6EADCFD57CA8F58759189AD
                            SHA-256:1A46357BC4FE682AF78FFAB10A6A88893BEF50AECC6ACA217A5EBC1B98C01C07
                            SHA-512:2C82822CCA208E900383A1B55882BFC3559EC116C5B5AD2452BA367594AEF36F34C316FFA18B2BAB71A82FC382559069385947548EE9902FEDCDED084801ABF2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santarem) {. {-9223372036854775808 -13128 0 LMT}. {-1767212472 -14400 0 -04}. {-1206954000 -10800 1 -04}. {-1191358800 -14400 0 -04}. {-1175371200 -10800 1 -04}. {-1159822800 -14400 0 -04}. {-633816000 -10800 1 -04}. {-622065600 -14400 0 -04}. {-602280000 -10800 1 -04}. {-591829200 -14400 0 -04}. {-570744000 -10800 1 -04}. {-560206800 -14400 0 -04}. {-539121600 -10800 1 -04}. {-531349200 -14400 0 -04}. {-191361600 -10800 1 -04}. {-184194000 -14400 0 -04}. {-155160000 -10800 1 -04}. {-150066000 -14400 0 -04}. {-128894400 -10800 1 -04}. {-121122000 -14400 0 -04}. {-99950400 -10800 1 -04}. {-89586000 -14400 0 -04}. {-68414400 -10800 1 -04}. {-57963600 -14400 0 -04}. {499752000 -10800 1 -04}. {511239600 -14400 0 -04}. {530596800 -10800 1 -04}. {540270000 -14400 0 -04}. {562132800 -10800 1 -04}. {571201200 -14400 0 -04}. {590036400 -14

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Santiago

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8582
                            Entropy (8bit):3.4381885094053835
                            Encrypted:false
                            SSDEEP:192:LCA/E8pYraRo+kP0pDrMb60RnHqhTxxJA3Ea9c0yq/g2tw5E8Q+iWMFeHpkUu9/6:LRNBnrR59bPYUt
                            MD5:47BED3B60EF45B00267B4D628A2F18C4
                            SHA1:B3827DF571CF2CA16074188CE0E3061E296B8B26
                            SHA-256:51BB12A2397CAD3D412C9E8F3BA06DD98CC379F999DB3D00ED651A84DA1D6D1C
                            SHA-512:8DA831A0EAB180C982395F2BA85952959A676AADA87823E56C5B643FEB7082B6605FD3645D880B19F3F9EE5B25353002309CDB37AE68F1B3A192AE1280B74404
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santiago) {. {-9223372036854775808 -16966 0 LMT}. {-2524504634 -16966 0 SMT}. {-1892661434 -18000 0 -05}. {-1688410800 -16966 0 SMT}. {-1619205434 -14400 0 -04}. {-1593806400 -16966 0 SMT}. {-1335986234 -18000 0 -05}. {-1335985200 -14400 1 -05}. {-1317585600 -18000 0 -05}. {-1304362800 -14400 1 -05}. {-1286049600 -18000 0 -05}. {-1272826800 -14400 1 -05}. {-1254513600 -18000 0 -05}. {-1241290800 -14400 1 -05}. {-1222977600 -18000 0 -05}. {-1209754800 -14400 1 -05}. {-1191355200 -18000 0 -05}. {-1178132400 -14400 0 -04}. {-870552000 -18000 0 -05}. {-865278000 -14400 0 -04}. {-740520000 -10800 1 -03}. {-736376400 -14400 0 -04}. {-718056000 -18000 0 -05}. {-713649600 -14400 0 -04}. {-36619200 -10800 1 -04}. {-23922000 -14400 0 -04}. {-3355200 -10800 1 -04}. {7527600 -14400 0 -04}. {24465600 -10800 1 -04}. {37767600 -14400 0 -04}. {55

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Santo_Domingo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):595
                            Entropy (8bit):4.2614212422453726
                            Encrypted:false
                            SSDEEP:12:MBp5290/SyJmdHhvPu4/G/uFNM/KMVvMj/+MVvMqx/r0XVvMnUB/B7VvMa6I8/0p:cQ+DJeVu4e/uICEkFvxwdqUBZp965VPO
                            MD5:04F2A2C789E041270354376C3FD90D2D
                            SHA1:D0B89262D559021FAC035A519C96D2A2FA417F9C
                            SHA-256:42EF317EA851A781B041DC1951EA5A3EA1E924149C4B868ECD75F24672B28FA8
                            SHA-512:F8D072527ED38C2FF1C9E08219104213352B2EFA1171C0D1E02B6B1542B4929D0C4640B441326791CC86F23206621CD4E0D3247CBAB1F99B63E65DB667F3DFED
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Santo_Domingo) {. {-9223372036854775808 -16776 0 LMT}. {-2524504824 -16800 0 SDMT}. {-1159773600 -18000 0 EST}. {-100119600 -14400 1 EDT}. {-89668800 -18000 0 EST}. {-5770800 -16200 1 -0430}. {4422600 -18000 0 EST}. {25678800 -16200 1 -0430}. {33193800 -18000 0 EST}. {57733200 -16200 1 -0430}. {64816200 -18000 0 EST}. {89182800 -16200 1 -0430}. {96438600 -18000 0 EST}. {120632400 -16200 1 -0430}. {127974600 -18000 0 EST}. {152082000 -14400 0 AST}. {975823200 -14400 0 AST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Sao_Paulo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7552
                            Entropy (8bit):3.4588792656032914
                            Encrypted:false
                            SSDEEP:192:Lam19U2gUGrpzsVE0OjmicnyVkHZWWWE/+ZqPuWcBpR4xHtMlAbGCoGzvGmFGgh4:L3Yc8u9U
                            MD5:DEA27A3FE65A22BE42A97C6AB58E9687
                            SHA1:CD50184C4D1739CF5568E21683980FC63C9BFF24
                            SHA-256:AFA706258270F20F9317FF5B84957A2DF77842D564922C15DC302F7A8AB59CEC
                            SHA-512:34C306EC889C10988B3D9C236903417BCA1590E96CD60AE700882C064CCC410132265F106BB10D9593AFFA32B923728FBDDFB6DEE77CAF4A058C877F4D5F1EF1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sao_Paulo) {. {-9223372036854775808 -11188 0 LMT}. {-1767214412 -10800 0 -03}. {-1206957600 -7200 1 -03}. {-1191362400 -10800 0 -03}. {-1175374800 -7200 1 -03}. {-1159826400 -10800 0 -03}. {-633819600 -7200 1 -03}. {-622069200 -10800 0 -03}. {-602283600 -7200 1 -03}. {-591832800 -10800 0 -03}. {-570747600 -7200 1 -03}. {-560210400 -10800 0 -03}. {-539125200 -7200 1 -03}. {-531352800 -10800 0 -03}. {-195429600 -7200 1 -02}. {-189381600 -7200 0 -03}. {-184197600 -10800 0 -03}. {-155163600 -7200 1 -03}. {-150069600 -10800 0 -03}. {-128898000 -7200 1 -03}. {-121125600 -10800 0 -03}. {-99954000 -7200 1 -03}. {-89589600 -10800 0 -03}. {-68418000 -7200 1 -03}. {-57967200 -10800 0 -03}. {499748400 -7200 1 -03}. {511236000 -10800 0 -03}. {530593200 -7200 1 -03}. {540266400 -10800 0 -03}. {562129200 -7200 1 -03}. {571197600 -10800 0 -03}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Scoresbysund

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6593
                            Entropy (8bit):3.4670685654529194
                            Encrypted:false
                            SSDEEP:96:URW/ukG9UDHaXZgsP/N/LWAWVF20V/VapcJlNcnkF0:BuZUDHaXZgsN/FWVFjHv0
                            MD5:7E7EF4D67CCD455833603F7EF9E374A6
                            SHA1:4AD722F75FC88572DD5A2CD1845FF5F68ED4B58A
                            SHA-256:2B5B2A00793545C8D32437D7DAA2A36B42D3B1B7421054621841E2919F713294
                            SHA-512:0688EB3EBDE78E18EE5E31DE57F1CBE0BF10071A6EDC97D284B2B3E1E22975262190934446C202E90EFD161686F4790342EDDBCACADB3A65B0AC6C1A9099C79F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Scoresbysund) {. {-9223372036854775808 -5272 0 LMT}. {-1686090728 -7200 0 -02}. {323841600 -3600 0 -01}. {338961600 -7200 0 -02}. {354679200 0 0 +00}. {370400400 -3600 0 -01}. {386125200 0 1 +00}. {401850000 -3600 0 -01}. {417574800 0 1 +00}. {433299600 -3600 0 -01}. {449024400 0 1 +00}. {465354000 -3600 0 -01}. {481078800 0 1 +00}. {496803600 -3600 0 -01}. {512528400 0 1 +00}. {528253200 -3600 0 -01}. {543978000 0 1 +00}. {559702800 -3600 0 -01}. {575427600 0 1 +00}. {591152400 -3600 0 -01}. {606877200 0 1 +00}. {622602000 -3600 0 -01}. {638326800 0 1 +00}. {654656400 -3600 0 -01}. {670381200 0 1 +00}. {686106000 -3600 0 -01}. {701830800 0 1 +00}. {717555600 -3600 0 -01}. {733280400 0 1 +00}. {749005200 -3600 0 -01}. {764730000 0 1 +00}. {780454800 -3600 0 -01}. {796179600 0 1 +00}. {811904400 -3600 0 -01}. {828234000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Shiprock

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):182
                            Entropy (8bit):4.840231755053259
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06RGFwVAIg206RAO0L2IAcGEtOFBx+IAcGE6Ru:SlSWB9IZaM3y7+SwVAIgp+iL290tO09G
                            MD5:65307038DB12A7A447284DF4F3E6A3E8
                            SHA1:DC28D6863986D7A158CEF239D46BE9F5033DF897
                            SHA-256:3FD862C9DB2D5941DFDBA5622CC53487A7FC5039F7012B78D3EE4B58753D078D
                            SHA-512:91BC29B7EC9C49D4020DC26F682D0EFBBBEE83D10D79C766A08C78D5FF04D9C0A09288D9696A378E777B65E0C2C2AC8A218C12F86C45BD6E7B5E204AE5FC2335
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:America/Shiprock) $TZData(:America/Denver).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Sitka

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8376
                            Entropy (8bit):3.8793735356495116
                            Encrypted:false
                            SSDEEP:96:lG19jJps/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:lM9jI/4h5sBPy+CMt/ElALLVuAH
                            MD5:2F2C91BD29B32A281F9FB1F811953ACB
                            SHA1:49102C37397CC9B7CDCDCE6A76F9BE03D0B446AB
                            SHA-256:6ABBF55FEE7839B9EEEBB97EA53E185E1A0E189843531257708258841A35EB76
                            SHA-512:FB06D4FE28BD9DD9D56A7365F1E2CC7434678B8850CECF99A232F07B4B720F092980EC337C279E599A12E54548DE6AC253547FE4C255BEFA7B545F8C93375589
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Sitka) {. {-9223372036854775808 53927 0 LMT}. {-3225223727 -32473 0 LMT}. {-2188954727 -28800 0 PST}. {-883584000 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-757353600 -28800 0 PST}. {-31507200 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -28800 0 PST}. {294228000 -25200 1 PDT}. {309949200 -28800 0 PST}. {325677600 -

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\St_Barthelemy

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):4.905980413237828
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290txP90e/:MBaIMY9QpI2907P90O
                            MD5:B6E45D20EB8CC73A77B9A75578E5C246
                            SHA1:19C6BB6ED12B6943CF7BDFFE4C8A8D72DB491E44
                            SHA-256:31E60EAC8ABFA8D3DAD501D3BCDCA7C4DB7031B65ADDA24EC11A6DEE1E3D14C3
                            SHA-512:C0F3BF8D106E77C1000E45D0A6C8E7C05B7B97EFA2EECCA45FEF48EB42FBDD5336FD551C794064EADFB6919A12813FF66B2F95722877432B4A48B1FBA6C5409D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Barthelemy) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\St_Johns

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10917
                            Entropy (8bit):3.7872036312069963
                            Encrypted:false
                            SSDEEP:192:Vvprjhbvd8mSGu9EnkBVAZK2GrbrvZeuqpNFT:Vvbvd7SGu9lzoVpDT
                            MD5:F87531D6DC9AAFB2B0F79248C5ADA772
                            SHA1:E14C52B0F564FA3A3536B7576A2B27D4738CA76B
                            SHA-256:0439DA60D4C52F0E777431BF853D366E2B5D89275505201080954D88F6CA9478
                            SHA-512:5B43CE25D970EEEFD09865D89137388BD879C599191DE8ACE37DA657C142B6DF63143DBF9DED7659CBD5E45BAB699E2A3AFDD28C76A7CB2F300EBD9B74CDA59D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/St_Johns) {. {-9223372036854775808 -12652 0 LMT}. {-2713897748 -12652 0 NST}. {-1664130548 -9052 1 NDT}. {-1650137348 -12652 0 NST}. {-1640982548 -12652 0 NST}. {-1632076148 -9052 1 NDT}. {-1615145348 -12652 0 NST}. {-1609446548 -12652 0 NST}. {-1598650148 -9052 1 NDT}. {-1590100148 -12652 0 NST}. {-1567286948 -9052 1 NDT}. {-1551565748 -12652 0 NST}. {-1535837348 -9052 1 NDT}. {-1520116148 -12652 0 NST}. {-1503782948 -9052 1 NDT}. {-1488666548 -12652 0 NST}. {-1472333348 -9052 1 NDT}. {-1457216948 -12652 0 NST}. {-1440883748 -9052 1 NDT}. {-1425767348 -12652 0 NST}. {-1409434148 -9052 1 NDT}. {-1394317748 -12652 0 NST}. {-1377984548 -9052 1 NDT}. {-1362263348 -12652 0 NST}. {-1346534948 -9052 1 NDT}. {-1330813748 -12652 0 NST}. {-1314480548 -9052 1 NDT}. {-1299364148 -12652 0 NST}. {-1283030948 -9052 1 NDT}. {-1267914548 -12652 0 NS

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\St_Kitts

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):203
                            Entropy (8bit):4.878034750755565
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290tMp490e/:MBaIMY9QpI290g490O
                            MD5:B149DC2A23F741BA943E5511E35370D3
                            SHA1:3C8D3CFDB329B7ECB90C19D3EB3DE6F33A063ADD
                            SHA-256:36046A74F6BB23EA8EABA25AD3B93241EBB509EF1821CC4BEC860489F5EC6DCA
                            SHA-512:CEB38EC2405A3B0A4E09CDD2D69A11884CCB28DA0FD7CF8B344E1472642A0571674D3ED33C639E745DDEEE741E52B0948B86DFFFD324BB07A9F1A6B9F38F898E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Kitts) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\St_Lucia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):203
                            Entropy (8bit):4.89157166321909
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0uPXoFVAIg20uPXhF2IAcGEtkS+IAcGEuPX/:SlSWB9IZaM3y7eoFVAIgpeX290tY90e/
                            MD5:7B7FCA150465F48FAC9F392C079B6376
                            SHA1:1B501288CC00E8B90A2FAD82619B49A9DDBE4475
                            SHA-256:87203A4BF42B549FEBF467CC51E8BCAE01BE1A44C193BED7E2D697B1C3D268C9
                            SHA-512:5E4F7EE08493547A012144884586D45020D83B5838254C257FD341B8B6D3F9E279013D068EFC7D6DF7569DDD20122B3B23E9C93A0017FB64E941A50311ED1F18
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Lucia) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\St_Thomas

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):204
                            Entropy (8bit):4.888871207225013
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290tXIMFJ490e/:MBaIMY9QpI290tJ490O
                            MD5:7E272CE31D788C2556FF7421F6832314
                            SHA1:A7D89A1A9AC2B61D98690126D1E4C1595E160C8F
                            SHA-256:F0E10D45C929477A803085B2D4CE02EE31FD1DB24855836D02861AD246BC34D9
                            SHA-512:CCDF0B1B5971B77F6FA27F25900DB1AB9A4A4C69E15DCDF4EA35E1E1FC31AAD957C2E5862B411B0155BB1E25E2DD417A89168295317B1E603DA59142D76CE80A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Thomas) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\St_Vincent

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):205
                            Entropy (8bit):4.876306758637305
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290tzb+Q90e/:MBaIMY9QpI290xyQ90O
                            MD5:52DAAF1636B5B70E0BA2015E9F322A74
                            SHA1:4BD05207601CF6DB467C27052EBB25C9A64DAC96
                            SHA-256:A5B3687BBA1D14D52599CB355BA5F4399632BF98DF4CEB258F9C479B1EA73586
                            SHA-512:E3DE0447236F6EA24D173CCB46EA1A4A31B5FFBCE2A442CD542DA8C54DAD22391FD1CA301776C0FB07CBCF256FC708E61B7BBA682C02EEBE03BECCEA2B6D3BD0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/St_Vincent) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Swift_Current

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):845
                            Entropy (8bit):4.182525430299964
                            Encrypted:false
                            SSDEEP:24:cQce7eUFLxsOCX+FmFyyFDVFdPFxFZA8uFZYV:5NecLGO+6yZzXDZA8KZG
                            MD5:1502A6DD85B55B9619E42D1E08C09738
                            SHA1:70FF58E29CCDB53ABABA7EBD449A9B34AC152AA6
                            SHA-256:54E541D1F410AFF34CE898BBB6C7CC945B66DFC9D7C4E986BD9514D14560CC6F
                            SHA-512:99F0EFF9F2DA4CDD6AB508BB85002F38B01BDFDE0CBA1EB2F4B5CA8EAD8AAB645A3C26BECF777DE49574111B37F847EFF9320331AC07E84C8E892B688B01D36B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Swift_Current) {. {-9223372036854775808 -25880 0 LMT}. {-2030201320 -25200 0 MST}. {-1632063600 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-747241200 -21600 0 MDT}. {-732729600 -25200 0 MST}. {-715791600 -21600 1 MDT}. {-702489600 -25200 0 MST}. {-684342000 -21600 1 MDT}. {-671040000 -25200 0 MST}. {-652892400 -21600 1 MDT}. {-639590400 -25200 0 MST}. {-631126800 -25200 0 MST}. {-400086000 -21600 1 MDT}. {-384364800 -25200 0 MST}. {-337186800 -21600 1 MDT}. {-321465600 -25200 0 MST}. {-305737200 -21600 1 MDT}. {-292435200 -25200 0 MST}. {-273682800 -21600 1 MDT}. {-260985600 -25200 0 MST}. {73472400 -21600 0 CST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Tegucigalpa

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):329
                            Entropy (8bit):4.580220354026118
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5290Em2OHskeRbV1UcgdrV/uFn/acD3/uFn/sb9/uFn/yn:MBp5290EmdHsVH1UDB/uFn/z/uFn/k/N
                            MD5:004588073FADF67C3167FF007759BCEA
                            SHA1:64A6344776A95E357071D4FC65F71673382DAF9D
                            SHA-256:55C18EA96D3BA8FD9E8C4F01D4713EC133ACCD2C917EC02FD5E74A4E0089BFBF
                            SHA-512:ADC834C393C5A3A7BFD86A933E7C7F594AC970A3BD1E38110467A278DC4266D81C3E96394C102E565F05DE7FBBDA623C673597E19BEC1EA26AB12E4354991066
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tegucigalpa) {. {-9223372036854775808 -20932 0 LMT}. {-1538503868 -21600 0 CST}. {547020000 -18000 1 CDT}. {559717200 -21600 0 CST}. {578469600 -18000 1 CDT}. {591166800 -21600 0 CST}. {1146981600 -18000 1 CDT}. {1154926800 -21600 0 CST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Thule

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6666
                            Entropy (8bit):3.7481713130223295
                            Encrypted:false
                            SSDEEP:192:pJunToVmM7IEc2fVGYu2yeB/T/eleWmBk81kS/kV6kef4zjyvUP/ZbJitpJxSIRj:pAWJv
                            MD5:8FFE81344C31A51489A254DE97E83C3E
                            SHA1:4397D9EDAC304668D95921EF03DFD90F967E772F
                            SHA-256:EF6AF4A3FA500618B37AF3CDD40C475E54347D7510274051006312A42C79F20C
                            SHA-512:F34A6D44499DE5A4E328A8EAFBA5E77B1B8C04A843160D74978398F1545C821C3034FCBD5ADBFAD8D14D1688907C57E7570023ABD3096D4E4C19E3D3C04428B3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thule) {. {-9223372036854775808 -16508 0 LMT}. {-1686079492 -14400 0 AST}. {670399200 -10800 1 ADT}. {686120400 -14400 0 AST}. {701848800 -10800 1 ADT}. {717570000 -14400 0 AST}. {733903200 -10800 1 ADT}. {752043600 -14400 0 AST}. {765352800 -10800 1 ADT}. {783493200 -14400 0 AST}. {796802400 -10800 1 ADT}. {814942800 -14400 0 AST}. {828856800 -10800 1 ADT}. {846392400 -14400 0 AST}. {860306400 -10800 1 ADT}. {877842000 -14400 0 AST}. {891756000 -10800 1 ADT}. {909291600 -14400 0 AST}. {923205600 -10800 1 ADT}. {941346000 -14400 0 AST}. {954655200 -10800 1 ADT}. {972795600 -14400 0 AST}. {986104800 -10800 1 ADT}. {1004245200 -14400 0 AST}. {1018159200 -10800 1 ADT}. {1035694800 -14400 0 AST}. {1049608800 -10800 1 ADT}. {1067144400 -14400 0 AST}. {1081058400 -10800 1 ADT}. {1099198800 -14400 0 AST}. {1112508000 -10800 1 ADT}. {1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Thunder_Bay

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8058
                            Entropy (8bit):3.7473289441354263
                            Encrypted:false
                            SSDEEP:96:hePraC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:hirrn+qvOTFhPI1jFIL
                            MD5:CE6E17F16AA8BAD3D9DB8BD2E61A6406
                            SHA1:7DF466E7BB5EDD8E1CDF0ADC8740248EF31ECB15
                            SHA-256:E29F83A875E2E59EC99A836EC9203D5ABC2355D6BD4683A5AEAF31074928D572
                            SHA-512:833300D17B7767DE74E6F2757513058FF5B25A9E7A04AB97BBBFFAC5D9ADCC43366A5737308894266A056382D2589D0778EEDD85D56B0F336C84054AB05F1079
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Thunder_Bay) {. {-9223372036854775808 -21420 0 LMT}. {-2366733780 -21600 0 CST}. {-1893434400 -18000 0 EST}. {-883594800 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {18000 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {94712400 -18000 0 EST}. {126248400 -18000 0 EST}. {136364400 -14400 1 EDT}. {152085600 -18000 0 EST}. {167814000 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -18000 0 EST}. {294217200 -14400 1 EDT}. {309938400 -18000 0 EST}. {325666800 -14400 1 EDT}. {341388000 -18000 0 EST}. {357116400 -14400 1 EDT}. {372837600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Tijuana

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8470
                            Entropy (8bit):3.767364707906483
                            Encrypted:false
                            SSDEEP:96:mb4O5mC2ZCAFBWsBNwj/lpmlOxGcKcnRH31t+ucgge:Q5DaYaNwj/lpmlOxnKcndIG
                            MD5:F76D5FB5BC773872B556A6EDF660E5CC
                            SHA1:3FD19FCD0FFD3308D2E7D9A3553C14B6A6C3A903
                            SHA-256:170540AA3C0962AFE4267F83AC679241B2D135B1C18E8E7220C2608B94DDDE0E
                            SHA-512:7FC5D2BC39EF3A3C902A56272474E28CD9C56DE37A7AE9FAEADE974993677CCF3A9E6CE64C064D69B7587BD47951BFFFD751412D97F4066656CBB42AD9B619DF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Tijuana) {. {-9223372036854775808 -28084 0 LMT}. {-1514736000 -25200 0 MST}. {-1451667600 -28800 0 PST}. {-1343062800 -25200 0 MST}. {-1234803600 -28800 0 PST}. {-1222963200 -25200 1 PDT}. {-1207242000 -28800 0 PST}. {-873820800 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-761677200 -28800 0 PST}. {-686073600 -25200 1 PDT}. {-661539600 -28800 0 PST}. {-504892800 -28800 0 PST}. {-495039600 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463590000 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431535600 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400086000 -25200 1 PDT}. {-386780400 -28800 0 PST}. {-368636400 -25200 1 PDT}. {-355330800 -28800 0 PST}. {-337186800 -25200 1 PDT}. {-323881200 -28800 0 PST}. {-305737200 -25200 1 PDT}. {-292431600 -28800 0 PST}. {-283968000 -28800 0 PST}. {189331200 -28800 0 PST}. {199274400 -25200 1 PDT}. {21560

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Toronto

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10883
                            Entropy (8bit):3.7202964099536917
                            Encrypted:false
                            SSDEEP:96:9wUYG1dbgZ8UMrEUWraC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:9wS1dbgZ8UMrVWrrn+qvOTFhPI1jFIL
                            MD5:9C60AFDFA3BA2002BA68673B778194CF
                            SHA1:D6D17C82AEC4B85BA7B0F6FCB36A7582CA26A82B
                            SHA-256:7744DB6EFE39D636F1C88F8325ED3EB6BF8FA615F52A60333A58BCE579983E87
                            SHA-512:3C793BB00725CF37474683EAB70A0F2B2ACAE1656402CDD7E75182988DC20361A8651A624A5220983E3E05333B9817DCBEAF20D34BD55C5128F55474A02A9455
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Toronto) {. {-9223372036854775808 -19052 0 LMT}. {-2366736148 -18000 0 EST}. {-1632070800 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1609441200 -18000 0 EST}. {-1601753400 -14400 1 EDT}. {-1583697600 -18000 0 EST}. {-1567357200 -14400 1 EDT}. {-1554667200 -18000 0 EST}. {-1534698000 -14400 1 EDT}. {-1524074400 -18000 0 EST}. {-1503248400 -14400 1 EDT}. {-1492365600 -18000 0 EST}. {-1471798800 -14400 1 EDT}. {-1460916000 -18000 0 EST}. {-1440954000 -14400 1 EDT}. {-1428861600 -18000 0 EST}. {-1409504400 -14400 1 EDT}. {-1397412000 -18000 0 EST}. {-1378054800 -14400 1 EDT}. {-1365962400 -18000 0 EST}. {-1346605200 -14400 1 EDT}. {-1333908000 -18000 0 EST}. {-1315155600 -14400 1 EDT}. {-1301853600 -18000 0 EST}. {-1283706000 -14400 1 EDT}. {-1270404000 -18000 0 EST}. {-1252256400 -14400 1 EDT}. {-1238954400 -18000 0 EST}. {-1220806800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Tortola

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):202
                            Entropy (8bit):4.854311472609309
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290RRKl290e/:MBaIMY9QpI290V90O
                            MD5:B931564D937C807282F1432FF6EA52A6
                            SHA1:7ECA025D97717EEA7C91B5390122D3A47A25CAD0
                            SHA-256:FF5CF153C4EC65E7E57A608A481F12939B6E4ACC8D62C5B01FEB5A04769A6F07
                            SHA-512:97271500C7D7959B90A6AC0A98D5D0D29DA00E92F9FC973594267DF906DEE767243698DBA2F3A0CF00156E949E29CDDD45A151F263583514090717CFDF1FB4DD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Tortola) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Vancouver

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9495
                            Entropy (8bit):3.7630000632404426
                            Encrypted:false
                            SSDEEP:192:2f7f/5LB6xi9C7Nf+aNwj/lpmlOxnKcndIG:2f735LB6xi9cfefnK6
                            MD5:1ACC41DA124C0CA5E67432760FDC91EC
                            SHA1:13F56C3F53076E0027BB8C5814EC81256A37F4AF
                            SHA-256:DFC19B5231F6A0AB9E9B971574FB612695A425A3B290699DF2819D46F1250DB0
                            SHA-512:2F2E358F5743248DE946B90877EFCCCACAF039956249F17D24B7DA026830A181A125045E2C8937A6ACD674E32887049F2D36A1941F09803DF514ADCDA4055CC5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Vancouver) {. {-9223372036854775808 -29548 0 LMT}. {-2713880852 -28800 0 PST}. {-1632060000 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-747237600 -25200 1 PDT}. {-732726000 -28800 0 PST}. {-715788000 -25200 1 PDT}. {-702486000 -28800 0 PST}. {-684338400 -25200 1 PDT}. {-671036400 -28800 0 PST}. {-652888800 -25200 1 PDT}. {-639586800 -28800 0 PST}. {-620834400 -25200 1 PDT}. {-608137200 -28800 0 PST}. {-589384800 -25200 1 PDT}. {-576082800 -28800 0 PST}. {-557935200 -25200 1 PDT}. {-544633200 -28800 0 PST}. {-526485600 -25200 1 PDT}. {-513183600 -28800 0 PST}. {-495036000 -25200 1 PDT}. {-481734000 -28800 0 PST}. {-463586400 -25200 1 PDT}. {-450284400 -28800 0 PST}. {-431532000 -25200 1 PDT}. {-418230000 -28800 0 PST}. {-400082400 -25200 1 PDT}. {-386

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Virgin

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):201
                            Entropy (8bit):4.901732290886438
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7eoFVAIgpeX290RXgr490e/:MBaIMY9QpI290xg090O
                            MD5:DEB77B4016D310DFB38E6587190886FB
                            SHA1:B308A2D187C153D3ED821B205A4F2D0F73DA94B0
                            SHA-256:A6B8CFE8B9381EC61EAB553CFA2A815F93BBB224A6C79D74C08AC54BE4B8413B
                            SHA-512:04A0D598A24C0F3A1881D3412352F65C610F75281CC512B46248847A798A12AEA551E3DE9EA3FD5BB6B3687A0BB65746392F301F72746876D30697D66B3A3604
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Port_of_Spain)]} {. LoadTimeZoneFile America/Port_of_Spain.}.set TZData(:America/Virgin) $TZData(:America/Port_of_Spain).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Whitehorse

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7613
                            Entropy (8bit):3.789738507183991
                            Encrypted:false
                            SSDEEP:96:hmD+C2ZCHtffWsBNwj/lpmlOxGcKcnRH31t+ucgge:hm3Nf+aNwj/lpmlOxnKcndIG
                            MD5:CBCFD98E08FCCEB580F66AFE8E670AF5
                            SHA1:7E922CCD99CD7758709205E4C9210A2F09F09800
                            SHA-256:72992080AA9911184746633C7D6E47570255EE85CC6FE5E843F62331025B2A61
                            SHA-512:18290654E5330186B739DEDBC7D6860FD017D089DAE19E480F868E1FB56A3CF2E685D0099C4CF1D4F2AE5F36D0B72ABE52FBAC29AD4F6AB8A45C4C420D90E2D5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Whitehorse) {. {-9223372036854775808 -32412 0 LMT}. {-2188997988 -32400 0 YST}. {-1632056400 -28800 1 YDT}. {-1615125600 -32400 0 YST}. {-1596978000 -28800 1 YDT}. {-1583164800 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-147884400 -25200 1 YDDT}. {-131554800 -32400 0 YST}. {315561600 -28800 0 PST}. {325677600 -25200 1 PDT}. {341398800 -28800 0 PST}. {357127200 -25200 1 PDT}. {372848400 -28800 0 PST}. {388576800 -25200 1 PDT}. {404902800 -28800 0 PST}. {420026400 -25200 1 PDT}. {436352400 -28800 0 PST}. {452080800 -25200 1 PDT}. {467802000 -28800 0 PST}. {483530400 -25200 1 PDT}. {499251600 -28800 0 PST}. {514980000 -25200 1 PDT}. {530701200 -28800 0 PST}. {544615200 -25200 1 PDT}. {562150800 -28800 0 PST}. {576064800 -25200 1 PDT}. {594205200 -28800 0 PST}. {607514400 -25200 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Winnipeg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9379
                            Entropy (8bit):3.7354364023000937
                            Encrypted:false
                            SSDEEP:192:t7K22m2eQ7SRWu3O559BxXWDpws1dwVyUAitGeZiSI0PMnp4ozDCM9LfLPix3QWZ:t7K22m2eQ7Swu3O559BxXWDpws1dwVyU
                            MD5:F6B8A2DA74DC3429EC1FAF7A38CB0361
                            SHA1:1651AD179DB98C9755CDF17FBFC29EF35DE7F588
                            SHA-256:FEAA62063316C8F4AD5FABBF5F2A7DD21812B6658FEC40893657E909DE605317
                            SHA-512:46C61EFF429075A77C01AF1C02FD6136529237B30B7F06795BCEE26CDB75DDAB2D418283CD95C9A0140D1510E02F393F0A7E9414C99D1B31301AE213BAF50681
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Winnipeg) {. {-9223372036854775808 -23316 0 LMT}. {-2602258284 -21600 0 CST}. {-1694368800 -18000 1 CDT}. {-1681671600 -21600 0 CST}. {-1632067200 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1029686400 -18000 1 CDT}. {-1018198800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-746035200 -18000 1 CDT}. {-732733200 -21600 0 CST}. {-715795200 -18000 1 CDT}. {-702493200 -21600 0 CST}. {-684345600 -18000 1 CDT}. {-671043600 -21600 0 CST}. {-652896000 -18000 1 CDT}. {-639594000 -21600 0 CST}. {-620755200 -18000 1 CDT}. {-607626000 -21600 0 CST}. {-589392000 -18000 1 CDT}. {-576090000 -21600 0 CST}. {-557942400 -18000 1 CDT}. {-544640400 -21600 0 CST}. {-526492800 -18000 1 CDT}. {-513190800 -21600 0 CST}. {-495043200 -18000 1 CDT}. {-481741200 -21600 0 CST}. {-463593600 -18000 1 CDT}. {-

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Yakutat

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8407
                            Entropy (8bit):3.8776961667057868
                            Encrypted:false
                            SSDEEP:96:ugOZVKyjVYus/Q7Ddh5sBPyNsSLFOMM/EowALVZVmWa86Eac8rQ:uBZVKH/4h5sBPy+CMt/ElALLVuAH
                            MD5:9C0E781669E3E5549F82ED378EE3423B
                            SHA1:32184EA198156731C58616A0D88F169441C8CC7F
                            SHA-256:FE1C632FE9AF7E54A8CC9ED839818FAE98F14928921FD78C92A8D8E22F07A415
                            SHA-512:D1CDAB3DBAFFB4C30F6EEBDD413D748980C156437FBE99E7DF0C1E17AFA4CC33876AF2BB44C90E1FE5347071E64E83823EED47AE9BE39863C12989CB3EA44BDA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yakutat) {. {-9223372036854775808 52865 0 LMT}. {-3225223727 -33535 0 LMT}. {-2188953665 -32400 0 YST}. {-883580400 -32400 0 YST}. {-880203600 -28800 1 YWT}. {-769395600 -28800 1 YPT}. {-765381600 -32400 0 YST}. {-757350000 -32400 0 YST}. {-31503600 -32400 0 YST}. {-21474000 -28800 1 YDT}. {-5752800 -32400 0 YST}. {9975600 -28800 1 YDT}. {25696800 -32400 0 YST}. {41425200 -28800 1 YDT}. {57751200 -32400 0 YST}. {73479600 -28800 1 YDT}. {89200800 -32400 0 YST}. {104929200 -28800 1 YDT}. {120650400 -32400 0 YST}. {126702000 -28800 1 YDT}. {152100000 -32400 0 YST}. {162385200 -28800 1 YDT}. {183549600 -32400 0 YST}. {199278000 -28800 1 YDT}. {215604000 -32400 0 YST}. {230727600 -28800 1 YDT}. {247053600 -32400 0 YST}. {262782000 -28800 1 YDT}. {278503200 -32400 0 YST}. {294231600 -28800 1 YDT}. {309952800 -32400 0 YST}. {325681200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\America\Yellowknife

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7485
                            Entropy (8bit):3.781666511020802
                            Encrypted:false
                            SSDEEP:96:rGzGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:zVUC2mWBNwWTxyWR
                            MD5:C9050AC32086644B15631E6FBE4D6292
                            SHA1:8C074D0E04CAFB1BDD11953AE77687CFBC53C449
                            SHA-256:447B801066A92624F58C00DA66FBB90B54195F4AB06886AE4796228244E19E85
                            SHA-512:E7C73E67B247F912E774EF245D2323B24DDF75054C7BE9095BC19E3C58CB5AE287747076B2436ABF735738A969DAFCDB128F0BA2C76A0AFAB5449CF157BEB190
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:America/Yellowknife) {. {-9223372036854775808 0 0 -00}. {-1104537600 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-147891600 -18000 1 MDDT}. {-131562000 -25200 0 MST}. {315558000 -25200 0 MST}. {325674000 -21600 1 MDT}. {341395200 -25200 0 MST}. {357123600 -21600 1 MDT}. {372844800 -25200 0 MST}. {388573200 -21600 1 MDT}. {404899200 -25200 0 MST}. {420022800 -21600 1 MDT}. {436348800 -25200 0 MST}. {452077200 -21600 1 MDT}. {467798400 -25200 0 MST}. {483526800 -21600 1 MDT}. {499248000 -25200 0 MST}. {514976400 -21600 1 MDT}. {530697600 -25200 0 MST}. {544611600 -21600 1 MDT}. {562147200 -25200 0 MST}. {576061200 -21600 1 MDT}. {594201600 -25200 0 MST}. {607510800 -21600 1 MDT}. {625651200 -25200 0 MST}. {638960400 -21600 1 MDT}. {657100800 -25200 0 MST}. {671014800 -21600 1 MDT}. {68

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Casey

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):316
                            Entropy (8bit):4.338100448107153
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52L09xvFJm2OHlFFbQMFUkjtjKNUkMQTVsklkQEJ:MBp52Lc9mdHfFbQMF5jdK3zTVxE
                            MD5:4AD8AC155D466E47A6BF075508DC05ED
                            SHA1:2C911F651B26C27C07756111B5291C63C6954D34
                            SHA-256:282A352404B30C4336C0E09F3C5371393511C602B9E55648FB0251EACC9C715D
                            SHA-512:4A7305653D700FF565C9747C8A4E69A79609EB4748F3FFAA60C5A8548BBFAEC541EB8EAF830FF9202508BEAFAC2A0895BC4A52473FA51EBC74FAD83FCD0EB8F5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Casey) {. {-9223372036854775808 0 0 -00}. {-31536000 28800 0 +08}. {1255802400 39600 0 +11}. {1267714800 28800 0 +08}. {1319738400 39600 0 +11}. {1329843600 28800 0 +08}. {1477065600 39600 0 +11}. {1520701200 28800 0 +08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Davis

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):312
                            Entropy (8bit):4.290371654524798
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52L0DTm2OHlFFpwz0/MVSYv/JFFv7VoX/MVSYv/bpVQSbRXhNXSMVSYvx:MBp52LeTmdHfFCjF/LFvOkF/bp6SbRRT
                            MD5:780DA74192C8F569B1450AACE54A0558
                            SHA1:F2650D6D21A4B4AC8D931383ED343CE916252319
                            SHA-256:88A4DBB222E9FD2FFC26D9B5A8657FA6552DF6B3B6A14D951CE1168B5646E8F8
                            SHA-512:7F1E9E5C0F8E2A9D8AC68E19AF3D48D2BEE9840812A219A759475E7D036EA18CB122C40DDB88977079C1831AEF7EFBCB519C691616631D490B3C04382EB993C0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Davis) {. {-9223372036854775808 0 0 -00}. {-409190400 25200 0 +07}. {-163062000 0 0 -00}. {-28857600 25200 0 +07}. {1255806000 18000 0 +05}. {1268251200 25200 0 +07}. {1319742000 18000 0 +05}. {1329854400 25200 0 +07}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\DumontDUrville

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):206
                            Entropy (8bit):4.716730745171491
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52L0/3Om2OHlFFbRX82+c6FFpJ6SpQ:MBp52LdmdHfFbx82+ZFDQ
                            MD5:83B53540FADB1A36903E2A619954BFFC
                            SHA1:C9F520043A641104F43FB5422971B4D7A39A421C
                            SHA-256:0E50BA70DE94E6BABC4847C15865867D0F821F6BDDDC0B9750CB6BF13EF5DF3B
                            SHA-512:0AE7FE58EED7EAC03CBFFA2EA32CCBF726DBED0A3B1C20CF1D549CDA801CEB2B54F106787BD15B17DA3D9404E2D84936D50E4A2F63D1A72B0FEBCD8F8EA3195F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/DumontDUrville) {. {-9223372036854775808 0 0 -00}. {-725846400 36000 0 +10}. {-566992800 0 0 -00}. {-415497600 36000 0 +10}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Macquarie

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2800
                            Entropy (8bit):3.8632793034261463
                            Encrypted:false
                            SSDEEP:24:cQbTetvk4z/7hLiVVitCinq+D18KmvLx0WWuyymPXObf78FCt7WQi2NjM:5sTlKiG+h5mjKIyym+WQNo
                            MD5:A3E1A9DFB6D6F061E60739865E6E0D18
                            SHA1:10C014CB444DEEF093854EE6A415DC17D7C2A4C5
                            SHA-256:975026D38C4BF136769D31215F2908867EC37E568380F864983DD57FFADA4676
                            SHA-512:9425CF1B717FBDFD4EA04AAC06CF5ACE365A4FCC911D85130B910D022ED4261F1FFF431CE63BA538871C7D3CA1EF65490A30BEE975884EB39FC1E5C2D88009D0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Macquarie) {. {-9223372036854775808 0 0 -00}. {-2214259200 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-1601719200 0 0 -00}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Mawson

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.6965808819415695
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEzyedFkXGm2OHvdFFoVU/VPKVVFSTGFFFjsvUX0VQL:SlSWB9X52L0zyEm2OHlFFzy/UiF/js/G
                            MD5:A07C6FA0B635EC81C5199F2515888C9E
                            SHA1:587AC900E285F6298A7287F10466DFA4683B9A87
                            SHA-256:2D8F0218800F6E0BD645A7270BEAF60A517AE20CBFFD64CF77E3CE4F8F959348
                            SHA-512:76A3590748F698E51BF29A1D3C119A253A8C07E9F77835CCDFC6AC51C554B5888351C95E6012CDADB106B42A384D49E56537FBF8DB9DC5BB791CB115FDB623FD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Mawson) {. {-9223372036854775808 0 0 -00}. {-501206400 21600 0 +06}. {1255809600 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\McMurdo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):4.832254042797831
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG/u4pVAIgObT/NCxL2L0GRHEz6BVfnUDH/uvn:SlSWB9IZaM3ycqIVAIgOboL2L0z6/fvn
                            MD5:0048A7427AC7880B9F6413208B216BC9
                            SHA1:CBB4A29316581CFC7868A779E97DB94F75870F41
                            SHA-256:487D4845885643700B4FF043AC5EA59E2355FD38357809BE12679ECAFFA93030
                            SHA-512:EC107FA59203B7BCB58253E2715380EF70DF5470030B83E1DEA8D1AC4E7D3FB2908E8C7009D8136212871EC3DA8B4C4194FF3290E5A41EEE8E7D07CABE80ECC0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/McMurdo) $TZData(:Pacific/Auckland).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Palmer

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2526
                            Entropy (8bit):3.514598338545733
                            Encrypted:false
                            SSDEEP:48:5wcS+SGwRShoSdXvuMSuSYSgS1SWFlSqSySSSoyZSWXSHS9SWS3SbSRSBSUS5ShG:tNURMo8XvuMRnHqhTxxJAHXEa9c0yq/4
                            MD5:7738686109BCC8AF5271608FCD04EBFB
                            SHA1:401217F0F69945ADA13F593681D8F13A368BCF94
                            SHA-256:3EECDA7E4507A321A03171658187D2F50F7C6C46E8A1B0831E6B6B6AAFFAC4AC
                            SHA-512:F7982BF9D82B2D7C2C1825AF1FF9178849BB699A50367872C11572E6F8A452619A63C9F97CEAF06FD5104075FBDE70936B8363B993F2571FD9A2B699A1D17521
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Palmer) {. {-9223372036854775808 0 0 -00}. {-157766400 -14400 0 -04}. {-152654400 -14400 0 -04}. {-132955200 -10800 1 -04}. {-121122000 -14400 0 -04}. {-101419200 -10800 1 -04}. {-86821200 -14400 0 -04}. {-71092800 -10800 1 -04}. {-54766800 -14400 0 -04}. {-39038400 -10800 1 -04}. {-23317200 -14400 0 -04}. {-7588800 -10800 0 -03}. {128142000 -7200 1 -03}. {136605600 -10800 0 -03}. {389070000 -14400 0 -04}. {403070400 -10800 1 -04}. {416372400 -14400 0 -04}. {434520000 -10800 1 -04}. {447822000 -14400 0 -04}. {466574400 -10800 1 -04}. {479271600 -14400 0 -04}. {498024000 -10800 1 -04}. {510721200 -14400 0 -04}. {529473600 -10800 1 -04}. {545194800 -14400 0 -04}. {560923200 -10800 1 -04}. {574225200 -14400 0 -04}. {592372800 -10800 1 -04}. {605674800 -14400 0 -04}. {624427200 -10800 1 -04}. {637124400 -14400 0 -04}. {653457600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Rothera

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):145
                            Entropy (8bit):4.778784990010973
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEsKRaXGm2OHvdFFn/H3VVFVGHC:SlSWB9X52L0rRhm2OHlFFn/VVFAHC
                            MD5:8CAED0DB4C911E84AF29910478D0DBD6
                            SHA1:80DE97C9959D58C6BF782A948EED735AB4C423CC
                            SHA-256:9415FA3A573B98A6EBCBFAEEC15B1C52352F2574161648BB977F55072414002F
                            SHA-512:28F27F7EDDF30EB08F8B37ED13219501D14D2AEA4EFA07AFAD36A643BD448E1BD992463C12C47152C99772D755E6EA0198B51B806A05B57743635A9059676EC2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Rothera) {. {-9223372036854775808 0 0 -00}. {218246400 -10800 0 -03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\South_Pole

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):193
                            Entropy (8bit):4.858829912809126
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3ycqIVAIgOboL2L0tlo+plvn:MBaIMdQiO2LMq+p1
                            MD5:51AC23110E7EAB20319EE8EC82F048D2
                            SHA1:7B4DE168A3078041841762F468AE65A2EE6C5322
                            SHA-256:D33E094979B3CE495BEF7109D78F7B77D470AB848E4E2951851A7C57140354BF
                            SHA-512:13E800DFFA3D65F94FAD6B529FC8A29A26F40F4F29DBF19283392733458AD3C6B27E479218A8C123424E965711B4746976E39EB9FD54CD0B57281134FEAC4F31
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:Antarctica/South_Pole) $TZData(:Pacific/Auckland).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Syowa

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):4.7487926695696006
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEtWlFeEXGm2OHvdFFpoMdsWYAvn:SlSWB9X52L0tQeLm2OHlFFpbaWYAv
                            MD5:AA415901BB9E53CF7FAEA47E546D9AED
                            SHA1:CF12572D2C4D0ABF12B0450D366944E297744217
                            SHA-256:F161CFAB3E40A0358FF0DEC2EB8ED9231D357FAC20710668B9CE31CDA68E8B96
                            SHA-512:4F90E0EA7086EB729080E77A47C2E998F7AD3BCEA4997DAB06044BCDD2E2E1729A83C679EF2E1D78CD0255C37F24FCC6746518444CC4E96EBB2A0547312D8354
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Syowa) {. {-9223372036854775808 0 0 -00}. {-407808000 10800 0 +03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Troll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5174
                            Entropy (8bit):3.411985404081831
                            Encrypted:false
                            SSDEEP:96:q4NUwVb0uJjeH7wZjFH7EPzOLrNrnw/ZklmhEJkJdG:jNUwVAuJjs8JmPzO5ngzG
                            MD5:CA4730C864AB3CC903F79BDF0F9E8777
                            SHA1:7B3E9DDB36766F95F9C651CF244EDA9ED22BDDC5
                            SHA-256:E437539A85E91AD95CD100F9628142FEBB455553C95415DB1147FD25948EBF59
                            SHA-512:32EE0CCA0AB92D68D6C21A925E5367730A172C49DC5245A61DA1A39E08317569154C52EC695E3FB43BB40D066C4C0E9625C835A7F6E2EB5DDF0768D48DB99F3C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Troll) {. {-9223372036854775808 0 0 -00}. {1108166400 0 0 +00}. {1111885200 7200 1 +02}. {1130634000 0 0 +00}. {1143334800 7200 1 +02}. {1162083600 0 0 +00}. {1174784400 7200 1 +02}. {1193533200 0 0 +00}. {1206838800 7200 1 +02}. {1224982800 0 0 +00}. {1238288400 7200 1 +02}. {1256432400 0 0 +00}. {1269738000 7200 1 +02}. {1288486800 0 0 +00}. {1301187600 7200 1 +02}. {1319936400 0 0 +00}. {1332637200 7200 1 +02}. {1351386000 0 0 +00}. {1364691600 7200 1 +02}. {1382835600 0 0 +00}. {1396141200 7200 1 +02}. {1414285200 0 0 +00}. {1427590800 7200 1 +02}. {1445734800 0 0 +00}. {1459040400 7200 1 +02}. {1477789200 0 0 +00}. {1490490000 7200 1 +02}. {1509238800 0 0 +00}. {1521939600 7200 1 +02}. {1540688400 0 0 +00}. {1553994000 7200 1 +02}. {1572138000 0 0 +00}. {1585443600 7200 1 +02}. {1603587600 0 0 +00}. {1616893200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Antarctica\Vostok

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):144
                            Entropy (8bit):4.773942010845718
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52L0GRHEoKcMFtXGm2OHvdFFud/bVFXKVVFSTL:SlSWB9X52L0XcMFEm2OHlFFCVFXK/Un
                            MD5:A07C4769267AFA9501BE44BD406ADA34
                            SHA1:86747047EFD1F47FEFC7DA44465EAB53F808C9FB
                            SHA-256:92816E1C4FDE037D982596610A1F6E11D4E7FD408C3B1FAAB7BEC32B09911FE7
                            SHA-512:051A327C898867228C8B1848162C2604BED8456B61533D4A40FBEB9A0069AE2EAF33F79803A0C6A80C6446C34F757A751F4ABC5AC5CCED6C125E2A42D46A022A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Antarctica/Vostok) {. {-9223372036854775808 0 0 -00}. {-380073600 21600 0 +06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Arctic\Longyearbyen

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.922114908130109
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVyWJooedVAIgoqxWJ0YF2XbeLo4cA4FH/h8QasWJ/n:SlSWB9IZaM3ymSDdVAIgo2Q2XbUyAK8H
                            MD5:0F69284483D337DC8202970461A28386
                            SHA1:0D4592B8EBE070119CB3308534FE9A07A758F309
                            SHA-256:3A5DB7C2C71F95C495D0884001F82599E794118452E2748E95A7565523546A8E
                            SHA-512:D9F2618B153BFE4888E893A62128BE0BD59DFAFC824DA629454D5D541A9789536AC029BF73B6E9749409C522F450D53A270D302B2CF084444EA64D9138D77DFE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Arctic/Longyearbyen) $TZData(:Europe/Oslo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Aden

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):166
                            Entropy (8bit):4.7788335911117095
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8t1zVAIgNsM1E2WFK4h4WFK81S:SlSWB9IZaM3yN1zVAIgaM1E2wKs4wK8c
                            MD5:BBAFEA8E55A739C72E69A619C406BD5D
                            SHA1:0C2793114CA716C5DBAF081083DF1E137F1D0A63
                            SHA-256:6E69C5C3C3E1C98F24F5F523EC666B82534C9F33132A93CCC1100F27E594027F
                            SHA-512:7741F2281FDCA8F01A75ABEBF908F0B70320C4C026D90D4B0C283F3E2B8C47C95263569916EF83CAD40C87D5B6E714045D0B43370A263BC7BE80EC3DA62CC82F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Aden) $TZData(:Asia/Riyadh).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Almaty

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1580
                            Entropy (8bit):3.640808791765599
                            Encrypted:false
                            SSDEEP:24:cQveh8mSsOXEFCMiq90DIgb5j6gMJR/4TJTXSATo6SSsMuRFnCYRluoCC1Q0cxfw:50Fqq9iTVrXjS0qBsW
                            MD5:AC511C65052CE2D780FD583E50CB475C
                            SHA1:6B9171A13F6E6F33F878A347173A03112BCF1B89
                            SHA-256:C9739892527CCEBDF91D7E22A6FCD0FD57AAFA6A1B4535915AC82CF6F72F34A4
                            SHA-512:12743486EB02C241C90ECCEDD323D0F560D5FA1F55CB3EBB5AF3A65331D362433F2EAF7285B19335F5C262DA033EB8BE5A4618794EA74DFCD4107C170035CE96
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Almaty) {. {-9223372036854775808 18468 0 LMT}. {-1441170468 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {695768400 21600 0 +06}. {701812800 25200 1 +06}. {717537600 21600 0 +06}. {733262400 25200 1 +06}. {748987200 21600 0 +06}. {764712000 25200 1 +06}. {780436800 21

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Amman

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7055
                            Entropy (8bit):3.621680472512772
                            Encrypted:false
                            SSDEEP:96:Rnv8A4XkyKfUN9QXCkFpej4g2uMekzdgyvwKVuKEZhfuITrar2gsq0teU:RvMw2y3p+4g2PxbLS5
                            MD5:703F8A37D41186AC8CDBCB86B9FE6C1B
                            SHA1:B2D7FCBD290DA0FEB31CD310BA29FE27A59822BE
                            SHA-256:847FA8211956C5930930E2D7E760B1D7F551E8CDF99817DB630222C960069EB8
                            SHA-512:66504E448469D2358C228966739F0FEB381BF862866A951B092A600A17DAD80E6331F6D88C4CFCE483F45E79451722A19B37291EDA75C7CD4D7E0A7E82096F47
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Amman) {. {-9223372036854775808 8624 0 LMT}. {-1230776624 7200 0 EET}. {108165600 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {215643600 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EET}. {262735200 10800 1 EEST}. {275950800 7200 0 EET}. {481154400 10800 1 EEST}. {496962000 7200 0 EET}. {512949600 10800 1 EEST}. {528670800 7200 0 EET}. {544399200 10800 1 EEST}. {560120400 7200 0 EET}. {575848800 10800 1 EEST}. {592174800 7200 0 EET}. {610581600 10800 1 EEST}. {623624400 7200 0 EET}. {641167200 10800 1 EEST}. {655074000 7200 0 EET}. {671839200 10800 1 EEST}. {685918800 7200 0 EET}. {702856800 10800 1 EEST}. {717973200 7200 0 EET}. {733701600 10800 1 EEST}. {749422800 7200 0 EET}. {765151200 10800 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Anadyr

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2014
                            Entropy (8bit):3.680306971172711
                            Encrypted:false
                            SSDEEP:24:cQMe/VrghhF87/Fpd2kNNxLcULBQdHl2yYvpQ62itgUiRrn5d6kGFF6UERWkBUHA:5ah2zFvpchKvW62XPdXJMwT3Lea
                            MD5:E0396BBBB3FDDD2B651D2DBB4EF90884
                            SHA1:C1FFCDC6EB77B5F4CFAFA90EA8E1025DB142D5C5
                            SHA-256:6A9B4EF8FBED758E8D1737C79D803F9DF4F5BF61F115064ED60DA2397B88FE19
                            SHA-512:8FB6D19189142F11812B82F5803F4E5C85BF107689D317305D32EF71905DC9E0655DD2F2D4CE234B5872A6BF452670221F94EF1D48EF776C002AA5A484C2481B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Anadyr) {. {-9223372036854775808 42596 0 LMT}. {-1441194596 43200 0 +12}. {-1247572800 46800 0 +14}. {354884400 50400 1 +14}. {370692000 46800 0 +13}. {386420400 43200 0 +13}. {386424000 46800 1 +13}. {402231600 43200 0 +12}. {417960000 46800 1 +13}. {433767600 43200 0 +12}. {449582400 46800 1 +13}. {465314400 43200 0 +12}. {481039200 46800 1 +13}. {496764000 43200 0 +12}. {512488800 46800 1 +13}. {528213600 43200 0 +12}. {543938400 46800 1 +13}. {559663200 43200 0 +12}. {575388000 46800 1 +13}. {591112800 43200 0 +12}. {606837600 46800 1 +13}. {622562400 43200 0 +12}. {638287200 46800 1 +13}. {654616800 43200 0 +12}. {670341600 39600 0 +12}. {670345200 43200 1 +12}. {686070000 39600 0 +11}. {695746800 43200 0 +13}. {701791200 46800 1 +13}. {717516000 43200 0 +12}. {733240800 46800 1 +13}. {748965600 43200 0 +12}. {764690400 46

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Aqtau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1607
                            Entropy (8bit):3.623112789966889
                            Encrypted:false
                            SSDEEP:24:cQJeoR9NSVYlS7hhmSQcwqSlhJS9yiIoSBHrSLUSIYdDS7/S5c3oSATo03CRJS2I:5fZlkhs7bqIwIoMpqDS7oXb0w+sRBlL
                            MD5:410226AA30925F31BA963139FD594AEB
                            SHA1:860E17C83D0DF2CBB4B8E73B9C7CB956994F5549
                            SHA-256:69402CA6D56138A6A6D09964B90D1781A7CBEFBDFFE506B7292758EC24740B0E
                            SHA-512:AE2610D1D779500132D5FA12E7529551ECD009848619C7D802F6EE89B0D2C3D6E7C91FB83DA7616180C166CE9C4499D7A2A4FEB5373621353640A71830B655A3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtau) {. {-9223372036854775808 12064 0 LMT}. {-1441164064 14400 0 +04}. {-1247544000 18000 0 +05}. {370724400 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400 180

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Aqtobe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1608
                            Entropy (8bit):3.6301391279603696
                            Encrypted:false
                            SSDEEP:48:5FhXlkhs7bqIwIoMpqDS7oXb0w+bBijbbyzIr1jJL:PtCOgZbdp
                            MD5:B8D914F33D568AE8EB46B7F3FC5BF944
                            SHA1:91DE61EC025E8F74D9CD10816C3534B5F8D397F7
                            SHA-256:9C1C30ADD1919951350C86DA6B716326178CF74A849A3350AE147DD2ADC34049
                            SHA-512:A32B34C15D94C42E9DF13316ACB9E0C9AF151F2EF14F502BE1A75E40735A2BC5D9E59244A72ACFB68184DA0D62A48FCC7AB288F1BA85DBB4DC385FA04BF3075D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Aqtobe) {. {-9223372036854775808 13720 0 LMT}. {-1441165720 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Ashgabat

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):847
                            Entropy (8bit):3.852939540326754
                            Encrypted:false
                            SSDEEP:24:cQgZeRHINS62DS7hhmSQcwqSlhJS9yiIoSBHrSLUSIYdDS7/S5c3oSATo03CRJL:5g8U0khs7bqIwIoMpqDS7oXb0L
                            MD5:BFDAC4AE48AD49E5C0A048234586507E
                            SHA1:ACFE49AED50D0FDF2978034BB3098331F6266CC8
                            SHA-256:77FB5A9F578E75EEC3E3B83618C99F33A04C19C8BB9AFB314888091A8DD64AA3
                            SHA-512:11B412E0856BD384080B982C9DE6CE196E8C71A68096F7ED22972B7617533F9BD92EFA4C153F2CEE7EA4F0DE206281B6B9066C5969AFFE913AF2FA5CF82EDD90
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ashgabat) {. {-9223372036854775808 14012 0 LMT}. {-1441166012 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +05}. {370720800 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Ashkhabad

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.750782589043179
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8xEYM4DdVAIgN/ZEYvCHt2WFKUNSH+WFKYEYMvn:SlSWB9IZaM3yRhVAIgH1CHt2wKUNSewa
                            MD5:73E1F618FB430C503A1499E3A0298C97
                            SHA1:29F31A7C9992F9D9B3447FCBC878F1AF8E4BD57F
                            SHA-256:5917FC603270C0470D2EC416E6C85E999A52B6A384A2E1C5CFC41B29ABCA963A
                            SHA-512:FAE39F158A4F47B4C37277A1DC77B8524DD4287EBAD5D8E6CBB906184E6DA275A308B55051114F4CD4908B449AE3C8FD48384271E3F7106801AD765E5958B4DD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ashgabat)]} {. LoadTimeZoneFile Asia/Ashgabat.}.set TZData(:Asia/Ashkhabad) $TZData(:Asia/Ashgabat).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Atyrau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1608
                            Entropy (8bit):3.6351436957032477
                            Encrypted:false
                            SSDEEP:48:55IZlkhs7bqIwIoMpqDS7oXb0w+bBijbbyblL:X8COgZbd4x
                            MD5:F2A86E76222B06103F6C1E8F89EB453E
                            SHA1:D73938EBCA8C1340A7C86E865492EE581DFFC393
                            SHA-256:211AB2318746486C356091EC2D3508D6FB79B9EBC78FC843BF2ADC96A38C4217
                            SHA-512:B5F4F8FF11FA6D113B23F60D64E1737C7FABDDEBF12C37138F0FA05254E6C1643A2D3CA6C322943F4E877CE2E3736CF0F0741DD390C79E7EE94D56361B14BF45
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Atyrau) {. {-9223372036854775808 12464 0 LMT}. {-1441164464 10800 0 +03}. {-1247540400 18000 0 +05}. {370724400 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {695772000 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400 18

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Baghdad

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1643
                            Entropy (8bit):3.6348723729667975
                            Encrypted:false
                            SSDEEP:24:cQcTe0yZH76UtjUtUVmFbmU0cybUJN2cU2U9U56UJMlUoCUUbu/UTbU4UdTbU8U6:5cp6pLmFsyN2LouCIpYZgrCi
                            MD5:2C0422E86BA0AECAA97CA01F3A27B797
                            SHA1:C28FD8530B7895B4631EA0CAE03E6019561C4C40
                            SHA-256:D5D69D7A4FE29761C5C3FFBB41A4F8B6B5F2101A34678B1FA9B1D39FC5478EA8
                            SHA-512:3C346DE7E82B8EF1783F5A6D8A6099F7A530DD29AD48EDBB72F019ADC47155A703845503B1DD2589315BB67FA40AEF584313150686248DF45F983781F4B18710
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baghdad) {. {-9223372036854775808 10660 0 LMT}. {-2524532260 10656 0 BMT}. {-1641005856 10800 0 +03}. {389048400 14400 0 +03}. {402264000 10800 0 +03}. {417906000 14400 1 +03}. {433800000 10800 0 +03}. {449614800 14400 1 +03}. {465422400 10800 0 +03}. {481150800 14400 1 +03}. {496792800 10800 0 +03}. {512517600 14400 1 +03}. {528242400 10800 0 +03}. {543967200 14400 1 +03}. {559692000 10800 0 +03}. {575416800 14400 1 +03}. {591141600 10800 0 +03}. {606866400 14400 1 +03}. {622591200 10800 0 +03}. {638316000 14400 1 +03}. {654645600 10800 0 +03}. {670464000 14400 1 +03}. {686275200 10800 0 +03}. {702086400 14400 1 +03}. {717897600 10800 0 +03}. {733622400 14400 1 +03}. {749433600 10800 0 +03}. {765158400 14400 1 +03}. {780969600 10800 0 +03}. {796694400 14400 1 +03}. {812505600 10800 0 +03}. {828316800 14400 1 +03}. {844128000 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Bahrain

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):166
                            Entropy (8bit):4.732157428331905
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8hHVAIgNvZAvxL2WFKENUKMFB/4WFKKu:SlSWB9IZaM3yBHVAIgPAvxL2wKENUr/i
                            MD5:6291D60E3A30B76FEB491CB944BC2003
                            SHA1:3D31032CF518A712FBA49DEC42FF3D99DD468140
                            SHA-256:A462F83DDB0CCC41AC10E0B5B98287B4D89DA8BBBCA869CCFB81979C70613C6C
                            SHA-512:C62D44527EAD47D2281FF951B9CF84C297859CFDC9A497CB92A583B6012B2B9DAAE9924EF17BC6B7CD317B770FF4924D8E1E77ED2E0EBC02502530D132EDE35B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Qatar)]} {. LoadTimeZoneFile Asia/Qatar.}.set TZData(:Asia/Bahrain) $TZData(:Asia/Qatar).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Baku

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2075
                            Entropy (8bit):3.5206282649651808
                            Encrypted:false
                            SSDEEP:24:cQ4ekZqpkb/cXXn8UDu5u8WmFeb/RLc9qENkw/ybt8i9E60339UyuU+DTO1KKlYX:5YTVOZmF7N76eHIAMsiWVyv2Te
                            MD5:460EDC7D17FFA6AF834B6474D8262FB0
                            SHA1:913E117814A5B4B7283A533F47525C8A0C68FD3C
                            SHA-256:0A1FDA259EE5EBC779768BBADACC7E1CCAC56484AA6C03F7C1F79647AB79593D
                            SHA-512:4047A7AD5F248F0B304FEF06C73EA655D603C39B6AC74629A2ADD49A93E74B23F458DC70E8150AD3F5BBF773F2387907B4BB69A95EB945B9FA432CA6B8AB173D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Baku) {. {-9223372036854775808 11964 0 LMT}. {-1441163964 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {701823600 14400 1 +03}. {717548400 14400 0 +04}. {820440000 14400 0 +04}. {828234000 18000 1 +05}. {846378000 14400 0 +04}. {852062400 14400 0 +04}. {859680000 18000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Bangkok

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.863210418273511
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKELYOUXGm2OHB+kevXZKmrROpDvFFsQ+8EXVeVSYvC:SlSWB9X52wKELPm2OHxePZ3FO1Rb+UVe
                            MD5:8291C9916E9D5E5C78DE38257798799D
                            SHA1:F67A474337CF5FF8460911C7003930455AA0C530
                            SHA-256:ED9D1C47D50461D312C7314D5C1403703E29EE14E6BAC97625EFB06F38E4942C
                            SHA-512:9B552812A0001271980F87C270EF4149201403B911826BDF17F66EE1015B9AC859C1B2E7BB4EB6BC56E37CDB24097BF001201C34AD7D4C0C910AE17CFEC36C8B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bangkok) {. {-9223372036854775808 24124 0 LMT}. {-2840164924 24124 0 BMT}. {-1570084924 25200 0 +07}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Barnaul

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2044
                            Entropy (8bit):3.6106776173203916
                            Encrypted:false
                            SSDEEP:48:5Mi17A9/IJ4vQayW+dRvV8YzXJIq79Af3AuyqM7FfiC/L7UVtrBju6waUwcTLTTg:9jFRRCfQuiB7TQZ
                            MD5:DC7A71DAB17C7F4A348DC1EE2FC458C5
                            SHA1:982FAB93A637D18A049DDBE96B0341736C66561D
                            SHA-256:52DB3278189AA2380D84A81199A2E7F3B40E9706228D2291C6257FD513D78667
                            SHA-512:90659D37D2A2E8574A88FD7F222C28D9572A9866FC3459B0CC1760FECBC7C4A0574B224C252877D723B06DD72165C4FE368D5B00DAB662B85D2E0F4CB2A89271
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Barnaul) {. {-9223372036854775808 20100 0 LMT}. {-1579844100 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433200 2

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Beirut

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7754
                            Entropy (8bit):3.6329631010207892
                            Encrypted:false
                            SSDEEP:96:OnQv8iPC28v82K/w1VxDmsCZgV+f7dIWDkLDo1WlqCTpXxcKvjRQZwtPEWRTvS4y:OQjPCL5VxKWC7dIWDkLDoqphsX
                            MD5:2D3AE4AD36BD5F302F980EB5F1DD0E4A
                            SHA1:02244056D6D4EC57937D1E187CC65E8FD18F67F0
                            SHA-256:E9DD371FA47F8EF1BE04109F0FD3EBD9FC5E2B0A12C0630CDD20099C838CBEBB
                            SHA-512:2E4528254102210B8A9A2263A8A8E72774D40F57C2431C2DD6B1761CD91FB6CEA1FAD23877E1E2D86217609882F3605D7FE477B771A398F91F8D8AD3EAF90BAC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Beirut) {. {-9223372036854775808 8520 0 LMT}. {-2840149320 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1473645600 10800 1 EEST}. {-1460948400 7200 0 EET}. {-399866400 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336794400 10800 1 EEST}. {-323578800 7200 0 EET}. {-305172000 10800 1 EEST}. {-291956400 7200 0 EET}. {-273636000 10800 1 EEST}. {-260420400 7200 0 EET}. {78012000 10800 1 EEST}. {86734800 7200 0 EET}. {105055200 10800 1 EEST}. {118270800 7200 0 EET}. {136591200 10800 1 EEST}. {149806800 7200 0 EET}. {168127200 10800 1 EEST}. {181342800 7200 0 EET}. {199749600 10800 1 EEST}. {212965200 7200 0 EET}. {231285600 10800 1 EEST}. {244501200 7200 0 EE

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Bishkek

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1611
                            Entropy (8bit):3.653654369590701
                            Encrypted:false
                            SSDEEP:24:cQge4/SsOXEFCMiq90DIgb5j6gMJR/4TJTXSATolS+WSP7VSzlBSkhFSblDSDOQy:5qFqq9iTVrX2ioerAYabcivcnXKh
                            MD5:1A3A4825B73F11024FD21F94AE85F9D2
                            SHA1:E63443CC267B43EFEFFD1E3161293217526E7DC8
                            SHA-256:D8205F34BB8B618E2F8B4EB6E613BE1B5CFBBF3B6CBFAFE868644E1A1648C164
                            SHA-512:5C766BD6FB6195BEBD7CDF703B7E0A67FBB2BCF98052866AE9ACDC5B90469421508F52C60F22542BBA6ED8CC59B4889F20DB131B183918592139B6D135BC57A2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Bishkek) {. {-9223372036854775808 17904 0 LMT}. {-1441169904 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {683586000 18000 0 +05}. {703018800 21600 1 +05}. {717530400 18000 0 +05}. {734468400 21600 1 +05}. {748980000 18000 0 +05}. {765918000 21600 1 +05}. {780429600 18000 0 +05}. {797367600 2

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Brunei

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.792958708451203
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKXeAMMkEXGm2OHCQdvVVvUWUOVFW/FvOVSSC/FiUMWfV1S:SlSWB9X52wK0bm2OHCIvVVXUuW/MVSSV
                            MD5:95EE0EFC01271C3E3195ADC360F832C7
                            SHA1:CDFA243F359AC5D2FA22032BF296169C8B2B942A
                            SHA-256:241C47769C689823961D308B38D8282F6852BC0511E7DC196BF6BF4CFADBE401
                            SHA-512:11CAE9804EF933A790F5B9B86CC03C133DBD1DB97FAA78F508D681662AAC3714B93166B596F248799FC5B86344B48764865D3371427119999CB02963C98E15C3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Brunei) {. {-9223372036854775808 27580 0 LMT}. {-1383464380 27000 0 +0730}. {-1167636600 28800 0 +08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Calcutta

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.721946029615065
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq864DdVAIgN1EF2WFKh0s+WFKvvn:SlSWB9IZaM3ya4DdVAIgo2wKN+wKvv
                            MD5:A967F010A398CD98871E1FF97F3E48AC
                            SHA1:6C8C0AF614D6789CD1F9B6243D26FAC1F9B767EF
                            SHA-256:B07250CD907CA11FE1C94F1DCCC999CECF8E9969F74442A9FCC00FC48EDE468B
                            SHA-512:67E3207C8A63A5D8A1B7ED1A62D57639D695F9CD83126EB58A70EF076B816EC5C4FDBD23F1F32A4BB6F0F9131D30AF16B56CD92B1C42C240FD886C81BA8940DA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kolkata)]} {. LoadTimeZoneFile Asia/Kolkata.}.set TZData(:Asia/Calcutta) $TZData(:Asia/Kolkata).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Chita

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2014
                            Entropy (8bit):3.6060921590827193
                            Encrypted:false
                            SSDEEP:24:cQyeCXQS6oziDpiKXtyiyzilUBinUijiRziiiaSiYzYWk2HgQiMhNIziPiRikiAF:5c/9InX4n7m84nPIzOtfjQhGTNw
                            MD5:A3FB98DC18AC53AE13337F3CC1C4CE68
                            SHA1:F0280D5598AEB6B6851A8C2831D4370E27121B5F
                            SHA-256:D0A984F2EDB6A5A4E3C3CFA812550782F6B34AD0C79B1DD742712EBA14B7B9FB
                            SHA-512:A33E2E0EA093BB758539A761B4CF82204699BC35950ACD329DA9205A141469930CAF179E4331DF505408C7C4F97480416DC16C7E93E53B12392509E5A093E562
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Chita) {. {-9223372036854775808 27232 0 LMT}. {-1579419232 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000 324

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Choibalsan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1563
                            Entropy (8bit):3.6863846285633057
                            Encrypted:false
                            SSDEEP:24:cQtZeCjXN1xJq4tyiIHil++lqivEoziHvqil+fiRBiS/BvWjiY2Vizi6Xi4+k8ih:5tFdXJVHpkbvvWr2sv5kPYxwM3N5
                            MD5:799F0221A1834C723E6BBA2D00727156
                            SHA1:569BBC1F20F7157ECF753A8DEB49156B260A96E0
                            SHA-256:02FF47A619BE154A88530BA8C83F5D52277FA8E8F7941C0D33F89161CE1B5503
                            SHA-512:535812754A92E251A9C86C20E3032A6B363F77F6839C95DAD6ED18200ACAA3075E602AD626F50B84EB931D1D33BD0E00CA5AE1D1D95DEBECDE57EE9E65A137DF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Choibalsan) {. {-9223372036854775808 27480 0 LMT}. {-2032933080 25200 0 +07}. {252435600 28800 0 +08}. {417974400 36000 0 +09}. {433778400 32400 0 +09}. {449593200 36000 1 +09}. {465314400 32400 0 +09}. {481042800 36000 1 +09}. {496764000 32400 0 +09}. {512492400 36000 1 +09}. {528213600 32400 0 +09}. {543942000 36000 1 +09}. {559663200 32400 0 +09}. {575391600 36000 1 +09}. {591112800 32400 0 +09}. {606841200 36000 1 +09}. {622562400 32400 0 +09}. {638290800 36000 1 +09}. {654616800 32400 0 +09}. {670345200 36000 1 +09}. {686066400 32400 0 +09}. {701794800 36000 1 +09}. {717516000 32400 0 +09}. {733244400 36000 1 +09}. {748965600 32400 0 +09}. {764694000 36000 1 +09}. {780415200 32400 0 +09}. {796143600 36000 1 +09}. {811864800 32400 0 +09}. {828198000 36000 1 +09}. {843919200 32400 0 +09}. {859647600 36000 1 +09}. {875368800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Chongqing

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.815975603028152
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtA2WFKh2V7/4WFKdv:SlSWB9IZaM3yMwVAIgE2wKho4wKt
                            MD5:37D7B7C1E435E2539FDD83D71149DD9A
                            SHA1:F4ADE88DDF244BD2FF5B23714BF7449A74907E08
                            SHA-256:78611E8A0EBEBC4CA2A55611FAC1F00F8495CB044B2A6462214494C7D1F5DA6A
                            SHA-512:E0C57229DC76746C6424606E41E10E97F0F08DD2B00659172DA35F3444BF48B4BC7E2F339A10ECC21628A683E2CB8B4FA5945B8AC68C6BAFEA720AFBB88C90C6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chongqing) $TZData(:Asia/Shanghai).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Chungking

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.840543487466552
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtA2WFK7LeL9J4WFKdv:SlSWB9IZaM3yMwVAIgE2wK7LUT4wKt
                            MD5:6F21100628DD48B2FF4B1F2AF92E05CB
                            SHA1:B74478D0EC95A577C2A58497692DB293BBD31586
                            SHA-256:DB2C572E039D1A777FFC66558E2BEE46C52D8FE57401436AE18BB4D5892131CE
                            SHA-512:2D3C37790B6A764FE4E1B8BD8EDF1D073D711F59CEA3EC5E6003E481898F7285B42A14E904C3D148422244BB083FBA42C6623DF7DA05923F6145EEE3FD259520
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Chungking) $TZData(:Asia/Shanghai).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Colombo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):356
                            Entropy (8bit):4.4006537789533695
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKr+tJm2OHgPZv9tGZjSWV/FSQRpPUrK/F/ND/k5iRVVFSQ9R/U4C/k:MBp52z+mdHgPZvqZj1NjDPh/F/1/Y4vF
                            MD5:4074FBEF7DD0DF48AD74BDAED3106A75
                            SHA1:FB1E5190EAF8BF9B64EED49F115E34926C1EAF53
                            SHA-256:DB6A7EA0DC757706126114BED5E693565938AABFE3DA1670170647CCDE6BE6CD
                            SHA-512:A469C09FA6A1DA1DB140BFFECB931DBC4B2315A13B82FCA8813C93954598D03818323B7DDE1106D1F1D815ED69523361369AF883CA4818CA562D728F7A88D8A7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Colombo) {. {-9223372036854775808 19164 0 LMT}. {-2840159964 19172 0 MMT}. {-2019705572 19800 0 +0530}. {-883287000 21600 1 +06}. {-862639200 23400 1 +0630}. {-764051400 19800 0 +0530}. {832962600 23400 0 +0630}. {846266400 21600 0 +06}. {1145039400 19800 0 +0530}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Dacca

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):164
                            Entropy (8bit):4.733855608307331
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8ntdVAIgN6Ko2WFK1S2WFKwu:SlSWB9IZaM3yHtdVAIgMKo2wKM2wKwu
                            MD5:629FC03B52D24615FB052C84B0F30452
                            SHA1:80D24B1A70FC568AB9C555BD1CC70C17571F6061
                            SHA-256:BD3E4EE002AFF8F84E74A6D53E08AF5B5F2CAF2B06C9E70B64B05FC8F0B6CA99
                            SHA-512:1C912A5F323E84A82D60300F6AC55892F870974D4DEFE0AF0B8F6A87867A176D3F8D66C1A5B11D8560F549D738FFE377DC20EB055182615062D4649BBA011F32
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dhaka)]} {. LoadTimeZoneFile Asia/Dhaka.}.set TZData(:Asia/Dacca) $TZData(:Asia/Dhaka).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Damascus

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8031
                            Entropy (8bit):3.629699951300869
                            Encrypted:false
                            SSDEEP:96:zY75F5VoNVIkbl3IUQZufk0Eej4YWuM0c5/61a7/VGfV8SbU5J3Mirmgs3LmiK:zI75KN+YlgYE+4YWPB6O4in9
                            MD5:202E5950F6324878B0E6FD0056D2F186
                            SHA1:A668D4DC3E73A292728CCE136EFFAC95D5952A81
                            SHA-256:3BB43B71FF807AA3BF6A7F94680FB8BD586A1471218307A6A7A4CE73A5A3A55E
                            SHA-512:5F9A7308E9C08267ECB8D502505EF9B32269D62FA490D6BC01F6927CB8D5B40CA17BB0CDFA3EE78D48C7686EAA7FD266666EB80E54125859F86CADFD7366DB6B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Damascus) {. {-9223372036854775808 8712 0 LMT}. {-1577931912 7200 0 EET}. {-1568592000 10800 1 EEST}. {-1554080400 7200 0 EET}. {-1537142400 10800 1 EEST}. {-1522630800 7200 0 EET}. {-1505692800 10800 1 EEST}. {-1491181200 7200 0 EET}. {-1474243200 10800 1 EEST}. {-1459126800 7200 0 EET}. {-242265600 10800 1 EEST}. {-228877200 7200 0 EET}. {-210556800 10800 1 EEST}. {-197427600 7200 0 EET}. {-178934400 10800 1 EEST}. {-165718800 7200 0 EET}. {-147398400 10800 1 EEST}. {-134269200 7200 0 EET}. {-116467200 10800 1 EEST}. {-102646800 7200 0 EET}. {-84326400 10800 1 EEST}. {-71110800 7200 0 EET}. {-52704000 10800 1 EEST}. {-39488400 7200 0 EET}. {-21168000 10800 1 EEST}. {-7952400 7200 0 EET}. {10368000 10800 1 EEST}. {23583600 7200 0 EET}. {41904000 10800 1 EEST}. {55119600 7200 0 EET}. {73526400 10800 1 EEST}. {86742000 7200 0 EET}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Dhaka

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):351
                            Entropy (8bit):4.345019966462698
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKwfTm2OHEmVFnP9vX+H7UlckVVFSQRL/FG/UPy/UiF/ji/UiF/jWKO:MBp52YfTmdHzdP9P+bcvjRQmmF/j2F/8
                            MD5:F5A6B4C90D50208EF512A728A2A03BB6
                            SHA1:C9D3C712EDABDFCD1629E72AF363CEB2A0E2334E
                            SHA-256:42BF62F13C2F808BEFD2601D668AFE5D49EA417FC1AC5391631C20ED7225FF46
                            SHA-512:64D413D9299436877F287943FF454EB2AFD415D87DE13AACA50E7BD123828D16CFABD679677F36C891024AB53C62695559DAABDECCC127A669C3ECA0F155453B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dhaka) {. {-9223372036854775808 21700 0 LMT}. {-2524543300 21200 0 HMT}. {-891582800 23400 0 +0630}. {-872058600 19800 0 +0530}. {-862637400 23400 0 +0630}. {-576138600 21600 0 +06}. {1230746400 21600 0 +06}. {1245430800 25200 1 +06}. {1262278800 21600 0 +06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Dili

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):226
                            Entropy (8bit):4.536797249025477
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKCXeLm2OHnBGeVmkNvyvScCVUkP1avScCC:MBp52qXEmdHnBvVDVyHCPP8HCC
                            MD5:54EC6A256F6D636CD98DD48CDF0E48F1
                            SHA1:571244C3D84A8A6EFFE55C787BFBCE7A6014462C
                            SHA-256:88D61A495724F72DA6AB20CC997575F27797589C7B80F2C63C27F84BF1EB8D61
                            SHA-512:EDD67865D3AD3D2F6D1AFFAE35B6B25E2439164E0BEF8E0E819F88F937F896C10EAB513467524DA0A5A2E3D4C78F55EA3F98F25979B8625DFC66801CBBE9301F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dili) {. {-9223372036854775808 30140 0 LMT}. {-1830414140 28800 0 +08}. {-879152400 32400 0 +09}. {199897200 28800 0 +08}. {969120000 32400 0 +09}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Dubai

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):142
                            Entropy (8bit):4.927936359970315
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKQiXGm2OHvkdvUQK23NVsRYvC:SlSWB9X52wKQZm2OHvsRVNSQC
                            MD5:6CC252314EDA586C514C76E6981EEAEE
                            SHA1:F58C9072FBBA31C735345162F629BB6CAAB9C871
                            SHA-256:8D7409EBC94A817962C3512E07AFF32838B54B939068129C73EBBEEF8F858ED2
                            SHA-512:40BC04B25F16247F9F6569A37D28EDCA1D7FB33586482A990A36B5B148BF7598CF5493D38C4D1CBDF664553302E4D6505D80EB7E7B5B9FB5141CB7F39B99A93D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dubai) {. {-9223372036854775808 13272 0 LMT}. {-1577936472 14400 0 +04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Dushanbe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):791
                            Entropy (8bit):3.8859952964866946
                            Encrypted:false
                            SSDEEP:24:cQJeOJSsOXEFCMiq90DIgb5j6gMJR/4TJTi4GDL:51Fqq9iTVuzL
                            MD5:316F527821D632517866A6E7F97365B3
                            SHA1:6F56985AF44E6533778CFB1FC04D206367A6C0BF
                            SHA-256:5A8FFD24FF0E26C99536EB9D3FB308C28B3491042034B187140039B7A5DF6F1F
                            SHA-512:7EA1ABD02CD8461DD91576B5BCB46B6E3AE25F94BC7936DC051C0964F4EA2F55C58CB1FA6C3A82334AAAAFCDBD6D6DBEBE33FB1C7C45FBDCA5EC43FD46A970A7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Dushanbe) {. {-9223372036854775808 16512 0 LMT}. {-1441168512 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 21600 1 +06}. {684363600 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Famagusta

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7341
                            Entropy (8bit):3.6266031318601386
                            Encrypted:false
                            SSDEEP:96:vPByq7VKviW/naKl9pUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEA:vPFi//Th2kNU4tB715pyzHy1gA
                            MD5:997FF37AE5C6E2E13664100C2FBF8E19
                            SHA1:BF59628212564E50BCC5247C534658C8B7CFF0EE
                            SHA-256:639F26A411E298948A4FAC560E218ED7079722FB4E4AAF8CE0688A3BE24868AE
                            SHA-512:41FEF2026A3062ECA62729A555D10F9ABA777CCBE4E907489B74FC91C645E6010ECFABD2ACB4ED652ADF97E0A69935CB2FADA6732744ED3ADA95DD2EB3C08655
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Famagusta) {. {-9223372036854775808 8148 0 LMT}. {-1518920148 7200 0 EET}. {166572000 10800 1 EEST}. {182293200 7200 0 EET}. {200959200 10800 1 EEST}. {213829200 7200 0 EET}. {228866400 10800 1 EEST}. {243982800 7200 0 EET}. {260316000 10800 1 EEST}. {276123600 7200 0 EET}. {291765600 10800 1 EEST}. {307486800 7200 0 EET}. {323820000 10800 1 EEST}. {338936400 7200 0 EET}. {354664800 10800 1 EEST}. {370386000 7200 0 EET}. {386114400 10800 1 EEST}. {401835600 7200 0 EET}. {417564000 10800 1 EEST}. {433285200 7200 0 EET}. {449013600 10800 1 EEST}. {465339600 7200 0 EET}. {481068000 10800 1 EEST}. {496789200 7200 0 EET}. {512517600 10800 1 EEST}. {528238800 7200 0 EET}. {543967200 10800 1 EEST}. {559688400 7200 0 EET}. {575416800 10800 1 EEST}. {591138000 7200 0 EET}. {606866400 10800 1 EEST}. {622587600 7200 0 EET}. {638316000 108

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Gaza

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7974
                            Entropy (8bit):3.660638074803316
                            Encrypted:false
                            SSDEEP:96:uR7CUoVy0FUeLR2S5nfclzdVYi8x6PxGtv2h4WSwLnRPCILXwuiaAXOH4g1iWThA:uRiVy0WetivMKRPCAXwZ6plyk8B
                            MD5:45C8B6CB180839A1F3D500071D1AFC1D
                            SHA1:59E900FB2D7BFF44AED578B9BD10AA0530B4F5D1
                            SHA-256:FA459622B54CD0A5603323EA00CE64D63BBC957EC0BDCC9BE73D48916237619C
                            SHA-512:5F485299D6DF9EBD620D2AEF7BDE21C7505EAD51467699874408691C644E9E6D8C63DD6061489E924B95672A227B5B9921E4281405981FCBBCA4619F80195AB5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Gaza) {. {-9223372036854775808 8272 0 LMT}. {-2185409872 7200 0 EEST}. {-933645600 10800 1 EEST}. {-857358000 7200 0 EEST}. {-844300800 10800 1 EEST}. {-825822000 7200 0 EEST}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EEST}. {-779853600 10800 1 EEST}. {-762656400 7200 0 EEST}. {-748310400 10800 1 EEST}. {-731127600 7200 0 EEST}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Harbin

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.814799933523261
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtA2WFKwHp4WFKdv:SlSWB9IZaM3yMwVAIgE2wKi4wKt
                            MD5:2B286E58F2214F7A28D2A678B905CFA3
                            SHA1:A76B2D8BA2EA264FE84C5C1ED3A6D3E13288132F
                            SHA-256:6917C89A78ED54DD0C5C9968E5149D42727A9299723EC1D2EBD531A65AD37227
                            SHA-512:0022B48003FE9C8722FD1762FFB8E07E731661900FCE40BD6FE82B70F162FF5D32888028519D51682863ADCAC6DD21D35634CA06489FD4B704DA5A8A018BF26F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:Asia/Harbin) $TZData(:Asia/Shanghai).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Hebron

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7950
                            Entropy (8bit):3.6634483349947593
                            Encrypted:false
                            SSDEEP:96:JrCUoVy0FUeLR2S5nfclzdVYi8x6PxGtv2h4WFwLnRPCILXwuiaAXOH4g1iWThiD:JyVy0WetivMvRPCAXwZ6plyk8B
                            MD5:67602731E9D02418D0B1DCBCB9367870
                            SHA1:13D896B6B8B553879D70BFBA6734AFDFE3A522A4
                            SHA-256:9D89F879C6F47F05015C8B7D66639AAC8AF2D5A6F733CDA60CFF22EB0EB71221
                            SHA-512:ECA8EB42144EF4097E606AC57795491248D02C331CE426E7C23D42490F873CD19924F1C2318E2FF1D18E275F3CAD60E9DFBB08B4B8334EA3FF1EE31452B9E167
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hebron) {. {-9223372036854775808 8423 0 LMT}. {-2185410023 7200 0 EEST}. {-933645600 10800 1 EEST}. {-857358000 7200 0 EEST}. {-844300800 10800 1 EEST}. {-825822000 7200 0 EEST}. {-812685600 10800 1 EEST}. {-794199600 7200 0 EEST}. {-779853600 10800 1 EEST}. {-762656400 7200 0 EEST}. {-748310400 10800 1 EEST}. {-731127600 7200 0 EEST}. {-682653600 7200 0 EET}. {-399088800 10800 1 EEST}. {-386650800 7200 0 EET}. {-368330400 10800 1 EEST}. {-355114800 7200 0 EET}. {-336790800 10800 1 EEST}. {-323654400 7200 0 EET}. {-305168400 10800 1 EEST}. {-292032000 7200 0 EET}. {-273632400 10800 1 EEST}. {-260496000 7200 0 EET}. {-242096400 10800 1 EEST}. {-228960000 7200 0 EET}. {-210560400 10800 1 EEST}. {-197424000 7200 0 EET}. {-178938000 10800 1 EEST}. {-165801600 7200 0 EET}. {-147402000 10800 1 EEST}. {-134265600 7200 0 EET}. {-115866000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Ho_Chi_Minh

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):381
                            Entropy (8bit):4.352557338100764
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKKACm2OHAT1P3XTxYCMVSYv/lTkd+zvScCBcFVtQvMVSYv/vMUEkB5:MBp52SmdHqP3tYZF/Cd+zHCBiVikF/v9
                            MD5:41EF18FF071B8541A5CA830C131B22D3
                            SHA1:65E502FD93FE025FD7B358B2953335F4B41BBC68
                            SHA-256:95525205BC65B8DB626EF5257F6C3A93A4902AB6415C080EE67399B41D9AD7AA
                            SHA-512:3889199D84CE456CC7231B0A81CCA7F4C976ED13015869BF486078075F24687C588F9FB52E09744ED4763CA71CC869048C588CDD42C2EA195A9B04EB9C18A123
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ho_Chi_Minh) {. {-9223372036854775808 25600 0 LMT}. {-2004073600 25590 0 PLMT}. {-1851577590 25200 0 +07}. {-852105600 28800 0 +08}. {-782643600 32400 0 +09}. {-767869200 25200 0 +07}. {-718095600 28800 0 +08}. {-457776000 25200 0 +07}. {-315648000 28800 0 +08}. {171820800 25200 0 +07}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Hong_Kong

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2150
                            Entropy (8bit):3.923186571913929
                            Encrypted:false
                            SSDEEP:24:cQPeCtKkjz1lk/mJURqMJDHxyOPq8vWhV0Z8dX83FdX1BzX4JX/v9YsKP2ieGklq:5tK+Zlim0nltdT1BD45X+iA3tnN7
                            MD5:BBA59A5886F48DCEC5CEFDB689D36880
                            SHA1:8207DE6AB5F7EC6077506ED3AE2EEA3AB35C5FAE
                            SHA-256:F66F0F161B55571CC52167427C050327D4DB98AD58C6589FF908603CD53447F0
                            SHA-512:D071D97E6773FC22ABCCE3C8BE133E0FDA40C385234FEB23F69C84ABB9042E319D6891BD9CA65F2E0A048E6F374DB91E8880DCD9711A86B79A3A058517A3DBFA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hong_Kong) {. {-9223372036854775808 27402 0 LMT}. {-2056693002 28800 0 HKT}. {-907389000 32400 1 HKST}. {-891667800 28800 0 HKT}. {-884246400 32400 0 JST}. {-766746000 28800 0 HKT}. {-747981000 32400 1 HKST}. {-728544600 28800 0 HKT}. {-717049800 32400 1 HKST}. {-694503000 28800 0 HKT}. {-683785800 32400 1 HKST}. {-668064600 28800 0 HKT}. {-654755400 32400 1 HKST}. {-636615000 28800 0 HKT}. {-623305800 32400 1 HKST}. {-605165400 28800 0 HKT}. {-591856200 32400 1 HKST}. {-573715800 28800 0 HKT}. {-559801800 32400 1 HKST}. {-542352600 28800 0 HKT}. {-528352200 32400 1 HKST}. {-510211800 28800 0 HKT}. {-498112200 32400 1 HKST}. {-478762200 28800 0 HKT}. {-466662600 32400 1 HKST}. {-446707800 28800 0 HKT}. {-435213000 32400 1 HKST}. {-415258200 28800 0 HKT}. {-403158600 32400 1 HKST}. {-383808600 28800 0 HKT}. {-371709000 32400 1 HKST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Hovd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1528
                            Entropy (8bit):3.661748285763298
                            Encrypted:false
                            SSDEEP:24:cQxEecP9NQwOkN/DN9yinNQHhNY0NVgN8wNy7nNA8eZN0vNb7NBN5pNUckNBe/v9:5MjQwJ/pMiNQXYGVy8iy7NA8ev0VbxX3
                            MD5:6CF9D198D7CC1F0E16DDFE91A6B4A1A5
                            SHA1:D1DEE309E479271CDC3A306272CF4D94367EC68A
                            SHA-256:7E189D7937E5B41CD94AB5208E40C645BE678F2A4F4B02EE1305595E5296E3D0
                            SHA-512:56488F1DD1C694457FC7F8B13550B3D2B3BC737241E311783135115E2BD585FDD083A5146488A121BC02CC1F05EF40C05A88EED1AF391FB9E4653C1F25CC4AF7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Hovd) {. {-9223372036854775808 21996 0 LMT}. {-2032927596 21600 0 +06}. {252439200 25200 0 +07}. {417978000 28800 1 +07}. {433785600 25200 0 +07}. {449600400 28800 1 +07}. {465321600 25200 0 +07}. {481050000 28800 1 +07}. {496771200 25200 0 +07}. {512499600 28800 1 +07}. {528220800 25200 0 +07}. {543949200 28800 1 +07}. {559670400 25200 0 +07}. {575398800 28800 1 +07}. {591120000 25200 0 +07}. {606848400 28800 1 +07}. {622569600 25200 0 +07}. {638298000 28800 1 +07}. {654624000 25200 0 +07}. {670352400 28800 1 +07}. {686073600 25200 0 +07}. {701802000 28800 1 +07}. {717523200 25200 0 +07}. {733251600 28800 1 +07}. {748972800 25200 0 +07}. {764701200 28800 1 +07}. {780422400 25200 0 +07}. {796150800 28800 1 +07}. {811872000 25200 0 +07}. {828205200 28800 1 +07}. {843926400 25200 0 +07}. {859654800 28800 1 +07}. {875376000 25200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Irkutsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2017
                            Entropy (8bit):3.6386982097761646
                            Encrypted:false
                            SSDEEP:48:5ykBJaTcSANEWiLwyyzLyonofMQa3go8h8PNhRHbsb0k4xiRhIsJ2sbA:BB656ofU5ARdN8
                            MD5:E4995DD6F78F859B17952F15DB554ADC
                            SHA1:19D4957E2A8CC17BCA7F020E4DF411F0E3AC8B49
                            SHA-256:122FEB27760CC2CD714531CF68E6C77F8505E9CA11A147DDA649E2C98E150494
                            SHA-512:A36B334E72C9D0854F0DE040EEEBF7B92E537F770D4EEBB1697AB9DD6AB00E678BE58A7CE2514A4667BA2B8760625C22D21AFE3AB80C5B1DBB7C10E91CDDDB3A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Irkutsk) {. {-9223372036854775808 25025 0 LMT}. {-2840165825 25025 0 IMT}. {-1575874625 25200 0 +07}. {-1247554800 28800 0 +09}. {354902400 32400 1 +09}. {370710000 28800 0 +08}. {386438400 32400 1 +09}. {402246000 28800 0 +08}. {417974400 32400 1 +09}. {433782000 28800 0 +08}. {449596800 32400 1 +09}. {465328800 28800 0 +08}. {481053600 32400 1 +09}. {496778400 28800 0 +08}. {512503200 32400 1 +09}. {528228000 28800 0 +08}. {543952800 32400 1 +09}. {559677600 28800 0 +08}. {575402400 32400 1 +09}. {591127200 28800 0 +08}. {606852000 32400 1 +09}. {622576800 28800 0 +08}. {638301600 32400 1 +09}. {654631200 28800 0 +08}. {670356000 25200 0 +08}. {670359600 28800 1 +08}. {686084400 25200 0 +07}. {695761200 28800 0 +09}. {701805600 32400 1 +09}. {717530400 28800 0 +08}. {733255200 32400 1 +09}. {748980000 28800 0 +08}. {764704800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Istanbul

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):182
                            Entropy (8bit):4.853387718159342
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV0XaDvFVAIgoq3XPHt2WFK4HB/8QaqXNn:SlSWB9IZaM3ymQazFVAIgoQPHt2wK4HJ
                            MD5:7EC8D7D32DC13BE15122D8E26C55F9A2
                            SHA1:5B07C7161F236DF34B0FA83007ECD75B6435F420
                            SHA-256:434B8D0E3034656B3E1561615CCA192EFA62942F285CD59338313710900DB6CB
                            SHA-512:D8F1999AF509871C0A7184CFEFB0A50C174ABDE218330D9CDC784C7599A655AD55F6F2173096EA91EE5700B978B9A94BBFCA41970206E7ADEB804D0EE03B45ED
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Asia/Istanbul) $TZData(:Europe/Istanbul).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Jakarta

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):357
                            Entropy (8bit):4.4086954127843585
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKcr6m2OHATJesaSY4SMNkc5q/MVSSmWSyvScCAdMVSSo1CkDF4mMVt:MBp52E6mdHjkAc5aMxdSyHCQMxoRDF4d
                            MD5:88C82B18565C27E050074AD02536D257
                            SHA1:9A150FCD9FAA0E903D70A719D949D00D82F531E3
                            SHA-256:BC07AE610EF38F63EFF384E0815F6F64E79C61297F1C21469B2C5F19679CEAFB
                            SHA-512:29152E0359BC0FB8648BC959DE01D0BCCD17EB928AE000FF77958E7F00FF7D65BFD2C740B438E114D53ABA260B7855B2695EF7C0484850A77FFF34F7A0B255CC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jakarta) {. {-9223372036854775808 25632 0 LMT}. {-3231299232 25632 0 BMT}. {-1451719200 26400 0 +0720}. {-1172906400 27000 0 +0730}. {-876641400 32400 0 +09}. {-766054800 27000 0 +0730}. {-683883000 28800 0 +08}. {-620812800 27000 0 +0730}. {-189415800 25200 0 WIB}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Jayapura

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):205
                            Entropy (8bit):4.7830039894710366
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKcjm2OHG4YVkcfvScCvowkVcrd1CV4zvhL:MBp52omdHNYacfHCvop2BMVkV
                            MD5:3C073BD9DFD2C4F9BC95C8A94652FF5D
                            SHA1:F4084CDFC025B3A21092DE18DD8ECAFCA5F0EBBB
                            SHA-256:82FC06E73477EBB50C894244C91E613BF3551053359798F42F2F2C913730A470
                            SHA-512:7E79E4425A0D855AAE8DCF5C7196AABE8E75D92CD9B65C61B82B31B29395D4A5F2D8B1E90454037753D03A1BDDE44E8F15D7E999E65C49BE8E8F8A2B2C4EECD0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jayapura) {. {-9223372036854775808 33768 0 LMT}. {-1172913768 32400 0 +09}. {-799491600 34200 0 +0930}. {-189423000 32400 0 WIT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Jerusalem

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7690
                            Entropy (8bit):3.684387169764595
                            Encrypted:false
                            SSDEEP:96:GzmnxfFtWR8fKnG/QvW+tCE5nfclzdVYi8x6PxGtv2TiGuyLsbAicBnKqXRGlGrz:0mKivDivbOKWKwX5BrAZp0
                            MD5:4C37DF27AB1E906CC624A62288847BA8
                            SHA1:BE690D3958A4A6722ABDF047BF22ACEC8B6D6AFE
                            SHA-256:F10DF7378FF71EDA45E8B1C007A280BBD4629972D12EAB0C6BA7623E98AAFA17
                            SHA-512:B14F5FB330078A564796114FA6804EA12CE0AD6B2DF6D871FF6E7B416425B12FFD6B4E8511FCD55609FBCE95C8EDFF1E14B1C8C505F4B5B66F47EA52FD53F307
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Jerusalem) {. {-9223372036854775808 8454 0 LMT}. {-2840149254 8440 0 JMT}. {-1641003640 7200 0 IST}. {-933645600 10800 1 IDT}. {-857358000 7200 0 IST}. {-844300800 10800 1 IDT}. {-825822000 7200 0 IST}. {-812685600 10800 1 IDT}. {-794199600 7200 0 IST}. {-779853600 10800 1 IDT}. {-762656400 7200 0 IST}. {-748310400 10800 1 IDT}. {-731127600 7200 0 IST}. {-681962400 14400 1 IDDT}. {-673243200 10800 1 IDT}. {-667962000 7200 0 IST}. {-652327200 10800 1 IDT}. {-636426000 7200 0 IST}. {-622087200 10800 1 IDT}. {-608947200 7200 0 IST}. {-591847200 10800 1 IDT}. {-572486400 7200 0 IST}. {-558576000 10800 1 IDT}. {-542851200 7200 0 IST}. {-527731200 10800 1 IDT}. {-514425600 7200 0 IST}. {-490845600 10800 1 IDT}. {-482986800 7200 0 IST}. {-459475200 10800 1 IDT}. {-451537200 7200 0 IST}. {-428551200 10800 1 IDT}. {-418262400 7200 0 IST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kabul

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.804360783547797
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKTwkXGm2OHodFxsYvXgVHURRNVsRYvFFqdj/cXHFOVRWh:SlSWB9X52wKTEm2OHoH+YPgVHURbSQF9
                            MD5:9A8CCA0B4337CB6FA15BF1A4F01F6C22
                            SHA1:A4C72FC1EF6EEBDBB5C8C698BCB298DFB5061726
                            SHA-256:4F266D90C413FA44DFCA5BE13E45C00428C694AC662CB06F2451CC3FF08E080F
                            SHA-512:E8074AA0D8B15EE33D279C97A01FF69451A99C7711FFD66B3E9B6B6B021DE957A63F6B747C7A63E3F3C1241E0A2687D81E780D6B54228EE6B7EB9040D7F06A60
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kabul) {. {-9223372036854775808 16608 0 LMT}. {-2524538208 14400 0 +04}. {-788932800 16200 0 +0430}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kamchatka

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1989
                            Entropy (8bit):3.6993158455985338
                            Encrypted:false
                            SSDEEP:24:cQ+3e8/HklxL7/Fpd2kNNxLcULBQdHl2yYvpQ62itgUiRrn5d6kGFF6UERWkBUHA:5c/HezFvpchKvW62XPdXJMwT3Lea
                            MD5:496BD39D36218DF67279DA8DE9C7457B
                            SHA1:8AE6E5CF7E1E693D11A112B75A0D24A135E94487
                            SHA-256:6B757333C12F2BFE782258D7E9126ECE0E62696EF9C24B2955A791145D6780E9
                            SHA-512:BADBF7893825F6C7053A23A7AA11B45A2EDBECC4580695BB6B8E568B7FFE5ED72BF61019F3CB6D7B8E663ACAF099F26E266450EC03F3C6B2F8E34BA0D12D100A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kamchatka) {. {-9223372036854775808 38076 0 LMT}. {-1487759676 39600 0 +11}. {-1247569200 43200 0 +13}. {354888000 46800 1 +13}. {370695600 43200 0 +12}. {386424000 46800 1 +13}. {402231600 43200 0 +12}. {417960000 46800 1 +13}. {433767600 43200 0 +12}. {449582400 46800 1 +13}. {465314400 43200 0 +12}. {481039200 46800 1 +13}. {496764000 43200 0 +12}. {512488800 46800 1 +13}. {528213600 43200 0 +12}. {543938400 46800 1 +13}. {559663200 43200 0 +12}. {575388000 46800 1 +13}. {591112800 43200 0 +12}. {606837600 46800 1 +13}. {622562400 43200 0 +12}. {638287200 46800 1 +13}. {654616800 43200 0 +12}. {670341600 39600 0 +12}. {670345200 43200 1 +12}. {686070000 39600 0 +11}. {695746800 43200 0 +13}. {701791200 46800 1 +13}. {717516000 43200 0 +12}. {733240800 46800 1 +13}. {748965600 43200 0 +12}. {764690400 46800 1 +13}. {780415200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Karachi

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):441
                            Entropy (8bit):4.32891547054552
                            Encrypted:false
                            SSDEEP:12:MBp52SmdH35S6DvjRQ+vjjEn6S7Pictk6a2iW6oNl:cQSe3pjRQ+jjE6S7lTh
                            MD5:7A7CFCB7273FCAE33F77048F225BBBBD
                            SHA1:44701B91CBC61FCAC8EEB6E67BCCA0403E9FDD7E
                            SHA-256:9F8C46E5AC4DF691DDCB13C853660915C94316E73F74DD36AF889D5137F1761B
                            SHA-512:44D5A0656032D61152C98B92E3ACA88197A73D87E2D0E8853D6A0E430BDF9290D3B718F9E5864840A6FFA59CDC0D4D47BCEE0471F176E62A05C1083CB35BEBB1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Karachi) {. {-9223372036854775808 16092 0 LMT}. {-1988166492 19800 0 +0530}. {-862637400 23400 1 +0630}. {-764145000 19800 0 +0530}. {-576135000 18000 0 +05}. {38775600 18000 0 PKT}. {1018119600 21600 1 PKST}. {1033840800 18000 0 PKT}. {1212260400 21600 1 PKST}. {1225476000 18000 0 PKT}. {1239735600 21600 1 PKST}. {1257012000 18000 0 PKT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kashgar

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):169
                            Entropy (8bit):4.920527043039276
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8s4YkdVAIgNrMvN2WFKu3e2WFKjvn:SlSWB9IZaM3yMGdVAIgWvN2wKulwKjvn
                            MD5:9A66108527388564A9FBDB87D586105F
                            SHA1:945E043A3CC45A4654C2D745A48E1D15F80A3CB5
                            SHA-256:E2965AF4328FB065A82E8A21FF342C29A5942C2EDD304CE1C9087A23A91B65E1
                            SHA-512:C3985D972AFB27E194CBE117E6CF8C45AA5A1B6504133FF85D52E8024387133D11F9EE7238FF87DC1D96F140B9467E6DB3F99B0B98299E6782A643288ABD3308
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Urumqi)]} {. LoadTimeZoneFile Asia/Urumqi.}.set TZData(:Asia/Kashgar) $TZData(:Asia/Urumqi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kathmandu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.8475287330512495
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKXIi7mFSXGm2OHF+VT5vUQKwMTXvv6QzFrRk8P4VvWVQC:SlSWB9X52wKYgyJm2OH0T5RNMzvSQhR5
                            MD5:FEFB0E2021110BC9175AC505536BDE12
                            SHA1:8366110D91C7EA929DB300871DDC70808D458F90
                            SHA-256:C4E46CE4385C676F5D7AC4B123C42F153F7B3F3E9F434698E8D56E1907A9B7C9
                            SHA-512:F8F9EE0B8648154B3E3BEF192C58F2415475422BED139F20FD3D3EF253E8137CBB39AB769704AB1F20EE03B398402BC5B4A3E55BE284D1785F347B951FECEF62
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kathmandu) {. {-9223372036854775808 20476 0 LMT}. {-1577943676 19800 0 +0530}. {504901800 20700 0 +0545}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Katmandu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.786408960928606
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8yIi7VyVAIgN1AIilHt2WFKSiZ1/2WFKXIi7v:SlSWB9IZaM3y7gVyVAIg5M2wKSg1/2wm
                            MD5:A30FEA461B22B2CB3A67A616E3AE08FD
                            SHA1:F368B215E15F6F518AEBC92289EE703DCAE849A1
                            SHA-256:1E2A1569FE432CDA75C64FA55E24CA6F938C1C72C15FBB280D5B04F6C5E9AD69
                            SHA-512:4F3D0681791C23EF19AFF239D2932D2CE1C991406F6DC8E313C083B5E03D806D26337ED2477700596D9A9F4FB1B7FC4A551F897A2A88CB7253CC7F863E586F03
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Kathmandu)]} {. LoadTimeZoneFile Asia/Kathmandu.}.set TZData(:Asia/Katmandu) $TZData(:Asia/Kathmandu).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Khandyga

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2046
                            Entropy (8bit):3.6162520408317844
                            Encrypted:false
                            SSDEEP:24:cQNobe1I6oziDpiKXtyiyzilUBinUijiRziiiaSiYzYWk2HgQiMhNIziPiRikiA/:5NoV9InX4n7m84nPIzOtVEChbmAPD6
                            MD5:0AB1CB51373021D2929AD3BB6A6A7B36
                            SHA1:6A58A13DE2479D7C07DA574A2850DB5479F42106
                            SHA-256:7C282AFCBC654495AD174C5679C0FDA9C65DED557389648F924E809E337DF6A5
                            SHA-512:E865073DF7273319ADE90C0520D843C636679ACFF1FEEC4C62B85AB7458393A71EAAE32F507D90863BE4018212B497E41EFC7EA684DF821A0D4FF1A9895FDCD8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Khandyga) {. {-9223372036854775808 32533 0 LMT}. {-1579424533 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kolkata

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):324
                            Entropy (8bit):4.554598325373998
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKvCm2OHEX3gYLXdUvvVQLpUFGZjSVVFJGTNsR/tckVVFJGTL/FG/+d:MBp523CmdHNYjWXVQtUEZjAJGJs55vJg
                            MD5:FABB53074E1D767952C664BBA02E8975
                            SHA1:36D2D438FEEBF585D7A0B546647C08B63A582EA1
                            SHA-256:DAB02F68D5EEA0DAC6A2BBB7D12930E1B4DA62EBAEC7DE35C0AA55F72CCFF139
                            SHA-512:E178779CE31F8D16DFEC5F71F228BCB05FDA1939B1BCE204C40B14904682283BDC99F27B662E3995EEEE607D0E8C70BE3CE3DF6EAD355399566CF360D5EC9E70
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kolkata) {. {-9223372036854775808 21208 0 LMT}. {-3645237208 21200 0 HMT}. {-3155694800 19270 0 MMT}. {-2019705670 19800 0 IST}. {-891581400 23400 1 +0630}. {-872058600 19800 0 IST}. {-862637400 23400 1 +0630}. {-764145000 19800 0 IST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Krasnoyarsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1991
                            Entropy (8bit):3.6170298534050245
                            Encrypted:false
                            SSDEEP:48:5Mi17A9/IJ4vQayW+dRvV8YzXJIq79Af3AuyqM7FfiC/LIcy9zU9Muq2PIX/9sC/:hjFRRCfQucXsNN0On
                            MD5:83333A0E3E9810621A8BADA29B04F256
                            SHA1:CDC375C93E7F3019562DE7CE1D9EE2776FE7FE9E
                            SHA-256:00A9E8DDDC4314F7271F7490001ABD29B6F5EAEB9080645911FF5DA8BD7F671C
                            SHA-512:08913E002C7D3D54F0E09029C70A0F2D18636F6F52B12F10593BECF732F40E180780D4C6127E0A3B321EAF54AF660A48E8C3E29A161B6ED6E0E46C06BBD309D6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Krasnoyarsk) {. {-9223372036854775808 22286 0 LMT}. {-1577513486 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {7804332

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kuala_Lumpur

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):362
                            Entropy (8bit):4.404454529095857
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wK1NLm2OHrPmdXiWOb/MVSYv/1MesF5X8dSMd0dMVSSm8kvScCvCIMY:MBp52PLmdHrPdDTMF/wFZMxcHClMxi
                            MD5:B5FC8D431304F5C1ADF7D0B237DA5A52
                            SHA1:79FC3057CD88E4DF71421AD52C34E0127FBD6FDA
                            SHA-256:138912D754FBA8A1306063CCE897218972A4B0976EDDEC5C8E69A7965B0CD198
                            SHA-512:27DC64B43958814E1A935D817CCFE7ADE8E6E6A778E27E391683FC491764EB77774A3D4A871C4E83BBA43FF8BA2383CBB8CC2D4F1FEB1AE063735C95651865E9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuala_Lumpur) {. {-9223372036854775808 24406 0 LMT}. {-2177477206 24925 0 SMT}. {-2038200925 25200 0 +07}. {-1167634800 26400 1 +0720}. {-1073028000 26400 0 +0720}. {-894180000 27000 0 +0730}. {-879665400 32400 0 +09}. {-767005200 27000 0 +0730}. {378664200 28800 0 +08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kuching

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):646
                            Entropy (8bit):3.99554344665026
                            Encrypted:false
                            SSDEEP:12:MBp52HLKmdHXXUBMxoWFMcDBMxkT9r5N2Xhf7JSX3lzHC3:cQHLKeHUzaMcDBkkN5N2XV7Ja3hi3
                            MD5:2F27D1377C9EBBACDC260A50C195BDBB
                            SHA1:397B8714F2C909A8EB88A7A1F4A1AEA0A5B8E80E
                            SHA-256:519FDD455107270E6F8F3848C214D3D44CC1465B7B3E375318857D4A9093E1C0
                            SHA-512:E4583E6C3FEB5ADAD41827D8ADCD7DA34CCB92D2B62B9D7C3D59F76719B9EE2FE44697CFD00943D9E2A4DBAEB929C97A1FF520FFF62EB6829C88D71EC8C51993
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Kuching) {. {-9223372036854775808 26480 0 LMT}. {-1383463280 27000 0 +0730}. {-1167636600 28800 0 +08}. {-1082448000 30000 1 +08}. {-1074586800 28800 0 +08}. {-1050825600 30000 1 +08}. {-1042964400 28800 0 +08}. {-1019289600 30000 1 +08}. {-1011428400 28800 0 +08}. {-987753600 30000 1 +08}. {-979892400 28800 0 +08}. {-956217600 30000 1 +08}. {-948356400 28800 0 +08}. {-924595200 30000 1 +08}. {-916734000 28800 0 +08}. {-893059200 30000 1 +08}. {-885198000 28800 0 +08}. {-879667200 32400 0 +09}. {-767005200 28800 0 +08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Kuwait

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):168
                            Entropy (8bit):4.82804794783422
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8t1zVAIgNsM1E2WFKdQWFK81S:SlSWB9IZaM3yN1zVAIgaM1E2wKdQwK8c
                            MD5:6D6109F6EC1E12881C60EC44AAEB772B
                            SHA1:B5531BEAC1C07DA57A901D0A48F4E1AC03F07467
                            SHA-256:67BB9F159C752C744AC6AB26BBC0688CF4FA94C58C23B2B49B871CAA8774FC5D
                            SHA-512:B0624B9F936E5C1392B7EBB3190D7E97EAE96647AB965BB9BE045D2C3082B1C7E48FF89A7B57FD3475D018574E7294D45B068C555A43AAEDFD65AC5C5C5D0A5B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Riyadh)]} {. LoadTimeZoneFile Asia/Riyadh.}.set TZData(:Asia/Kuwait) $TZData(:Asia/Riyadh).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Macao

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):164
                            Entropy (8bit):4.729350272507574
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8PpVAIgNz5YF2WFKf+WFKjn:SlSWB9IZaM3yxVAIgLYF2wKGwKjn
                            MD5:DB6155900D4556EE7B3089860AD5C4E3
                            SHA1:708E4AE427C8BAF589509F4330C389EE55C1D514
                            SHA-256:8264648CF1EA3E352E13482DE2ACE70B97FD37FBB1F28F70011561CFCBF533EA
                            SHA-512:941D52208FABB634BABCD602CD468F2235199813F4C1C5AB82A453E8C4CE4543C1CE3CBDB9D035DB039CFFDBC94D5D0F9D29363442E2458426BDD52ECDF7C3C5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Macau)]} {. LoadTimeZoneFile Asia/Macau.}.set TZData(:Asia/Macao) $TZData(:Asia/Macau).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Macau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2141
                            Entropy (8bit):3.8815104664173843
                            Encrypted:false
                            SSDEEP:48:5o89px1D/MG/B/j/gf/d/iM/MW/C/2/Y/yf/9/y/l/v1EG/vFw/veE/K/Z/D/U/h:/p7DD5L2lRkWqOA6fVKdXqGXFwXeECRK
                            MD5:DC20959BDB02CF86A33CE2C82D4D9853
                            SHA1:90FC1820FA0E3B1C4BD2158185F95DCD1AA271D6
                            SHA-256:6263F011537DB5CAF6B09F16D55DADE527A475AEE04F1BA38A75D13E9D125355
                            SHA-512:8C6D0FA9584595B93A563D60387520CE9B28595C2C3880004275BAE66313A7606379646D27FB5EB91EC8D96D3B23959E2F9E3ABC97C203FD76E1DCC5ABB64374
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Macau) {. {-9223372036854775808 27250 0 LMT}. {-2056692850 28800 0 CST}. {-884509200 32400 0 +09}. {-873280800 36000 1 +09}. {-855918000 32400 0 +09}. {-841744800 36000 1 +09}. {-828529200 32400 0 +10}. {-765363600 28800 0 CT}. {-747046800 32400 1 CDT}. {-733827600 28800 0 CST}. {-716461200 32400 1 CDT}. {-697021200 28800 0 CST}. {-683715600 32400 1 CDT}. {-667990800 28800 0 CST}. {-654771600 32400 1 CDT}. {-636627600 28800 0 CST}. {-623322000 32400 1 CDT}. {-605178000 28800 0 CST}. {-591872400 32400 1 CDT}. {-573642000 28800 0 CST}. {-559818000 32400 1 CDT}. {-541674000 28800 0 CST}. {-528368400 32400 1 CDT}. {-510224400 28800 0 CST}. {-498128400 32400 1 CDT}. {-478774800 28800 0 CST}. {-466678800 32400 1 CDT}. {-446720400 28800 0 CST}. {-435229200 32400 1 CDT}. {-415258200 28800 0 CST}. {-403158600 32400 1 CDT}. {-383808600 2880

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Magadan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2016
                            Entropy (8bit):3.6746770806664517
                            Encrypted:false
                            SSDEEP:24:cQmecGdvBOCdwdVdptQvMCTP2rF1gCzlODU9xE305r/CXVWWHs/gSNkna:5tvBHwRw/P2rFGAlODU9PZUEWQgmka
                            MD5:18E80309362762B7757629B51F28AF99
                            SHA1:502C70F24251BC062785A9349E6204CB719BF932
                            SHA-256:6493D629E3CD4DB555A547F942BCCB4FFC7BBF7298FFBF9503F6DE3177ADBAC9
                            SHA-512:C477E0DCF4E78E57E075FB5CAA45E70D4864EDFC40EAC2DD43D80F71408836E5BD468B15EB34B95020F2DB6CE531D67F076EF8EED4833ADEC1F6D37B2200CC84
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Magadan) {. {-9223372036854775808 36192 0 LMT}. {-1441188192 36000 0 +10}. {-1247565600 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 3

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Makassar

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):234
                            Entropy (8bit):4.682322181661182
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKCm2OHUVRYQTLQTvUfkc3gEkNHkH8vScCxWv:MBp526mdHsrTD8cQJl7HCMv
                            MD5:87D843314195847B6E4117119A1F701C
                            SHA1:E51DC3A0BF20B09D8745AC682B4869A031A0A515
                            SHA-256:22046165D40C8A553FE22A28E127514DF469E79581E0746101816A973456029D
                            SHA-512:D241803442876A59170C1A90ACC66DEAF169CBF9B8CD7DE964BEF02D222B1D07511E241D441C3DA6AE7A7D1AAC1F4EDB5A21655C2923A3807BBFA8630071BCE9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Makassar) {. {-9223372036854775808 28656 0 LMT}. {-1577951856 28656 0 MMT}. {-1172908656 28800 0 +08}. {-880272000 32400 0 +09}. {-766054800 28800 0 WITA}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Manila

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):406
                            Entropy (8bit):4.4205762929520755
                            Encrypted:false
                            SSDEEP:12:MBp52G4JmdHnzZBPE6JwucQzX4rjJbmJtKn:cQG4Je11RbXzXqQ+
                            MD5:3A833BF91AFE7FABBA98D11F29D84EAA
                            SHA1:1622BEF54A12DE163B77309A0B7AF1C38AA6324B
                            SHA-256:665E07B7A01E8A9D04B76B74B2EA0D11BDFC0BE6CA855DFDDBB5F9A6C9A97E90
                            SHA-512:DFABB558CE2A8B96A976DD3B45B78CECE3633D51EE67F24E5AD59C7CF388538C5560EC133C60C3F0AFE8C68D88B1C05A12608A0408ACECBEEC38A84E3DC972FC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Manila) {. {-9223372036854775808 -57360 0 LMT}. {-3944621040 29040 0 LMT}. {-2229321840 28800 0 PST}. {-1046678400 32400 1 PDT}. {-1038733200 28800 0 PST}. {-873273600 32400 0 JST}. {-794221200 28800 0 PST}. {-496224000 32400 1 PDT}. {-489315600 28800 0 PST}. {259344000 32400 1 PDT}. {275151600 28800 0 PST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Muscat

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):165
                            Entropy (8bit):4.754394427749078
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8DhVAIgN6Sn62WFKvE+H+WFKQo:SlSWB9IZaM3yjhVAIgMS62wKLewKQo
                            MD5:5D8EBBC297A2258C352BC80535B7F7F1
                            SHA1:684CAF480AF5B8A98D9AD1A1ECD4E07434F36875
                            SHA-256:4709F2DA036EB96FB7B6CC40859BF59F1146FE8D3A7AFE326FBA3B8CB68049CE
                            SHA-512:FD67E920D3D5FE69AF35535A8BBD2791204C6B63050EFECC0857F24D393712C4BC4660EA0A350D2A4DDA144073413BE013D71D73E6F3638CA30480541F9731FA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Dubai)]} {. LoadTimeZoneFile Asia/Dubai.}.set TZData(:Asia/Muscat) $TZData(:Asia/Dubai).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Nicosia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7368
                            Entropy (8bit):3.620699686510499
                            Encrypted:false
                            SSDEEP:96:EPByq7VKviW/naKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEA:EPFi//uh2kNU4tB715pyzHy1gA
                            MD5:21EEEC6314C94D1476C2E79BBACFEB77
                            SHA1:2C9805CD01C84D446CBDB90B9542CB24CCDE4E39
                            SHA-256:7AAB1AC67D96287EE468608506868707B28FCD27A8F53128621801DCF0122162
                            SHA-512:D4B0A0E60B102E10E03CF5BD07C5783E908D5E7079B646177C57C30D67B44C114EFF4DCFC71AF8441D67BD5A351068FBFFD8C5E08F06F1D69946B3EA7D49FC2D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Nicosia) {. {-9223372036854775808 8008 0 LMT}. {-1518920008 7200 0 EET}. {166572000 10800 1 EEST}. {182293200 7200 0 EET}. {200959200 10800 1 EEST}. {213829200 7200 0 EET}. {228866400 10800 1 EEST}. {243982800 7200 0 EET}. {260316000 10800 1 EEST}. {276123600 7200 0 EET}. {291765600 10800 1 EEST}. {307486800 7200 0 EET}. {323820000 10800 1 EEST}. {338936400 7200 0 EET}. {354664800 10800 1 EEST}. {370386000 7200 0 EET}. {386114400 10800 1 EEST}. {401835600 7200 0 EET}. {417564000 10800 1 EEST}. {433285200 7200 0 EET}. {449013600 10800 1 EEST}. {465339600 7200 0 EET}. {481068000 10800 1 EEST}. {496789200 7200 0 EET}. {512517600 10800 1 EEST}. {528238800 7200 0 EET}. {543967200 10800 1 EEST}. {559688400 7200 0 EET}. {575416800 10800 1 EEST}. {591138000 7200 0 EET}. {606866400 10800 1 EEST}. {622587600 7200 0 EET}. {638316000 10800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Novokuznetsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1992
                            Entropy (8bit):3.626746433557725
                            Encrypted:false
                            SSDEEP:48:5qi17A9/IJ4vQayW+dRvV8YzXJIq79Af3AuyqM7FfiC/LIcy9zU9Muq2PIX/9sCP:bjFRRCfQucXsNN0OX
                            MD5:11B80F2A9B7B090DD146BD97E9DB7D43
                            SHA1:4A2886799A50D031D79C935261B50363AA27768A
                            SHA-256:4018CE273BC4D02057F66A4715626F0E4D8C7050391C00BB5AE054B4DA8DE2F8
                            SHA-512:1F1650C1DBC3A171FF30C7657D7F99963A0C8D63B85460B45DE75AFABECE28F2A51236FB71DFF3EE567CC58E71B88623E4880DEBD18E9E9C9E527CF97D5FE926
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novokuznetsk) {. {-9223372036854775808 20928 0 LMT}. {-1441259328 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Novosibirsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2048
                            Entropy (8bit):3.623418616375595
                            Encrypted:false
                            SSDEEP:48:5HNi17A9/IJ4vQayW+dRvV8YzXJIq79Af3AuyqM7F/zTXUVtrBju6waUwcTLTTWF:6jFRRCfQuozB7TQt
                            MD5:46E5FB7DEB8041BC9A2ADC83728944A7
                            SHA1:B5826E206EAA3E8789A0F9E4B7511CEBFD1B6764
                            SHA-256:C241F732B9731FA141B03FF1F990556C9BF14A1B21C9757C7FF75E688908B8A0
                            SHA-512:42B6BEEE9C15CB59C010013FE0673CB0DF46CD0AC388DF7D57DCCD54482C950F2935F8A8D7DC68CFFD184B698283589134901C9C597970D95C5B608CD160AF70
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Novosibirsk) {. {-9223372036854775808 19900 0 LMT}. {-1579476700 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {738090000 25200 0 +07}. {748987200 21600 0 +06}. {7647120

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Omsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1984
                            Entropy (8bit):3.5988580260925795
                            Encrypted:false
                            SSDEEP:48:5aQyvONnwqeDinDL+8kSViqS6A+VzTXUVtrBju6waUwcTLTTW59OxJCT:IkHdiq5BzB7TQJ
                            MD5:54E1F8C11C9CF4BF1DBCABF4AF31B7D4
                            SHA1:3C428E50A02941B19AF2A2F1EA02763AA2C1A846
                            SHA-256:5B9E95C813A184C969CC9808E136AD66C1231A55E66D4EE817BD2E85751C4EE9
                            SHA-512:83DBFCC089AC902609FFFCA8E675430B9BF1EA452626E83173F83317884B6AC2620CE8AA96488ACF13445D9D1D4776EB908232BD8205B8F4F9B034A68864C9A9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Omsk) {. {-9223372036854775808 17610 0 LMT}. {-1582088010 18000 0 +05}. {-1247547600 21600 0 +07}. {354909600 25200 1 +07}. {370717200 21600 0 +06}. {386445600 25200 1 +07}. {402253200 21600 0 +06}. {417981600 25200 1 +07}. {433789200 21600 0 +06}. {449604000 25200 1 +07}. {465336000 21600 0 +06}. {481060800 25200 1 +07}. {496785600 21600 0 +06}. {512510400 25200 1 +07}. {528235200 21600 0 +06}. {543960000 25200 1 +07}. {559684800 21600 0 +06}. {575409600 25200 1 +07}. {591134400 21600 0 +06}. {606859200 25200 1 +07}. {622584000 21600 0 +06}. {638308800 25200 1 +07}. {654638400 21600 0 +06}. {670363200 18000 0 +06}. {670366800 21600 1 +06}. {686091600 18000 0 +05}. {695768400 21600 0 +07}. {701812800 25200 1 +07}. {717537600 21600 0 +06}. {733262400 25200 1 +07}. {748987200 21600 0 +06}. {764712000 25200 1 +07}. {780436800 2160

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Oral

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1606
                            Entropy (8bit):3.6164715895962876
                            Encrypted:false
                            SSDEEP:24:cQ3eHykSYlS7hhmSQcwqSlhJS9yiIoSBHrSLUSIYdDSVbt8i9E603CRWeZunSbOi:5FkXlkhs7bqIwIoMpqDPiBRBlL
                            MD5:38914E248C13912E33187496C5AD9691
                            SHA1:94C3711FC5EED22FE1929F2250208AC53DB175AC
                            SHA-256:581AF958787971BE487B37C2D2534E58FFA085AFD0D9F0E12E0EEFF03F476E53
                            SHA-512:8C7F21C8FCE2614181A998774E7038BAC483E502C3C31EDB0F4954E1424A0C16AD7DC5003E9533BB47CA2C06DD027E989BD696B2A74A23F686F74B8C9650BAE6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Oral) {. {-9223372036854775808 12324 0 LMT}. {-1441164324 10800 0 +03}. {-1247540400 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 18000 1 +04}. {686095200 14400 0 +04}. {701816400 14400 0 +04}. {701820000 18000 1 +04}. {717544800 14400 0 +04}. {733269600 18000 1 +04}. {748994400 14400 0 +04}. {764719200 1800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Phnom_Penh

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.911861786274714
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8VLYO5YFwVAIgN8ELYOAvN2WFKeHKLNM0WFKELYOun:SlSWB9IZaM3y1LewVAIgKELUvN2wKTNp
                            MD5:754059D3B44B7D60FB3BBFC97782C6CF
                            SHA1:6AE931805E6A42836D65E4EBC76A58BBFB3DCAF4
                            SHA-256:2C2DBD952FDA5CC042073B538C240B11C5C8E614DD4A697E1AA4C80E458575D0
                            SHA-512:B5AA4B51699EEAE0D9F91BBAB5B682BD84537C4E2CCE282613E1FFA1DDBE562CA487FB2F8CD006EE9DBC9EFAEFA587EC9998F0364E5C932CDB42C14319328D46
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Phnom_Penh) $TZData(:Asia/Bangkok).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Pontianak

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):356
                            Entropy (8bit):4.428640713376822
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKT5wFJm2OHUed9xMkc5k/MVSSmCLkvScCAdMVSSo1CkDF4mMVSSmT+:MBp52L5wFJmdHFxbc5kMxvLkHCQMxoRg
                            MD5:81C643629BB417E38A5514BBEFEF55C8
                            SHA1:7D91E7F00A1A0B795EF3FDD1B3DD052EA2F6122C
                            SHA-256:998DFACE4BEE8A925E88D779D6C9FB9F9010BDB68010A9CCBC0B97BB5C49D452
                            SHA-512:1291521B74984EC03557C4DC492DB4DD1312626F61612C1F143BA482E2C32CD331647D86507D3B3721D148B2ED3CED6678123BD801DAA6B4F2D9A0C07B90575F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pontianak) {. {-9223372036854775808 26240 0 LMT}. {-1946186240 26240 0 PMT}. {-1172906240 27000 0 +0730}. {-881220600 32400 0 +09}. {-766054800 27000 0 +0730}. {-683883000 28800 0 +08}. {-620812800 27000 0 +0730}. {-189415800 28800 0 WITA}. {567964800 25200 0 WIB}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Pyongyang

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):263
                            Entropy (8bit):4.653238218910832
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wK8cE4Lm2OHnNdRw8vm1T0vGLucjv7:MBp520cEWmdHnNLvjuD
                            MD5:96754BB7D98975118E86B539D8F917B4
                            SHA1:5D366D64E08F1E9869EA2E93B5C6C5C0C5E7E3BE
                            SHA-256:10432381A63B2101A1218D357DA2075885F061F3A60BE00A32EED4DF868E5566
                            SHA-512:58BFFF63D40CF899304D69468949B806F00F5F2F2BE47040D5704E8C463D7B502725846933749172AF94CCD0AA894E30AD3154CC953D917AC8040B00D331124E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Pyongyang) {. {-9223372036854775808 30180 0 LMT}. {-1948782180 30600 0 KST}. {-1830414600 32400 0 JST}. {-768646800 32400 0 KST}. {1439564400 30600 0 KST}. {1525446000 32400 0 KST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Qatar

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):169
                            Entropy (8bit):4.800949065138005
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKK3vFSXGm2OHPFV4YvUQKb3VvVsRYvFF5FRVGsWYAvn:SlSWB9X52wKK3vTm2OHoYRcvSQFF5FR4
                            MD5:E70F65EBF35BE045F43456A67DEBCD34
                            SHA1:EE5669823D60518D0AAB07A7C539B8089807D589
                            SHA-256:B8E3F98A20BE938B9B1A6CE1CE4218751393B33E933A8F9278AA3EEECB13D2C6
                            SHA-512:9B142D27C92C2478ED086668F8E3DC4BD8E9FDA712D8888469816B4795B5DFDD7F5F22D7BA6A31CA4E32483ABE5A5B4C7CEFC91856B09DDF651E58867FC932C9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qatar) {. {-9223372036854775808 12368 0 LMT}. {-1577935568 14400 0 +04}. {76190400 10800 0 +03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Qyzylorda

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1583
                            Entropy (8bit):3.64822959139346
                            Encrypted:false
                            SSDEEP:48:5UXlkhs7bqIwIoMpqDS7oXbPw+bBijbbyzIr1jA:ICOgZbWM
                            MD5:E79902C294AEFC5A3A3DCFFF4142E54F
                            SHA1:8F9E8413C8F2D1DCF7DB74BE3AF067CBFEF2E73C
                            SHA-256:4A254C094E4F5955E33C19E01EF2B8D5B70AC0AD08203FD105F475C8F862F28C
                            SHA-512:3283248979FC76BE94D705013728FF206A32B8820D475C4DFC0636D2329E8FA5D251EAE5A21D9A9DC30659A6B567E73A7C614D7DA3F60025BFEA617ACE2EE597
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Qyzylorda) {. {-9223372036854775808 15712 0 LMT}. {-1441167712 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 14400 0 +04}. {670370400 18000 1 +04}. {701812800 18000 0 +05}. {701816400 21600 1 +05}. {717541200 18000 0 +05}. {733266000 21600 1 +05}. {748990800 18000 0 +05}. {764715600 21600 1 +05}. {780440400

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Rangoon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):169
                            Entropy (8bit):4.761776859195572
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8nvwFVAIgNnEYO62WFK02KQMFfh4WFKsv:SlSWB9IZaM3yHvwFVAIgZ2wK0GEJ4wKO
                            MD5:6135C39675BB0F7BB94756F2057382CF
                            SHA1:EB2C51837E721776BED5F3F1F4A014BA29DA0282
                            SHA-256:E573ADFBB9935B7D0B56FAE699160226BF3416C50EB63D8EFEB1748C4B13BF91
                            SHA-512:BC1E7C9F1F64FF7D6A50E70E62566F385A923A475E309A321FCC03964350E427A4AEE801A20B3293A289AD67E03C86B59A674F91F34238068DA6C35BBB3B4307
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Yangon)]} {. LoadTimeZoneFile Asia/Yangon.}.set TZData(:Asia/Rangoon) $TZData(:Asia/Yangon).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Riyadh

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):142
                            Entropy (8bit):4.928343799484186
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFK814tXGm2OHFukevSUi9VssWYAvn:SlSWB9X52wK81Hm2OHF7ePi9V1WYAv
                            MD5:76E7F746F8663772A350A2E2C2F680C7
                            SHA1:698E3C80122AC7B9E6EF7A45F87898334A1A622E
                            SHA-256:7D2FAC4F33EE0FA667AF8A2BF8257638A37CE0308038AC02C7B5BE6E1D1E5EDD
                            SHA-512:9B1C326D3B7C89957176540AB4F856780C57C495A44F80D998A4B0C5A10F358C2F727BF160FB49D17C104B4A8EB15AC5431CCB886AC59A92E56C964D757FA3B0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Riyadh) {. {-9223372036854775808 11212 0 LMT}. {-719636812 10800 0 +03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Saigon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):183
                            Entropy (8bit):4.899371908380106
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8I65eVyVAIgN2h659Q2WFKwJ6h4WFK365ev:SlSWB9IZaM3yJAVyVAIgA4s2wKl4wKKK
                            MD5:A978C9AD6320DA94CB15324CA82C7417
                            SHA1:585C232F3FB2693C78C7831C1AF1DC25D6824CA7
                            SHA-256:73E1850BB0827043024EAFA1934190413CB36EA6FE18C90EA86B9DBC1D61EEBF
                            SHA-512:AE48BFB2A348CA992F2BCD6B1AF7495713B0526C326678309133D3271D90600624C096B4B8678AD7ECD19822E3BB24E27D12680FCA7FAA455D3CE324CE0B88ED
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ho_Chi_Minh)]} {. LoadTimeZoneFile Asia/Ho_Chi_Minh.}.set TZData(:Asia/Saigon) $TZData(:Asia/Ho_Chi_Minh).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Sakhalin

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2044
                            Entropy (8bit):3.636696819312369
                            Encrypted:false
                            SSDEEP:48:5i1fvBHwRw/P2rFGAlODU9HOUDEChbmAP+:gDtP2rUfDEZDV1ZP+
                            MD5:265EF8FD8FB07585726D3054289A1C48
                            SHA1:DDFB1197C7A7455674AA085A6B8089124EB47689
                            SHA-256:4CCF3795EF0EF42AA09A9225370E8E1537B53A0231363077DAC385F397208669
                            SHA-512:1ACE8C173E87530FCC809814DEA779CB09ED8A277DB3B0519E57727AD3A93F3AFAFAF0F80419A8B6A8FAC1B30600716169BEAE397E34E6BE1A18D0E31DB69B3F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Sakhalin) {. {-9223372036854775808 34248 0 LMT}. {-2031039048 32400 0 +09}. {-768560400 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 3

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Samarkand

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):848
                            Entropy (8bit):3.8621003155318263
                            Encrypted:false
                            SSDEEP:24:cQtleA7NSYlS7hhmSQcwqSlhJS9yiIoSBHrSLUSIYdDS7/S5c3oSATo6SSYL:5hXlkhs7bqIwIoMpqDS7oXjSpL
                            MD5:6E54D9946AC13DD77FDB8EA9C4FBD989
                            SHA1:EF0A4BFD84EC369CB9581D830F20193D73187C0B
                            SHA-256:28A76A0EAF55EEC9FE7BEFF3785FDEF8C3D93AAAA2E15EE37D861E73418AC9E4
                            SHA-512:15522A5B85DCD54DC0143A38799A870268D74C8A26FED44D50A55C536D3738905597AE4F3F2AB767DE73A7EDBAE8FBF467A6014E2001FA03924C3F39E0361F27
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Samarkand) {. {-9223372036854775808 16073 0 LMT}. {-1441168073 14400 0 +04}. {-1247544000 18000 0 +05}. {354913200 21600 1 +06}. {370720800 21600 0 +06}. {386445600 18000 0 +05}. {386449200 21600 1 +05}. {402256800 18000 0 +05}. {417985200 21600 1 +05}. {433792800 18000 0 +05}. {449607600 21600 1 +05}. {465339600 18000 0 +05}. {481064400 21600 1 +05}. {496789200 18000 0 +05}. {512514000 21600 1 +05}. {528238800 18000 0 +05}. {543963600 21600 1 +05}. {559688400 18000 0 +05}. {575413200 21600 1 +05}. {591138000 18000 0 +05}. {606862800 21600 1 +05}. {622587600 18000 0 +05}. {638312400 21600 1 +05}. {654642000 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {694206000 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Seoul

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):719
                            Entropy (8bit):4.129493275264732
                            Encrypted:false
                            SSDEEP:12:MBp525mdHjauvWz4aqceOcrIt04CaI8/HUYVfXzQD:cQ5edvWzJnJGIt047I8/Hp/zQD
                            MD5:7F24687F220D3B7F3C08A1F09F86BAEF
                            SHA1:2D96019AE5137935F7A43FCFD229645D656E21AF
                            SHA-256:8DBBFEEDD583DBE60E88E381D511B72DDD7AE93FEB64A2F97D6CDBF6B92A0775
                            SHA-512:BFD955BA4A284D91542D15CAE849C162D1470167D65365FF93B117D7B4361DB314ABEF5448CF5BA382002726D472FA74C3B9DD5B43CD539395FDC8241E4A0248
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Seoul) {. {-9223372036854775808 30472 0 LMT}. {-1948782472 30600 0 KST}. {-1830414600 32400 0 JST}. {-767350800 32400 0 KST}. {-498128400 30600 0 KST}. {-462702600 34200 1 KDT}. {-451733400 30600 0 KST}. {-429784200 34200 1 KDT}. {-418296600 30600 0 KST}. {-399544200 34200 1 KDT}. {-387451800 30600 0 KST}. {-368094600 34200 1 KDT}. {-356002200 30600 0 KST}. {-336645000 34200 1 KDT}. {-324552600 30600 0 KST}. {-305195400 34200 1 KDT}. {-293103000 30600 0 KST}. {-264933000 32400 0 KST}. {547578000 36000 1 KDT}. {560883600 32400 0 KST}. {579027600 36000 1 KDT}. {592333200 32400 0 KST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Shanghai

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):887
                            Entropy (8bit):4.102844989906348
                            Encrypted:false
                            SSDEEP:24:cQ8emvZMwq/Zkq/fYFq/J2Lzq/9mBq/Qq/LPq/Rq/HTq/Pjq/rzq/c2q/uq/4u:5YvZMT/d/fYc/JWG/M4/z/W/o/G/PW/f
                            MD5:D3D88F264E5E44BAA890C19A4C87A24D
                            SHA1:BA2E3F8D69D1092CE925D40FE31BEABA0DC22905
                            SHA-256:90B585115252C37625B6BCDE14708AAE003E2D6F3408D8A9034ABB6FFFD66490
                            SHA-512:14485EEC4C77DA6D7DD813A84F3F5B0DE17AE06C23FBCDB20727376C62D675ED675893B8B9A4DAAA00C21B7550F83593780CA538DB05B4ADDD4604FBCD3B0E51
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Shanghai) {. {-9223372036854775808 29143 0 LMT}. {-2177481943 28800 0 CST}. {-933667200 32400 1 CDT}. {-922093200 28800 0 CST}. {-908870400 32400 1 CDT}. {-888829200 28800 0 CST}. {-881049600 32400 1 CDT}. {-767869200 28800 0 CST}. {-745833600 32400 1 CDT}. {-733827600 28800 0 CST}. {-716889600 32400 1 CDT}. {-699613200 28800 0 CST}. {-683884800 32400 1 CDT}. {-670669200 28800 0 CST}. {-652348800 32400 1 CDT}. {-650016000 28800 0 CST}. {515527200 32400 1 CDT}. {527014800 28800 0 CST}. {545162400 32400 1 CDT}. {558464400 28800 0 CST}. {577216800 32400 1 CDT}. {589914000 28800 0 CST}. {608666400 32400 1 CDT}. {621968400 28800 0 CST}. {640116000 32400 1 CDT}. {653418000 28800 0 CST}. {671565600 32400 1 CDT}. {684867600 28800 0 CST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Singapore

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):359
                            Entropy (8bit):4.370799489849578
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKfbdJm2OHxdPmIWOb/MVSYv/1MesF5X8dSMd0dMVSSm8kvScCvCIMY:MBp52nbdJmdHDPxDTMF/wFZMxcHClMxi
                            MD5:DFABB80419B69BE34B2FCD475CFDFE22
                            SHA1:2CF4F330E00397020328BCE28449B9F63E17067D
                            SHA-256:B251FBDB0DB4ACBB3855063C32681A5F32E609FA3AA0DDC43225D056D07CB2D3
                            SHA-512:EB362B7D0C5A4F1C605A8F2533A5CCAFCFA1F4D3B0F48C417CEA8C492834FE36822A75C726659786CBD4D5A544376D806E6BA8E952607997FBDDAF84E343B353
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Singapore) {. {-9223372036854775808 24925 0 LMT}. {-2177477725 24925 0 SMT}. {-2038200925 25200 0 +07}. {-1167634800 26400 1 +0720}. {-1073028000 26400 0 +0720}. {-894180000 27000 0 +0730}. {-879665400 32400 0 +09}. {-767005200 27000 0 +0730}. {378664200 28800 0 +08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Srednekolymsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1993
                            Entropy (8bit):3.7026922613316886
                            Encrypted:false
                            SSDEEP:24:cQHOedtdvBOCdwdVdptQvMCTP2rF1gCzlODU9xE305r/CXVWWHs/gSNknK:5HxvBHwRw/P2rFGAlODU9PZUEWQgmkK
                            MD5:0F445767A84A429787070F7CCFB4D35B
                            SHA1:B524665DAC57E53A6D9A5386B5AEAAE52BD405A5
                            SHA-256:07F4857391E114D4B958C02B8FF72BEBCED72AA730F4F4B09F68F57349473503
                            SHA-512:8FE2AC4C1DCA60E597633377EF1F1C38EE027B7893DB77BA912F294B9B791B6762E62E87DAC17171B15629DD45BD7960D25ADAE96827DAB63FAA80E0956A8C80
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Srednekolymsk) {. {-9223372036854775808 36892 0 LMT}. {-1441188892 36000 0 +10}. {-1247565600 39600 0 +12}. {354891600 43200 1 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {78041

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Taipei

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1298
                            Entropy (8bit):3.983254382416919
                            Encrypted:false
                            SSDEEP:24:cQXbe9Z+zuzq/9mBq/Qq/LPq/wO3q/uq/PC9q/hq/Rq/Gq/fq/Aq/Vtyq/fQH+zp:5XwoKG/M4/z/W/Ta/1/V/Y/o/d/y/D/t
                            MD5:16CF8E32D5B2933CE5A0F2F90B8090BA
                            SHA1:F899656FE3FDDD5F63B18D4800F909CD2DA6A151
                            SHA-256:E098A0A94ED53EC471841CDF6995AEF1F3A2699EDC143FF5DBDA7CB0AFD3FD6C
                            SHA-512:4856AC8AE2BB0C8856A87C5E46AD478E697AACB46B8679870FD581706802772D333FEA5D1D840BDDB1EAB3B4FDD46883CFD2EC4017F9E5C06CAF2A24539FA808
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Taipei) {. {-9223372036854775808 29160 0 LMT}. {-2335248360 28800 0 CST}. {-1017820800 32400 0 JST}. {-766224000 28800 0 CST}. {-745833600 32400 1 CDT}. {-733827600 28800 0 CST}. {-716889600 32400 1 CDT}. {-699613200 28800 0 CST}. {-683884800 32400 1 CDT}. {-670669200 28800 0 CST}. {-652348800 32400 1 CDT}. {-639133200 28800 0 CST}. {-620812800 32400 1 CDT}. {-607597200 28800 0 CST}. {-589276800 32400 1 CDT}. {-576061200 28800 0 CST}. {-562924800 32400 1 CDT}. {-541760400 28800 0 CST}. {-528710400 32400 1 CDT}. {-510224400 28800 0 CST}. {-497174400 32400 1 CDT}. {-478688400 28800 0 CST}. {-465638400 32400 1 CDT}. {-449830800 28800 0 CST}. {-434016000 32400 1 CDT}. {-418208400 28800 0 CST}. {-402480000 32400 1 CDT}. {-386672400 28800 0 CST}. {-370944000 32400 1 CDT}. {-355136400 28800 0 CST}. {-339408000 32400 1 CDT}. {-323600400 2

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Tashkent

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):847
                            Entropy (8bit):3.8433853520749905
                            Encrypted:false
                            SSDEEP:24:cQZeQlNRSsOXEFCMiq90DIgb5j6gMJR/4TJTXSATo6SSYL:5HpFqq9iTVrXjSpL
                            MD5:24587E02A79D02973DE32E4CDACBE84C
                            SHA1:41B8CA1CAE10A9340359317EC8DD16C8637C0F1A
                            SHA-256:46C2D8E86BACFDB8280862AD9E28F7A0867740726EF21D08138C9F9A900CC1E9
                            SHA-512:07C939DCD5AB0DA3D3667D0D56421C6B40598C6DAB9641664E0ABB2CE4CC4562B10853C88DB51FBA5D1ED733E86193E88CE8984130FFF83955BD9335A59CF031
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tashkent) {. {-9223372036854775808 16631 0 LMT}. {-1441168631 18000 0 +05}. {-1247547600 21600 0 +06}. {354909600 25200 1 +06}. {370717200 21600 0 +06}. {386445600 25200 1 +06}. {402253200 21600 0 +06}. {417981600 25200 1 +06}. {433789200 21600 0 +06}. {449604000 25200 1 +06}. {465336000 21600 0 +06}. {481060800 25200 1 +06}. {496785600 21600 0 +06}. {512510400 25200 1 +06}. {528235200 21600 0 +06}. {543960000 25200 1 +06}. {559684800 21600 0 +06}. {575409600 25200 1 +06}. {591134400 21600 0 +06}. {606859200 25200 1 +06}. {622584000 21600 0 +06}. {638308800 25200 1 +06}. {654638400 21600 0 +06}. {670363200 18000 0 +05}. {670366800 21600 1 +05}. {686091600 18000 0 +05}. {694206000 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Tbilisi

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1669
                            Entropy (8bit):3.588597734517364
                            Encrypted:false
                            SSDEEP:24:cQyGeHLQqpkb/cXXn8UDu5u8WmFeb/RLc9qENkw/ybt8i9E60339UyYU7s9UU7UT:5+YTVOZmF7N76eHj2QqzM
                            MD5:EEA5CEEDA499381B331676CF2D3B1189
                            SHA1:BC1D3871CC170F0BCBAE567C0D934CC131A7E410
                            SHA-256:260F3F9A9209170AC02961E881F02AA6D6C720BAACC29756CF1CC730FACCF662
                            SHA-512:0E8FF6B4EF0E102152B20D3C819F2673B6426B3D56DF42F89F44EB4467D0CA45F3D49B6564DA6FCB88BDB1887AF39382766F75FE3A3977CFB4408E06C6D1C062
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tbilisi) {. {-9223372036854775808 10751 0 LMT}. {-2840151551 10751 0 TBMT}. {-1441162751 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {694213200 10800 0 +03}. {701816400 14400 1 +03}. {717537600 10800 0 +03}. {733266000 14400 1 +03}. {748987200 10800 0 +03}. {764715600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Tehran

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7021
                            Entropy (8bit):3.4346704245463338
                            Encrypted:false
                            SSDEEP:96:BboVQCKYJ4cRvxoIDCMcuzf8mmU6gjilpM1Bdy6XaqYx7u0kLBT8U2nTEA4n8t/s:exqcFOIDCMcMrPqpIB8f9ZkF0EIk
                            MD5:E179D37382F44D866D495F5D38FD5D88
                            SHA1:35C5BFFE89795786B7ED0BB3B7822666D6BFCB5B
                            SHA-256:41F1DBB61094C00E2424E22780930258BC99A71D182E7A181065B0A1A57306F1
                            SHA-512:AF1A4AB0BD690F038EBC3AA5CB2CAEE575E639B4504E3BEBC8E1DE85081C780744CBAD5871D62D4F028314D165B4D71E9B3D0B68019FE9D1E49D702101602431
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tehran) {. {-9223372036854775808 12344 0 LMT}. {-1704165944 12344 0 TMT}. {-757394744 12600 0 +0330}. {247177800 14400 0 +04}. {259272000 18000 1 +04}. {277758000 14400 0 +04}. {283982400 12600 0 +0330}. {290809800 16200 1 +0330}. {306531000 12600 0 +0330}. {322432200 16200 1 +0330}. {338499000 12600 0 +0330}. {673216200 16200 1 +0330}. {685481400 12600 0 +0330}. {701209800 16200 1 +0330}. {717103800 12600 0 +0330}. {732745800 16200 1 +0330}. {748639800 12600 0 +0330}. {764281800 16200 1 +0330}. {780175800 12600 0 +0330}. {795817800 16200 1 +0330}. {811711800 12600 0 +0330}. {827353800 16200 1 +0330}. {843247800 12600 0 +0330}. {858976200 16200 1 +0330}. {874870200 12600 0 +0330}. {890512200 16200 1 +0330}. {906406200 12600 0 +0330}. {922048200 16200 1 +0330}. {937942200 12600 0 +0330}. {953584200 16200 1 +0330}. {969478200 12600 0 +

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Tel_Aviv

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.82789113675599
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq85zFFwVAIgN0AzFzt2WFK+TT52WFKYzFp:SlSWB9IZaM3yZbwVAIgCAb2wKsswKY7
                            MD5:D044282CC9B9F531D8136612B4AA938D
                            SHA1:5FD01E48BFFC2B54BBA48926EFD2137A91B57E0F
                            SHA-256:FE57D86184A7F4A64F3555DE3F4463531A86BB18F124534F17B09FAB825F83B4
                            SHA-512:DBBA54D68F33E51D51E816D79D83B61490BD31262DFF6037C0834BADA48CBC02F4281203D7212EDF6D96F7FF1EF3843299698BF0DFE10B5F1383AA504594505A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Asia/Tel_Aviv) $TZData(:Asia/Jerusalem).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Thimbu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):171
                            Entropy (8bit):4.858169634371472
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8kNZ4pVAIgNqFNzO62WFK9Z752WFKvNZvn:SlSWB9IZaM3ykZ4pVAIgc3K62wKf12wc
                            MD5:B678D97B4E6E6112299746833C06C70B
                            SHA1:A49BD45DB59BDD3B7BF9159699272389E8EF77AC
                            SHA-256:6AEAE87CAD7FE358A5A1BABE6C0244A3F89403FC64C5AA19E1FFDEDCEB6CF57B
                            SHA-512:BEA10EAE5941E027D8FE9E5D5C03FAE5DCFEF7603088E71CA7CCD0461851E175AE1CC7592DFBEC63F91D840E4E0AA04B54549EB71303666E6EA16AFFF6EDA058
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Thimphu)]} {. LoadTimeZoneFile Asia/Thimphu.}.set TZData(:Asia/Thimbu) $TZData(:Asia/Thimphu).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Thimphu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.838482422690701
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKvNZLXGm2OHEQUTFnvSVaJKuc/v6QzFtV9gmZVFSTL:SlSWB9X52wKVZCm2OHEfnjKuc/SQnV9y
                            MD5:A52B235D91207E823482EEC1EE8C6433
                            SHA1:84826EAC8043739256E34D828D6BE8E17172A8F8
                            SHA-256:21CE1FAEDD45DED62E78D6DB24F47ED9DEC5642E4A4D7ADDF85B33F8AB82D8CA
                            SHA-512:08E8C68BF6BE5E876A59130C207D4911732EBA0F4E72603213A0AD0CC5DA8EF6AC6389AF8A0781F01B0E72CA030C9A47C46CC0FB422F5C0104A7365D818A4EB9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Thimphu) {. {-9223372036854775808 21516 0 LMT}. {-706341516 19800 0 +0530}. {560025000 21600 0 +06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Tokyo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):374
                            Entropy (8bit):4.405484223376936
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKvm2OHOx5PvYvmoZsOXzvmof67zd6avmoFc87e+zvmT0TgvmL:MBp52XmdHOx5PAbZ3zbi7xtbFD7e+zou
                            MD5:4549B66A26A96C10DB196B8957BB6127
                            SHA1:B2B96699AE70CA47F2B180B9AEF8FB9864AE98A1
                            SHA-256:EC533BBE242CE6A521BAED1D37E0DD0247A37FE8D36D25205520B93CF51E4595
                            SHA-512:A6C147DF80BB6D41877AD99673C49FF6AD5C1C03B587D71A70C8F7BD8D321817D9E99BFAE11F7F7C27C1A7563C9A101B6C3E65D962B3524C95113A807720ED4E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tokyo) {. {-9223372036854775808 33539 0 LMT}. {-2587712400 32400 0 JST}. {-683802000 36000 1 JDT}. {-672310800 32400 0 JST}. {-654771600 36000 1 JDT}. {-640861200 32400 0 JST}. {-620298000 36000 1 JDT}. {-609411600 32400 0 JST}. {-588848400 36000 1 JDT}. {-577962000 32400 0 JST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Tomsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2043
                            Entropy (8bit):3.6031458640952554
                            Encrypted:false
                            SSDEEP:48:539i17A9/IJ4vQayW+dRvV8YzXJIq79Af3AuyqM7FfiC/LIcy9zU9Muq2PIX/9se:ijFRRCfQucXsQk7TQy
                            MD5:436E5AA70DD662E337E0144558EA277B
                            SHA1:E268AAD83CE3CC32CB23647E961509EBB4C8AA2C
                            SHA-256:9917B2A1BFAAD1378B90879C92F157BD7912A4072BE21A2A4CB366A38F310D3B
                            SHA-512:C714CFBB58170E2291A78AD4F725613049BC9D52DB9F8685803E8F7E181D7E0C2AAF7E603D29243D2E5F4F1D8A3B0272559E7CBCB51736A8115A44E6D56FA7CC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Tomsk) {. {-9223372036854775808 20391 0 LMT}. {-1578807591 21600 0 +06}. {-1247551200 25200 0 +08}. {354906000 28800 1 +08}. {370713600 25200 0 +07}. {386442000 28800 1 +08}. {402249600 25200 0 +07}. {417978000 28800 1 +08}. {433785600 25200 0 +07}. {449600400 28800 1 +08}. {465332400 25200 0 +07}. {481057200 28800 1 +08}. {496782000 25200 0 +07}. {512506800 28800 1 +08}. {528231600 25200 0 +07}. {543956400 28800 1 +08}. {559681200 25200 0 +07}. {575406000 28800 1 +08}. {591130800 25200 0 +07}. {606855600 28800 1 +08}. {622580400 25200 0 +07}. {638305200 28800 1 +08}. {654634800 25200 0 +07}. {670359600 21600 0 +07}. {670363200 25200 1 +07}. {686088000 21600 0 +06}. {695764800 25200 0 +08}. {701809200 28800 1 +08}. {717534000 25200 0 +07}. {733258800 28800 1 +08}. {748983600 25200 0 +07}. {764708400 28800 1 +08}. {780433200 252

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Ujung_Pandang

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.8489855608543575
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8pYFwVAIgNzB0L2WFKPQOrFJ4WFKvn:SlSWB9IZaM3yWFwVAIg8L2wKPQOrFJ4H
                            MD5:AF91CF42CFBA12F55AF3E6D26A71946D
                            SHA1:673AC77D4E5B6ED7CE8AE67975372462F6AF870B
                            SHA-256:D9BCAE393D4B9EE5F308FA0C26A7A6BCE716E77DB056E75A3B39B33A227760C8
                            SHA-512:1FD61EA39FF08428486E07AF4404CEA67ACCCB600F11BA74B340A4F663EB8221BC7BF84AE677566F7DDEC0CB42F1946614CD11A9CD7824E0D6CAA804DF0EF514
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Makassar)]} {. LoadTimeZoneFile Asia/Makassar.}.set TZData(:Asia/Ujung_Pandang) $TZData(:Asia/Makassar).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Ulaanbaatar

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1535
                            Entropy (8bit):3.6833061173791726
                            Encrypted:false
                            SSDEEP:24:cQlTer9uN1xJSIA+SN16zSacGjSvtHpS9xZzS1ZjSnZS3owShjS+5MzSDZmSA/SN:569YXoIA9N0+acGuRIvc1Zun43oDhu+x
                            MD5:9C497C3C57F4FEE50C6BF35D0A3A7E5F
                            SHA1:FAFB3456CADE6AD6FFBADC699AB882FAE2591739
                            SHA-256:19855D4B0EEF8CD85D502262DF7B7F15B069B1A4D169FAB0F20F803C598C1D83
                            SHA-512:255CDF3333789771240A37CECBEB87EEAAE4561616A7066C935B67B8CA930F026F68A82315083190B175C54FBB4B2DB0126F25FDDD6C09DC374E09833225DFB8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ulaanbaatar) {. {-9223372036854775808 25652 0 LMT}. {-2032931252 25200 0 +07}. {252435600 28800 0 +08}. {417974400 32400 1 +08}. {433782000 28800 0 +08}. {449596800 32400 1 +08}. {465318000 28800 0 +08}. {481046400 32400 1 +08}. {496767600 28800 0 +08}. {512496000 32400 1 +08}. {528217200 28800 0 +08}. {543945600 32400 1 +08}. {559666800 28800 0 +08}. {575395200 32400 1 +08}. {591116400 28800 0 +08}. {606844800 32400 1 +08}. {622566000 28800 0 +08}. {638294400 32400 1 +08}. {654620400 28800 0 +08}. {670348800 32400 1 +08}. {686070000 28800 0 +08}. {701798400 32400 1 +08}. {717519600 28800 0 +08}. {733248000 32400 1 +08}. {748969200 28800 0 +08}. {764697600 32400 1 +08}. {780418800 28800 0 +08}. {796147200 32400 1 +08}. {811868400 28800 0 +08}. {828201600 32400 1 +08}. {843922800 28800 0 +08}. {859651200 32400 1 +08}. {875372400

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Ulan_Bator

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):4.675919405724711
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8TcXHVAIgNrfcXKxL2WFKhrMEBQWFKucXu:SlSWB9IZaM3yIVAIg7xL2wKhrMEewKI
                            MD5:73C6A7BC088A3CD92CAC2F8B019994A0
                            SHA1:74D5DCE1100F6C97DFCFAD5EFC310196F03ABED5
                            SHA-256:8F075ACF5FF86E5CDE63E178F7FCB692C209B6023C80157A2ABF6826AE63C6C3
                            SHA-512:4EAD916D2251CF3A9B336448B467282C251EE5D98299334F365711CCA8CAF9CA83600503A3346AEC9DFA9E9AF064BA6DEF570BABCC48AE5EB954DBF574A769B2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Ulaanbaatar)]} {. LoadTimeZoneFile Asia/Ulaanbaatar.}.set TZData(:Asia/Ulan_Bator) $TZData(:Asia/Ulaanbaatar).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Urumqi

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):4.962709386113539
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52WFKjmcXGm2OHEVPvUWA0GVFSTL:SlSWB9X52wKjmTm2OHEVPXA0CUn
                            MD5:6E79B04FC6FE96C90277593719BECD36
                            SHA1:81798A9F349A7DEAF9218A21B8C2D8A3E641E9B7
                            SHA-256:A73686D7BF4EE44DC7BBD1CAAF2D212D7D12478F1521BF5A628EDBEA79B99725
                            SHA-512:F6781EDA72F4B62FE128332AC2B6BDDFFF6E94DF79914C467C2A30BBE05ABE005B23C0F8A5682095FA874CB3787BD499DBBA8F1644515B6914180A68C9AB6066
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Urumqi) {. {-9223372036854775808 21020 0 LMT}. {-1325483420 21600 0 +06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Ust-Nera

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1987
                            Entropy (8bit):3.684365782602096
                            Encrypted:false
                            SSDEEP:24:cQueIlfR30vBOCdwdVdptQvMCTP2rF1gCzlODU9xE305r/CXVWWHs/gSNknhT:5YJkvBHwRw/P2rFGAlODU9PZUEWQgmkl
                            MD5:F648B8CDF0F44BF2733AD480D91602C2
                            SHA1:FCDB62F1D2781836AAAFF1C1B651E91A8E79A901
                            SHA-256:C94B072DDB28C27AAA936D27D5A2F1400E47E8BBFCB3EF370BF2C7252E69FB98
                            SHA-512:39E793B707C2EEF99BAE8E926A1C8CAF4A1989F71842C348A5819CC4BE3D6DC81D2781BF20CB95631EC532A345B7CD41BA88505B301CA7928E676F55252C6DDD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Ust-Nera) {. {-9223372036854775808 34374 0 LMT}. {-1579426374 28800 0 +08}. {354898800 43200 0 +12}. {370699200 39600 0 +11}. {386427600 43200 1 +12}. {402235200 39600 0 +11}. {417963600 43200 1 +12}. {433771200 39600 0 +11}. {449586000 43200 1 +12}. {465318000 39600 0 +11}. {481042800 43200 1 +12}. {496767600 39600 0 +11}. {512492400 43200 1 +12}. {528217200 39600 0 +11}. {543942000 43200 1 +12}. {559666800 39600 0 +11}. {575391600 43200 1 +12}. {591116400 39600 0 +11}. {606841200 43200 1 +12}. {622566000 39600 0 +11}. {638290800 43200 1 +12}. {654620400 39600 0 +11}. {670345200 36000 0 +11}. {670348800 39600 1 +11}. {686073600 36000 0 +10}. {695750400 39600 0 +12}. {701794800 43200 1 +12}. {717519600 39600 0 +11}. {733244400 43200 1 +12}. {748969200 39600 0 +11}. {764694000 43200 1 +12}. {780418800 39600 0 +11}. {796143600 43

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Vientiane

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.808435832735883
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8VLYO5YFwVAIgN8ELYOAvN2WFKgTjEHp4WFKELYOun:SlSWB9IZaM3y1LewVAIgKELUvN2wKgsI
                            MD5:6372DA942647071A0514AEBF0AFEB7C7
                            SHA1:C9FB6B05DA246224D5EB016035AB905657B9D3FA
                            SHA-256:7B1A3F36E9A12B850DC06595AAE6294FAEAC98AD933B3327B866E83C0E9A1999
                            SHA-512:DC7D8753AD0D6908CA8765623EC1C4E4717833D183435957BB43E7ADB8A0D078F87319408F4C1D284CFB24BE010141B3254A36EF50C5DDCC59D7DEE5B3E33B7F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Bangkok)]} {. LoadTimeZoneFile Asia/Bangkok.}.set TZData(:Asia/Vientiane) $TZData(:Asia/Bangkok).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Vladivostok

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1991
                            Entropy (8bit):3.617868789838068
                            Encrypted:false
                            SSDEEP:24:cQ6EeBGZKFyW3bEH6i4bfwRpiTQNuTHDMOFOnJfioEkfhbZUAPQ:56aZWf3bw6HfavuLoOUDEChbmAPQ
                            MD5:589D58D0819C274BD76648B290E3B6A7
                            SHA1:8EF67425A86E1663263C380B81C878EFEE107261
                            SHA-256:F7CA7543A15D0EA7380552E9CA4506E1527D5A0C9081B21A6A6CAEAD51085293
                            SHA-512:38A4264039866E82CC2CCAF52FF1AB3384A72AD9F2FF0060FC49B3D2C09CB072700F28F2CA3A0850B3E5BAB62F6AA6031ECAB2EAB09EB08833D8CD778B338BDD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Vladivostok) {. {-9223372036854775808 31651 0 LMT}. {-1487321251 32400 0 +09}. {-1247562000 36000 0 +11}. {354895200 39600 1 +11}. {370702800 36000 0 +10}. {386431200 39600 1 +11}. {402238800 36000 0 +10}. {417967200 39600 1 +11}. {433774800 36000 0 +10}. {449589600 39600 1 +11}. {465321600 36000 0 +10}. {481046400 39600 1 +11}. {496771200 36000 0 +10}. {512496000 39600 1 +11}. {528220800 36000 0 +10}. {543945600 39600 1 +11}. {559670400 36000 0 +10}. {575395200 39600 1 +11}. {591120000 36000 0 +10}. {606844800 39600 1 +11}. {622569600 36000 0 +10}. {638294400 39600 1 +11}. {654624000 36000 0 +10}. {670348800 32400 0 +10}. {670352400 36000 1 +10}. {686077200 32400 0 +09}. {695754000 36000 0 +11}. {701798400 39600 1 +11}. {717523200 36000 0 +10}. {733248000 39600 1 +11}. {748972800 36000 0 +10}. {764697600 39600 1 +11}. {7804224

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Yakutsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1987
                            Entropy (8bit):3.6163895181017764
                            Encrypted:false
                            SSDEEP:24:cQVe7Ox4ER6oziDpiKXtyiyzilUBinUijiRziiiaSiYzYWk2HgQiMhNIziPiRikL:5Q+9InX4n7m84nPIzOtfjQhGT+
                            MD5:29C007E4E3E0015DBF39D78DF39CB790
                            SHA1:C3311ED4D7774A7DC14E0436D0B90C88ADD9BDA5
                            SHA-256:C2DD93EEAFC3E2FD6CCE0EED0633C40D8BF34331760D23A75ADCEA1719A11AE6
                            SHA-512:24609B8C01F3420CC19CA8F5AC78867DCAD1DD1A09A4B1C5356F90F0041BBCA322BC0C64D5DE4F565331674CFE15B7BF66AF6B69ACE9D18765A91B044962F781
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yakutsk) {. {-9223372036854775808 31138 0 LMT}. {-1579423138 28800 0 +08}. {-1247558400 32400 0 +10}. {354898800 36000 1 +10}. {370706400 32400 0 +09}. {386434800 36000 1 +10}. {402242400 32400 0 +09}. {417970800 36000 1 +10}. {433778400 32400 0 +09}. {449593200 36000 1 +10}. {465325200 32400 0 +09}. {481050000 36000 1 +10}. {496774800 32400 0 +09}. {512499600 36000 1 +10}. {528224400 32400 0 +09}. {543949200 36000 1 +10}. {559674000 32400 0 +09}. {575398800 36000 1 +10}. {591123600 32400 0 +09}. {606848400 36000 1 +10}. {622573200 32400 0 +09}. {638298000 36000 1 +10}. {654627600 32400 0 +09}. {670352400 28800 0 +09}. {670356000 32400 1 +09}. {686080800 28800 0 +08}. {695757600 32400 0 +10}. {701802000 36000 1 +10}. {717526800 32400 0 +09}. {733251600 36000 1 +10}. {748976400 32400 0 +09}. {764701200 36000 1 +10}. {780426000 3

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Yangon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):235
                            Entropy (8bit):4.635396864572362
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52wKsCm2OHGVQPZN6FCm+UlDVkvScChY/s5Uq:MBp52zmdHGuPZNAkHCpr
                            MD5:12B1D08ED6DFAB647D8F1D1371D771F6
                            SHA1:2AC1CE6E85533D6B99A8E9725F43A867833B956E
                            SHA-256:DCC9323EF236D2E3B6DAA296EB14B9208754FCD449D2351067201BCEC15381A2
                            SHA-512:C563B6A3F1B21B5FFD0F092CAF6344D5A6D74F5AC03DA44DCA6FB1B4BC0D321C6E0E8F315248D41C0D1D0FFD35F8DE31D96FBD4AE1CFE15DA52E40EE3FF7F8E3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yangon) {. {-9223372036854775808 23087 0 LMT}. {-2840163887 23087 0 RMT}. {-1577946287 23400 0 +0630}. {-873268200 32400 0 +09}. {-778410000 23400 0 +0630}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Yekaterinburg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2023
                            Entropy (8bit):3.6129679767742124
                            Encrypted:false
                            SSDEEP:48:5iKkhr7YqXZIoLybDNUoXKXmpsuNjcgy8TmQ28N7Wdw+5vDT7L:w2xd8kCdf
                            MD5:9C578B55160C4CDE22E0CD3AE449AA89
                            SHA1:DAEB24B867A835AA97E7E6A67C1AD4278015D6BB
                            SHA-256:924E60D3C57F296CDEA175D4E970FF3C68A92ADBBBA23EF37B76D7AD5D41DCE9
                            SHA-512:E3F2798038F897DF5D1D112F294BFD4E3FDBFCF4D568C4038C85289F84E0844010A6C88659C4B9D94720DBB680F2628CECEB17E6C6D0DFC231E6DCBA75068458
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yekaterinburg) {. {-9223372036854775808 14553 0 LMT}. {-1688270553 13505 0 PMT}. {-1592610305 14400 0 +04}. {-1247544000 18000 0 +06}. {354913200 21600 1 +06}. {370720800 18000 0 +05}. {386449200 21600 1 +06}. {402256800 18000 0 +05}. {417985200 21600 1 +06}. {433792800 18000 0 +05}. {449607600 21600 1 +06}. {465339600 18000 0 +05}. {481064400 21600 1 +06}. {496789200 18000 0 +05}. {512514000 21600 1 +06}. {528238800 18000 0 +05}. {543963600 21600 1 +06}. {559688400 18000 0 +05}. {575413200 21600 1 +06}. {591138000 18000 0 +05}. {606862800 21600 1 +06}. {622587600 18000 0 +05}. {638312400 21600 1 +06}. {654642000 18000 0 +05}. {670366800 14400 0 +05}. {670370400 18000 1 +05}. {686095200 14400 0 +04}. {695772000 18000 0 +06}. {701816400 21600 1 +06}. {717541200 18000 0 +05}. {733266000 21600 1 +06}. {748990800 18000 0 +05}. {764

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Asia\Yerevan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1959
                            Entropy (8bit):3.554930605948629
                            Encrypted:false
                            SSDEEP:24:cQO4LeuVrqpkb/cXXn8UDu5u8WmFeb/RLc9qENkw/ybt8i9E60339UyuUgUU2heQ:5x79TVOZmF7N76eHvdSB4tJFFWmvN
                            MD5:013DD03BE28257101FC72E3294709AC6
                            SHA1:2EBBB3DA858B1BBC0C3CDFCBED3A4BAA0D6CE1B2
                            SHA-256:15CBC98425C074D9D5D1B107483BF68C75C318C240C7CDBDA390F8D102D76D53
                            SHA-512:10A651C82E6D5386FDC1FC95EF15F1CB0A4D8850A2324E7D62F63E1D3FBA87812045FFCF1DF013D7A3E90BBF514A4C5B2B23C547905737193B369644986D6A42
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Asia/Yerevan) {. {-9223372036854775808 10680 0 LMT}. {-1441162680 10800 0 +03}. {-405140400 14400 0 +04}. {354916800 18000 1 +04}. {370724400 14400 0 +04}. {386452800 18000 1 +04}. {402260400 14400 0 +04}. {417988800 18000 1 +04}. {433796400 14400 0 +04}. {449611200 18000 1 +04}. {465343200 14400 0 +04}. {481068000 18000 1 +04}. {496792800 14400 0 +04}. {512517600 18000 1 +04}. {528242400 14400 0 +04}. {543967200 18000 1 +04}. {559692000 14400 0 +04}. {575416800 18000 1 +04}. {591141600 14400 0 +04}. {606866400 18000 1 +04}. {622591200 14400 0 +04}. {638316000 18000 1 +04}. {654645600 14400 0 +04}. {670370400 10800 0 +03}. {670374000 14400 1 +03}. {686098800 10800 0 +03}. {701823600 14400 1 +03}. {717548400 10800 0 +03}. {733273200 14400 1 +03}. {748998000 10800 0 +03}. {764722800 14400 1 +03}. {780447600 10800 0 +03}. {796172400 14

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Azores

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9474
                            Entropy (8bit):3.4598088631836625
                            Encrypted:false
                            SSDEEP:192:Mw7Jfsud5vCGy0luUDHaXZgsN/FWVFjHv0:Mwdf/d5vCGy0luZN9WVFjHv0
                            MD5:E9C33EAACFD20C021CE94292068CC1D8
                            SHA1:9F8C0A4E07C33349C6ACDB0564771AEB11098B9D
                            SHA-256:8E2B427733BF8DBCE5171DC57F0892F0987CF1BD7941DA40048CB53B86B23E0D
                            SHA-512:8C77CF236855C51E03911A8203A2E81FC728C21A904B4962EA18F5FD39B00174D8A365FC0CA42E4EDE12DA84DD6445CFBB1B3E922189EB6B13AF6BC802E2B405
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Azores) {. {-9223372036854775808 -6160 0 LMT}. {-2713904240 -6872 0 HMT}. {-1830376800 -7200 0 -02}. {-1689548400 -3600 1 -01}. {-1677794400 -7200 0 -02}. {-1667430000 -3600 1 -01}. {-1647730800 -7200 0 -02}. {-1635807600 -3600 1 -01}. {-1616194800 -7200 0 -02}. {-1604358000 -3600 1 -01}. {-1584658800 -7200 0 -02}. {-1572735600 -3600 1 -01}. {-1553036400 -7200 0 -02}. {-1541199600 -3600 1 -01}. {-1521500400 -7200 0 -02}. {-1442444400 -3600 1 -01}. {-1426806000 -7200 0 -02}. {-1379286000 -3600 1 -01}. {-1364770800 -7200 0 -02}. {-1348441200 -3600 1 -01}. {-1333321200 -7200 0 -02}. {-1316386800 -3600 1 -01}. {-1301266800 -7200 0 -02}. {-1284332400 -3600 1 -01}. {-1269817200 -7200 0 -02}. {-1221433200 -3600 1 -01}. {-1206918000 -7200 0 -02}. {-1191193200 -3600 1 -01}. {-1175468400 -7200 0 -02}. {-1127689200 -3600 1 -01}. {-111196440

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Bermuda

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7684
                            Entropy (8bit):3.7376923223964162
                            Encrypted:false
                            SSDEEP:192:UdPvxrPGgFEUlpde9pXbO53oVmM7IEc2fVGYu2yeB/T/eleWmBk81kS/kV6kef4E:lJv
                            MD5:E55A91A96E1DC267AAEFAF27866F0A90
                            SHA1:A3E8DB332114397F4F487256E9168E73784D3637
                            SHA-256:A2EB47B25B3A389907DD242C86288073B0694B030B244CCF90421C0B510267BD
                            SHA-512:9A8140365D76F1A83A98A35593638F2C047B3D2B1E9D0F6ACB2B321EBDB9CC5B6C8CCD3C110B127A12DCDB7D9ED16A8F7DB7DA7A8B4587486D060FACCA23F993
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Bermuda) {. {-9223372036854775808 -15558 0 LMT}. {-1262281242 -14400 0 AST}. {136360800 -10800 0 ADT}. {152082000 -14400 0 AST}. {167810400 -10800 1 ADT}. {183531600 -14400 0 AST}. {189316800 -14400 0 AST}. {199260000 -10800 1 ADT}. {215586000 -14400 0 AST}. {230709600 -10800 1 ADT}. {247035600 -14400 0 AST}. {262764000 -10800 1 ADT}. {278485200 -14400 0 AST}. {294213600 -10800 1 ADT}. {309934800 -14400 0 AST}. {325663200 -10800 1 ADT}. {341384400 -14400 0 AST}. {357112800 -10800 1 ADT}. {372834000 -14400 0 AST}. {388562400 -10800 1 ADT}. {404888400 -14400 0 AST}. {420012000 -10800 1 ADT}. {436338000 -14400 0 AST}. {452066400 -10800 1 ADT}. {467787600 -14400 0 AST}. {483516000 -10800 1 ADT}. {499237200 -14400 0 AST}. {514965600 -10800 1 ADT}. {530686800 -14400 0 AST}. {544600800 -10800 1 ADT}. {562136400 -14400 0 AST}. {576050

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Canary

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6609
                            Entropy (8bit):3.7165368441152715
                            Encrypted:false
                            SSDEEP:96:KXu/30NSfAewvtj544IrvfMS4pBs6nLUxZlJFXmA3SG7iL8malvkUEYo4Q:KX5IMj544IrvfMsbxZTH7qwQ
                            MD5:230C7B4BB6D64818889E573ADBE97E35
                            SHA1:97E6D43C3F9446C9A224DAF69F31CA55721BFC59
                            SHA-256:6CDA69514774093B7219BB079077322F5C783DBAD137F89181E8434D8BD2A6CF
                            SHA-512:A17246BC44C1FDC971304E0D2E8F721E254880FB725F1AACCA05645FFE82F2AF3791234F02824E357CBDD51D529C882E21B8712735C32420074F3B75813DE27C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Canary) {. {-9223372036854775808 -3696 0 LMT}. {-1509663504 -3600 0 -01}. {-733874400 0 0 WET}. {323827200 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WET

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Cape_Verde

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):237
                            Entropy (8bit):4.579111187402317
                            Encrypted:false
                            SSDEEP:6:SlSWB9X52RQ7Sm2OHDVJlvQV2FlRo/FFuykVvQV2FR+nmY:MBp5267SmdHDVwiHoGyLiomY
                            MD5:51BE50511F1FA17A6AF9D4AE892FAFDA
                            SHA1:2491743E429AAE5DF70CC3E791DC9875E30F152D
                            SHA-256:E444B51A4511F83D616E816B770A60088EA94B9286112F47331122F44119541D
                            SHA-512:A509146E25174D9938AF13B78CF052E45F50A61B834C276607B281EF7B81C6696A793A3769B355C8C804A74F37ADDEBBCDC2A69E3B938EB5A2A9742BE135A4A7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Cape_Verde) {. {-9223372036854775808 -5644 0 LMT}. {-1830376800 -7200 0 -02}. {-862610400 -3600 1 -01}. {-764118000 -7200 0 -02}. {186120000 -3600 0 -01}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Faeroe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.655846706649014
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqLG4E2wFVAIgvMG4EeL2RQqG4EZrB/4RQqG4Ei:SlSWB9IZaM3yCwFVAIgvgL2RQ1rB/4R/
                            MD5:08C5EE09B8BE16C5E974BA8070D448EA
                            SHA1:D171C194F6D61A891D3390FF6492AEFB0F67646A
                            SHA-256:7C6A6BCF5AAEAB1BB57482DF1BBC934D367390782F6D8C5783DBBBE663169A9B
                            SHA-512:E885F3C30DBE178F88464ED505BA1B838848E6BB15C0D27733932CD0634174D9645C5098686E183CC93CB46DE7EB0DBF2EB64CB77A50FC337E2581E25107C9A6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Faroe)]} {. LoadTimeZoneFile Atlantic/Faroe.}.set TZData(:Atlantic/Faeroe) $TZData(:Atlantic/Faroe).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Faroe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6551
                            Entropy (8bit):3.7148806034051316
                            Encrypted:false
                            SSDEEP:96:9bd30NSfAewvtj544IrvfMS4pBs6nLUxZlJFXmA3SG7iL8malvkUEYo4Q:8IMj544IrvfMsbxZTH7qwQ
                            MD5:918E1825106C5C73B203B718918311DC
                            SHA1:7C31B3521B396FE6BE7162BAECC4CFB4740F622B
                            SHA-256:B648E691D8F3417B77EFB6D6C2F5052B3C4EAF8B5354E018EE2E9BD26F867B71
                            SHA-512:5B1B5FE82A13127E3C63C8FB0A8CBD45A7277EF29720B937BB3174E8301830018755416D604F3551622E2E4D365D35E4EE1DF39B587A73E43AE0C68D1996B771
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Faroe) {. {-9223372036854775808 -1624 0 LMT}. {-1955748776 0 0 WET}. {347155200 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 3600 1 WEST}. {780454800 0 0 WET}. {796179600 3600 1 WEST}. {811904400 0 0 WET}. {828234000 3600 1 WEST}. {846378000 0 0 WET}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Jan_Mayen

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.92967249261586
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVyWJooedVAIgoqxWJ0YF2RQqG0EHEcAg/h8QasWJ/n:SlSWB9IZaM3ymSDdVAIgo2Q2RQaK8H
                            MD5:AD9B5217497DBC1CE598573B85F3C056
                            SHA1:60984544F5BBD4A5B2B8F43741D66A573A2CF1DC
                            SHA-256:BE291E952254B6F0C95C2E2497BE12410D7F1E36D0D1035B3A9BC65D0EDCB65F
                            SHA-512:F5D47008495425C386EBAB426195393168E402726405CF23826571E548A3CEFABBA51D87D637C0724FF2CC4F1276D81EACF14D0F9CFC7CBFCC025EEFA0960278
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Oslo)]} {. LoadTimeZoneFile Europe/Oslo.}.set TZData(:Atlantic/Jan_Mayen) $TZData(:Europe/Oslo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Madeira

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9307
                            Entropy (8bit):3.715509739111961
                            Encrypted:false
                            SSDEEP:192:jZqAUb1iF0Rf0IMj544IrvfMsbxZTH7qwQ:jZqAUb1iF0RffMUM8xZTH7qwQ
                            MD5:5D2EAAA0D116DD1C7965FCB229678FB4
                            SHA1:DA59652A8E57DE9FAF02ED6EB9D863CD34642E6C
                            SHA-256:8AAF754C1F9AABEA185808F21B864B02815D24451DB38BE8629DA4C57141E8F5
                            SHA-512:E561B09A53CEC764B0B2B2544E774577553F6DFEFB80AEC04698C2B0FBEBBC7F03E11C31627654346752B4F85BB3EF669397162599F3ED6B8B8D286521447361
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Madeira) {. {-9223372036854775808 -4056 0 LMT}. {-2713906344 -4056 0 FMT}. {-1830380400 -3600 0 -01}. {-1689552000 0 1 +00}. {-1677798000 -3600 0 -01}. {-1667433600 0 1 +00}. {-1647734400 -3600 0 -01}. {-1635811200 0 1 +00}. {-1616198400 -3600 0 -01}. {-1604361600 0 1 +00}. {-1584662400 -3600 0 -01}. {-1572739200 0 1 +00}. {-1553040000 -3600 0 -01}. {-1541203200 0 1 +00}. {-1521504000 -3600 0 -01}. {-1442448000 0 1 +00}. {-1426809600 -3600 0 -01}. {-1379289600 0 1 +00}. {-1364774400 -3600 0 -01}. {-1348444800 0 1 +00}. {-1333324800 -3600 0 -01}. {-1316390400 0 1 +00}. {-1301270400 -3600 0 -01}. {-1284336000 0 1 +00}. {-1269820800 -3600 0 -01}. {-1221436800 0 1 +00}. {-1206921600 -3600 0 -01}. {-1191196800 0 1 +00}. {-1175472000 -3600 0 -01}. {-1127692800 0 1 +00}. {-1111968000 -3600 0 -01}. {-1096848000 0 1 +00}. {-10805184

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Reykjavik

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1962
                            Entropy (8bit):3.623004596418002
                            Encrypted:false
                            SSDEEP:24:cQleDGC/2qdDW4saQCwjoDWFGKRJYHL/Tc7PjEWlyvKekkdoUOCOfNOaRqOjo/Kj:5r2cd5fmYEfAfYaRDjys/
                            MD5:0E3020348755C67F6A48F4C3F0F4E51D
                            SHA1:FBA44F3DEBC47274A1C9CC4AE5A5F9B363157BF1
                            SHA-256:83566E49A37703E11CF0884558BE3DD8827BD79409D04C5D053BCA69D666CEC8
                            SHA-512:97F78A8C98B03705188B6F4D622F3B88D7C85B2FF1578DA24C4CD85C163FB05DBD908413B5F355F001755705F22943B1DA6C2A58A902751787238110D2A81F95
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Reykjavik) {. {-9223372036854775808 -5280 0 LMT}. {-1956609120 -3600 0 -01}. {-1668211200 0 1 -01}. {-1647212400 -3600 0 -01}. {-1636675200 0 1 -01}. {-1613430000 -3600 0 -01}. {-1605139200 0 1 -01}. {-1581894000 -3600 0 -01}. {-1539561600 0 1 -01}. {-1531350000 -3600 0 -01}. {-968025600 0 1 -01}. {-952293600 -3600 0 -01}. {-942008400 0 1 -01}. {-920239200 -3600 0 -01}. {-909957600 0 1 -01}. {-888789600 -3600 0 -01}. {-877903200 0 1 -01}. {-857944800 -3600 0 -01}. {-846453600 0 1 -01}. {-826495200 -3600 0 -01}. {-815004000 0 1 -01}. {-795045600 -3600 0 -01}. {-783554400 0 1 -01}. {-762991200 -3600 0 -01}. {-752104800 0 1 -01}. {-731541600 -3600 0 -01}. {-717631200 0 1 -01}. {-700092000 -3600 0 -01}. {-686181600 0 1 -01}. {-668642400 -3600 0 -01}. {-654732000 0 1 -01}. {-636588000 -3600 0 -01}. {-623282400 0 1 -01}. {-605

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\South_Georgia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):154
                            Entropy (8bit):4.967019958156088
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx52RQqGtlN62/EUXGm2OHXT14YvXhFvdQVIK:SlSWB9X52RQrlo2Mbm2OHXqYPTFQV7
                            MD5:421C0110145FB8288B08133DD1409E75
                            SHA1:CD2D62E739FF1715268B6DFB2C523ED3C76B7A90
                            SHA-256:4B78F3E086B2A8B4366362AB5CEF2DF6A28E2B0EA8279C0FE9414E974BBC2E08
                            SHA-512:3B20413C6E15A846B3CC730EBCD77D8AA170ECC262E160BB996AA79173F30D42588352C38EA1B44539A62D77B2BC8418A3C4B7507997AF4F15FBD647BF567A88
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/South_Georgia) {. {-9223372036854775808 -8768 0 LMT}. {-2524512832 -7200 0 -02}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\St_Helena

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.831929124818878
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqss1kvFVAIgNGE4Rvt2RQqGt4r+DcsP:SlSWB9IZaM3y7sYFVAIgNT4tt2RQr4rC
                            MD5:8F4668F0D79577139B59A80D714E45A5
                            SHA1:BCD79EDCCB687A2E74794B8CFDE99A7FEC294811
                            SHA-256:C78C4E980A378B781ED6D2EA72ABAEF8FFED186538DEB18B61D94B575734FC6A
                            SHA-512:08D1472377229BC76A496259344263993791B4DF3F83D94F798779249A5CAE15F6B4341A665387780EA8B1278E9D5FFBCA1BCDE06B3E54750E32078FA482ABD6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Abidjan)]} {. LoadTimeZoneFile Africa/Abidjan.}.set TZData(:Atlantic/St_Helena) $TZData(:Africa/Abidjan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Atlantic\Stanley

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2181
                            Entropy (8bit):3.570822154620431
                            Encrypted:false
                            SSDEEP:48:50wIS1SbSRxS5Sh/ScoOG2S+SZSgSsSs/SYS6SDSF3SLShS7KXS6SkSGSn/S+7SG:PIEg8CCcOFVOfjl/nxw6cmrXlXdgj7E6
                            MD5:747D86EC0B020967D989E3D6C4DD273F
                            SHA1:567F9E398FEDF58D68F73EB16CE33F8483B44ECE
                            SHA-256:F88641114EC11D4129EEFE59CCD587AAD9C1898C3AFEE8A7CB85962312637640
                            SHA-512:B7A97E1DCC9E52A0565B50C8865A955924AFED08C21BC1DCCF73A3327C98D0A98706C03913A4872BD24DD2167B2170A6134CA177B20305DEF23D72ADDD668FB0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Atlantic/Stanley) {. {-9223372036854775808 -13884 0 LMT}. {-2524507716 -13884 0 SMT}. {-1824235716 -14400 0 -04}. {-1018209600 -10800 1 -04}. {-1003093200 -14400 0 -04}. {-986760000 -10800 1 -04}. {-971643600 -14400 0 -04}. {-954705600 -10800 1 -04}. {-939589200 -14400 0 -04}. {-923256000 -10800 1 -04}. {-908139600 -14400 0 -04}. {-891806400 -10800 1 -04}. {-876690000 -14400 0 -04}. {-860356800 -10800 1 -04}. {420606000 -7200 0 -03}. {433303200 -7200 1 -03}. {452052000 -10800 0 -03}. {464151600 -7200 1 -03}. {483501600 -10800 0 -03}. {495597600 -14400 0 -04}. {495604800 -10800 1 -04}. {514350000 -14400 0 -04}. {527054400 -10800 1 -04}. {545799600 -14400 0 -04}. {558504000 -10800 1 -04}. {577249200 -14400 0 -04}. {589953600 -10800 1 -04}. {608698800 -14400 0 -04}. {621403200 -10800 1 -04}. {640753200 -14400 0 -04}. {652852800 -10800 1 -04}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\ACT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.813373101386862
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjLHVAIgoXjLSt2QWCCjpMFBx/h4QWCCjLu:SlSWB9IZaM3yI9HVAIgmo2DCeMFB/4D2
                            MD5:F48AD4B81CD3034F6E5D3CA1B5A8BDD4
                            SHA1:676FE3F50E3E132C1FD185A1EE1D8C830763204F
                            SHA-256:553D7DA9A2EDBD933E8920573AE6BCBAA00302817939046CF257CAEACEC19FAD
                            SHA-512:36A4E2286FBEF2F4ED4B9CD1A71136E227FEF4B693F9F43649B790E859221EE470679A7E3C283770DA5CB0113A1C8C1F99480E7020328FFE3E9C870798B092F5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/ACT) $TZData(:Australia/Sydney).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Adelaide

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8099
                            Entropy (8bit):3.812665609163787
                            Encrypted:false
                            SSDEEP:96:JPtFF+Wc4CNphbQbPzpRtYac1w6N5HxnLmPaod/gWFXht/c+u8dRYaaiqcdtXHVf:JP5+zNMdYacv5HhLmPajSXz5HV5x
                            MD5:4E73BDB571DBF2625E14E38B84C122B4
                            SHA1:B9D7B7D2855D102800B53FB304633F5BC961A8D0
                            SHA-256:9138DF8A3DE8BE4099C9C14917B5C5FD7EB14751ACCD66950E0FDB686555FFD6
                            SHA-512:CF9AB3E9A7C1A76BCC113828ABAF88FE83AAF5CAD7BD181201E06A0CF43E30BA8817AAA88AB3F0F14F459599D91F63ECE851F095154050263C5AD08B2275B4C7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Adelaide) {. {-9223372036854775808 33260 0 LMT}. {-2364110060 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACST}. {341339400 37800 1 ACDT}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Brisbane

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):651
                            Entropy (8bit):4.265580091557009
                            Encrypted:false
                            SSDEEP:12:MBp52nmdHLOYPv+tCdd8xdsWz9ag5J4UVdKcWWC:cQne6skVk
                            MD5:296B4B78CEE05805E5EE53B4D5F7284F
                            SHA1:DDB5B448E99F278C633B2DBD5A816C4DE28DC726
                            SHA-256:2580C3EEEC029572A1FF629E393F64E326DEDAA96015641165813718A8891C4D
                            SHA-512:9DE71000BB8AC48A82D83399BD707B661B50882EEBFE2A7E58A81A2F6C04B1F711DAE3AA09A77A9EE265FB633B8883D2C01867AF96F8BE5137119E4FB447DF8C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Brisbane) {. {-9223372036854775808 36728 0 LMT}. {-2366791928 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Broken_Hill

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8162
                            Entropy (8bit):3.820479465698825
                            Encrypted:false
                            SSDEEP:96:EkxtFF+Wc4Yphbhd1zCRtYac1w6N5HxnLmPaod/gWFXht/c+u8dRYaaiqcdtXHVf:Ekx5+X5sYacv5HhLmPajSXz5HV5x
                            MD5:B4AF947B4737537DF09A039D1E500FB8
                            SHA1:CCC0DC52D586BFAA7A0E70C80709231B4BB93C54
                            SHA-256:80BBD6D25D4E4EFA234EAD3CB4EB801DC576D1348B9A3E1B58F729FEB688196D
                            SHA-512:3B27C36FA3034CB371DD07C992B3A5B1357FC7A892C35910DA139C7DA560DDC0AA1E95966438776F75397E7219A7DA0AD4AD6FB922B5E0BE2828D3534488BFD0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Broken_Hill) {. {-9223372036854775808 33948 0 LMT}. {-2364110748 36000 0 AEST}. {-2314951200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}. {31501800 34200 0 ACST}. {57688200 37800 1 ACDT}. {67969800 34200 0 ACST}. {89137800 37800 1 ACDT}. {100024200 34200 0 ACST}. {120587400 37800 1 ACDT}. {131473800 34200 0 ACST}. {152037000 37800 1 ACDT}. {162923400 34200 0 ACST}. {183486600 37800 1 ACDT}. {194977800 34200 0 ACST}. {215541000 37800 1 ACDT}. {226427400 34200 0 ACST}. {246990600 37800 1 ACDT}. {257877000 34200 0 ACST}. {278440200 37800 1 ACDT}. {289326600 34200 0 ACST}. {309889800 37800 1 ACDT}. {320776200 34200 0 ACS

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Canberra

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):4.80238049701662
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjLHVAIgoXjLSt2QWCCjnSV1+QWCCjLu:SlSWB9IZaM3yI9HVAIgmo2DCcq+DCyu
                            MD5:16F9CFC4C5B9D5F9F9DB9346CECE4393
                            SHA1:ED1ED7BA73EB287D2C8807C4F8EF3EFA516F5A68
                            SHA-256:853A159B8503B9E8F42BBCE60496722D0A334FD79F30448BAD651F18BA388055
                            SHA-512:9572CCB1BC499BADA72B5FE533B56156DB9EB0DEDFD4AE4397AD60F2A8AF5991F7B1B06A1B8D14C73832543AF8C12F5B16A9A80D093BF0C7ED6E38FF8B66E197
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/Canberra) $TZData(:Australia/Sydney).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Currie

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8097
                            Entropy (8bit):3.7668602204696375
                            Encrypted:false
                            SSDEEP:96:GJiG+HuKIyymp8tLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:GJqXytLhbVXdnPQler
                            MD5:7E0D1435E11C9AE84EF1A863D1D90C61
                            SHA1:CE76A3D902221F0EF9D8C25EB2D46A63D0D09D0B
                            SHA-256:3C0B35627729316A391C5A0BEE3A0E353A0BAEAD5E49CE7827E53D0F49FD6723
                            SHA-512:D262294AC611396633184147B0F6656290BF97A298D6F7EC025E1D88AAC5343363744FD1CB849CDE84F3C1B2CF860CFA7CA43453ADBF68B0903DA1361F0DCD69
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Currie) {. {-9223372036854775808 34528 0 LMT}. {-2345794528 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {47138400 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Darwin

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):422
                            Entropy (8bit):4.4678452003570435
                            Encrypted:false
                            SSDEEP:12:MBp52umdHPPZUj/sVdFFtf/FFAXFFwFFgh:cQuenZq/sVd/tH/AX/w/C
                            MD5:FC9689FEF4223726207271E2EAAE6548
                            SHA1:26D0B4FC2AD943FCAC90F179F7DF6C18EE12EBB8
                            SHA-256:C556C796CCD3C63D9F694535287DC42BB63140C8ED39D31FDA0DA6E94D660A1C
                            SHA-512:7898C0DE77297FBAA6AAF9D15CB9765DAF63ED4761BA181D0D1A590A6F19A6B7F6E94564A80EB691ED2D89C96D68449BF57816E4093E5011B93D30C3E1624D60
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Darwin) {. {-9223372036854775808 31400 0 LMT}. {-2364108200 32400 0 ACST}. {-2230189200 34200 0 ACST}. {-1672565340 37800 1 ACDT}. {-1665390600 34200 0 ACST}. {-883639800 37800 1 ACDT}. {-876126600 34200 0 ACST}. {-860398200 37800 1 ACDT}. {-844677000 34200 0 ACST}. {-828343800 37800 1 ACDT}. {-813227400 34200 0 ACST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Eucla

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):734
                            Entropy (8bit):4.049000512576295
                            Encrypted:false
                            SSDEEP:12:MBp527JmdHvOYPV2oV2NF2AUV2ikUF2XV2ouwF2aUF2giV2XHVKF2qV2sF2jV2oA:cQ7JemssNLdUpouw5o5X0mszo4Ui/MXu
                            MD5:F997E4624049132CEC09AC77FBA839E3
                            SHA1:7BD0097EF75621646CE1969A61596F7FA2E75188
                            SHA-256:C3E63F8BC7739A23C21DE71425EDDA7927C31D00BC9E23D3A265C93885248991
                            SHA-512:B50EDBBA11D1B8FC7DF13A9DBDE9314E1694E36F2CB810C0160406406161CC8FD52BDBFD13D10EEABE2859FA7AEBC35EBF9AB826EB92BBF26D92EEDD15633649
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Eucla) {. {-9223372036854775808 30928 0 LMT}. {-2337928528 31500 0 +0945}. {-1672562640 35100 1 +0945}. {-1665387900 31500 0 +0945}. {-883637100 35100 1 +0945}. {-876123900 31500 0 +0945}. {-860395500 35100 1 +0945}. {-844674300 31500 0 +0945}. {-836473500 35100 0 +0945}. {152039700 35100 1 +0945}. {162926100 31500 0 +0945}. {436295700 35100 1 +0945}. {447182100 31500 0 +0945}. {690311700 35100 1 +0945}. {699383700 31500 0 +0945}. {1165079700 35100 1 +0945}. {1174756500 31500 0 +0945}. {1193505300 35100 1 +0945}. {1206810900 31500 0 +0945}. {1224954900 35100 1 +0945}. {1238260500 31500 0 +0945}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Hobart

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8325
                            Entropy (8bit):3.767204262183229
                            Encrypted:false
                            SSDEEP:96:8xKiG+HuKIyymp8tLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:8xKqXytLhbVXdnPQler
                            MD5:67AF9A2B827308DD9F7ABEC9441C3250
                            SHA1:CD87DD4181B41E66EFEA9C7311D5B7191F41EA3A
                            SHA-256:814BD785B5ACDE9D2F4FC6E592E919BA0FE1C3499AFC1071B7FA02608B6032AB
                            SHA-512:BC6B8CE215B3B4AC358EB989FB1BB5C6AD61B39B7BBD36AAA924A2352E823C029131E79DA927FEEBDD5CF759FDE527F39089C93B0826995D37052362BEAE09F6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Hobart) {. {-9223372036854775808 35356 0 LMT}. {-2345795356 36000 0 AEST}. {-1680508800 39600 1 AEDT}. {-1669892400 39600 0 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {-94730400 36000 0 AEST}. {-71136000 39600 1 AEDT}. {-55411200 36000 0 AEST}. {-37267200 39600 1 AEDT}. {-25776000 36000 0 AEST}. {-5817600 39600 1 AEDT}. {5673600 36000 0 AEST}. {25632000 39600 1 AEDT}. {37728000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\LHI

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):194
                            Entropy (8bit):4.865814837459796
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3yIoGEowFVAIgjG/L2DCkx/2DCPGT:MBaIMje0QL2a7
                            MD5:1221FC8932CA3DCA431304AF660840F0
                            SHA1:5E023E37D98EA1321B10D36A79B26DF1A017F9D5
                            SHA-256:EB8FDBCFDE9E2A2AA829E784D402966F61A5BF6F2034E0CB06A24FACB5B87874
                            SHA-512:EB19FE74DC13456D0F9F1EDC9C444793A4011D3B65ADF6C7E7A405504079EB3A0C27F69DDA662F797FE363948E93833422F5DC3C1891AA7D414B062BE4DD3887
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Lord_Howe)]} {. LoadTimeZoneFile Australia/Lord_Howe.}.set TZData(:Australia/LHI) $TZData(:Australia/Lord_Howe).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Lindeman

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):796
                            Entropy (8bit):4.1890768067004
                            Encrypted:false
                            SSDEEP:12:MBp52gCmdHVP/+tCdd8xdsWz9ag5J4UVdKcWW3ty/yJATUJrRxC:cQgCeRUVfl7w
                            MD5:08E88B2169BC76172E40515F9DA2C147
                            SHA1:5C03B7C9748E63C2B437C97F8ED923A9F3E374E7
                            SHA-256:9E3558C8514E97274D9F938E9841C5E3355E738BBD55BCB17FA27FF0E0276AEA
                            SHA-512:39E10639C97DE82428818B9C5D059BA853A17113351BAEE2512806AC3066EDDF0294859519AFBE425E0D1315B1A090F84C08CEFEDCE2A3D3A38EEF782234D8C4
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lindeman) {. {-9223372036854775808 35756 0 LMT}. {-2366790956 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {625593600 39600 1 AEDT}. {636480000 36000 0 AEST}. {657043200 39600 1 AEDT}. {667929600 36000 0 AEST}. {688492800 39600 1 AEDT}. {699379200 36000 0 AEST}. {709912800 36000 0 AEST}. {719942400 39600 1 AEDT}. {731433600 36000 0 AEST}. {751996800 39600 1 AEDT}. {762883200 36000 0 AEST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Lord_Howe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7519
                            Entropy (8bit):3.4688530726187112
                            Encrypted:false
                            SSDEEP:96:zVjDVP0Izj1cdhsARcuhb4F3LbSZYt2U/gTpxxM3a6Z/nEgAmQso4QgDD:zv3qrcuhb4FbbCegi
                            MD5:169FF1BE6B6407E853AAF9F6E9A9A047
                            SHA1:C573582B8EF897D3AE5CA0FB089BE31F6ED076EB
                            SHA-256:3C7C5CF7300957F73E9249FC8BF282F7CEE262849DD5D326F476E1AE8A7B8DD5
                            SHA-512:BD8315022E8B190976FCED98252FCA0C248D857AC5045D741F6902871F0E3C158B248628DF9BA124A38AE878398F8BEA614254400F329D01F60EE50666AEE118
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Lord_Howe) {. {-9223372036854775808 38180 0 LMT}. {-2364114980 36000 0 AEST}. {352216800 37800 0 +1030}. {372785400 41400 1 +1030}. {384273000 37800 0 +1030}. {404839800 41400 1 +1030}. {415722600 37800 0 +1030}. {436289400 41400 1 +1030}. {447172200 37800 0 +1030}. {467739000 41400 1 +1030}. {478621800 37800 0 +1030}. {488984400 37800 0 +1030}. {499188600 39600 1 +1030}. {511282800 37800 0 +1030}. {530033400 39600 1 +1030}. {542732400 37800 0 +1030}. {562087800 39600 1 +1030}. {574786800 37800 0 +1030}. {594142200 39600 1 +1030}. {606236400 37800 0 +1030}. {625591800 39600 1 +1030}. {636476400 37800 0 +1030}. {657041400 39600 1 +1030}. {667926000 37800 0 +1030}. {688491000 39600 1 +1030}. {699375600 37800 0 +1030}. {719940600 39600 1 +1030}. {731430000 37800 0 +1030}. {751995000 39600 1 +1030}. {762879600 37800 0 +1030}. {78344

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Melbourne

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8069
                            Entropy (8bit):3.769669933493392
                            Encrypted:false
                            SSDEEP:96:sriG+vi8GyddsYtLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:sr/2tLhbVXdnPQler
                            MD5:E38FDAF8D9A9B1D6F2B1A8E10B9886F4
                            SHA1:6188BD62E94194DB469BE93224A396D08A986D4D
                            SHA-256:399F727CB39D90520AD6AE78A8963F918A490A813BC4FF2D94A37B0315F52D99
                            SHA-512:79FDCFF5066636C3218751C8B2B658C6B7A6864264DCC28B47843EAEFDD5564AC5E4B7A66E3D1B0D25DB86D6C6ED55D1599F1FE2C169085A8769E037E0E954BE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Melbourne) {. {-9223372036854775808 34792 0 LMT}. {-2364111592 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\NSW

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.8456659038249
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjLHVAIgoXjLSt2QWCCjREeQWCCjLu:SlSWB9IZaM3yI9HVAIgmo2DC5eDCyu
                            MD5:AE3539C49047BE3F8ABAD1AC670975F1
                            SHA1:62CD5C3DB618B9FE5630B197AB3A9729B565CA41
                            SHA-256:938A557C069B8E0BE8F52D721119CBA9A694F62CF8A7A11D68FD230CC231E17C
                            SHA-512:6F143B50C1EEC1D77F87DD5B0FFCF6625800E247400AA58361748BFEA0626E2CDA9C3FD2A4C269B3218D28FF1FB8533F4F6741F6B2C5E83F9C84A5882C86716B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Sydney)]} {. LoadTimeZoneFile Australia/Sydney.}.set TZData(:Australia/NSW) $TZData(:Australia/Sydney).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\North

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):4.780732237583773
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjboFVAIgoXjbhvN2QWCCjsrQWCCjb/:SlSWB9IZaM3yIiFVAIgg2DCZrDCy
                            MD5:70EF2A87B4538500CFADB63B62DDCBC6
                            SHA1:8D737E6E8D37323D3B41AD419F1CA9B5991E2E99
                            SHA-256:59B67F2C7C62C5F9A93767898BA1B51315D2AC271075FAFC1A24313BB673FF27
                            SHA-512:E148FC32894A7138D1547910CBD590891120CE5FB533D1348243539C35CE2994DC9F3E7B6A952BF871882C8D6ECA47E13E08AF59AB52A55F790508F2DB9B0EB6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Darwin)]} {. LoadTimeZoneFile Australia/Darwin.}.set TZData(:Australia/North) $TZData(:Australia/Darwin).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Perth

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):714
                            Entropy (8bit):4.257489685002088
                            Encrypted:false
                            SSDEEP:12:MBp52wmdHCBdPmzKfkzm2z75izhNhaP0YqozBqmjj4zl5fV59Bhg8lfU:cQweCBpYd7IzrhaMYR8mP4znhf9U
                            MD5:B354B9525896FDED8769CF5140E76FFF
                            SHA1:8494E182E3803F2A6369261B4B4EAC184458ECC4
                            SHA-256:C14CAAD41E99709ABF50BD7F5B1DAFE630CA494602166F527DBDA7C134017FB0
                            SHA-512:717081F29FBACEE2722399DD627045B710C14CF6021E4F818B1768AF972061232412876872F113C468446D79A366D7FFD2E852563DC44A483761D78C7A16F74A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Perth) {. {-9223372036854775808 27804 0 LMT}. {-2337925404 28800 0 AWST}. {-1672559940 32400 1 AWDT}. {-1665385200 28800 0 AWST}. {-883634400 32400 1 AWDT}. {-876121200 28800 0 AWST}. {-860392800 32400 1 AWDT}. {-844671600 28800 0 AWST}. {-836470800 32400 0 AWST}. {152042400 32400 1 AWDT}. {162928800 28800 0 AWST}. {436298400 32400 1 AWDT}. {447184800 28800 0 AWST}. {690314400 32400 1 AWDT}. {699386400 28800 0 AWST}. {1165082400 32400 1 AWDT}. {1174759200 28800 0 AWST}. {1193508000 32400 1 AWDT}. {1206813600 28800 0 AWST}. {1224957600 32400 1 AWDT}. {1238263200 28800 0 AWST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Queensland

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):198
                            Entropy (8bit):4.75392731256171
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3yIaWhvFVAIgPWzCxL2DCoRWJvFBx+DC7W6:MBaIMjoTL2rOvFey
                            MD5:D12C6F15F8BFCA19FA402DAE16FC9529
                            SHA1:0869E6D11681D74CC3301F4538D98A225BE7C2E1
                            SHA-256:77EA0243A11D187C995CE8D83370C6682BC39D2C39809892A48251123FF19A1E
                            SHA-512:A98D1AF1FC3E849CCF9E9CC090D3C65B7104C164762F88B6048EA2802F17D635C2E66BE2661338C1DD604B550A267678245DE867451A1412C4C06411A21BE3A9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Brisbane)]} {. LoadTimeZoneFile Australia/Brisbane.}.set TZData(:Australia/Queensland) $TZData(:Australia/Brisbane).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\South

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):193
                            Entropy (8bit):4.701653352722385
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3yIDRpGvFVAIgSRFL2DCa7QDCuRpv:MBaIMjdp5YFL23QHpv
                            MD5:23671880AC24D35F231E2FCECC1A5E3A
                            SHA1:5EE2EFD5ADE268B5114EB02FDA77F4C5F507F3CB
                            SHA-256:9823032FFEB0BFCE50B6261A848FE0C07267E0846E9F7487AE812CEECB286446
                            SHA-512:E303C7DE927E7BAA10EE072D5308FEE6C4E9B2D69DDD8EF014ED60574E0855EE803FE19A7CB31587E62CAE894C087D47A91A130213A24FCCD152736D82F55AB1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Adelaide)]} {. LoadTimeZoneFile Australia/Adelaide.}.set TZData(:Australia/South) $TZData(:Australia/Adelaide).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Sydney

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8066
                            Entropy (8bit):3.763781985138297
                            Encrypted:false
                            SSDEEP:96:GZCiG+CiRyddsYtLhbVXd33cZF7bLaE9DTtM/m7eeYWlQOZIeVUF:GZCm2tLhbVXdnPQler
                            MD5:B3498EEA194DDF38C732269A47050CAA
                            SHA1:C32B703AA1FA34D890D151300A2B21E0FA8F55D3
                            SHA-256:0EE9BE0F0D6EC0CE10DEA1BE7A9F494C74B747418E966B85EC1FFB15F6F22A4F
                            SHA-512:A9419B797B1518AAEEE27A1796D0D024847F7A61D26238F1643EBD6131A6B36007FBABD9E766C3D4ED61B006FD31FC4555CB54B8681E7DBDEC26B38144D64BC9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Australia/Sydney) {. {-9223372036854775808 36292 0 LMT}. {-2364113092 36000 0 AEST}. {-1672567140 39600 1 AEDT}. {-1665392400 36000 0 AEST}. {-883641600 39600 1 AEDT}. {-876128400 36000 0 AEST}. {-860400000 39600 1 AEDT}. {-844678800 36000 0 AEST}. {-828345600 39600 1 AEDT}. {-813229200 36000 0 AEST}. {31500000 36000 0 AEST}. {57686400 39600 1 AEDT}. {67968000 36000 0 AEST}. {89136000 39600 1 AEDT}. {100022400 36000 0 AEST}. {120585600 39600 1 AEDT}. {131472000 36000 0 AEST}. {152035200 39600 1 AEDT}. {162921600 36000 0 AEST}. {183484800 39600 1 AEDT}. {194976000 36000 0 AEST}. {215539200 39600 1 AEDT}. {226425600 36000 0 AEST}. {246988800 39600 1 AEDT}. {257875200 36000 0 AEST}. {278438400 39600 1 AEDT}. {289324800 36000 0 AEST}. {309888000 39600 1 AEDT}. {320774400 36000 0 AEST}. {341337600 39600 1 AEDT}. {352224000 36000 0 AEST}. {3

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Tasmania

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):4.7264864039237215
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjKD4YFedVAIgoXjKgVAt2QWCCjiiieQWCCjKDvn:SlSWB9IZaM3yI4DVyVAIgxkAt2DC3ne0
                            MD5:C7C9CDC9EC855D2F0C23673FA0BAFFB6
                            SHA1:4C79E1C17F418CEE4BE8F638F34201EE843D8E28
                            SHA-256:014B3D71CE6BD77AD653047CF185EA03C870D78196A236693D7610FED7F30B6F
                            SHA-512:79AE11CE076BFB87C0AAD35E9AF6E760FC592F1D086EB78E6DF88744F502ED4248853A0EAD72ADA8EA9583161925802EE5E46E3AA8CE8CF873852C26B4FDC05B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Hobart)]} {. LoadTimeZoneFile Australia/Hobart.}.set TZData(:Australia/Tasmania) $TZData(:Australia/Hobart).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Victoria

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):199
                            Entropy (8bit):4.7697171393457936
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3yIvFfkvFVAIgoFFL2DCzyQDCMFB:MBaIMj9fHaFL2xQzB
                            MD5:BD2EA272B8DF472E29B7DD0506287E92
                            SHA1:55BF3A3B6398F9FF1DB3A46998A4EFF44F6F325C
                            SHA-256:EE35DF8BBCD6A99A5550F67F265044529BD7AF6A83087DD73CA0BE1EE5C8BF51
                            SHA-512:82B18D2C9BA7113C2714DC79A87101FFB0C36E5520D61ADEAB8A31AD219E51A6402A6C8A8FD7120A330FE8847FF8F083397A1BF5889B73484FBAA6F99497DE48
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Melbourne)]} {. LoadTimeZoneFile Australia/Melbourne.}.set TZData(:Australia/Victoria) $TZData(:Australia/Melbourne).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\West

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):183
                            Entropy (8bit):4.781808870279912
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq/xJjXFedVAIgoXjbOAt2QWCCjH0QWCCj5:SlSWB9IZaM3yIYVAIg9At2DC00DCa
                            MD5:9E0EF0058DDA86016547F2BFE421DE74
                            SHA1:5DB6AEAC6B0A42FEAE28BB1A45679BC235F4E5BF
                            SHA-256:FC952BE48F11362981CDC8859F9C634312E5805F2F1513159F25AEFCE664867C
                            SHA-512:C60E5A63378F8424CE8D862A575DFE138646D5E88C6A34562A77BEC4B34EA3ED3085424E2130E610197164C7E88805DC6CDE46416EB45DC256F387F632F48CA7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Perth)]} {. LoadTimeZoneFile Australia/Perth.}.set TZData(:Australia/West) $TZData(:Australia/Perth).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Australia\Yancowinna

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):207
                            Entropy (8bit):4.871861105493913
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3yIcKCFVAIgJKfF2DCkuM0DC9Kl:MBaIMjcKCQJKt2kVSKl
                            MD5:5C3CED24741704A0A7019FA66AC0C0A1
                            SHA1:88C7AF3B22ED01ED99784C3FAB4F5112AA4659F3
                            SHA-256:71A56C71CC30A46950B1B4D4FBB12CB1CBAA24267F994A0F223AE879F1BB6EEC
                            SHA-512:771A7AC5D03DD7099F565D6E926F7B97E8A7BA3795339D3FD78F7C465005B55388D8CC30A62978042C354254E1BA5467D0832C0D29497E33D6EF1DA217528806
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Australia/Broken_Hill)]} {. LoadTimeZoneFile Australia/Broken_Hill.}.set TZData(:Australia/Yancowinna) $TZData(:Australia/Broken_Hill).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Brazil\Acre

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):189
                            Entropy (8bit):4.84045343046357
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0sMhS4edVAIg20sMhStQ1bNW1h4IAcGEsMhSA:SlSWB9IZaM3y7thtedVAIgpthKQxWh4y
                            MD5:DF4D752BEEAF40F081C03B4572E9D858
                            SHA1:A83B5E4C3A9EB0CF43263AFF65DB374353F65595
                            SHA-256:1B1AD73D3FE403AA1F939F05F613F6A3F39A8BA49543992D836CD6ED14B92F2C
                            SHA-512:1F96F1D8AACD6D37AC13295B345E761204DAE6AA1DF4894A11E00857CCB7247FA7BEBD22407EA5D13193E2945EB1F4210E32669069F157F1459B26643A67F445
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Rio_Branco)]} {. LoadTimeZoneFile America/Rio_Branco.}.set TZData(:Brazil/Acre) $TZData(:America/Rio_Branco).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Brazil\DeNoronha

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.826795532956443
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0wKy4oedVAIg20wK+F1bIAJl0IAcGEwKyvn:SlSWB9IZaM3y7/rDdVAIgp/mxIAE90/8
                            MD5:86B9E49F604AD5DBC4EC6BA735A513C7
                            SHA1:BE3AB32339DF9830D4F445CCF883D79DDBA8708E
                            SHA-256:628A9AE97682B98145588E356948996EAE18528E34A1428A6B2765CCAA7A8A1F
                            SHA-512:EE312624EC0193C599B2BDBFA57CC4EA7C68890955E0D888149172DF8F2095C553BFBB80BF76C1B8F3232F3A5863A519FF59976BBAEA622C64737890D159AA22
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Noronha)]} {. LoadTimeZoneFile America/Noronha.}.set TZData(:Brazil/DeNoronha) $TZData(:America/Noronha).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Brazil\East

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):186
                            Entropy (8bit):4.9019570219911275
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0tQJXvedVAIg20tQJX1bJHIAcGEtQJXv:SlSWB9IZaM3y7tIGdVAIgptExR90tIv
                            MD5:FBF6B9E8B9C93B1B9E484D88EF208F38
                            SHA1:44004E19A485B70E003687CB1057B8A2421D1BF0
                            SHA-256:C89E831C4A0525C3CEFF17072843386369096C08878A4412FB208EF5D3F156D8
                            SHA-512:4E518FC4CED0C756FF45E0EDE72F6503C4B3AE72E785651DE261D3F261D43F914721EFCEAB272398BC145E41827F35D46DE4E022EAF413D95F64E8B3BD752002
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Sao_Paulo)]} {. LoadTimeZoneFile America/Sao_Paulo.}.set TZData(:Brazil/East) $TZData(:America/Sao_Paulo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Brazil\West

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.853909262702622
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0znQZFwFVAIg20znQoCxL1bbAWVIAcGEznQb:SlSWB9IZaM3y7zn+wFVAIgpznzCxLxnJ
                            MD5:116F0F146B004D476B6B86EC0EE2D54D
                            SHA1:1F39A84EF3DFF676A844174D9045BE388D3BA8C0
                            SHA-256:F24B9ED1FAFA98CD7807FFFEF4BACA1BCE1655ABD70EB69D46478732FA0DA573
                            SHA-512:23BD7EC1B5ADB465A204AAA35024EE917F8D6C3136C4EA973D8B18B586282C4806329CEBE0EDBF9E13D0032063C8082EC0D84A049F1217C856943A4DDC4900D0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Manaus)]} {. LoadTimeZoneFile America/Manaus.}.set TZData(:Brazil/West) $TZData(:America/Manaus).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\CET

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7471
                            Entropy (8bit):3.710275786382764
                            Encrypted:false
                            SSDEEP:96:ht6CvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQlth:PSTRNH4Mn82rlo6XIZ9ALeBO
                            MD5:AE72690EF7063F0B9F640096204E2ECE
                            SHA1:4F815B51DA9BCA97DFF71D191B74D0190890F946
                            SHA-256:BB2C5E587EE9F9BF85C1D0B6F57197985663D4DFF0FED13233953C1807A1F11C
                            SHA-512:F7F0911251BC7191754AF0BA2C455E825BF16EA9202A740DC1E07317B1D74CDAF680E161155CC1BD5E862DCEE2A58101F419D8B5E0E24C4BA7134999D9B55C48
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:CET) {. {-9223372036854775808 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766623600 3600 0 CET}. {228877200 7200 1 CEST}. {243997200 3600 0 CET}. {260326800 7200 1 CEST}. {276051600 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\CST6CDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8227
                            Entropy (8bit):3.723597525146651
                            Encrypted:false
                            SSDEEP:192:KxrIOdXkqbfkeTzZSJw5/9/yuvQ+hcrD57X0N41+IestuNEbYkzbXwDTIRqfhXbo:KxrIOdXkqbfNTzZSJw5/9/yuvQ6crD5r
                            MD5:B5AC3FA83585957217CA04384171F0FF
                            SHA1:827FF1FBDADDDE3754453E680B4E719A50499AE6
                            SHA-256:17CBE2F211973F827E0D5F9F2B4365951164BC06DA065F6F38F45CB064B29457
                            SHA-512:A56485813C47758F988A250FFA97E2DBD7A69DDD16034E9EF2834AF895E8A374EEB4DA3F36E6AD80285AC10F84543ECF5840670805082E238F822F85D635651F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:CST6CDT) {. {-9223372036854775808 -21600 0 CST}. {-1633276800 -18000 1 CDT}. {-1615136400 -21600 0 CST}. {-1601827200 -18000 1 CDT}. {-1583686800 -21600 0 CST}. {-880214400 -18000 1 CWT}. {-769395600 -18000 1 CPT}. {-765392400 -21600 0 CST}. {-84384000 -18000 1 CDT}. {-68662800 -21600 0 CST}. {-52934400 -18000 1 CDT}. {-37213200 -21600 0 CST}. {-21484800 -18000 1 CDT}. {-5763600 -21600 0 CST}. {9964800 -18000 1 CDT}. {25686000 -21600 0 CST}. {41414400 -18000 1 CDT}. {57740400 -21600 0 CST}. {73468800 -18000 1 CDT}. {89190000 -21600 0 CST}. {104918400 -18000 1 CDT}. {120639600 -21600 0 CST}. {126691200 -18000 1 CDT}. {152089200 -21600 0 CST}. {162374400 -18000 1 CDT}. {183538800 -21600 0 CST}. {199267200 -18000 1 CDT}. {215593200 -21600 0 CST}. {230716800 -18000 1 CDT}. {247042800 -21600 0 CST}. {262771200 -18000 1 CDT}. {278492400 -216

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Atlantic

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.754307292225081
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx02NEO4FVAIg202NEtYF0nalGe2IAcGE2NEOv:SlSWB9IZaM3y7UEO4FVAIgpUEqF0af2b
                            MD5:B0E220B9CD16038AAF3EA21D60064B62
                            SHA1:333410CB7D4F96EF836CDC8097A1DCE34A2B961A
                            SHA-256:6F71D7ED827C9EF6E758A44D2A998673E1225EB8005AD557A1713F5894833F92
                            SHA-512:F879F60E36C739280E8FC255D2792BB24BCA90A265F8F90B5FB85630D5A58CE4FDBD24EA5594924375C3CD31DBC6D49C06CBFA43C52D0B9A1E9D799914A164F7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:Canada/Atlantic) $TZData(:America/Halifax).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Central

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):186
                            Entropy (8bit):4.814426408072182
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0po4FVAIg20peRL0nPQox/h4IAcGEpov:SlSWB9IZaM3y7phFVAIgppOL0d490py
                            MD5:8374E381BC8235B11B7C5CA215FA112C
                            SHA1:181298556253D634B09D72BD925C4DBB92055A06
                            SHA-256:1B87273B264A3243D2025B1CFC05B0797CBC4AA95D3319EEE2BEF8A09FDA8CAD
                            SHA-512:12800E49B8094843F66454E270B4BE154B053E5FB453C83269AF7C27B965071C88B02AF7BB404E7F5A07277DB45E58D1C5240B377FC06172087BB29749C7543B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Winnipeg)]} {. LoadTimeZoneFile America/Winnipeg.}.set TZData(:Canada/Central) $TZData(:America/Winnipeg).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\East-Saskatchewan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):4.860347334610986
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0sAzE5YyVAIg20sAzEvYvW60nbP2/8S64IAcGEsAz1:SlSWB9IZaM3y7hzipVAIgphzGCW60L5X
                            MD5:F5CB42BC029315088FAD03C9235FFB51
                            SHA1:7773ECE0B85D66E4FA207A26EE4395F38BAC4068
                            SHA-256:AF04A4558E31C9864B92FE3403011F7A2FBD837E1314A7BB5AF552D5AED06457
                            SHA-512:0533B9D98834866FAA3C6E67A6F61A8A22C2BFDBA8C5336388C0894FBA550611C9112515F17E20E7B3508EC2318D58EA7CA814EC10C3451954C3CC169EDA0F8C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:Canada/East-Saskatchewan) $TZData(:America/Regina).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Eastern

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):183
                            Entropy (8bit):4.7067203041014185
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qMKLRXIVAIg20qMKLRI60nbHboxp4IAcGEqMKLRXv:SlSWB9IZaM3y7RQ+VAIgpRQ+60Dboxp2
                            MD5:22453AC70F84F34868B442E0A7BDC20A
                            SHA1:730049FF6953E186C197601B27AB850305961FD0
                            SHA-256:545B992E943A32210F768CB86DEF3203BE956EE03A3B1BC0D55A5CD18A4F064D
                            SHA-512:91FE33FAD3954019F632A771BCBD9FF3FDCCDA1F51DD25E0E5808A724F2D9B905E5E2DEE32D415BEA9A9ADB74186D83548584414BB130DF1A166D49373AC7BEF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Toronto)]} {. LoadTimeZoneFile America/Toronto.}.set TZData(:Canada/Eastern) $TZData(:America/Toronto).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Mountain

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):4.768148288986999
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx07nKL5zFVAIg207nKLKN0nNYLo/4IAcGE7nKLun:SlSWB9IZaM3y77GzFVAIgp7DN0W8/49s
                            MD5:5E0D3D1A7E9F800210BB3E02DFF2ECD3
                            SHA1:F2471795A9314A292DEAA3F3B94145D3DE5A2792
                            SHA-256:A8B3A4D53AA1CC73312E80951A9E9CEA162F4F51DA29B897FEB58B2DF3431821
                            SHA-512:F80C7CDFE20E5FAD9E4BA457446F067ACE0C3F4659761E3B4A2422D3456CDE92C20589954DE5E0DC64619E3B6AB3A55AE0E0E783F8EFB24D74A5F6DFBF5ABB16
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Edmonton)]} {. LoadTimeZoneFile America/Edmonton.}.set TZData(:Canada/Mountain) $TZData(:America/Edmonton).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Newfoundland

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):191
                            Entropy (8bit):4.953647576523321
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0tVZMYFwFVAIg20tVZoYvxL0nJBJi6FBx/2IAcGEt3:SlSWB9IZaM3y7tgYmFVAIgptMqL0xdB7
                            MD5:3A4E193C8624AE282739867B22B7270A
                            SHA1:AC93EEDA7E8AB7E40834FFBA83BAE5D803CB7162
                            SHA-256:70EF849809F72741FA4F37C04C102A8C6733639E905B4E7F554F1D94737BF26B
                            SHA-512:BE2AACEE2A6F74520F4F1C0CCBBB750ED6C7375D4368023BAB419184F8F717D52981106C03F487B24A943907E60784136C0E5F8C1D5B3D1C67C20E23A4F412B3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/St_Johns)]} {. LoadTimeZoneFile America/St_Johns.}.set TZData(:Canada/Newfoundland) $TZData(:America/St_Johns).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Pacific

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):189
                            Entropy (8bit):4.839589386398345
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0oELSTAWFwVAIg20oELSTAQO0L0nie2IAcGEoELSTH:SlSWB9IZaM3y7ZLgXwVAIgpZLgJJL0Nu
                            MD5:6AA0FCE594E991D6772C04E137C7BE00
                            SHA1:6C53EE6FEBEC2BD5271DD80D40146247E779CB7B
                            SHA-256:D2858621DA914C3F853E399F0819BA05BDE68848E78F59695B84B2B83C1FDD2A
                            SHA-512:7B354BB9370BB61EB0E801A1477815865FDE51E6EA43BF166A6B1EED127488CC25106DEE1C6C5DC1EF3E13E9819451E10AFBC0E189D3D3CDE8AFFA4334C77CA3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Vancouver)]} {. LoadTimeZoneFile America/Vancouver.}.set TZData(:Canada/Pacific) $TZData(:America/Vancouver).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Saskatchewan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.83938055689947
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0sAzE5YyVAIg20sAzEvYvW60nogS64IAcGEsAzEun:SlSWB9IZaM3y7hzipVAIgphzGCW60Hd9
                            MD5:927FD3986F83A60C217A3006F65A3B0A
                            SHA1:022D118024BFC5AE0922A1385288C3E4B41903DB
                            SHA-256:BB457E954DB625A8606DD0F372DA9BFFAA01F774B4B82A2B1CEE2E969C15ABC3
                            SHA-512:3EA932FA5416A9C817977F9D31C8A15C937A453B4D6A6409A7966E76D66A685C91F1117C82BEBEBA2AF5516556DA2BDEC898AD718C78FB8B690F31692174DA6C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:Canada/Saskatchewan) $TZData(:America/Regina).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Canada\Yukon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):4.841592909599599
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0peR2pVkvFVAIg20peR2zxL0nTOK8x/h4IAcGEpeRu:SlSWB9IZaM3y7peR2fkvFVAIgppeR2FF
                            MD5:9F2A7F0D8492F67F764F647638533C3F
                            SHA1:3785DACD1645E0630649E411DC834E8A4FB7F40B
                            SHA-256:F2A81B7E95D49CEC3C8952463B727129B4DC43D58ADC64BB7CAB642D3D191039
                            SHA-512:0133870BB96851ECD486D55FD10EB4BCB1678772C1BFFADE85FC5644AC8445CDB4C6284BEFFED197E9386C9C6EF74F5F718F2CB43C4C7B8E65FE413C8EC51CD0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Whitehorse)]} {. LoadTimeZoneFile America/Whitehorse.}.set TZData(:Canada/Yukon) $TZData(:America/Whitehorse).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Chile\Continental

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):189
                            Entropy (8bit):4.762021566751952
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0tfEJ5YyVAIg20tfEJvYvWAt0dKLRMyREGH/h4IAcB:SlSWB9IZaM3y7tfEJHVAIgptfEJAvN0+
                            MD5:B2BDB6C027FF34D624EA8B992E5F41AB
                            SHA1:425AB0D603C3F5810047A7DC8FD28FDF306CC2DB
                            SHA-256:F2E3C1E88C5D165E1D38B0D2766D64AA4D2E6996DF1BE58DADC9C4FC4F503A2E
                            SHA-512:6E5A8DC6F5D5F0218C37EE719441EBDC7EDED3708F8705A98AEF7E256C8DC5D82F4BF82C529282E01D8E6E669C4F843B143730AD9D8BBF43BCC98ECB65B52C9B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Santiago)]} {. LoadTimeZoneFile America/Santiago.}.set TZData(:Chile/Continental) $TZData(:America/Santiago).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Chile\EasterIsland

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.758503564906338
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG7ZAJpVAIgObT7ZA6xL0bxOdBx/nUDH7ZAen:SlSWB9IZaM3ycJA3VAIgObJA6xL04dB4
                            MD5:E9DF5E3D9E5E242A1B9C73D8F35C9911
                            SHA1:9905EF3C1847CFF8156EC745779FCF0D920199B7
                            SHA-256:AA305BEC168C0A5C8494B81114D69C61A0D3CF748995AF5CCC3E2591AC78C90C
                            SHA-512:7707AC84D5C305F40A1713F1CBBED8A223553A5F989281CCDB278F0BD0D408E6FC9396D9FA0CCC82168248A30362D2D4B27EDEF36D9A3D70E286A5B668686FDE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Easter)]} {. LoadTimeZoneFile Pacific/Easter.}.set TZData(:Chile/EasterIsland) $TZData(:Pacific/Easter).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Cuba

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):170
                            Entropy (8bit):4.8073098952422395
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx02TEMVFwVAIg202TEKN0lIAcGE2TEMv:SlSWB9IZaM3y76EHVAIgp6EKN0l906Eu
                            MD5:BA8EE8511A2013E791A3C50369488588
                            SHA1:03BF30F56FB604480A9F5ECD8FB13E3CF82F4524
                            SHA-256:2F9DFE275B62EFBCD5F72D6A13C6BB9AFD2F67FDDD8843013D128D55373CD677
                            SHA-512:29C9E9F4B9679AFD688A90A605CFC1D7B86514C4966E2196A4A5D48D4F1CF16775DFBDF1C9793C3BDAA13B6986765531B2E11398EFE5662EEDA7B37110697832
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Havana)]} {. LoadTimeZoneFile America/Havana.}.set TZData(:Cuba) $TZData(:America/Havana).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\EET

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7189
                            Entropy (8bit):3.6040923024580884
                            Encrypted:false
                            SSDEEP:96:WB8kMKVCy+Hk+PVqVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lf:AroXPzh2kNU4tB715pyzHy1gA
                            MD5:9AE4C7EC014649393D354B02DF00F8B9
                            SHA1:D82195DEF49CFFEAB3791EA70E6D1BB8BC113155
                            SHA-256:4CB6582052BE7784DD08CE7FD97ACC56234F07BCF80B69E57111A8F88454908E
                            SHA-512:6F0C138AF98A4D4A1028487C29267088BD4C0EC9E7C1DB9818FA31A61C9584B67B3F5909C6E6FDB0F7183629E892A77BA97654D39FCE7DDEF6908F8146B7BE72
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:EET) {. {-9223372036854775808 7200 0 EET}. {228877200 10800 1 EEST}. {243997200 7200 0 EET}. {260326800 10800 1 EEST}. {276051600 7200 0 EET}. {291776400 10800 1 EEST}. {307501200 7200 0 EET}. {323830800 10800 1 EEST}. {338950800 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\EST

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):106
                            Entropy (8bit):4.879680803636454
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yLWkXGm2OHLVvain:SlSWB9X5y2m2OHLViin
                            MD5:33221E0807873CC5E16A55BF4450B6D4
                            SHA1:A01FD9D1B8E554EE7A25473C2FBECA3B08B7FD02
                            SHA-256:5AA7D9865554BCE546F1846935C5F68C9CA806B29B6A45765BA55E09B14363E4
                            SHA-512:54A33B239BBFCFC645409FBC8D9DDBFCAE56067FA0427D0BE5F49CB32EB8EEC8E43FC22CE1C083FDC17DD8591BE9DB28A2D5006AFA473F10FB17EF2CE7AED305
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:EST) {. {-9223372036854775808 -18000 0 EST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\EST5EDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8227
                            Entropy (8bit):3.723178863172678
                            Encrypted:false
                            SSDEEP:96:W4UwdaC3Xm8sHRwvOTFhP5S+ijFnRaJeaX1eyDt:Cwdrn+qvOTFhPI1jFIL
                            MD5:1A7BDED5B0BADD36F76E1971562B3D3B
                            SHA1:CF5BB82484C4522B178E25D14A42B3DBE02D987D
                            SHA-256:AFD2F12E50370610EA61BA9DD3838129785DFDEE1EBCC4E37621B54A4CF2AE3F
                            SHA-512:4803A906E2C18A2792BF812B8D26C936C71D8A9DD9E87F7DA06630978FCB5DE1094CD20458D37973AA9967D51B97F94A5785B7B15F807E526C13D018688F16D9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:EST5EDT) {. {-9223372036854775808 -18000 0 EST}. {-1633280400 -14400 1 EDT}. {-1615140000 -18000 0 EST}. {-1601830800 -14400 1 EDT}. {-1583690400 -18000 0 EST}. {-880218000 -14400 1 EWT}. {-769395600 -14400 1 EPT}. {-765396000 -18000 0 EST}. {-84387600 -14400 1 EDT}. {-68666400 -18000 0 EST}. {-52938000 -14400 1 EDT}. {-37216800 -18000 0 EST}. {-21488400 -14400 1 EDT}. {-5767200 -18000 0 EST}. {9961200 -14400 1 EDT}. {25682400 -18000 0 EST}. {41410800 -14400 1 EDT}. {57736800 -18000 0 EST}. {73465200 -14400 1 EDT}. {89186400 -18000 0 EST}. {104914800 -14400 1 EDT}. {120636000 -18000 0 EST}. {126687600 -14400 1 EDT}. {152085600 -18000 0 EST}. {162370800 -14400 1 EDT}. {183535200 -18000 0 EST}. {199263600 -14400 1 EDT}. {215589600 -18000 0 EST}. {230713200 -14400 1 EDT}. {247039200 -18000 0 EST}. {262767600 -14400 1 EDT}. {278488800 -180

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Egypt

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):165
                            Entropy (8bit):4.812476042768195
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsPHVyVAIgNGE7JW6yCh0DcPHv:SlSWB9IZaM3y7AVAIgNTFW6yg0DY
                            MD5:3708D7ED7044DE74B8BE5EBD7314371B
                            SHA1:5DDC75C6204D1A2A59C8441A8CAF609404472895
                            SHA-256:07F4B09FA0A1D0BA63E17AD682CAD9535592B372815AB8FD4884ACD92EC3D434
                            SHA-512:A8761601CD9B601E0CE8AC35B6C7F02A56B07DC8DE31DEB99F60CB3013DEAD900C74702031B5F5F9C2738BA48A8420603D46C3AE0E0C87D40B9D9D44CE0EAE81
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Cairo)]} {. LoadTimeZoneFile Africa/Cairo.}.set TZData(:Egypt) $TZData(:Africa/Cairo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Eire

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):167
                            Entropy (8bit):4.85316662399069
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV5QH+owFVAIgoq6QH7W6yMQs/h8QanQHpn:SlSWB9IZaM3ymnQeowFVAIgonQbNyM/R
                            MD5:AA0DEB998177EB5208C4D207D46ECCE3
                            SHA1:DD8C7CE874EE12DD77F467B74A9C8FC74C7045FF
                            SHA-256:16A42F07DE5233599866ECC1CBB1FC4CD4483AC64E286387A0EED1AFF919717D
                            SHA-512:D93A66A62304D1732412CAAAB2F86CE5BCD07D07C1315714D81754827D5EFD30E36D06C0DC3CF4A8C86B750D7D6A144D609D05E241FADC7FF78D3DD2044E4CBB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Dublin)]} {. LoadTimeZoneFile Europe/Dublin.}.set TZData(:Eire) $TZData(:Europe/Dublin).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):105
                            Entropy (8bit):4.883978227144926
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDMWkXGm2OHvDd:SlSWB9X5yRQCm2OHB
                            MD5:94CDB0947C94E40D59CB9E56DB1FA435
                            SHA1:B73907DAC08787D3859093E8F09828229EBAA6FD
                            SHA-256:17AF31BD69C0048A0787BA588AD8641F1DC000A8C7AEC66386B0D9F80417ABBF
                            SHA-512:5F47A2864F9036F3FD61FC65ED4969330DD2A1AC237CB2BD8E972DDFED75120D8D377D5C84060015DCFC163D03F384DC56DC8C6F29E65528C04F1FDA8BBC688E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT) {. {-9223372036854775808 0 0 GMT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+0

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):154
                            Entropy (8bit):4.862090278972909
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRDOm7/8RDMvn:SlSWB9IZaM3yF4FVAIgJtyRSw8RQvn
                            MD5:4AC2027A430A7343B74393C7FE1D6285
                            SHA1:C675A91954EC82EB67E1B7FA4B0C0ED11AAF83DA
                            SHA-256:01EEF5F81290DBA38366D8BEADAD156AAC40D049DBFA5B4D0E6A6A8641D798D1
                            SHA-512:61943A348C4D133B0730EAA264A15EF37E0BBE2F767D87574801EAAA9A457DA48D854308B6ABADA21D33F4D498EB748BCB66964EB14BB8DC1367F77A803BA520
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT+0) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+1

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.936955816757987
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOvedSXGm2OH1VOY:SlSWB9X5yRSvwJm2OH1VOY
                            MD5:B8D9D5AF8CE887722F92207393F93481
                            SHA1:3F33F97F96AE9C30A616B8A84888B032A3E1A59A
                            SHA-256:049ABD0DCEC9C4128FF6F5BBB1F1D64F53AB7E4A1BD07D0650B0B67D1F581C64
                            SHA-512:7A10D28DA75FCBF5AF43FEECB91801E97CB161A6909E9463A2F1218323EE3B4ECA10E11438D20E876B6EF912E21D26264FFBD04C75D702D2386A4E959EB5FFAC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+1) {. {-9223372036854775808 -3600 0 -01}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+10

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):113
                            Entropy (8bit):4.92045957745591
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOgFkXGm2OH1VYU8Cn:SlSWB9X5yRS0m2OH1VYQn
                            MD5:33022DF11BC5459AA1DD968CEF24EA03
                            SHA1:45DE6AD3B142C1768B410C047DFD45444E307AB8
                            SHA-256:15F72B4F2C04EDDC778AAD999B5A329F55F0D10AC141862488D2DCE520541A85
                            SHA-512:0C13040965135D199A29CFE8E1598AA8E840B141B85CCF1A45611B367AF046107FDA8478B1779E2AC665534DC4E84630267B42F902DB3A2CB78DD6D20939010E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+10) {. {-9223372036854775808 -36000 0 -10}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+11

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):113
                            Entropy (8bit):4.959312316620187
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOeLXGm2OHaBBKn:SlSWB9X5yRShm2OHa7Kn
                            MD5:5FC01E15A719B73A5AA5B0A6E7F16B0C
                            SHA1:E1AAEF7C52DF944A9AEDCC74E6A07FABE09BAFCE
                            SHA-256:69A82F9EB9E120FABFA88C846BC836B85A08FFF4B304914256E6C3A72CB371D0
                            SHA-512:86659001C159730C012C385D505CD822F5CE6E59C0BD7899F90070372A56D348F0292F74C34A4E960E721D113DB5F65751A513D7C1A3CFBF09CBA22118323DED
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+11) {. {-9223372036854775808 -39600 0 -11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+12

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):113
                            Entropy (8bit):4.934932781202811
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOK/kXGm2OH3FNyU7n:SlSWB9X5yRSKTm2OH3Xyan
                            MD5:BEE0C510C41F541B4E919183459488B2
                            SHA1:DA028394973155C52EDDDB4EB4CCACA7F3A74188
                            SHA-256:3B3DA9CF6FEB6E90772E9EC391D857D060A2F52A34191C3A0472794FEC421F5F
                            SHA-512:9EBE1FAD2B47DDA627F52F97094556F3A8C0D03BF2DD4C12CC8611BD2D59FE3A2C1016FFBDF0B95F2C5C56D81C8B2020EBF1D2AB4AAAFE33AB5469AFE1C596A1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+12) {. {-9223372036854775808 -43200 0 -12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+2

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.876100974396153
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOcFwFFkXGm2OHnFQVIK:SlSWB9X5yRS0wTm2OHnFQV7
                            MD5:316ED84A4318F8641592A0959395EFA3
                            SHA1:970C97E6F433524BE88031098DD4F5F479FB4AA6
                            SHA-256:8323CA90E2902CAAD2EBCFFBF681FC3661424AE5B179140581AA768E36639C93
                            SHA-512:6DD62C72E24A24F8FCD8EC085942920A04A55DD03D54C712ADA2BE0EDD6166F34A1229E045C50384808735C40CF72B98458E0329B9762B4B3E95E7ACABB0017E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+2) {. {-9223372036854775808 -7200 0 -02}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+3

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.904010922708719
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOCcXGm2OHBFVGHC:SlSWB9X5yRSCTm2OHBFAHC
                            MD5:899F1AAB147D5A13D7E22CBE374F3F8D
                            SHA1:C132B5E0859EB6C95C64D50408D4A310893D1E8F
                            SHA-256:3C2EF9B7218D133E7611527CE1CD5F03FF6FED5DE245F082FF21F4571A7D9EA4
                            SHA-512:63C8F98BAE437BB9717A3D13C70424FBB43CBA392A1750DE8EAB31C825F190C5DE1987B391591361F80CE084896B838BE78CBE56C1E1C4DC0A1A6D280742FD91
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+3) {. {-9223372036854775808 -10800 0 -03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+4

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.92751033740291
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOqLXGm2OHBvG9:SlSWB9X5yRStm2OHBO9
                            MD5:9D050C35FCDFD703C387CF2065E6250B
                            SHA1:EEE8A277CB49D03085A5C6FCEA94961790D23339
                            SHA-256:B43B685B6B168FD964590BC6C4264511155DB76EBCB7A5BCB20C35C0AD9B8CC4
                            SHA-512:D56449C34A7F63DCCE79F4A6C4731454BB909C6DA49593FFE6B59DD3DE755720931BFD245A799B7FB1397FC0AE0AF89E88AD4DAA91AB815740328B27D301DCDE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+4) {. {-9223372036854775808 -14400 0 -04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+5

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.911642645675445
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOEkXGm2OHLVvyV9C:SlSWB9X5yRSQm2OHLVKV9C
                            MD5:81856E9473F48AB0F53B09CB6BEF61B1
                            SHA1:52A906EE5B706091E407CA8A0D036A46727790EA
                            SHA-256:B0224DBA144B1FE360E2922B1E558E79F6960A173045DE2A1EDACDC3F24A3E36
                            SHA-512:7C9679A2C299741E98FF1E759313D1CDC050B73B7E4FB097FF3186B4C35271C203D54E12D758675639A3D3F3F1EB43D768834B9CE7D22376BEA71FB0ACF164A7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+5) {. {-9223372036854775808 -18000 0 -05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+6

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.930765051479699
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOAkEXGm2OHvTmUK:SlSWB9X5yRSbLm2OHvin
                            MD5:757E578CE6FCD34966D9FF90D9F9A7BF
                            SHA1:091E3FC890BF7A4C61CF6558F7984FD41F61803B
                            SHA-256:28F4E6F7FDE80AE412D364D33A1714826F9F53FF980D2926D13229B691978979
                            SHA-512:442FEBA01108124692A0F76ACA4868D5B7754C3527B9301AC0271DD5A379AF3675CE40B6C017310856D4CE700E3171B5EEA5EF89D5F8432EC3D6D27F48F2EEE8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+6) {. {-9223372036854775808 -21600 0 -06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+7

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.884164328721898
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDONedFkXGm2OHrXVYVe:SlSWB9X5yRSNwJm2OHriVe
                            MD5:723CE2E217F73927FE030E4E004C68B5
                            SHA1:40E46C8F3631298C3FFBF0DDC72E48E13A42A3F4
                            SHA-256:2D2B6A351501CB1023F45CE9B16B759D8971E45C2B8E1348A6935707925F0280
                            SHA-512:25E1C37047CD2411B6F986F30EC54B53A3D3841FD275D05732A0DF6C0718981F2343CEE77E241F347030244B22EC4A23FDEE077EB4D18BC1788F4E5AF4FDB804
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+7) {. {-9223372036854775808 -25200 0 -07}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+8

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.869188292977557
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOOFwFSXGm2OHmFvGRvn:SlSWB9X5yRSqwTm2OHaOJ
                            MD5:A94A70486CE0942B538D855647EDFE78
                            SHA1:1A20872C6D577DB332F0A536695CE677BC28F294
                            SHA-256:9CF2C86CC6173F19E0DA78CCA46C302469AB5C01752DCEA6A20DC151E2D980CC
                            SHA-512:3B6456D217A08A6DBAC0DB296384F4DED803F080FD5C0FD1527535D85397351C67B3D2BEDF8C4E2FEFD5C0B9297A8DA938CF855CDAA2BB902498B15E75A0F776
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+8) {. {-9223372036854775808 -28800 0 -08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT+9

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.912907908622555
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDOwcXGm2OHNmuvn:SlSWB9X5yRSwTm2OHNmuv
                            MD5:821C0743B99BBD9B672D1B1606B2DADD
                            SHA1:152C09F6E8079A4036BA8316BE3E739D2ECE674B
                            SHA-256:532D16E2CDBE8E547F54DC22B521153D2215E8B6653336A36F045E0D338B0D1B
                            SHA-512:CCFC5BC6246B4C9EF77081E79F0A0B1DACC79449388AD08F38912E857E77E12824835C447F769A2C9C707C7E6353010A9907CDF3468A94263CF2B21FC1BF4710
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT+9) {. {-9223372036854775808 -32400 0 -09}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-0

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):154
                            Entropy (8bit):4.849103265985896
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRDIyHp8RDMvn:SlSWB9IZaM3yF4FVAIgJtyRUyJ8RQvn
                            MD5:FA608B6E2F9D0E64D2DF81B277D40E35
                            SHA1:55A7735ACCF6A759D2069388B2943323E23EE56D
                            SHA-256:48A929080C1E7C901246DC83A7A7F87396EAF9D982659460BF33A85B4C3FAE64
                            SHA-512:35A8899B7084E85165886B07B6DD553745558EAF4297F702829A08BF71E5AA18790F0D02229093FA42515C97A1DDA7292F4D019DDB1251370D9896E94738D32A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT-0) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-1

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):110
                            Entropy (8bit):4.936514686189307
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDI4cXGm2OHMKUbvn:SlSWB9X5yRU4Tm2OHtUbv
                            MD5:CCC4BDA6EDA4933FB64F329E83EB6118
                            SHA1:7C1B47D376966451540B4D095D16973763A73A73
                            SHA-256:A82AA68616ADEB647456EA641587D76981888B3A022C98EA11302D458295A4FA
                            SHA-512:ACC3DF6AA6025B45F06326062B2F0803BB6FD97AAAEBB276731E5DC5C496731C0853D54B2A4476A4A2EC2DD4FFDF69D78255FC8BCAB2412CE86925A94CE0559D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-1) {. {-9223372036854775808 3600 0 +01}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-10

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.919647975606158
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDINFedFkXGm2OHMUUJv:SlSWB9X5yRUNCm2OHXQ
                            MD5:566FBA546E6B7668830D1812659AE671
                            SHA1:EF3AF5CE0BB944973D5B2DCC872903F0C3B7F0FF
                            SHA-256:962E810E02BAE087AD969FEB91C07F2CBB868D09E1BA4A453EB4773F7897157A
                            SHA-512:F42BB5ACDE563A8A875D7B3F1C10CE9A5CE7E52FA9EF2D14BDA2C45BCD5A6D9B44227D079853551BAA13EAED32F4CA3C34BAD88E616B528DEF7DFAE7F42929CB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-10) {. {-9223372036854775808 36000 0 +10}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-11

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.958847614227257
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIVEXGm2OHlVVmv:SlSWB9X5yRUVLm2OHlVAv
                            MD5:02F46CC589D114C57B5687A703EB11C6
                            SHA1:5199683CC7E5D18ED686B44E94FB72EA8C978A9A
                            SHA-256:B1BEE376A0CBEA180391835DB97F8EB32873B2B58AD1AA1098E79FAC357799C5
                            SHA-512:A0CDDCD3208D096712868FED0557CDF5FEC5E9FA5FB25864129D2A9047BCD1AFAA8270C1E41368D32DE2A7B1B66157BDCFC17F8CDF3EF6A9F0C74B42814B096F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-11) {. {-9223372036854775808 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-12

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.934250404386511
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIjWkXGm2OHwvv0UIvYv:SlSWB9X5yRUjCm2OHwvv0a
                            MD5:F6AF5C34BDE9FFF73F8B9631C0173EE9
                            SHA1:A717214203F4B4952AE12374AE78992084CD5A61
                            SHA-256:622E51EE9D4601DB90818F4B8E324F790F4D2405D66B899FC018A41E00473C0F
                            SHA-512:0B898328A19DA7FE1BD2FB161EF1511684B569E4262C8149A789855C6F86C84360BC9E6BF82BC571BD7C585A30E0658560029FCC7C3C180BC0D2EA1872860753
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-12) {. {-9223372036854775808 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-13

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.951215891260531
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIsXGm2OH1dNv74v:SlSWB9X5yRUjm2OHmv
                            MD5:B505D6A064B6D976BD1BDE61AE937F1C
                            SHA1:DBA0EA8DCCB50CC999397129369A340CA8A4C5B5
                            SHA-256:EF28D4D6DAFE3AB08BE1CE9C32FAF7BF8F750332DF0D39314131F88DF463DFAC
                            SHA-512:86A4CA670FBFFF95C9B22DA4E8957A4BE8A805457032AF47BDF08B5047881F692D665BEF8A76045EF50587149EDD52C8994A19CEE9675A3D12939D9CB9DE4649
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-13) {. {-9223372036854775808 46800 0 +13}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-14

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):112
                            Entropy (8bit):4.946259136243175
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIxmcXGm2OH0FVtQCn:SlSWB9X5yRUxmTm2OH8Jn
                            MD5:6BD2D15FA9AAF7F44D88BED0F6C969F3
                            SHA1:3080291F9C9C9422995583175C560338F626E4CD
                            SHA-256:748D443DA743D385497A43198A114BD8349310494ECC85F47D39745D53F6E291
                            SHA-512:651983293BAD1EDE1211EEAA3CAA28C73F84FFE2B8554CF198DF014BEF6B7413C4C49C3080FC73430804ECCA3D2BDB316B6B735B72E7BA3525B330E6A5352715
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-14) {. {-9223372036854775808 50400 0 +14}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-2

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):110
                            Entropy (8bit):4.8751066179878215
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDInHkXGm2OH/VXCYvn:SlSWB9X5yRUnLm2OH/VSC
                            MD5:DAE7D42076F09E2E2A51A58CC253837D
                            SHA1:44C587A71AE31A7424E0F2B005D11F9E0B463E80
                            SHA-256:9D0D3FAD960E9EBF599218213F3AE8A22766B6CB15C8CDBC7ABD8A3FFD75C29A
                            SHA-512:CEE724EEC6EC86FB417CD4D06B3FC17A404953CCE8740A03B024C05C0436340D9B056F3F1B2706284F57CC49FA229EE311D088AFE3D65F0BF946B0A18282ED46
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-2) {. {-9223372036854775808 7200 0 +02}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-3

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.903159871492102
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIYdSXGm2OHkNsWYAvn:SlSWB9X5yRUGJm2OHkKWYAv
                            MD5:3CABCADD8398567F6489C263BF55CA89
                            SHA1:0981F225619E92D4B76ECB2C6D186156E46DA63D
                            SHA-256:74EEBD9C48312D68DC5E54B843FACF3DB869E214D37214F1096AF1D6ECF6D9AF
                            SHA-512:1FF86CFDAA407D7EFD0B0DBC32FC8ED03DAADF6D0D83463B4C6DA97B4B8D77FC381C4C140168AA06FA9A5444DDADBB39DBD8F22E4570EE86F2F7608AAFB0C7FC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-3) {. {-9223372036854775808 10800 0 +03}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-4

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.92687099262498
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIbSXGm2OHkVsRYvC:SlSWB9X5yRUtm2OHkSQC
                            MD5:C157F79ADE92A69E46472EA921E1370F
                            SHA1:4B9E5AFA769D5BDF3FDF05BC24A6A632C6D86ECB
                            SHA-256:0606FBAB9374A74D4B2ED17DD04D9DCED7131768CCF673C5C3B739727743383F
                            SHA-512:B6814282465ABF4DF31341306050F11ECAAFC5915C420A8E7F8D787E66308C58FF7C348D6CBDB4064C346800564000C7C763BDD01CB8CE3A8A81550F65C9A74C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-4) {. {-9223372036854775808 14400 0 +04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-5

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.91086034871979
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDI7wkXGm2OHM0VQL:SlSWB9X5yRU7Em2OHnVQL
                            MD5:AF742680C5A3BA5981DD7F0646EF6CCA
                            SHA1:0753749D4636D561A8942BB1641BDBCC42349A9B
                            SHA-256:5E2D90AF8A161D47F30E1C4A0F5E1CAB5E9F24201557864A02D3009B1ECFEDE0
                            SHA-512:9B738675FC02613929BF90A7C78DD632AB782D20B5E660578AB590858D22BCD79E5AFB191D41E9DF94E2E586B5D2A163AB7D8364A02A5DE60E5B838F8B85D2FD
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-5) {. {-9223372036854775808 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-6

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.930155028450208
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIgwcXGm2OHETNSTL:SlSWB9X5yRUgwTm2OHETMn
                            MD5:298F4671F470C4628B3174D5D1D0608D
                            SHA1:5626202FB7186B4555C03F94CEE38AD0FAB81F40
                            SHA-256:19760989015244E4F39AC12C07E6665038AE08282DAF8D6DB0BB5E2F642C922D
                            SHA-512:F81B901249D3FAED3805471F256F55463A7A2FC8CB612FF95E698D63F9609D5D1B3B57DD87021C5DD809D971709EC3831351D54E971E25643B67161E9EAD5E25
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-6) {. {-9223372036854775808 21600 0 +06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-7

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.883134479361256
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIu/kXGm2OHAXUVSYvC:SlSWB9X5yRUuTm2OHAXUVSYvC
                            MD5:2317D02708980D7F17B1A4BDE971D15F
                            SHA1:2E78CDE3608F6B03DEB534D14D069D3D89DE85EF
                            SHA-256:0BF01EEEBAA49CE9859C2A5835C6A826B158A7BC3B14C473FBB0167ABA9EA4B9
                            SHA-512:21083EAEACD689FD07D458DB82BC2559445A1C558EB8BAF098B71CFD3A599BB756336F847CBE536648AF473E22E0000B2A8C44A45D0866994F03A78D4E841FC5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-7) {. {-9223372036854775808 25200 0 +07}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-8

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.8680235243759755
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIlEXGm2OHN/VsdYK:SlSWB9X5yRUlLm2OHUJ
                            MD5:B940D187558341DBF4D619248C13C7CA
                            SHA1:0C6B11AA9DBC0A395345F79B4B7325FBE870A414
                            SHA-256:DAB4C0E14D2850BF917C5891E864834CA4BFD38D5470F119F529582976551862
                            SHA-512:042176822D8BFD72FFC0727176596430B656E4986636E9869F883B7078389F936EFA8CCFA9BA7ED0963899BD7D134DB9CD25F24C42040781CC37F2701D0CA28A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-8) {. {-9223372036854775808 28800 0 +08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT-9

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):111
                            Entropy (8bit):4.91213701043219
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRDIedSXGm2OHENScCC:SlSWB9X5yRUwJm2OHsScCC
                            MD5:DD58339761ECF5503A48267CFD8E3837
                            SHA1:B58511A80448D74B38365EA537BBE0D21956F0E2
                            SHA-256:383EFE43E20963058BFCD852813BDA3FCCC0B4A7AC26317E621589B4C97C1B90
                            SHA-512:C865244051882FD141D369435CFEED0A1E1D254C0313C1EFE55F5AF72412BE11F2B76484170B94BC4E9FCC0D2EEC373D523732FF7945999717D5827FCE68F54F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/GMT-9) {. {-9223372036854775808 32400 0 +09}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\GMT0

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):153
                            Entropy (8bit):4.836974611939794
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRDVMFHp8RDMvn:SlSWB9IZaM3yF4FVAIgJtyRC1p8RQvn
                            MD5:BE8C5C3B3DACB97FADEB5444976AF56A
                            SHA1:A0464B66E70A1AF7963D2BE7BC1D88E5842EC99A
                            SHA-256:89F4624DC69DE64B7AF9339FE17136A88A0C28F5F300575540F8953B4A621451
                            SHA-512:A0E11D9DF5AD2C14A012E82F24298921780E091EEDD680535658F9CD1337A4103BA0676DF9B58865DD7D2CFA96AEED7BF786B88786FAF31B06713D61B4C0308A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/GMT0) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\Greenwich

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):158
                            Entropy (8bit):4.862741414606617
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtyRp+FB5yRDMvn:SlSWB9IZaM3yF4FVAIgJtyRp6BURQvn
                            MD5:2DADDAD47A64889162132E8DA0FFF54F
                            SHA1:EC213743939D699A4EE4846E582B236F8C18CB29
                            SHA-256:937970A93C2EB2D73684B644E671ACA5698BCB228810CC9CF15058D555347F43
                            SHA-512:CA8C45BA5C1AF2F9C33D6E35913CED14B43A7AA37300928F14DEF8CB5E7D56B58968B9EE219A0ACCB4C17C52F0FBD80BD1018EF5426C137628429C7DAA41ACA2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Etc/Greenwich) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\UCT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):105
                            Entropy (8bit):4.857741203314798
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yR5FkXGm2OHv1CCn:SlSWB9X5yRHm2OHNLn
                            MD5:415F102602AFB6F9E9F2B58849A32CC9
                            SHA1:002C7D99EBAA57E8599090CFBF39B8BEAABE4635
                            SHA-256:549D4CC4336D35143A55A09C96FB9A36227F812CA070B2468BD3BB6BB4F1E58F
                            SHA-512:6CA28E71F941D714F3AACA619D0F4FEEF5C35514E05953807C225DF976648F257D835B59A03991D009F738C6FD94EB50B4ECA45A011E63AFDCA537FBAC2B6D1B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UCT) {. {-9223372036854775808 0 0 UCT}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\UTC

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):105
                            Entropy (8bit):4.857741203314798
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5yRF3dFkXGm2OHvr:SlSWB9X5yR9dJm2OHj
                            MD5:6343442DDDC19AF39CADD82AC1DDA9BD
                            SHA1:9D20B726C012F14D99E701A69C60F81CB33E9DA6
                            SHA-256:48B88EED5EF95011F41F5CA7DF48B6C71BED711B079E1132B2C1CD538947EF64
                            SHA-512:4CFED8C80D9BC2A75D4659A14F22A507CF55D3DCC88318025BCB8C99AE7909CAF1F11B1ADC363EF007520BF09473CB68357644E41A9BBDAF9DB0B0A44ECC4FBF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Etc/UTC) {. {-9223372036854775808 0 0 UTC}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\Universal

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):158
                            Entropy (8bit):4.825049978035721
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLyRYzXDJMFfh8RFu:SlSWB9IZaM3yzUFVAIgBLyRY7VMr8RI
                            MD5:7BE0766999E671DDD5033A61A8D84683
                            SHA1:D2D3101E78919EB5FE324FFC85503A25CFD725E0
                            SHA-256:90B776CF712B8FE4EEC587410C69A0EC27417E79006132A20288A9E3AC5BE896
                            SHA-512:A4CA58CD4DC09393BBE3C43D0B5E851DEBEEDC0C5CEC7DCED4D24C14796FD336D5607B33296985BD14E7660DCE5C85C0FB625B2F1AD9AC10F1631A76ECEB04B8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Etc/Universal) $TZData(:Etc/UTC).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Etc\Zulu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):153
                            Entropy (8bit):4.824450775594084
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLyRaQEBURFu:SlSWB9IZaM3yzUFVAIgBLyRYaRI
                            MD5:64ED445C4272D11C85BD2CFC695F180F
                            SHA1:EDE76B52D3EEBCC75C50E17C053009A453D60D42
                            SHA-256:A68D32DA2214B81D1C0C318A5C77975DE7C4E184CB4D60F07858920B11D065FE
                            SHA-512:4CE8FC2B7C389BD2058CE77CD7234D4EA3F81F40204C9190BF0FB6AA693FB40D0638BFB0EB0D9FA20CB88804B73F6EE8202439C1F553B1293C6D2E5964216A1D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Etc/Zulu) $TZData(:Etc/UTC).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Amsterdam

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8792
                            Entropy (8bit):3.8152682180965747
                            Encrypted:false
                            SSDEEP:96:nK5UUH6mek6EvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVab:K5VfSTRNH4Mn82rlo6XIZ9ALeBO
                            MD5:C107BB0AC411789418982B201FF1F857
                            SHA1:71691B3E9FCC3503943BAFD872A881C1F1EE8451
                            SHA-256:2794B605AE149FFB58D88508A663BB54034FD542BF14B56DAE62801971612F5B
                            SHA-512:BFC79B3245526ED54615F613D3158DC4CF44DAF3DB758DBA65977EC91263CEFFA628D36E7CA536E140AF727EC321D9047C36D56303718D1EC5B49F5A8BCAE2E9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Amsterdam) {. {-9223372036854775808 1172 0 LMT}. {-4260212372 1172 0 AMT}. {-1693700372 4772 1 NST}. {-1680484772 1172 0 AMT}. {-1663453172 4772 1 NST}. {-1650147572 1172 0 AMT}. {-1633213172 4772 1 NST}. {-1617488372 1172 0 AMT}. {-1601158772 4772 1 NST}. {-1586038772 1172 0 AMT}. {-1569709172 4772 1 NST}. {-1554589172 1172 0 AMT}. {-1538259572 4772 1 NST}. {-1523139572 1172 0 AMT}. {-1507501172 4772 1 NST}. {-1490566772 1172 0 AMT}. {-1470176372 4772 1 NST}. {-1459117172 1172 0 AMT}. {-1443997172 4772 1 NST}. {-1427667572 1172 0 AMT}. {-1406672372 4772 1 NST}. {-1396217972 1172 0 AMT}. {-1376950772 4772 1 NST}. {-1364768372 1172 0 AMT}. {-1345414772 4772 1 NST}. {-1333318772 1172 0 AMT}. {-1313792372 4772 1 NST}. {-1301264372 1172 0 AMT}. {-1282256372 4772 1 NST}. {-1269814772 1172 0 AMT}. {-1250720372 4772 1 NST}. {-123836517

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Andorra

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6690
                            Entropy (8bit):3.730744509734253
                            Encrypted:false
                            SSDEEP:96:u7rRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:uXRNH4Mn82rlo6XIZ9ALeBO
                            MD5:13F10BC59FB9DBA47750CA0B3BFA25E9
                            SHA1:992E50F4111D55FEBE3CF8600F0B714E22DD2B16
                            SHA-256:E4F684F28AD24B60E21707820C40A99E83431A312D26E6093A198CB344C249DC
                            SHA-512:DA5255BDE684BE2C306C6782A61DE38BFCF9CFF5FD117EBDE5EF364A5ED76B5AB88E6F7E08337EEB2CEC9CB03238D9592941BDAA01DFB061F21085D386451AFA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Andorra) {. {-9223372036854775808 364 0 LMT}. {-2177453164 0 0 WET}. {-733881600 3600 0 CET}. {481078800 7200 0 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}. {749005200 3600 0 CET}. {764730000 7200 1 CEST}. {780454800 3600 0 CET}. {796179600 7200 1 CEST}. {811904400 3600 0 CET}. {828234000 7200 1 CEST}. {846378000 3600 0 CET}. {859683600 7200 1 CEST}. {877827600 3600 0 CET}. {891133200 7200 1 CEST}. {909277200 3600 0 CET}. {922582800 7200 1 CEST}. {941331600 3600 0 CET}. {9540

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Astrakhan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1992
                            Entropy (8bit):3.5867428099003957
                            Encrypted:false
                            SSDEEP:24:ce0exLWtjS+OVkb/cXODnOwUDOS5u8OimFeb/ROHc9qOYNkw/O2blbEUhtCUH9mt:iDTZVemFLN7NBx333+ix6b0JiGef
                            MD5:103F48F9DDAC5D94F2BECDA949DE5E50
                            SHA1:0582454439DD4E8D69E7E8EE9B8A3F041F062E89
                            SHA-256:823A0A0DBA01D9B34794EB276F9ABB9D2EC1E60660B20EAA2BA097884E3934F2
                            SHA-512:7419A8F5CF49BE76D7CD7D070FF4467CED851EC76E38A07BD590ED64B96DA446968195096DE2F8298C448778E0A40CAE717C8F234CCDBDF5C3C21B7D056EA4C1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Astrakhan) {. {-9223372036854775808 11532 0 LMT}. {-1441249932 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {7961724

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Athens

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7686
                            Entropy (8bit):3.635151038354021
                            Encrypted:false
                            SSDEEP:96:JAK3+9wAuy+Hk+PVqVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2l:JAKOK1XPzh2kNU4tB715pyzHy1gA
                            MD5:D64695F05822EF0DF9E3762A1BC440A0
                            SHA1:F17F03CFD908753E28F2C67D2C8649B8E24C35F7
                            SHA-256:118289C1754C06024B36AE81FEE96603D182CB3B8D0FE0A7FD16AD34DB81374D
                            SHA-512:3C5BDE2004D6499B46D9BAB8DBFDCC1FC2A729EEA4635D8C6CB4279AEE9B5655CE93D2E3F09B3E7295468007FFB5BE6FEC5429501E8FB4D3C2BCC05177C2158A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Athens) {. {-9223372036854775808 5692 0 LMT}. {-2344642492 5692 0 AMT}. {-1686101632 7200 0 EET}. {-1182996000 10800 1 EEST}. {-1178161200 7200 0 EET}. {-906861600 10800 1 EEST}. {-904878000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844477200 7200 1 CEST}. {-828237600 3600 0 CET}. {-812422800 7200 0 EET}. {-552362400 10800 1 EEST}. {-541652400 7200 0 EET}. {166485600 10800 1 EEST}. {186184800 7200 0 EET}. {198028800 10800 1 EEST}. {213753600 7200 0 EET}. {228873600 10800 1 EEST}. {244080000 7200 0 EET}. {260323200 10800 1 EEST}. {275446800 7200 0 EET}. {291798000 10800 1 EEST}. {307407600 7200 0 EET}. {323388000 10800 1 EEST}. {338936400 7200 0 EET}. {347148000 7200 0 EET}. {354675600 10800 1 EEST}. {370400400 7200 0 EET}. {386125200 10800 1 EEST}. {401850000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {4490

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Belfast

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.827362756219521
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQahs3QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUy70U
                            MD5:19134F27463DEDF7E25BC72E031B856F
                            SHA1:40D9E60D26C592ED79747D1253A9094FCDE5FD33
                            SHA-256:5D31D69F259B5B2DFE016EB1B2B811BD51A1ED93011CBB34D2CF65E4806EB819
                            SHA-512:B80202194A9D547AEC3B845D267736D831FB7E720E171265AC3F0074C8B511518952BF686A235E6DDEFC11752C3BD8A48A184930879B68980AC60E9FAECBFB44
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Belfast) $TZData(:Europe/London).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Belgrade

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7059
                            Entropy (8bit):3.733102701717456
                            Encrypted:false
                            SSDEEP:96:TX6TRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:TWRNH4Mn82rlo6XIZ9ALeBO
                            MD5:841E21EED6229503BF41A858601453B0
                            SHA1:6F5632B23F2C710106211FBCD2C17DC40B026BFB
                            SHA-256:813B4B4F13401D4F92B0F08FC1540936CCFF91EFD8B8D1A2C5429B23715C2748
                            SHA-512:85863B12F17A4F7FAC14DF4D3AB50CE33C7232A519F7F10CC521AC0F695CD645857BD0807F0A9B45C169DD7C1240E026C567B35D1D157EE3DB3C80A57063E8FE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Belgrade) {. {-9223372036854775808 4920 0 LMT}. {-2713915320 3600 0 CET}. {-905824800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-777942000 7200 1 CEST}. {-766623600 3600 0 CET}. {407199600 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CES

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Berlin

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7746
                            Entropy (8bit):3.733442486698092
                            Encrypted:false
                            SSDEEP:96:hgt67dAtcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAT:hiGRNH4Mn82rlo6XIZ9ALeBO
                            MD5:D1E45A4660E00A361729FCD7413361C1
                            SHA1:BCC709103D07748E909DD999A954DFF7034F065F
                            SHA-256:EAD23E3F58706F79584C1F3F9944A48670F428CACBE9A344A52E19B541AB4F66
                            SHA-512:E3A0E6B4FC80A8D0215C81E95F9D3F71C0D9371EE0F6B2B7E966744C42FC64055370D322918EEA2917BFBA07030629C4493ADA257F9BD9C9BF6AD3C4A7FB1E70
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Berlin) {. {-9223372036854775808 3208 0 LMT}. {-2422054408 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-776559600 10800 0 CEMT}. {-765936000 7200 1 CEST}. {-761180400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733273200 3600 0 CET}. {-717631200 7200 1 CEST}. {-714610800 10800 1 CEMT}. {-710380800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Bratislava

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):180
                            Entropy (8bit):4.89628096026481
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVtXrAevFVAIgoquXrELyQahcvEB5yQazXrY:SlSWB9IZaM3ymzbAevFVAIgozbELy7cY
                            MD5:7C0606BC846344D78A85B4C14CE85B95
                            SHA1:CEDFDC3C81E519413DDD634477533C89E8AF2E35
                            SHA-256:D7DF89C23D2803683FE3DB57BF326846C9B50E8685CCCF4230F24A5F4DC8E44E
                            SHA-512:8F07791DE5796B418FFD8945AE13BAB1C9842B8DDC073ED64E12EA8985619B93472C39DD44DA8FAEF5614F4E6B4A9D96E0F52B4ECA11B2CCA9806D2F8DDF2778
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Prague)]} {. LoadTimeZoneFile Europe/Prague.}.set TZData(:Europe/Bratislava) $TZData(:Europe/Prague).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Brussels

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8907
                            Entropy (8bit):3.75854119398076
                            Encrypted:false
                            SSDEEP:96:BMlf+jdXtSYv9HMn2vDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHL:BMQSY1RSTRNH4Mn82rlo6XIZ9ALeBO
                            MD5:FA802B103E8829C07AE7E05DE7F3CD1F
                            SHA1:46AFB26E3E9102F0544C5294DA67DC41E8B2E8FC
                            SHA-256:AEB5860C2F041842229353E3F83CC2FEBC9518B115F869128E94A1605FB4A759
                            SHA-512:488CE6B524071D2B72F8AD73C2DC00F5F4C1C3C93F91165BDA0BCCB2B2C644B792C4220B785E84835ABE81584FDC87A1DCDA7679A69318052C3854167CB43C61
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Brussels) {. {-9223372036854775808 1050 0 LMT}. {-2840141850 1050 0 BMT}. {-2450953050 0 0 WET}. {-1740355200 3600 0 CET}. {-1693702800 7200 0 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1613826000 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585530000 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301263200 0 0 WET}. {-1284328800 3600 1 WEST}. {-126

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Bucharest

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7706
                            Entropy (8bit):3.6365022673390808
                            Encrypted:false
                            SSDEEP:96:nQrdI+sYixX215VaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtk:nQrbEm1Oh2kNU4tB715pyzHy1gA
                            MD5:79AAB44507DD6D06FA673CA20D4CF223
                            SHA1:A2F1AA0E3F38EF24CD953C6B5E1EC29EA3EDB8C0
                            SHA-256:C40DC0C9EE5FFF9F329823325A71F3F38BE940F159E64E0B0CED27B280C1F318
                            SHA-512:BBEBB29FFD35A1F8B9D906795032976B3F69A0097ED7D764E3EB45574E66641C35F9006B3295FB090472FF5C09FC4D88D9249E924011A178EFB68D050AA6F871
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Bucharest) {. {-9223372036854775808 6264 0 LMT}. {-2469404664 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {296604000 10800 1 EEST}. {307486800 7200 0 EET}. {323816400 10800 1 EEST}. {338940000 7200 0 EET}. {354672000 10800 0 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Budapest

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7975
                            Entropy (8bit):3.7352769955376464
                            Encrypted:false
                            SSDEEP:96:ZpduGm56n0PcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQlth:ZpMypRNH4Mn82rlo6XIZ9ALeBO
                            MD5:25864F8E5372B8E45B71D08667ED093C
                            SHA1:83463D25C839782E2619CD5BE613DA1BD08ACBB5
                            SHA-256:EF5CF8C9B3CA3F772A9C757A2CC1D561E00CB277A58E43ED583A450BBA654BF1
                            SHA-512:0DAB3CA0C82AA80A4F9CC04C191BE180EB41CCF87ADB31F26068D1E6A3A2F121678252E36E387B589552E6F7BA965F7E3F4633F1FD066FC7849B1FD554F39EC7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Budapest) {. {-9223372036854775808 4580 0 LMT}. {-2500938980 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1640998800 3600 0 CET}. {-1633212000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1600466400 7200 1 CEST}. {-1581202800 3600 0 CET}. {-906771600 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-778471200 7200 1 CEST}. {-762660000 3600 0 CET}. {-749689200 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-686185200 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-621990000 7200 1 CEST}. {-605660400 3600 0 CET}. {-492656400 7200 1 CEST}. {-481168800 3600 0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Busingen

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.905738881351689
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVnCMPwVAIgoqkCMJW6yQahDZALMFB5h8Qa5CMP:SlSWB9IZaM3ym5XwVAIgo5Py7D17/8jH
                            MD5:811B7E0B0EDD151E52DF369B9017E7C0
                            SHA1:3C17D157A626F3AD7859BC0F667E0AB60E821D05
                            SHA-256:221C8BA73684ED7D8CD92978ED0A53A930500A2727621CE1ED96333787174E82
                            SHA-512:7F980E34BBCBC65BBF04526BF68684B3CE780611090392560569B414978709019D55F69368E98ADADC2C47116818A437D5C83F4E6CD40F4A1674D1CF90307CB5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Busingen) $TZData(:Europe/Zurich).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Chisinau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7824
                            Entropy (8bit):3.674889638637008
                            Encrypted:false
                            SSDEEP:96:J2rdkayurpKXlGYtXfVA6bN3E48WLCtSYxUFtj2DVXvR2YuXOZp+eiXGEsTVVHU:J2r6G81T9bN3E48GCujWYqK
                            MD5:92966EE642028D4C44C90F86CA1440AA
                            SHA1:95F286585FF3A880F2F909E82F4C22C8F1D12BE3
                            SHA-256:E92FFABF4705F93C2A4AD675555AEBC3C9418AC71EEB487AF0F7CD4EAB0431CE
                            SHA-512:1D6018C83CA5998C590448FE98C59F3FCD0D5D7688B679B7F3C82B6F3209F25323BB302BF847FCCBD950F08A79AF36CA83DBDD4DB8A3557A682152A6B731B663
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Chisinau) {. {-9223372036854775808 6920 0 LMT}. {-2840147720 6900 0 CMT}. {-1637114100 6264 0 BMT}. {-1213148664 7200 0 EET}. {-1187056800 10800 1 EEST}. {-1175479200 7200 0 EET}. {-1159754400 10800 1 EEST}. {-1144029600 7200 0 EET}. {-1127700000 10800 1 EEST}. {-1111975200 7200 0 EET}. {-1096250400 10800 1 EEST}. {-1080525600 7200 0 EET}. {-1064800800 10800 1 EEST}. {-1049076000 7200 0 EET}. {-1033351200 10800 1 EEST}. {-1017626400 7200 0 EET}. {-1001901600 10800 1 EEST}. {-986176800 7200 0 EET}. {-970452000 10800 1 EEST}. {-954727200 7200 0 EET}. {-927165600 10800 1 EEST}. {-898138800 7200 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-800154000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {4179

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Copenhagen

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7458
                            Entropy (8bit):3.736544358182077
                            Encrypted:false
                            SSDEEP:96:1Fpd6z8cRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyo:1FpoRNH4Mn82rlo6XIZ9ALeBO
                            MD5:8FBF425E5833012C0A6276222721A106
                            SHA1:78C5788ED4184A62E0E2986CC0F39EED3801AD76
                            SHA-256:D2D091740C425C72C46ADDC23799FC431B699B80D244E4BCD7F42E31C1238EEB
                            SHA-512:6DF08142EEBC7AF8A575DD7510B83DBD0E15DDA13801777684355937338CDA3D09E37527912F4EBBCC1B8758E3D65185E6006EB5C1349D1DC3AE7B6131105691
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Copenhagen) {. {-9223372036854775808 3020 0 LMT}. {-2524524620 3020 0 CMT}. {-2398294220 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680490800 3600 0 CET}. {-935110800 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-769388400 3600 0 CET}. {-747010800 7200 1 CEST}. {-736383600 3600 0 CET}. {-715215600 7200 1 CEST}. {-706748400 3600 0 CET}. {-683161200 7200 1 CEST}. {-675298800 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Dublin

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9452
                            Entropy (8bit):3.675115548319436
                            Encrypted:false
                            SSDEEP:192:fIfr7ZO/H8XKKRg3psTZ+wfAIt3/LIjzI9jJeK:fIHZO/Hk5RmpsT7/sjzI9jJeK
                            MD5:D9787AD03D1A020F01FFF1F9AB346C09
                            SHA1:C194A0A7F218ABBEB7DB53E3B2062DC349A8C739
                            SHA-256:E1DCBC878C8937FBE378033AEE6B0D8C72827BE3D9C094815BFA47AF92130792
                            SHA-512:4C596C9BDE55605381C9B6F90837BA8C9EA2992EBC7F3ACDC207CFAE7612E8B13415FD4962DC8D3FD2A75D98025D0E052B8B8486F6C31742D791C6A2C1D1827F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Dublin) {. {-9223372036854775808 -1500 0 LMT}. {-2821649700 -1521 0 DMT}. {-1691962479 2079 1 IST}. {-1680471279 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1517011200 0 0 IST}. {-1507500000 3600 1 IST}. {-1490565600 0 0 IST}. {-1473631200 3600 1 IST}. {-1460930400 0 0 IST}. {-1442786400 3600 1 IST}. {-1428876000 0 0 IST}. {-1410732000 3600 1 IST}. {-1396216800 0 0 IST}. {-1379282400 3600 1 IST}. {-1364767200 0 0 IST}. {-1348437600 3600 1 IST}. {-1333317600 0 0 IST}. {-1315778400 3600 1 IST}. {-1301263200 0 0 IST}. {-1284328800 3600 1 IST}. {-1269813600 0 0 IST}. {-1253484000 3600 1 IST}. {-1238364000 0 0 IST}. {-

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Gibraltar

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9181
                            Entropy (8bit):3.7982744899840535
                            Encrypted:false
                            SSDEEP:96:i2elBN44y3UKdDDMjEZtcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIV0:i44y1xZGRNH4Mn82rlo6XIZ9ALeBO
                            MD5:F8AEFE8F561ED7E1DC81117676F7D0E0
                            SHA1:1148176C2766B205B5D459A620D736B1D28283AA
                            SHA-256:FB771A01326E1756C4026365BEE44A6B0FEF3876BF5463EFAB7CF4B97BF87CFC
                            SHA-512:7C06CB215B920911E0DC9D24F0DD6E24DEC3D75FB2D0F175A9B4329304C9761FFFEE329DD797FF4343B41119397D7772D1D3DFC8F90C1DE205380DE463F42854
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Gibraltar) {. {-9223372036854775808 -1284 0 LMT}. {-2821649916 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Guernsey

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.830450830776494
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQakQAL/yQavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUyYL5
                            MD5:DC2B3CAC4AF70A61D0F4C53288CC8D11
                            SHA1:A423E06F88FDEED1960AF3C46A67F1CB9F293CAF
                            SHA-256:9CB6E6FEC9461F94897F0310BFC3682A1134E284A56C729E7F4BCE726C2E2380
                            SHA-512:8B455DA1D1A7AA1259E6E5A5CF90E62BA8073F769DCB8EB82503F2DFB70AA4539A688DC798880339A2722AA1871E8C8F16D8827064A2D7D8F2F232880359C78D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Guernsey) $TZData(:Europe/London).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Helsinki

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7120
                            Entropy (8bit):3.635790220811118
                            Encrypted:false
                            SSDEEP:96:wQbXHk+PVqVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ9A:w6XPzh2kNU4tB715pyzHy1gA
                            MD5:E7A6AA8962067EF71174CD5AE79A8624
                            SHA1:1250689DF0DFCCDD4B6B21C7867C4AA515D19ECD
                            SHA-256:5FDBE427BC604FAC03316FD08138F140841C8CF2537CDF4B4BB20F2A9DFC4ECB
                            SHA-512:5C590164499C4649D555F30054ECB5CF627CCCA8A9F94842328E90DD40477CADB1042D07EA4C368ABB7094D7A59A8C2EE7619E5B3458A0FAC066979B14AF44A6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Helsinki) {. {-9223372036854775808 5989 0 LMT}. {-2890258789 5989 0 HMT}. {-1535938789 7200 0 EET}. {-875671200 10800 1 EEST}. {-859773600 7200 0 EET}. {354672000 10800 1 EEST}. {370396800 7200 0 EET}. {386121600 10800 1 EEST}. {401846400 7200 0 EET}. {410220000 7200 0 EET}. {417574800 10800 1 EEST}. {433299600 7200 0 EET}. {449024400 10800 1 EEST}. {465354000 7200 0 EET}. {481078800 10800 1 EEST}. {496803600 7200 0 EET}. {512528400 10800 1 EEST}. {528253200 7200 0 EET}. {543978000 10800 1 EEST}. {559702800 7200 0 EET}. {575427600 10800 1 EEST}. {591152400 7200 0 EET}. {606877200 10800 1 EEST}. {622602000 7200 0 EET}. {638326800 10800 1 EEST}. {654656400 7200 0 EET}. {670381200 10800 1 EEST}. {686106000 7200 0 EET}. {701830800 10800 1 EEST}. {717555600 7200 0 EET}. {733280400 10800 1 EEST}. {749005200 7200 0 EET}. {764730000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Isle_of_Man

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.866592240835745
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQaqpfioxp8QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUycqO
                            MD5:9E18F66C32ADDDBCEDFE8A8B2135A0AC
                            SHA1:9D2DC5BE334B0C6AEA15A98624321D56F57C3CB1
                            SHA-256:6A03679D9748F4624078376D1FD05428ACD31E7CABBD31F4E38EBCCCF621C268
                            SHA-512:014BAD4EF0209026424BC68CBF3F5D2B22B325D61A4476F1E4F020E1EF9CD4B365213E01C7EC6D9D40FA422FE8FE0FADB1E4CBB7D46905499691A642D813A379
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Isle_of_Man) $TZData(:Europe/London).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Istanbul

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3974
                            Entropy (8bit):3.7140382290341214
                            Encrypted:false
                            SSDEEP:96:kICNapz9QnPPWDeP/vamdc2MKJ9k2gsh6YlnG:kuQnPo+CWJipP
                            MD5:5F2F14127F11060A57C53565A24CB8F8
                            SHA1:E79FC982C018CC7E3C29A956048ED3D0CFFE3311
                            SHA-256:EAD62B6D04AA7623B9DF94D41E04C9E30C7BA8EB2CE3504105A0496A66EB87AE
                            SHA-512:E709849DEF7F7CDAE3CA44F1939DF49D6FE5DE9C89F541343256FC0F7B9E55390AC496FF599D94B7F594D6BAE724AE4608A43F5870C18210525B061E801CC36B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Istanbul) {. {-9223372036854775808 6952 0 LMT}. {-2840147752 7016 0 IMT}. {-1869875816 7200 0 EET}. {-1693706400 10800 1 EEST}. {-1680490800 7200 0 EET}. {-1570413600 10800 1 EEST}. {-1552186800 7200 0 EET}. {-1538359200 10800 1 EEST}. {-1522551600 7200 0 EET}. {-1507514400 10800 1 EEST}. {-1490583600 7200 0 EET}. {-1440208800 10800 1 EEST}. {-1428030000 7200 0 EET}. {-1409709600 10800 1 EEST}. {-1396494000 7200 0 EET}. {-931140000 10800 1 EEST}. {-922762800 7200 0 EET}. {-917834400 10800 1 EEST}. {-892436400 7200 0 EET}. {-875844000 10800 1 EEST}. {-857358000 7200 0 EET}. {-781063200 10800 1 EEST}. {-764737200 7200 0 EET}. {-744343200 10800 1 EEST}. {-733806000 7200 0 EET}. {-716436000 10800 1 EEST}. {-701924400 7200 0 EET}. {-684986400 10800 1 EEST}. {-670474800 7200 0 EET}. {-654141600 10800 1 EEST}. {-639025200 7200 0 EET}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Jersey

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.831245786685746
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6yQap6cEBx/yQavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUyzO5
                            MD5:F43ABA235B8B98F5C64181ABD1CEEC3A
                            SHA1:A4A7D71ED148FBE53C2DF7497A89715EB24E84B7
                            SHA-256:8E97798BE473F535816D6D9307B85102C03CC860D3690FE59E0B7EEF94D62D54
                            SHA-512:B0E0FC97F08CB656E228353594FC907FC94A998859BB22648BF78043063932D0FC7282D31F63FCB79216218695B5DCDF298C37F0CB206160798CF3CA2C7598E1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:Europe/Jersey) $TZData(:Europe/London).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Kaliningrad

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2397
                            Entropy (8bit):3.8622541648513464
                            Encrypted:false
                            SSDEEP:48:cGv6a621nwJ2JoJrv0WvXlnDqVV0Qv3LEevBFoBGrjI9q1F008bBJd8:cGvt67yurvxXl6V/DYtX6
                            MD5:FE44AD99AF96A031D21D308B0E534928
                            SHA1:36A666585D0895155D31A6E5AFD6B7395C7334AA
                            SHA-256:0C65366AB59C4B8734DE0F69E7081269A367116363EB3863D16FB7184CCC5EB9
                            SHA-512:2789E8FC8FD73A0D3C915F5CBAD158D2A4995EE51607C4368F3AE1CC6418E93E204E4FCE6F796CDC60BB2E0ED8F79650DA4549C7663589B58E189D0D10F059C5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kaliningrad) {. {-9223372036854775808 4920 0 LMT}. {-2422056120 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 7200 0 CET}. {-778730400 10800 1 CEST}. {-762663600 7200 0 CET}. {-757389600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Kiev

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7202
                            Entropy (8bit):3.6738341956502953
                            Encrypted:false
                            SSDEEP:96:j/fE2JyurpyVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ2:j/fN8GHh2kNU4tB715pyzHy1gA
                            MD5:4E693AC10DD3FC66700A878B94D3701D
                            SHA1:692200B78A3EA482577D13BE5588FEB0BF94DF01
                            SHA-256:3AAC94E73BB4C803BBB4DE14826DAA0AC82BAE5C0841FD7C58B62A5C155C064D
                            SHA-512:9B68D418B98DDF855C257890376AEC300FC6024E08C85AF5CFFE70BE9AC39D75293C35D841DB8A7BE5574FD185D736F5CB72205531736A202D25305744A2DD15
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kiev) {. {-9223372036854775808 7324 0 LMT}. {-2840148124 7324 0 KMT}. {-1441159324 7200 0 EET}. {-1247536800 10800 0 MSK}. {-892522800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-825382800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {646786800 10800 1 EEST}. {686102400 7200 0 EET}. {701820000 10800 1 EEST}. {717541200 7200 0 EET}. {733269600 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Kirov

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1959
                            Entropy (8bit):3.5751912319178496
                            Encrypted:false
                            SSDEEP:24:c1e/5gjS+OVkb/cXODnOwUDOS5u8OimFeb/ROHc9qOYNkw/O2blbEUhtCUH9mUBR:dWDTZVemFLN7NBx333+ix6b0JiG1
                            MD5:249037A8019D3A5244DD59D8C3316403
                            SHA1:2DABDE83753CE65D1A2D3949FF9B94401A2DD8C3
                            SHA-256:5FE8535DD9A4729B68BF5EC178C6F978753A4A01BDC6F5529C2F8A3872B470D1
                            SHA-512:4180DE17FDDA1417DD24229F775DD45FDE99078E71F2A583E6629D022DCD1B30CEB1ABCEEC78286CAE286E8CBAFC5A7AB20464D53B8BE2615B4681302C05B120
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Kirov) {. {-9223372036854775808 11928 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {796172400 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Lisbon

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9471
                            Entropy (8bit):3.738653060534981
                            Encrypted:false
                            SSDEEP:192:1SgVSz+IZHX68PlXIFj544IrvfMsbxZTH7qwQ:1SYSz+IZHX68PlYFUM8xZTH7qwQ
                            MD5:AD82B05F966F0EAD5B2F4FD7B6D56718
                            SHA1:DE5A9BB8B0FCA79C38DD35905FF074503D5AAF13
                            SHA-256:EE61A08BED392B75FBE67666BDCF7CE26DFA570FC2D1DEC9FFEF51E5D8CD8DF7
                            SHA-512:68DC078090E2AF1EAF0150BBCF63E52E4675BF22E2FF6BBA4B4D0B244BFF23C73310A3E63365A4217B8466F2C2E7A4384D05D778F70513183B3A59016A55DDB0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Lisbon) {. {-9223372036854775808 -2205 0 LMT}. {-2713908195 -2205 0 LMT}. {-1830384000 0 0 WET}. {-1689555600 3600 1 WEST}. {-1677801600 0 0 WET}. {-1667437200 3600 1 WEST}. {-1647738000 0 0 WET}. {-1635814800 3600 1 WEST}. {-1616202000 0 0 WET}. {-1604365200 3600 1 WEST}. {-1584666000 0 0 WET}. {-1572742800 3600 1 WEST}. {-1553043600 0 0 WET}. {-1541206800 3600 1 WEST}. {-1521507600 0 0 WET}. {-1442451600 3600 1 WEST}. {-1426813200 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1221440400 3600 1 WEST}. {-1206925200 0 0 WET}. {-1191200400 3600 1 WEST}. {-1175475600 0 0 WET}. {-1127696400 3600 1 WEST}. {-1111971600 0 0 WET}. {-1096851600 3600 1 WEST}. {-1080522000

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Ljubljana

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.901869793666386
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQavPSJ5QahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vqm
                            MD5:5F2AEC41DECD9E26955876080C56B247
                            SHA1:4FDEC0926933AE5651DE095C519A2C4F9E567691
                            SHA-256:88146DA16536CCF587907511FB0EDF40E392E6F6A6EFAB38260D3345CF2832E1
                            SHA-512:B71B6C21071DED75B9B36D49EB5A779C5F74817FF070F70FEAB9E3E719E5F1937867547852052AA7BBAE8B842493FBC7DFAFD3AC47B70D36893541419DDB2D74
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Ljubljana) $TZData(:Europe/Belgrade).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\London

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9839
                            Entropy (8bit):3.737361476589814
                            Encrypted:false
                            SSDEEP:192:Gj4y1xZfvm8nKrhFs3XRnRaQqTLJaMt/VZ1R6Y+:GjPxZfvmgEhS3XRmau/VZ1R6Y+
                            MD5:2A53A87C26A5D2AF62ECAAD8CECBF0D7
                            SHA1:025D31C1D32F1100C1B00858929FD29B4E66E8F6
                            SHA-256:2A69A7C9A2EE3057EBDB2615DBE5CB08F5D334210449DC3E42EA88564C29583A
                            SHA-512:81EFA13E4AB30A9363E80EC1F464CC51F8DF3C492771494F3624844E074BA9B84FE50EF6C32F9467E6DAB41BD5159B492B752D0C97F3CB2F4B698C04E68C0255
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/London) {. {-9223372036854775808 -75 0 LMT}. {-3852662325 0 0 GMT}. {-1691964000 3600 1 BST}. {-1680472800 0 0 GMT}. {-1664143200 3600 1 BST}. {-1650146400 0 0 GMT}. {-1633903200 3600 1 BST}. {-1617487200 0 0 GMT}. {-1601848800 3600 1 BST}. {-1586037600 0 0 GMT}. {-1570399200 3600 1 BST}. {-1552168800 0 0 GMT}. {-1538344800 3600 1 BST}. {-1522533600 0 0 GMT}. {-1507500000 3600 1 BST}. {-1490565600 0 0 GMT}. {-1473631200 3600 1 BST}. {-1460930400 0 0 GMT}. {-1442786400 3600 1 BST}. {-1428876000 0 0 GMT}. {-1410732000 3600 1 BST}. {-1396216800 0 0 GMT}. {-1379282400 3600 1 BST}. {-1364767200 0 0 GMT}. {-1348437600 3600 1 BST}. {-1333317600 0 0 GMT}. {-1315778400 3600 1 BST}. {-1301263200 0 0 GMT}. {-1284328800 3600 1 BST}. {-1269813600 0 0 GMT}. {-1253484000 3600 1 BST}. {-1238364000 0 0 GMT}. {-1221429600 3600 1 BST}. {-120

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Luxembourg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8826
                            Entropy (8bit):3.7634145613638657
                            Encrypted:false
                            SSDEEP:96:TYt4c9+dcVhv9HMLftvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAr:0w2h1QSTRNH4Mn82rlo6XIZ9ALeBO
                            MD5:804A17ED0B32B9751C38110D28EB418B
                            SHA1:24235897E163D33970451C48C4260F6C10C56ADD
                            SHA-256:00E8152B3E5CD216E4FD8A992250C46E600E2AD773EEDDD87DAD31012BE55693
                            SHA-512:53AFDDE8D516CED5C6CF0A906DBF72AF09A62278D1FC4D5C1562BBCE853D322457A6346C3DE8F112FCF665102E19A2E677972E941D0C80D0AB7C8DD0B694628E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Luxembourg) {. {-9223372036854775808 1476 0 LMT}. {-2069713476 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1662343200 7200 1 CEST}. {-1650157200 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1612659600 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585519200 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552258800 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520550000 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490572800 0 0 WET}. {-1473642000 3600 1 WEST}. {-1459119600 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427673600 0 0 WET}. {-1411866000 3600 1 WEST}. {-1396224000 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301270400 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269813600 0 0 WET}. {-1253484000 3600 1 WEST}. {-

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Madrid

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8225
                            Entropy (8bit):3.745589534746728
                            Encrypted:false
                            SSDEEP:96:kHF0p8d9VPb/aKrwSSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVab:oNHzy8STRNH4Mn82rlo6XIZ9ALeBO
                            MD5:795CAAE9AECE3900DEA1F5EBD0ED668B
                            SHA1:61F1745E7B60E19F1286864B7A4285E8CCF11202
                            SHA-256:4BE326DD950DDAD6FB9C392A31CEED1CB1525D043F1F7C14332FEB226AEA1859
                            SHA-512:BBBABBE86A757D3EE9267128E7DA810346E74FD9CD3EF37192A831958FF0EDBBE47F14DA63669F6799056081D0365194E22D64D14B97490E4333504DFE22D151
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Madrid) {. {-9223372036854775808 -884 0 LMT}. {-2177452800 0 0 WET}. {-1631926800 3600 1 WEST}. {-1616889600 0 0 WET}. {-1601168400 3600 1 WEST}. {-1585353600 0 0 WET}. {-1442451600 3600 1 WEST}. {-1427673600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364774400 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333324800 0 0 WET}. {-1316390400 3600 1 WEST}. {-1301270400 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269820800 0 0 WET}. {-1026954000 3600 1 WEST}. {-1017619200 0 0 WET}. {-1001898000 3600 1 WEST}. {-999482400 7200 1 WEMT}. {-986090400 3600 1 WEST}. {-954115200 0 0 WET}. {-940208400 3600 0 CET}. {-873079200 7200 1 CEST}. {-862621200 3600 0 CET}. {-842839200 7200 1 CEST}. {-828320400 3600 0 CET}. {-811389600 7200 1 CEST}. {-796870800 3600 0 CET}. {-779940000 7200 1 CEST}. {-765421200 3600 0 CET}. {-748490400 7200 1 CEST}. {-733971600

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Malta

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8425
                            Entropy (8bit):3.728789296531475
                            Encrypted:false
                            SSDEEP:96:wqZKgpNc6sln3mcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZY:wChslJRNH4Mn82rlo6XIZ9ALeBO
                            MD5:5F73FCB70E5B27E540C1A5133F3B791C
                            SHA1:406A2FB6439A3532150D69E711F253665F000B3C
                            SHA-256:5E3BB07FD3592163A756596A25060683CDA7930C7F4411A406B3E1506F9B901C
                            SHA-512:5263ABBE91D95BDD359B666BCDDAA6B4C8B810E986B9A94A80AF2B28E48C9C949EC5D5F21158AD306F7AF5BB6A47408C9AA5C5BB6D0053A9B9DA89E76E126FB1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Malta) {. {-9223372036854775808 3484 0 LMT}. {-2403478684 3600 0 CET}. {-1690765200 7200 1 CEST}. {-1680487200 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1648951200 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616896800 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585533600 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555293600 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812588400 7200 1 CEST}. {-798073200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 CEST}. {-71715600 3600 0 CET}. {-50547600 7200 1 CEST}. {-40266000 3600 0 CET}

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Mariehamn

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.913470013356756
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV1AYKjGyVAIgoq2AYKjvCW6yQausWILMFJ8QarAYKa:SlSWB9IZaM3ymrAdjGyVAIgorAdjoyGK
                            MD5:CFB0DE2E11B8AF400537BD0EF493C004
                            SHA1:32E8FCB8571575E9DFE09A966F88C7D3EBCD183E
                            SHA-256:5F82A28F1FEE42693FD8F3795F8E0D7E8C15BADF1FD9EE4D45794C4C0F36108C
                            SHA-512:9E36B2EACA06F84D56D9A9A0A83C7C106D26A6A55CBAA696729F105600F5A0105F193899D5996C416EFAABC4649E91BA0ED90D38E8DF7B305C6D951A31C80718
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Helsinki)]} {. LoadTimeZoneFile Europe/Helsinki.}.set TZData(:Europe/Mariehamn) $TZData(:Europe/Helsinki).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Minsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2102
                            Entropy (8bit):3.8519171770148932
                            Encrypted:false
                            SSDEEP:48:K6ccjMsJ2JoJrZXnDqVV0Qv3LEevBFoBGrjI9q1F008bBJdO:PRjMAyurZX6V/DYtXE
                            MD5:E5ECB372FF8F5ED274597551ED2C35F0
                            SHA1:6792E2676C59F43B9F260AF2F33E4C2484E71D64
                            SHA-256:78A57D601978869FCAA2737BEC4FDAB72025BC5FDDF7188CCC89034FA767DA6C
                            SHA-512:261FFB4C7974C5F1C0AECA49D9B26F3BC2998C63CEF9CB168B1060E9EC12F7057DB5376128AFD8A31AF2CC9EF79577E96CD9863AA46AC330A5F057F72E43B7B9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Minsk) {. {-9223372036854775808 6616 0 LMT}. {-2840147416 6600 0 MMT}. {-1441158600 7200 0 EET}. {-1247536800 10800 0 MSK}. {-899780400 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-804646800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {670374000 7200 0 EEMMTT}. {670377600 10800 1 EEST}. {686102400 7200 0 EET}. {7018272

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Monaco

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8871
                            Entropy (8bit):3.7700564621466666
                            Encrypted:false
                            SSDEEP:96:2LCV8tXttpD72RXbvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHT/:eAYt+STRNH4Mn82rlo6XIZ9ALeBO
                            MD5:B2BA91B2CDD19E255B68EA35E033C061
                            SHA1:246E377E815FFC11BBAF898E952194FBEDAE9AA2
                            SHA-256:768E3D45DB560777C8E13ED9237956CFE8630D840683FAD065A2F6948FD797BE
                            SHA-512:607383524C478F1CB442679F6DE0964F8916EE1A8B0EF6806BDF7652E4520B0E842A611B432FB190C30C391180EA1867268BBBF6067310F70D5E72CB3E4D789F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Monaco) {. {-9223372036854775808 1772 0 LMT}. {-2486680172 561 0 PMT}. {-1855958961 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Moscow

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2347
                            Entropy (8bit):3.859849674605335
                            Encrypted:false
                            SSDEEP:24:cYedmnClAHEFFkebUe9OtUe9h7+UeGH3UeRUeIuUeKqCbUeaJJUevTkUetUeibEV:kmnAA4F7wxJ2JoJrprXn1CL9yLI0vjls
                            MD5:AB2CB4A38196852883272148B4A14085
                            SHA1:ED22233A615B775DB528053807858A0B69E9D4FB
                            SHA-256:D9814005CB99F2275A4356A8B226E16C7C823ADC940F3A7BBB909D4C01BF44E3
                            SHA-512:F2179FC1C15954FD7F7B824C5310183C96EDC630880E1C8C85DF4423ECC5994B8A9CA826745CC8BCA77945A36BCADAA87620C31FFBD40071438695A610EBF045
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Moscow) {. {-9223372036854775808 9017 0 LMT}. {-2840149817 9017 0 MMT}. {-1688265017 9079 0 MMT}. {-1656819079 12679 1 MST}. {-1641353479 9079 0 MMT}. {-1627965079 16279 1 MDST}. {-1618716679 12679 1 MST}. {-1596429079 16279 1 MDST}. {-1593820800 14400 0 MSD}. {-1589860800 10800 0 MSK}. {-1542427200 14400 1 MSD}. {-1539493200 18000 1 +05}. {-1525323600 14400 1 MSD}. {-1491188400 7200 0 EET}. {-1247536800 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Nicosia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.73570159193188
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq85GKLWVAIgNwMGKLG6yQatHefeWFKYGKL1:SlSWB9IZaM3yZdLWVAIgGMdL9y3HefeW
                            MD5:47C275C076A278CA8E1FF24E9E46CC22
                            SHA1:55992974C353552467C2B57E3955E4DD86BBFAD2
                            SHA-256:34B61E78EF15EA98C056C1AC8C6F1FA0AE87BD6BC85C58BE8DA44D017B2CA387
                            SHA-512:1F74FC0B452C0BE35360D1C9EC8347063E8480CA37BE893FD4FF7FC2279B7D0C0909A26763C7755DFB19BE9736340D3FB00D39E9F6BF23C1D2F0015372139847
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Nicosia)]} {. LoadTimeZoneFile Asia/Nicosia.}.set TZData(:Europe/Nicosia) $TZData(:Asia/Nicosia).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Oslo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7651
                            Entropy (8bit):3.7309855254369766
                            Encrypted:false
                            SSDEEP:96:aG6sT+cQJWxdocRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQt:abcQJWxd/RNH4Mn82rlo6XIZ9ALeBO
                            MD5:2A3F771DD9EAE2E9C1D8394C12C0ED71
                            SHA1:541DCF144EFFE2DFF27B81A50D245C7385CC0871
                            SHA-256:8DDFB0296622E0BFDBEF4D0C2B4EA2522DE26A16D05340DFECA320C0E7B2B1F7
                            SHA-512:E1526BD21E379F8B2285481E3E12C1CF775AE43E205D3E7E4A1906B87821D5E15B101B24463A055B6013879CD2777112C7F27B5C5220F280E3C48240367AA663
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Oslo) {. {-9223372036854775808 2580 0 LMT}. {-2366757780 3600 0 CET}. {-1691884800 7200 1 CEST}. {-1680573600 3600 0 CET}. {-927511200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 0 CEST}. {-765327600 3600 0 CET}. {-340844400 7200 1 CEST}. {-324514800 3600 0 CET}. {-308790000 7200 1 CEST}. {-293065200 3600 0 CET}. {-277340400 7200 1 CEST}. {-261615600 3600 0 CET}. {-245890800 7200 1 CEST}. {-230166000 3600 0 CET}. {-214441200 7200 1 CEST}. {-198716400 3600 0 CET}. {-182991600 7200 1 CEST}. {-166662000 3600 0 CET}. {-147913200 7200 1 CEST}. {-135212400 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {40185

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Paris

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8838
                            Entropy (8bit):3.7637328221887567
                            Encrypted:false
                            SSDEEP:96:1XV8tXttpD724lvDGwdSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIu:1FYtPSTRNH4Mn82rlo6XIZ9ALeBO
                            MD5:153CA0EF3813D91C5E23B34ADFE7A318
                            SHA1:F7F18CB34424A9B62172F00374853F1D4A89BEE4
                            SHA-256:092BF010A1CF3819B102C2A70340F4D67C87BE2E6A8154716241012B5DFABD88
                            SHA-512:E2D418D43D9DFD169238DDB0E790714D3B88D16398FA041A9646CB35F24EF79EE48DA4B6201E6A598E89D4C651F8A2FB9FB874B2010A51B3CD35A86767BAF4D2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Paris) {. {-9223372036854775808 561 0 LMT}. {-2486678901 561 0 PMT}. {-1855958901 0 0 WET}. {-1689814800 3600 1 WEST}. {-1680397200 0 0 WET}. {-1665363600 3600 1 WEST}. {-1648342800 0 0 WET}. {-1635123600 3600 1 WEST}. {-1616893200 0 0 WET}. {-1604278800 3600 1 WEST}. {-1585443600 0 0 WET}. {-1574038800 3600 1 WEST}. {-1552266000 0 0 WET}. {-1539997200 3600 1 WEST}. {-1520557200 0 0 WET}. {-1507510800 3600 1 WEST}. {-1490576400 0 0 WET}. {-1470618000 3600 1 WEST}. {-1459126800 0 0 WET}. {-1444006800 3600 1 WEST}. {-1427677200 0 0 WET}. {-1411952400 3600 1 WEST}. {-1396227600 0 0 WET}. {-1379293200 3600 1 WEST}. {-1364778000 0 0 WET}. {-1348448400 3600 1 WEST}. {-1333328400 0 0 WET}. {-1316394000 3600 1 WEST}. {-1301274000 0 0 WET}. {-1284339600 3600 1 WEST}. {-1269824400 0 0 WET}. {-1253494800 3600 1 WEST}. {-1238374800 0 0 W

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Podgorica

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.86256001696314
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQazKIGl1/yQahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vq7
                            MD5:4F430ECF91032E40457F2D2734887860
                            SHA1:D1C099523C34ED0BD48C24A511377B232548591D
                            SHA-256:F5AB2E253CA0AB7A9C905B720B19F713469877DE1874D5AF81A8F3E74BA17FC8
                            SHA-512:2E6E73076A18F1C6C8E89949899F81F232AE66FEB8FFA2A5CE5447FFF581A0D5E0E88DABEAA3C858CC5544C2AE9C6717E590E846CBFD58CEF3B7558F677334FB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Podgorica) $TZData(:Europe/Belgrade).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Prague

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7763
                            Entropy (8bit):3.7367850410615597
                            Encrypted:false
                            SSDEEP:96:3Nt6F3oxSscRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUE:3/xSTRNH4Mn82rlo6XIZ9ALeBO
                            MD5:D04290286789AB05490A7DE8569D80AB
                            SHA1:B65938E29CBFB65D253E041EE1CD92FE75C3C663
                            SHA-256:60494447C38C67E8173D4A9CDBA8D16AF90545FA83F3558DB8C9B7D0D052DD45
                            SHA-512:B0897CD4785D737B7C5E5CE717B55AEE8689F83105DDB8A0DA2B4977961124AFA5AF573D57AA4467E5DB68FC5F927D7B58AEE7280238392C5666CC090476EC91
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Prague) {. {-9223372036854775808 3464 0 LMT}. {-3786829064 3464 0 PMT}. {-2469401864 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-777862800 7200 0 CEST}. {-765327600 3600 0 CET}. {-746578800 7200 1 CEST}. {-733359600 3600 0 CET}. {-728517600 0 1 GMT}. {-721260000 0 0 CET}. {-716425200 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654217200 7200 1 CEST}. {-639010800 3600 0 CET}. {283993200 3600 0 CET}. {291776400 7200 1 CEST}. {307501200 3600 0 CET}. {323830800 7200 1 CEST}. {338

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Riga

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7400
                            Entropy (8bit):3.686652767751974
                            Encrypted:false
                            SSDEEP:96:A46YyurGXl6V/jfaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtk:AnGG160h2kNU4tB715pyzHy1gA
                            MD5:5F71EBD41FC26CA6FAA0A26CE83FA618
                            SHA1:0FC66EEB374A2930A7F6E2BB5B7D6C4FD00A258C
                            SHA-256:6F63E58F355EF6C4CF8F954E01544B0E152605A72B400C731E3100B422A567D0
                            SHA-512:20B730949A4967C49D259D4D00D8020579580F7FAA0278FBCEBDF8A8173BBF63846DDBF26FFFBBADB0FAF3FD0EB427DBB8CF18A4A80F7B023D2027CC952A773F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Riga) {. {-9223372036854775808 5794 0 LMT}. {-2840146594 5794 0 RMT}. {-1632008194 9394 1 LST}. {-1618702594 5794 0 RMT}. {-1601681794 9394 1 LST}. {-1597275394 5794 0 RMT}. {-1377308194 7200 0 EET}. {-928029600 10800 0 MSK}. {-899521200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-795834000 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Rome

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8511
                            Entropy (8bit):3.729257183076779
                            Encrypted:false
                            SSDEEP:96:YnZKupNc6XTWycRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQt:YVhiRNH4Mn82rlo6XIZ9ALeBO
                            MD5:3E209874EA8830B8436F897B0B7682B1
                            SHA1:FC9AB2212C10C25850ACE69DC3BE125FD0912092
                            SHA-256:626E7F8389382108E323B8447416BAC420A29442D852817024A39A97D556F365
                            SHA-512:24C1A7890E076C4D58426D62726BC21FA6F70F16B5E9797405B7404AACB1CB2FC283483018418EF0CEE43720838864E01427C60269D98866A48F35CAF0483EFA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Rome) {. {-9223372036854775808 2996 0 LMT}. {-3259097396 2996 0 RMT}. {-2403565200 3600 0 CET}. {-1690765200 7200 1 CEST}. {-1680487200 3600 0 CET}. {-1664758800 7200 1 CEST}. {-1648951200 3600 0 CET}. {-1635123600 7200 1 CEST}. {-1616896800 3600 0 CET}. {-1604278800 7200 1 CEST}. {-1585533600 3600 0 CET}. {-1571014800 7200 1 CEST}. {-1555293600 3600 0 CET}. {-932432400 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-830307600 7200 0 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-807152400 7200 0 CEST}. {-798073200 3600 0 CET}. {-781052400 7200 1 CEST}. {-766717200 3600 0 CET}. {-750898800 7200 1 CEST}. {-733359600 3600 0 CET}. {-719456400 7200 1 CEST}. {-701917200 3600 0 CET}. {-689209200 7200 1 CEST}. {-670460400 3600 0 CET}. {-114051600 7200 1 CEST}. {-103168800 3600 0 CET}. {-81997200 7200 1 C

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Samara

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2045
                            Entropy (8bit):3.5710319343050183
                            Encrypted:false
                            SSDEEP:24:cBesqgOjS+OVkb/cXODnOwUDOS5u8OimFeb/ROHc9qOYNkw/O2blbEUhtCUHiWnb:rdDTZVemFLN7NBx3BngyxJvqJ2FJ/jz
                            MD5:30271DF851CE290256FA0BE793F3A918
                            SHA1:307BF37BD5110537B023A648AAC41F86E3D34ACB
                            SHA-256:11400A62327FB9DEFB2D16EBD8E759F94C37EF4F12C49AC97DA2E5031FFA0079
                            SHA-512:3E86BDF258BA23AFF9E1BDCDFE7853D5413A589160F67AF7424CE014B7A77A948B8BF973EB02A0FFFE47D5D0EA4464D851DF294C04AF685C0AF7A0EB08DD9067
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Samara) {. {-9223372036854775808 12020 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +04}. {-1102305600 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 7200 0 +03}. {670377600 10800 1 +03}. {686102400 10800 0 +03}. {687916800 14400 0 +04}. {701820000 18000 1 +05}. {717544800 14400 0 +04}. {733269600 18000 1 +05}. {748994400

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\San_Marino

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.908962717024613
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVvjFwFVAIgoqsuCHRLyQawELDX7x/yQax9:SlSWB9IZaM3ymx5wFVAIgoxuCxLyt/yR
                            MD5:C50388AD7194924572FA470761DD09C7
                            SHA1:EF0A2223B06BE12EFE55EE72BF2C941B7BFB2FFE
                            SHA-256:7F89757BAE3C7AE59200DCEEEE5C38A7F74EBAA4AA949F54AFD5E9BB64B13123
                            SHA-512:0CE5FF2F839CD64A2C9A5AE6BBE122C91342AE44BDECDB9A3BA9F08578BC0B474BC0AF0E773868B273423289254909A38902B225A0092D048AC44BCF883AB4B0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/San_Marino) $TZData(:Europe/Rome).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Sarajevo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.890934294125181
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQawEX3GEaQahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vqa
                            MD5:5C12CEEDB17515260E2E143FB8F867F5
                            SHA1:51B9CDF922BFBA52BF2618B63435EC510DEAE423
                            SHA-256:7C45DFD5F016982F01589FD2D1BAF97898D5716951A4E08C3540A76E8D56CEB1
                            SHA-512:7A6B7FDFD6E5CFEB2D1AC136922304B0A65362E19307E0F1E20DBF48BED95A262FAC9CBCDB015C3C744D57118A85BD47A57636A05144430BF6707404F8E53E8C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Sarajevo) $TZData(:Europe/Belgrade).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Saratov

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1990
                            Entropy (8bit):3.5705804674707893
                            Encrypted:false
                            SSDEEP:24:cWe35gjS+OVkb/cXODnOwUDOS5u8OimFeb/ROHc9qOYNkwLUk+EUhtCUH9mUBU9R:qWDTZVemFLN70333+ix6b0JiGk
                            MD5:EEA55E1788265CCC7B3BDB775AF3DD38
                            SHA1:E327A5965114AB8BF6E479989E43786F0B74CFB1
                            SHA-256:0031D4DEC64866DEB1B5E566BB957F2C0E46E5751B31DF9C8A3DA1912AEC4CB2
                            SHA-512:21EF7D364814259F23319D4BC0E4F7F0653D35C1DD03D22ACD8E9A540EE8A9E651BEE22501E4150F6C74901AC2ED750CE08AAE0551DF5A44AB11FD4A3DB49D59
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Saratov) {. {-9223372036854775808 11058 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 10800 0 +04}. {575420400 14400 1 +04}. {591145200 10800 0 +03}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447600 10800 0 +03}. {796172400

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Simferopol

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2307
                            Entropy (8bit):3.8673720237532523
                            Encrypted:false
                            SSDEEP:48:wMxjIJJ2JoJrsyCmh7VloiIa0QM0ScfSblniT+CC:jjInyur/hUaKln
                            MD5:F745F2F2FDEA14C70EA27BA35D4E3051
                            SHA1:C4F01A629E6BAFB31F722FA65DC92B36D4E61E43
                            SHA-256:EAE97716107B2BF4A14A08DD6197E0542B6EE27C3E12C726FC5BAEF16A144165
                            SHA-512:0E32BE79C2576943D3CB684C2E25EE3970BE7F490FF8FD41BD897249EA560F280933B26B3FBB841C67915A3427CB009A1BFC3DACD70C4F77E33664104E32033E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Simferopol) {. {-9223372036854775808 8184 0 LMT}. {-2840148984 8160 0 SMT}. {-1441160160 7200 0 EET}. {-1247536800 10800 0 MSK}. {-888894000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-811645200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {646786800 7200 0 EET}. {694216800 7200 0 EET}. {701820000 10800 1 EEST}. {71754

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Skopje

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):182
                            Entropy (8bit):4.906520812033373
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQawOgpr8QahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vq3
                            MD5:BB062D4D5D6EA9BA172AC0555227A09C
                            SHA1:75CCA7F75CEB77BE5AFB02943917DB048051F396
                            SHA-256:51820E2C5938CEF89A6ED2114020BD32226EF92102645526352E1CB7995B7D0A
                            SHA-512:8C6AD79DD225C566D2D93606575A1BF8DECF091EDFEED1F10CB41C5464A6A9F1C15BEB4957D76BD1E03F5AE430319480A3FDACEF3116EA2AF0464427468BC855
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Skopje) $TZData(:Europe/Belgrade).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Sofia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7396
                            Entropy (8bit):3.6373782291014924
                            Encrypted:false
                            SSDEEP:96:8lAV/6vcBrYixX21/BVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykePG:8lAV/SEm1/mh2kNU4tB715pyzHy1gA
                            MD5:8B538BB68A7FF0EB541EB2716264BAD9
                            SHA1:49899F763786D4E7324CC5BAAECFEA87D5C4F6C7
                            SHA-256:9D60EF4DBA6D3802CDD25DC87E00413EC7F37777868C832A9E4963E8BCDB103C
                            SHA-512:AD8D75EE4A484050BB108577AE16E609358A9E4F31EA1649169B4A26C8348A502B4135FE3A282A2454799250C6EDF9E70B236BCF23E1F6540E123E39E81BBE41
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Sofia) {. {-9223372036854775808 5596 0 LMT}. {-2840146396 7016 0 IMT}. {-2369527016 7200 0 EET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-788922000 3600 0 CET}. {-781048800 7200 0 EET}. {291762000 10800 0 EEST}. {307576800 7200 0 EET}. {323816400 10800 1 EEST}. {339026400 7200 0 EET}. {355266000 10800 1 EEST}. {370393200 7200 0 EET}. {386715600 10800 1 EEST}. {401846400 7200 0 EET}. {417571200 10800 1 EEST}. {433296000 7200 0 EET}. {449020800 10800 1 EEST}. {465350400 7200 0 EET}. {481075200 10800 1 EEST}. {496800000 7200 0 EET}. {512524800 10800 1 EEST}. {528249600 7200 0 EET}. {543974400 10800 1 EEST}. {559699200 7200 0 EET}. {575424000 10800 1 EEST}. {591148800 7200 0 EET}. {606873600 10800 1 EEST}. {622598400 7200 0 EET}. {638323200 10

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Stockholm

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7058
                            Entropy (8bit):3.730067397634837
                            Encrypted:false
                            SSDEEP:96:K39ucRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:K3HRNH4Mn82rlo6XIZ9ALeBO
                            MD5:7F6C45358FC5E91125ACBDD46BBD93FE
                            SHA1:C07A80D3C136679751D64866B725CC390D73B750
                            SHA-256:119E9F7B1284462EB8E920E7216D1C219B09A73B323796BBF843346ECD71309A
                            SHA-512:585AE0B1DE1F5D31E45972169C831D837C19D05E21F65FAD3CB84BEF8270C31BF2F635FB803CB70C569FAC2C8AA6ABDE057943F4B51BF1D73B72695FE95ECFD2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Stockholm) {. {-9223372036854775808 4332 0 LMT}. {-2871681132 3614 0 SET}. {-2208992414 3600 0 CET}. {-1692496800 7200 1 CEST}. {-1680483600 3600 0 CET}. {315529200 3600 0 CET}. {323830800 7200 1 CEST}. {338950800 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Tallinn

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7295
                            Entropy (8bit):3.6772204206246193
                            Encrypted:false
                            SSDEEP:96:dcqDyurGXl6V/DraKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtk:e7GG16gh2kNU4tB715pyzHy1gA
                            MD5:981078CAEAA994DD0C088B8C4255018A
                            SHA1:5B5E542491FCCC80B04F6F3CA3BA76FEE35BC207
                            SHA-256:716CFFE58847E0084C904A01EF4230F63275660691A4BA54D0B80654E215CC8F
                            SHA-512:3010639D28C7363D0B787F84EF57EE30F457BD8A6A64AEDED1E813EB1AF0A8D85DA0A788C810509F932867F7361B338753CC9B79ACA95D2D32A77F7A8AA8BC9F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tallinn) {. {-9223372036854775808 5940 0 LMT}. {-2840146740 5940 0 TMT}. {-1638322740 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1593824400 5940 0 TMT}. {-1535938740 7200 0 EET}. {-927943200 10800 0 MSK}. {-892954800 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-797648400 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 10800 1 EEST}. {622598400 7200 0 EET}. {638

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Tirane

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7412
                            Entropy (8bit):3.7216700074911437
                            Encrypted:false
                            SSDEEP:96:6t1WXXRM8DAdRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQlth:6GXh9AdRNH4Mn82rlo6XIZ9ALeBO
                            MD5:872AB00046280F53657A47D41FBA5EFE
                            SHA1:311BF2342808BD9DC8AB2C2856A1F91F50CFB740
                            SHA-256:D02C2CD894AE4D3C2619A4249088A566B02517FA3BF65DEFAF4280C407E5B5B3
                            SHA-512:2FF901990FA8D6713D875F90FE611E54B35A2216C380E88D408C4FB5BD06916EE804DC6331C117C3AC643731BEADB5BDEDEA0F963B89FAEDB07CA3FFD0B3A535
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Tirane) {. {-9223372036854775808 4760 0 LMT}. {-1767230360 3600 0 CET}. {-932346000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-843519600 3600 0 CET}. {136854000 7200 1 CEST}. {149896800 3600 0 CET}. {168130800 7200 1 CEST}. {181432800 3600 0 CET}. {199839600 7200 1 CEST}. {213141600 3600 0 CET}. {231894000 7200 1 CEST}. {244591200 3600 0 CET}. {263257200 7200 1 CEST}. {276040800 3600 0 CET}. {294706800 7200 1 CEST}. {307490400 3600 0 CET}. {326156400 7200 1 CEST}. {339458400 3600 0 CET}. {357087600 7200 1 CEST}. {370389600 3600 0 CET}. {389142000 7200 1 CEST}. {402444000 3600 0 CET}. {419468400 7200 1 CEST}. {433807200 3600 0 CET}. {449622000 7200 1 CEST}. {457480800 7200 0 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Tiraspol

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.85845283098493
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV+NM/LpVAIgoq9NM/eO6yQa3MPgJM1p8QagNM/cn:SlSWB9IZaM3ymI6NVAIgoI6eFytM4M8g
                            MD5:743453106E8CD7AE48A2F575255AF700
                            SHA1:7CD6F6DCA61792B4B2CBF6645967B9349ECEACBE
                            SHA-256:C28078D4B42223871B7E1EB42EEB4E70EA0FED638288E9FDA5BB5F954D403AFB
                            SHA-512:458072C7660BEAFEB9AE5A2D3AEA6DA582574D80193C89F08A57B17033126E28A175F5B6E2990034660CAE3BC1E837F8312BC4AA365F426BD54588D0C5A12EB8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Chisinau)]} {. LoadTimeZoneFile Europe/Chisinau.}.set TZData(:Europe/Tiraspol) $TZData(:Europe/Chisinau).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Ulyanovsk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2046
                            Entropy (8bit):3.588329521363201
                            Encrypted:false
                            SSDEEP:24:cUeRgjS+OVkb/cXODnOwUDOS5u8OimFeb/ROHc9qOYNkw/O2blbEUhtCUHiWn0it:EWDTZVemFLN7NBx3Bnu3+ix6b0JiGef
                            MD5:E4394950F7838CD984172D68DA413486
                            SHA1:75F84A4C887463DE3F82C7F0339DD7D71871AA65
                            SHA-256:CB780BBC06F9268CE126461AF9B6539FF16964767A8763479099982214280896
                            SHA-512:7D0E3904300FDD3C4814E15A3C042F3E641BF56AF6867DA7580D1DAD8E07F5B4F0C0717A34E8336C0908D760EDCD48605C7B6BA06A5165BD2BD3AF0B68399C59
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Ulyanovsk) {. {-9223372036854775808 11616 0 LMT}. {-1593820800 10800 0 +03}. {-1247540400 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 18000 1 +05}. {591141600 14400 0 +04}. {606866400 10800 0 +04}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 7200 0 +03}. {670377600 10800 1 +03}. {686102400 7200 0 +02}. {695779200 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Uzhgorod

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7287
                            Entropy (8bit):3.681086026612126
                            Encrypted:false
                            SSDEEP:96:DptgbYyurZiVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ2:Dp4GZNh2kNU4tB715pyzHy1gA
                            MD5:E1088083B0D5570AF8FBE54A4C553AFB
                            SHA1:A6EC8636A0092737829B873C4879E9D4C1B0A288
                            SHA-256:19D87DB3DAB942037935FEC0A9A5E5FE24AFEB1E5F0F1922AF2AF2C2E186621D
                            SHA-512:C58AA37111AE29F85C9C3F1E52DB3C9B2E2DCEFBBB9ACA4C61AD9B00AA7F3A436E754D2285774E882614B16D5DB497ED370A06EE1AFC513579E1E5F1475CA160
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Uzhgorod) {. {-9223372036854775808 5352 0 LMT}. {-2500939752 3600 0 CET}. {-946774800 3600 0 CET}. {-938905200 7200 1 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796870800 7200 1 CEST}. {-794714400 3600 0 CET}. {-773456400 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {631141200 10800 0 MSK}. {646786800 3600 0 CET}. {670384800 7200 0 EET}. {694216800

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Vaduz

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.906311228352029
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVnCMPwVAIgoqkCMJW6yQa1NEHp8Qa5CMP:SlSWB9IZaM3ym5XwVAIgo5PyvNEJ8jH
                            MD5:C1817BA53C7CD6BF007A7D1E17FBDFF1
                            SHA1:C72DCD724E24BBE7C22F9279B05EE03924603348
                            SHA-256:E000C8E2A27AE8494DC462D486DC28DAFA502F644FC1540B7B6050EABE4712DC
                            SHA-512:E48C1E1E60233CEC648004B6441F4A49D18D07904F88670A6F9A3DACC3006F7D7CE4A9ACB6C9B6DB8F45CB324EA1BCF6CC3DA8C1FFB40A948BB2231AC4B57EEB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Zurich)]} {. LoadTimeZoneFile Europe/Zurich.}.set TZData(:Europe/Vaduz) $TZData(:Europe/Zurich).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Vatican

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):171
                            Entropy (8bit):4.8663121336740405
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVvjFwFVAIgoqsuCHRLyQa1xLM1p8Qax9:SlSWB9IZaM3ymx5wFVAIgoxuCxLyvN+a
                            MD5:0652C9CF19CCF5C8210330B22F200D47
                            SHA1:052121E14825CDF98422CAA2CDD20184F184A446
                            SHA-256:3BC0656B5B52E3C3C6B7BC5A53F9228AAFA3EB867982CFD9332B7988687D310B
                            SHA-512:1880524DCA926F4BFD1972E53D5FE616DE18E4A29E9796ABEAEE4D7CD10C6FE79C0D731B305BD4DAA6FC3917B286543D622F2291B76DABA231B9B22A784C7475
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Rome)]} {. LoadTimeZoneFile Europe/Rome.}.set TZData(:Europe/Vatican) $TZData(:Europe/Rome).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Vienna

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7659
                            Entropy (8bit):3.7322931990772257
                            Encrypted:false
                            SSDEEP:96:2ntWj6DmcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAT:2tWURNH4Mn82rlo6XIZ9ALeBO
                            MD5:E8D0D78179D1E9D738CEEC1D0D4943E5
                            SHA1:E0469B86F545FFFA81CE9694C96FE30F33F745DD
                            SHA-256:44FF42A100EA0EB448C3C00C375F1A53614B0B5D468ADF46F2E5EAFF44F7A64C
                            SHA-512:FACA076F44A64211400910E4A7CAD475DD24745ECCE2FE608DD47B0D5BB9221FF15B9D58A767A90FF8D25E0545C3E50B3E464FF80B1D23E934489420640F5C8A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vienna) {. {-9223372036854775808 3921 0 LMT}. {-2422055121 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618700400 3600 0 CET}. {-1577926800 3600 0 CET}. {-1569711600 7200 1 CEST}. {-1555801200 3600 0 CET}. {-938905200 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796777200 3600 0 CET}. {-781052400 7200 1 CEST}. {-780188400 3600 0 CET}. {-757386000 3600 0 CET}. {-748479600 7200 1 CEST}. {-733359600 3600 0 CET}. {-717634800 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {323823600 7200 1 CEST}. {338940000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Vilnius

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7233
                            Entropy (8bit):3.682695131194103
                            Encrypted:false
                            SSDEEP:96:/FsyurvxXl6V/DAOLl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtk:/fGJ16Oh2kNU4tB715pyzHy1gA
                            MD5:CF7967CD882413C1423CCD5A1EDC8B2E
                            SHA1:72F5F5D280530A67591FC0F88BF272E2975E173C
                            SHA-256:1E13055C7BF8D7469AFC28B0ED91171D203B382B62F78D140C1CB12CF968637C
                            SHA-512:777B7418FFB8DFE4E6A2B1057BB3CFF2358269044F0E5887260663790D0344BDFD8BF5C220987E30B2D8D391BB96C17C8C5EE86DA83EC4874F7EC3172477DFB6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Vilnius) {. {-9223372036854775808 6076 0 LMT}. {-2840146876 5040 0 WMT}. {-1672536240 5736 0 KMT}. {-1585100136 3600 0 CET}. {-1561251600 7200 0 EET}. {-1553565600 3600 0 CET}. {-928198800 10800 0 MSK}. {-900126000 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-802141200 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 7200 0 EEMMTT}. {606873600 10800 1 EEST}. {622598400 7200 0 EET}. {638

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Volgograd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2021
                            Entropy (8bit):3.5806689351967527
                            Encrypted:false
                            SSDEEP:24:cRecrebjS+OVkb/cXODnOwUDOS5u8OimFeb/ROHc9qOYNkwLUk+EUhtCUH9mUBUv:YenDTZVemFLN70333+ix6b0JiGE
                            MD5:DFC3D37284F1DCFE802539DB1E684399
                            SHA1:67778FFE4326B1391C3CFE991B3C84C1E9ACA2D2
                            SHA-256:AAFA26F7ED5733A2E45E77D67D7E4E521918CBDC19DAB5BA7774C60B9FDC203F
                            SHA-512:B5A63E363CF9814C6E530840D9BB5A78C36493BAD54060781BACDF10DFA8C95988081DE3364E56D3FDFDBB5A6489E549D8CB1C0B5D1C57F53A1B1915B291A0D9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Volgograd) {. {-9223372036854775808 10660 0 LMT}. {-1577761060 10800 0 +03}. {-1247540400 14400 0 +04}. {-256881600 14400 0 +05}. {354916800 18000 1 +05}. {370724400 14400 0 +04}. {386452800 18000 1 +05}. {402260400 14400 0 +04}. {417988800 18000 1 +05}. {433796400 14400 0 +04}. {449611200 18000 1 +05}. {465343200 14400 0 +04}. {481068000 18000 1 +05}. {496792800 14400 0 +04}. {512517600 18000 1 +05}. {528242400 14400 0 +04}. {543967200 18000 1 +05}. {559692000 14400 0 +04}. {575416800 10800 0 +04}. {575420400 14400 1 +04}. {591145200 10800 0 +03}. {606870000 14400 1 +04}. {622594800 10800 0 +03}. {638319600 14400 1 +04}. {654649200 10800 0 +03}. {670374000 14400 0 +04}. {701820000 10800 0 +04}. {701823600 14400 1 +04}. {717548400 10800 0 +03}. {733273200 14400 1 +04}. {748998000 10800 0 +03}. {764722800 14400 1 +04}. {780447

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Warsaw

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8366
                            Entropy (8bit):3.731361496484662
                            Encrypted:false
                            SSDEEP:96:uOZMLerhW4v4Qzh3VEbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0c:uArhW4v4yENH4Mn82rlo6XIZ9ALeBO
                            MD5:5F72F26A78BECD6702560DE8C7CCB850
                            SHA1:A14E10DCC128B88B3E9C5D2A86DAC7D254CEB123
                            SHA-256:054C1CDABAD91C624A4007D7594C30BE96906D5F29B54C292E0B721F8CB03830
                            SHA-512:564A575EA2FBDB1D262CF55D55BEFC0BF6EF2081D88DE25712B742F5800D2FBE155EDEF0303F62D497BA0E849174F235D8599E09E1C997789E24FE5583F4B0FC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Warsaw) {. {-9223372036854775808 5040 0 LMT}. {-2840145840 5040 0 WMT}. {-1717032240 3600 0 CET}. {-1693706400 7200 1 CEST}. {-1680483600 3600 0 CET}. {-1663455600 7200 1 CEST}. {-1650150000 3600 0 CET}. {-1632006000 7200 1 CEST}. {-1618696800 7200 0 EET}. {-1600473600 10800 1 EEST}. {-1587168000 7200 0 EET}. {-931734000 7200 0 CEST}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-812502000 7200 1 CEST}. {-796870800 7200 0 CEST}. {-796608000 3600 0 CET}. {-778726800 7200 1 CEST}. {-762660000 3600 0 CET}. {-748486800 7200 1 CEST}. {-733273200 3600 0 CET}. {-715215600 7200 1 CEST}. {-701910000 3600 0 CET}. {-684975600 7200 1 CEST}. {-670460400 3600 0 CET}. {-654130800 7200 1 CEST}. {-639010800 3600 0 CET}. {-397094400 7200 1 CEST}. {-386812800 3600 0 CET}. {-371088000 7200 1 CEST}. {-355363200 3600 0

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Zagreb

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):182
                            Entropy (8bit):4.851218990240677
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV/sUE2tvFVAIgoq8sUE2vqLyQa5rXv1/h8QahsUE2u:SlSWB9IZaM3ymhrE2tvFVAIgohrE2vqK
                            MD5:445F589A26E47F9D7BDF1A403A96108E
                            SHA1:B119D93796DA7C793F9ED8C5BB8BB65C8DDBFC81
                            SHA-256:6E3ED84BC34D90950D267230661C2EC3C32BA190BD57DDC255F4BE901678B208
                            SHA-512:F45AF9AC0AF800FDCC74DBED1BDFA106A6A58A15308B5B62B4CB6B091FCFD321F156618BE2C157A1A6CAFAAAC399E4C6B590AF7CE7176F757403B55F09842FD2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Belgrade)]} {. LoadTimeZoneFile Europe/Belgrade.}.set TZData(:Europe/Zagreb) $TZData(:Europe/Belgrade).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Zaporozhye

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7238
                            Entropy (8bit):3.6787190163584103
                            Encrypted:false
                            SSDEEP:96:Tnh2yurpr2nVaKl9sUM2kNU4tztagAwkY5V778e27zo2yiQ6kjmyykeP2lwtOEZ2:T1Gt2ch2kNU4tB715pyzHy1gA
                            MD5:4AC1F6AB26F3869C757247346BCB72B5
                            SHA1:CB0880906DC630F3C2B934998853CD05AAA1FE39
                            SHA-256:3E9F843F5C6DDBE8E6431BE28ACB95507DDDCA6C521E2FD3355A103BF38F3CB7
                            SHA-512:C4A3AB7B5BA3BC371285654159CB1767ECD52DEDAA61BF69586F6ED61F9F1E877796C28438FF582962C12780484214B5EA670654C87240E01EDD2A4B271EDEEF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zaporozhye) {. {-9223372036854775808 8440 0 LMT}. {-2840149240 8400 0 +0220}. {-1441160400 7200 0 EET}. {-1247536800 10800 0 MSK}. {-894769200 3600 0 CET}. {-857257200 3600 0 CET}. {-844556400 7200 1 CEST}. {-828226800 3600 0 CET}. {-826419600 10800 0 MSD}. {354920400 14400 1 MSD}. {370728000 10800 0 MSK}. {386456400 14400 1 MSD}. {402264000 10800 0 MSK}. {417992400 14400 1 MSD}. {433800000 10800 0 MSK}. {449614800 14400 1 MSD}. {465346800 10800 0 MSK}. {481071600 14400 1 MSD}. {496796400 10800 0 MSK}. {512521200 14400 1 MSD}. {528246000 10800 0 MSK}. {543970800 14400 1 MSD}. {559695600 10800 0 MSK}. {575420400 14400 1 MSD}. {591145200 10800 0 MSK}. {606870000 14400 1 MSD}. {622594800 10800 0 MSK}. {638319600 14400 1 MSD}. {654649200 10800 0 MSK}. {670374000 10800 0 EEST}. {686091600 7200 0 EET}. {701820000 10800 1 EEST}. {71

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Europe\Zurich

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7055
                            Entropy (8bit):3.732572949993817
                            Encrypted:false
                            SSDEEP:96:k7tmcRbjOP9/V+H4Mnb4Nkrloy4xBqffZRgKs0AzxAHTdIVaAq0VZQltUbAyzF76:kbRNH4Mn82rlo6XIZ9ALeBO
                            MD5:D9A3FAE7D9B5C9681D7A98BFACB6F57A
                            SHA1:11268DFEE6D2472B3D8615ED6D70B361521854A2
                            SHA-256:C920B4B7C160D8CEB8A08E33E5727B14ECD347509CABB1D6CDC344843ACF009A
                            SHA-512:7709778B82155FBF35151F9D436F3174C057EBF7927C48F841B1D8AF008EEA9BC181D862A57C436EC69A528FB8B9854D9E974FC9EEC4FFDFE983299102BCDFB1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Europe/Zurich) {. {-9223372036854775808 2048 0 LMT}. {-3675198848 1786 0 BMT}. {-2385246586 3600 0 CET}. {-904435200 7200 1 CEST}. {-891129600 3600 0 CET}. {-872985600 7200 1 CEST}. {-859680000 3600 0 CET}. {347151600 3600 0 CET}. {354675600 7200 1 CEST}. {370400400 3600 0 CET}. {386125200 7200 1 CEST}. {401850000 3600 0 CET}. {417574800 7200 1 CEST}. {433299600 3600 0 CET}. {449024400 7200 1 CEST}. {465354000 3600 0 CET}. {481078800 7200 1 CEST}. {496803600 3600 0 CET}. {512528400 7200 1 CEST}. {528253200 3600 0 CET}. {543978000 7200 1 CEST}. {559702800 3600 0 CET}. {575427600 7200 1 CEST}. {591152400 3600 0 CET}. {606877200 7200 1 CEST}. {622602000 3600 0 CET}. {638326800 7200 1 CEST}. {654656400 3600 0 CET}. {670381200 7200 1 CEST}. {686106000 3600 0 CET}. {701830800 7200 1 CEST}. {717555600 3600 0 CET}. {733280400 7200 1 CEST}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\GB

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):165
                            Entropy (8bit):4.848987525932415
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6wox6QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUwR1O
                            MD5:2639233BCD0119FD601F55F2B6279443
                            SHA1:AADF9931DF78F5BC16ED4638947E77AE52E80CA1
                            SHA-256:846E203E4B40EA7DC1CB8633BF950A8173D7AA8073C186588CC086BC7C4A2BEE
                            SHA-512:8F571F2BBE4C60E240C4EBBB81D410786D1CB8AD0761A99ABB61DDB0811ACC92DCC2F765A7962B5C560B86732286356357D3F408CAC32AC1B2C1F8EAD4AEAEA6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB) $TZData(:Europe/London).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\GB-Eire

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):170
                            Entropy (8bit):4.860435123210029
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxKL82wFVAIgoqyKL8p6w4b/h8QavKL8i:SlSWB9IZaM3ymvKA2wFVAIgovKAUw4bx
                            MD5:51335479044A047F5597F0F06975B839
                            SHA1:234CD9635E61E7D429C70E886FF9C9F707FEAF1F
                            SHA-256:FAC3B11B1F4DA9D68CCC193526C4E369E3FAA74F95C8BEE8BB9FAE014ACD5900
                            SHA-512:4E37EFDFBAFA5C517BE86195373D083FF4370C5031B35A735E3225E7B17A75899FAFFBDF0C8BCFCBC5DC2D037EE9465AD3ED7C0FA55992027DFD69618DC9918F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/London)]} {. LoadTimeZoneFile Europe/London.}.set TZData(:GB-Eire) $TZData(:Europe/London).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\GMT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):148
                            Entropy (8bit):4.817383285510599
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwZ8RDMvn:SlSWB9IZaM3yF4FVAIgJtwZ8RQvn
                            MD5:D19DC8277A68AA289A361D28A619E0B0
                            SHA1:27F5F30CC2603E1BCB6270AF84E9512DADEEB055
                            SHA-256:5B90891127A65F7F3C94B44AA0204BD3F488F21326E098B197FB357C51845B66
                            SHA-512:B5DD9C2D55BDB5909A29FD386CF107B83F56CD9B9F979A5D3854B4112B7F8950F4E91FB86AF6556DCF583EE469470810F3F8FB6CCF04FDBD6625A4346D3CD728
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\GMT+0

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):150
                            Entropy (8bit):4.868642878112439
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwe7/8RDMvn:SlSWB9IZaM3yF4FVAIgJtwI8RQvn
                            MD5:B5065CD8B1CB665DACDB501797AF5104
                            SHA1:0DB4E9AC6E38632302D9689A0A39632C2592F5C7
                            SHA-256:6FC1D3C727CD9386A11CAF4983A2FC06A22812FDC7752FBFA7A5252F92BB0E70
                            SHA-512:BBA1793CA3BBC768EC441210748098140AE820910036352F5784DD8B2DABA8303BA2E266CB923B500E8F90494D426E8BF115ACD0C000CD0C65896CE7A6AD9D66
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT+0) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\GMT-0

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):150
                            Entropy (8bit):4.8553095447791055
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtw4Hp8RDMvn:SlSWB9IZaM3yF4FVAIgJtw4J8RQvn
                            MD5:E71CDE5E33573E78E01F4B7AB19F5728
                            SHA1:C296752C449ED90AE20F5AEC3DC1D8F329C2274F
                            SHA-256:78C5044C723D21375A1154AE301F29D13698C82B3702042C8B8D1EFF20954078
                            SHA-512:6EBB39EF85DA70833F8B6CCD269346DC015743BC049F6F1B385625C5498F4E953A0CEDE76C60314EE671FE0F6EEB56392D62E0128F5B04BC68681F71718FE2BB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT-0) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\GMT0

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):149
                            Entropy (8bit):4.843152601955343
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwPHp8RDMvn:SlSWB9IZaM3yF4FVAIgJtwvp8RQvn
                            MD5:FE666CDF1E9AA110A7A0AE699A708927
                            SHA1:0E7FCDA9B47BC1D5F4E0DFAD8A9E7B73D71DC9E3
                            SHA-256:0A883AFE54FAE0ED7D6535BDAB8A767488A491E6F6D3B7813CF76BB32FED4382
                            SHA-512:763591A47057D67E47906AD22270D589100A7380B6F9EAA9AFD9D6D1EE254BCB1471FEC43531C4196765B15F2E27AF9AAB5A688D1C88B45FE7EEA67B6371466E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:GMT0) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Greenwich

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):154
                            Entropy (8bit):4.869510201987464
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqSsM4DvFVAIgexvqtwE+FB5yRDMvn:SlSWB9IZaM3yF4FVAIgJtwE6BURQvn
                            MD5:F989F3DB0290B2126DA85D78B74E2061
                            SHA1:43A0A1737E1E3EF0501BB65C1E96CE4D0B5635FC
                            SHA-256:41A45FCB805DB6054CD1A4C7A5CFBF82668B3B1D0E44A6F54DFB819E4C71F68A
                            SHA-512:3EDB8D901E04798B566E6D7D72841C842803AE761BEF3DEF37B8CA481E79915A803F61360FA2F317D7BDCD913AF8F5BB14F404E80CFA4A34E4310055C1DF39F2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/GMT)]} {. LoadTimeZoneFile Etc/GMT.}.set TZData(:Greenwich) $TZData(:Etc/GMT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\HST

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):106
                            Entropy (8bit):4.860812879108152
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5/Lm/kXGm2OH1V9i:SlSWB9X5jmTm2OH1V8
                            MD5:3D99F2C6DADF5EEEA4965A04EB17B1BB
                            SHA1:8DF607A911ADF6A9DD67D786FC9198262F580312
                            SHA-256:2C83D64139BFB1115DA3F891C26DD53B86436771A30FB4DD7C8164B1C0D5BCDE
                            SHA-512:EDA863F3A85268BA7A8606E3DCB4D7C88B0681AD8C4CFA1249A22B184F83BFDE9855DD4E5CFC3A4692220E5BEFBF99ED10E13BD98DBCA37D6F29A10AB660EBE2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:HST) {. {-9223372036854775808 -36000 0 HST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Hongkong

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.865313867650324
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8LizFVAIgN2qPJL/XF1p4WFKQ1n:SlSWB9IZaM3yWzFVAIgAML//p4wKi
                            MD5:D828C0668A439FEB9779589A646793F8
                            SHA1:1509415B72E2155725FB09615B3E0276F3A46E87
                            SHA-256:CF8BFEC73D36026955FA6F020F42B6360A64ED870A88C575A5AA0CD9756EF51B
                            SHA-512:0F864B284E48B993DD13296AF05AEB14EBE26AF32832058C1FC32FCCE78E85925A25D980052834035D37935FAAF1CB0A9579AECBE6ADCDB2791A134D88204EBF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Hong_Kong)]} {. LoadTimeZoneFile Asia/Hong_Kong.}.set TZData(:Hongkong) $TZData(:Asia/Hong_Kong).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Iceland

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.840758003302018
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqLGsA/8rtdVAIgvMGsA/8rN6+GAKyx/2RQqGsA/8ru:SlSWB9IZaM3yj6dVAIgv1b+XZx+RQj7
                            MD5:18DEAAAC045B4F103F2D795E0BA77B00
                            SHA1:F3B3FE5029355173CD5BA626E075BA73F3AC1DC6
                            SHA-256:9BB28A38329767A22CD073DF34E46D0AA202172A4116FBF008DDF802E60B743B
                            SHA-512:18140274318E913F0650D21107B74C07779B832C9906F1A2E98433B96AAEADF70D07044EB420A2132A6833EF7C3887B8927CFD40D272A13E69C74A63904F43C9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Atlantic/Reykjavik)]} {. LoadTimeZoneFile Atlantic/Reykjavik.}.set TZData(:Iceland) $TZData(:Atlantic/Reykjavik).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Antananarivo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.75703014401897
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt+L6EL/liEi2eDcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL+LzM2eDkr
                            MD5:1E84F531F7992BFBD53B87831FE349E9
                            SHA1:E46777885945B7C151C6D46C8F7292FC332A5576
                            SHA-256:F4BDCAE4336D22F7844BBCA933795063FA1BCA9EB228C7A4D8222BB07A706427
                            SHA-512:545D6DEB94B7A13D69F387FE758C9FC474DC02703F2D485FD42539D3CE03975CDEEFB985E4AA7742957952AF9E9F1E2DB84389277C3864C32C31D890BD399FB9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Antananarivo) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Chagos

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.802684724729281
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5+L6EL9WJxwFFkXGm2OHi/FvvUcfJ7XH0VQGFr6VVFSTL:SlSWB9X5+LxWJxwFJm2OHqFvd+VQSr6e
                            MD5:4618C8D4F26C02A3A303DD1FB5DCFE46
                            SHA1:857D376F5AFE75784E7F578C83E111B2EE18F74E
                            SHA-256:94262B5A1E3423CD26BFFB3E36F63C1A6880304D00EE5B05985072D82032C765
                            SHA-512:3F5CDDE3D2D5C8BC3DD6423888D7DB6A8EA3D4881ABE9E3857B9D0DDF756D0ECD9CAB7EF66343B0636D32E5CCF0ECEC1F56B9F4BC521CD24B3DB1D935F994AF0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Chagos) {. {-9223372036854775808 17380 0 LMT}. {-1988167780 18000 0 +05}. {820436400 21600 0 +06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Christmas

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):148
                            Entropy (8bit):4.911693487750565
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5+L6EL9FBIEW3v/kXGm2OHAWMx5vXTLyvMVSYvC:SlSWB9X5+LxpW3vTm2OHAnx5PTIMVSYK
                            MD5:5026A59BD9CCD6ABA665B4895EDB0171
                            SHA1:8361778F615EFDDAA660E49545249005B6FC66C3
                            SHA-256:37E1DAD2B019CCD6F8927602B079AD6DB7D71F55CBDA165B0A3EEF580B86DACF
                            SHA-512:E081BDE3FC0D07E75C83C308A662C3A1837A387137BFA8D8E4A59797159F465654BAFFCE6B1458602255BD784CEE0BF70F542C3E893BC87A566630D54084CDCC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Christmas) {. {-9223372036854775808 25372 0 LMT}. {-2364102172 25200 0 +07}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Cocos

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):146
                            Entropy (8bit):4.811431467315532
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5+L6EL9d/FkXGm2OHGXTvxoevXmVUXxXW5d6TW8C:SlSWB9X5+LxpJm2OHGXCeP3BG5Uq
                            MD5:4C9502EC642E813E7B699281DD9809DF
                            SHA1:98804A95F13CF4EED983AC019CD1A9EFC01AF719
                            SHA-256:E8C591860DD42374C64E30850A3626017989CF16DDB85FDCC111AD92BD311425
                            SHA-512:8BD7718055789FA7CFB2D50270C563E4D69E16283745701B07073A1CDA271F95B1884F297C2F22CB36EC9983BC759F03B05B39DFD0604CD3278DBCBFB6E12CA6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Cocos) {. {-9223372036854775808 23260 0 LMT}. {-2209012060 23400 0 +0630}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Comoro

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.775639640601132
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt+L6EL9TKlBx+DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL+LxGV+Dkr
                            MD5:DAD21C1CD103E6FF24ECB26ECC6CC783
                            SHA1:FBCCCF55EDFC882B6CB003E66B0B7E52A3E0EFDE
                            SHA-256:DA2F64ADC2674BE934C13992652F285927D8A44504327950678AD3B3EC285DCE
                            SHA-512:EA3B155D39D34AFB789F486FAA5F2B327ADB62E43FE5757D353810F9287D9E706773A034D3B2E5F050CCC2A24B31F28A8C44109CCCF43509F2B8547D107FD4A4
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Comoro) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Kerguelen

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):4.822244827214297
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5+L6EL12hJFkXGm2OHvdFFr9vM0VQL:SlSWB9X5+L5Mm2OHlFFr1nVQL
                            MD5:5223EC10BCFBC18A9FA392340530E164
                            SHA1:A59B4F19A3F052B2A3EB57E0D2652E81FB665B50
                            SHA-256:17750D6A9B8ED41809D8DC976777A5252CCB70F39C3BF396B55557A8E504CB09
                            SHA-512:2B2EFC470FE4461F82B1F1909C2A953934938D5DC8B54B2DA3A48678CF23ECD7874187E0FA4F6241FC02AEE0AF29B861C3FEEC15BB90E5C7D3A609DBB50EDC2C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Kerguelen) {. {-9223372036854775808 0 0 -00}. {-631152000 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Mahe

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):143
                            Entropy (8bit):4.873998321422911
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5+L6ELzJMyFkXGm2OHuVdF+YvXTW1U9VsRYvC:SlSWB9X5+L/TJm2OHWgYPhSQC
                            MD5:F8D00BD4AD23557FB4FC8EB095842C26
                            SHA1:AD4AE41D0AD49E80FCF8CADE6889459EA30B57F7
                            SHA-256:997C33DBCEA54DE671A4C4E0E6F931623BF4F39A821F9F15075B9ECCCCA3F1B8
                            SHA-512:F67D348ECCCA244681EE7B70F7815593CFB2D7D4502832B2EB653EBF01AC66ACED29F7EA2E223D295C4D4F64287D372070EF863CCB201ACD8DF470330812013D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mahe) {. {-9223372036854775808 13308 0 LMT}. {-2006653308 14400 0 +04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Maldives

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.833774224054436
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5+L6ELzEyFkXGm2OHnz8evXZT5lxGYUQwGN0VQL:SlSWB9X5+L/EyJm2OHnz8ePZT5rG5QwI
                            MD5:EC0C456538BE81FA83AF440948EED55E
                            SHA1:11D7BA32A38547AF88F4182B6C1C3373AD89D75C
                            SHA-256:18A4B14CD05E4B25431BAF7BFCF2049491BF4E36BB31846D7F18F186C9ECD019
                            SHA-512:FF57F9EDFAD16E32B6A0BA656C5949A0A664D22001D5149BF036C322AEC1682E8B523C8E64E5A49B7EFA535A13459234C16237C09FC5B40F08AC22D56681C4BE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Maldives) {. {-9223372036854775808 17640 0 LMT}. {-2840158440 17640 0 MMT}. {-315636840 18000 0 +05}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Mauritius

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):262
                            Entropy (8bit):4.450791926516311
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5+L/Hm2OHlNndSvulvSQFFYc0FZFeVhvSQFFbBjvVFZFbGlvSQC:MBp5+L/HmdHlNnS6jz0F7KZjbBjVF7bd
                            MD5:040680E086764FC47EEBE039358E223C
                            SHA1:4D10E6F69835533748DD5FD2E7409F9732221210
                            SHA-256:C4054D56570F9362AB8FF7E4DBA7F8032720289AE01C03A861CCD8DEC9D2ABB2
                            SHA-512:FC00B4AD7328EBC3025A482B3D6A0B176F3430BD3D06B918974EAC5BD30AD8551E0C6BE1DC03BE18A9BC6DD0919ED2A3717E20749ABECBFBD202764047D0D292
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Mauritius) {. {-9223372036854775808 13800 0 LMT}. {-1988164200 14400 0 +04}. {403041600 18000 1 +04}. {417034800 14400 0 +04}. {1224972000 18000 1 +04}. {1238274000 14400 0 +04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Mayotte

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):180
                            Entropy (8bit):4.778847657463255
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsVVMMvwVAIgNGExVMSt+L6ELzO1h4DcVVMMv:SlSWB9IZaM3y7VcVAIgNTxL+L/O1h4De
                            MD5:D89C649468B3C22CF5FA659AE590DE53
                            SHA1:83DF2C14F1E51F5B89DCF6B833E421389F9F23DC
                            SHA-256:071D17F347B4EB9791F4929803167497822E899761654053BD774C5A899B4B9C
                            SHA-512:68334E11AAB0F8DCEEB787429832A60F4F0169B6112B7F74048EACFDE78F9C4D100E1E2682D188C3965E41A83477D3AECC80B73A2A8A1A80A952E59B431576A8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Nairobi)]} {. LoadTimeZoneFile Africa/Nairobi.}.set TZData(:Indian/Mayotte) $TZData(:Africa/Nairobi).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Indian\Reunion

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):146
                            Entropy (8bit):4.933616581218054
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5+L6ELsActFkXGm2OHuU7oevUdvcUeNVsRYvC:SlSWB9X5+Lam2OHb7oezfNSQC
                            MD5:C50A592BB886F2FA48657900AE10789F
                            SHA1:16D73BFFDAD18E751968E100BB391AABB29169E1
                            SHA-256:3775EA8EBF5CBBD240E363FB62AEF8D2865A9D9969E40A15731DCC0AC03107EB
                            SHA-512:F875F287E6C3A7B7325DB038CF419AA34FD0072FD3FCD138102008959F397026B647D8D339CB01362330905382FE7DCF5F8EC98C9B8C4FFF59A6FF4E78678BB7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Indian/Reunion) {. {-9223372036854775808 13312 0 LMT}. {-1848886912 14400 0 +04}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Iran

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):161
                            Entropy (8bit):4.757854680369306
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8g5YFevFVAIgNqjNAt+XiMr4WFKBun:SlSWB9IZaM3yA5owFVAIgcjSt+Xvr4wh
                            MD5:848663FD5F685FE1E14C655A0ABA7D6A
                            SHA1:59A1BEE5B3BE01FB9D2C73777B7B4F1615DCE034
                            SHA-256:DB6D0019D3B0132EF8B8693B1AB2B325D77DE3DD371B1AFDAE4904BE610BA2A6
                            SHA-512:B1F8C08AF68C919DB332E6063647AF15CB9FED4046C16BEF9A58203044E36A0D1E69BD1B8703B15003B929409A8D83238B5AA67B910B920F0674C8A0EB5CF125
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tehran)]} {. LoadTimeZoneFile Asia/Tehran.}.set TZData(:Iran) $TZData(:Asia/Tehran).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Israel

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):172
                            Entropy (8bit):4.778464205793726
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq85zFFwVAIgN0AzFzt+WXnMr4WFKYzFp:SlSWB9IZaM3yZbwVAIgCAb+zr4wKY7
                            MD5:B9D1F6BD0B0416791036C0E3402C8438
                            SHA1:E1A7471062C181B359C06804420091966B809957
                            SHA-256:E6EC28F69447C3D3DB2CB68A51EDCEF0F77FF4B563F7B65C9C71FF82771AA3E1
                            SHA-512:A5981FD91F6A9A84F44A6C9A3CF247F9BE3AB52CE5FE8EE1A7BE19DD63D0B22818BC15287FE73A5EEC8BCE6022B9EAF54A10AA719ADF31114E188F31EA273E92
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Jerusalem)]} {. LoadTimeZoneFile Asia/Jerusalem.}.set TZData(:Israel) $TZData(:Asia/Jerusalem).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Jamaica

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.668645988954937
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx00EIECpVAIg200EIEvvt9S//2IAcGE0EIEVn:SlSWB9IZaM3y7952VAIgp95vF029095V
                            MD5:EA38E93941E21CB08AA49A023DCC06FB
                            SHA1:1AD77CAC25DC6D1D04320FF2621DD8E7D227ECBF
                            SHA-256:21908F008F08C55FB48F1C3D1A1B2016BDB10ED375060329451DE4E487CF0E5F
                            SHA-512:D6F0684A757AD42B8010B80B4BE6542ADE96D140EC486B4B768E167502C776B8D289622FBC48BD19EB3D0B3BC4156715D5CCFC7952A479A990B07935B15D26DC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Jamaica)]} {. LoadTimeZoneFile America/Jamaica.}.set TZData(:Jamaica) $TZData(:America/Jamaica).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Japan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):159
                            Entropy (8bit):4.791469556628492
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8aowVAIgNqaF9hM7/4WFK6n:SlSWB9IZaM3ypwVAIgcaF4r4wK6n
                            MD5:338A18DEDF5A813466644B2AAE1A7CF5
                            SHA1:BB76CE671853780F4971D2E173AE71E82EA24690
                            SHA-256:535AF1A79CD01735C5D6FC6DB08C5B0EAFB8CF0BC89F7E943CF419CFA745CA26
                            SHA-512:4D44CC28D2D0634200FEA0537EBC5DD50E639365B89413C6BF911DC2B95B78E27F1B92733FB859C794A8C027EA89E45E8C2D6E1504FF315AF68DB02526226AD2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Tokyo)]} {. LoadTimeZoneFile Asia/Tokyo.}.set TZData(:Japan) $TZData(:Asia/Tokyo).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Kwajalein

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.759848173726549
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG1/EOM2wFVAIgObT1/EOM8O68/FMKpUDH1/EOMi:SlSWB9IZaM3yc1EiwFVAIgOb1E48xME+
                            MD5:A9C8CA410CA3BD4345BF6EAB53FAB97A
                            SHA1:57AE7E6D3ED855B1FBF6ABF2C9846DFA9B3FFF47
                            SHA-256:A63A99F0E92F474C4AA99293C4F4182336520597A86FCDD91DAE8B25AFC30B98
                            SHA-512:C97CF1301DCEEE4DE26BCEEB60545BB70C083CD2D13ED89F868C7856B3532473421599ED9E7B166EA53A9CF44A03245192223D47BC1104CEBD1BF0AC6BF10898
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Kwajalein)]} {. LoadTimeZoneFile Pacific/Kwajalein.}.set TZData(:Kwajalein) $TZData(:Pacific/Kwajalein).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Libya

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):171
                            Entropy (8bit):4.779409803819657
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqsbKJqYkdVAIgNGEnKJuYvW67beDcbKJ9n:SlSWB9IZaM3y7JdVAIgNTnYvW6PeD9n
                            MD5:C4739F7B58073CC7C72EF2D261C05C5E
                            SHA1:12FE559CA2FEA3F8A6610B1D4F43E299C9FB7BA5
                            SHA-256:28A94D9F1A60980F8026409A65F381EDB7E5926A79D07562D28199B6B63AF9B4
                            SHA-512:B2DC5CB1AD7B6941F498FF3D5BD6538CAF0ED19A2908DE645190A5C5F40AF5B34752AE8A83E6C50D370EA619BA969C9AB7F797F171192200CDA1657FFFB7F05A
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Africa/Tripoli)]} {. LoadTimeZoneFile Africa/Tripoli.}.set TZData(:Libya) $TZData(:Africa/Tripoli).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\MET

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7471
                            Entropy (8bit):3.7115445412724797
                            Encrypted:false
                            SSDEEP:96:TJOwNDgaXSgm7VTslzZBYxWq9beN6db6yq3BgLjx1uuE0KRPGdNjClOQuonZ2ltb:bSV7xxWq9aYdbsC/eLdGLg9a
                            MD5:2F62D867C8605730BC8E43D300040D54
                            SHA1:06AD982DF03C7309AF01477749BAB9F7ED8935A7
                            SHA-256:D6C70E46A68B82FFC7A4D96FDA925B0FAAF973CB5D3404A55DFF2464C3009173
                            SHA-512:0D26D622511635337E5C03D82435A9B4A9BCA9530F940A70A24AE67EA4794429A5D68B59197B978818BEF0799C3D5FA792F5720965291661ED067570BC56226B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:MET) {. {-9223372036854775808 3600 0 MET}. {-1693706400 7200 1 MEST}. {-1680483600 3600 0 MET}. {-1663455600 7200 1 MEST}. {-1650150000 3600 0 MET}. {-1632006000 7200 1 MEST}. {-1618700400 3600 0 MET}. {-938905200 7200 1 MEST}. {-857257200 3600 0 MET}. {-844556400 7200 1 MEST}. {-828226800 3600 0 MET}. {-812502000 7200 1 MEST}. {-796777200 3600 0 MET}. {-781052400 7200 1 MEST}. {-766623600 3600 0 MET}. {228877200 7200 1 MEST}. {243997200 3600 0 MET}. {260326800 7200 1 MEST}. {276051600 3600 0 MET}. {291776400 7200 1 MEST}. {307501200 3600 0 MET}. {323830800 7200 1 MEST}. {338950800 3600 0 MET}. {354675600 7200 1 MEST}. {370400400 3600 0 MET}. {386125200 7200 1 MEST}. {401850000 3600 0 MET}. {417574800 7200 1 MEST}. {433299600 3600 0 MET}. {449024400 7200 1 MEST}. {465354000 3600 0 MET}. {481078800 7200 1 MEST}. {496803600 3600 0 MET

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\MST

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):106
                            Entropy (8bit):4.856431808856169
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx56xwkXGm2OHrXV4fvYv:SlSWB9X562m2OHrCi
                            MD5:FF6BDAC2C77D8287B46E966480BFEACC
                            SHA1:4C90F910C74E5262A27CC65C3433D34B5D885243
                            SHA-256:FB6D9702FC9FB82779B4DA97592546043C2B7D068F187D0F79E23CB5FE76B5C2
                            SHA-512:CA197B25B36DD47D86618A4D39BFFB91FEF939BC02EEB96679D7EA88E5D38737D3FE6BD4FD9D16C31CA5CF77D17DC31E5333F4E28AB777A165050EA5A4D106BA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:MST) {. {-9223372036854775808 -25200 0 MST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\MST7MDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8227
                            Entropy (8bit):3.755606924782105
                            Encrypted:false
                            SSDEEP:96:xG5c2sGm+4I1zXN+C2mWBNQMsmNTxf6AeO+cblX:12dVUC2mWBNwWTxyWR
                            MD5:2AB5643D8EF9FD9687A5C67AEB04AF98
                            SHA1:2E8F1DE5C8113C530E5E6C10064DEA4AE949AAE6
                            SHA-256:97028B43406B08939408CB1DD0A0C63C76C9A352AEA5F400CE6D4B8D3C68F500
                            SHA-512:72A8863192E14A4BD2E05C508F8B376DD75BB4A3625058A97BBB33F7200B2012D92D445982679E0B7D11C978B80F7128B3A79B77938CEF6315AA6C4B1E0AC09C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:MST7MDT) {. {-9223372036854775808 -25200 0 MST}. {-1633273200 -21600 1 MDT}. {-1615132800 -25200 0 MST}. {-1601823600 -21600 1 MDT}. {-1583683200 -25200 0 MST}. {-880210800 -21600 1 MWT}. {-769395600 -21600 1 MPT}. {-765388800 -25200 0 MST}. {-84380400 -21600 1 MDT}. {-68659200 -25200 0 MST}. {-52930800 -21600 1 MDT}. {-37209600 -25200 0 MST}. {-21481200 -21600 1 MDT}. {-5760000 -25200 0 MST}. {9968400 -21600 1 MDT}. {25689600 -25200 0 MST}. {41418000 -21600 1 MDT}. {57744000 -25200 0 MST}. {73472400 -21600 1 MDT}. {89193600 -25200 0 MST}. {104922000 -21600 1 MDT}. {120643200 -25200 0 MST}. {126694800 -21600 1 MDT}. {152092800 -25200 0 MST}. {162378000 -21600 1 MDT}. {183542400 -25200 0 MST}. {199270800 -21600 1 MDT}. {215596800 -25200 0 MST}. {230720400 -21600 1 MDT}. {247046400 -25200 0 MST}. {262774800 -21600 1 MDT}. {278496000 -252

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Mexico\BajaNorte

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):185
                            Entropy (8bit):4.836487818373659
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0qfSwVAIg20qfo6AdMSKBbh4IAcGEqfu:SlSWB9IZaM3y7eHVAIgpeo68K5h490eu
                            MD5:C3AEEA7B991B609A1CB253FDD5057D11
                            SHA1:0212056C2A20DD899FA4A26B10C261AB19D20AA4
                            SHA-256:599F79242382ED466925F61DD6CE59192628C7EAA0C5406D3AA98EC8A5162824
                            SHA-512:38094FD29B1C31FC9D894B8F38909DD9ED3A76B2A27F6BC250ACD7C1EFF4529CD0B29B66CA7CCBEB0146DFF3FF0AC4AEEEC422F7A93422EF70BF723D12440A93
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Tijuana)]} {. LoadTimeZoneFile America/Tijuana.}.set TZData(:Mexico/BajaNorte) $TZData(:America/Tijuana).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Mexico\BajaSur

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):186
                            Entropy (8bit):4.841665860441288
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0zjRJ+vFVAIg20zjRJZvt6AdMPCoQIAcGEzjRJ3:SlSWB9IZaM3y7zjRJQFVAIgpzjRJ1t6n
                            MD5:89A5ED35215BA46C76BF2BD5ED620031
                            SHA1:26F134644023A2D0DA4C8997C54E36C053AA1060
                            SHA-256:D624945E20F30CCB0DB2162AD3129301E5281B8868FBC05ACA3AA8B6FA05A9DF
                            SHA-512:C2563867E830F7F882E393080CE16A62A0CDC5841724E0D507CBA362DB8363BB75034986107C2428243680FE930BAC226E11FE6BA99C31E0C1A35D6DD1C14676
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mazatlan)]} {. LoadTimeZoneFile America/Mazatlan.}.set TZData(:Mexico/BajaSur) $TZData(:America/Mazatlan).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Mexico\General

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):195
                            Entropy (8bit):4.8300311016675606
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7zBDdVAIgpzBy6BXl490zBw:MBaIMYzipzU6Bi90zi
                            MD5:E771850BA5A1C218EB1B31FDC564DF02
                            SHA1:3675838740B837A96FF32694D1FA56DE01DE064F
                            SHA-256:06A45F534B35538F32A77703C6523CE947D662D136C5EC105BD6616922AEEB44
                            SHA-512:BD7AF307AD61C310EDAF01E618BE9C1C79239E0C8CDEC85792624A7CCE1B6251B0ADE066B8610AFDB0179F3EF474503890642284800B81E599CB830EC6C7C9AA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Mexico_City)]} {. LoadTimeZoneFile America/Mexico_City.}.set TZData(:Mexico/General) $TZData(:America/Mexico_City).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\NZ

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.8398862338201765
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG/u4pVAIgObT/NCxL5E1nUDH/uvn:SlSWB9IZaM3ycqIVAIgOboLivn
                            MD5:7B274C782E9FE032AC4B3E137BF147BB
                            SHA1:8469D17EC75D0580667171EFC9DE3FDF2C1E0968
                            SHA-256:2228231C1BEF0173A639FBC4403B6E5BF835BF5918CC8C16757D915A392DBF75
                            SHA-512:AE72C1F244D9457C70A120FD00F2C0FC2BDC467DBD5C203373291E00427499040E489F2B1358757EA281BA8143E28FB54D03EDE67970F74DACFCB308AC7F74CE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Auckland)]} {. LoadTimeZoneFile Pacific/Auckland.}.set TZData(:NZ) $TZData(:Pacific/Auckland).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\NZ-CHAT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):176
                            Entropy (8bit):4.832832776993659
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG9WQ+DdVAIgObT9WQrF5AmtBFB/pUDH9WQpn:SlSWB9IZaM3ycwQ+DdVAIgObwQ5zzJjA
                            MD5:C8D83C210169F458683BB35940E11DF6
                            SHA1:278546F4E33AD5D0033AF6768EFAB0DE247DA74F
                            SHA-256:CECF81746557F6F957FEF12DBD202151F614451F52D7F6A35C72B830075C478D
                            SHA-512:4539AE6F7AF7579C3AA5AE4DEB97BD14ED83569702D3C4C3945DB06A2D8FFF260DA1DB21FF21B0BED91EE9C993833D471789B3A99C9A2986B7AC8ABFBBE5A8B7
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chatham)]} {. LoadTimeZoneFile Pacific/Chatham.}.set TZData(:NZ-CHAT) $TZData(:Pacific/Chatham).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Navajo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):172
                            Entropy (8bit):4.80475858956378
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06RGFwVAIg206RAO0L5vf1+IAcGE6Ru:SlSWB9IZaM3y7+SwVAIgp+iLpd+90+u
                            MD5:38C56298E75306F39D278F60B50711A6
                            SHA1:8FD9CEAD17CCD7D981CEF4E782C3916BFEF2D11F
                            SHA-256:E10B8574DD83C93D3C49E9E2226148CBA84538802316846E74DA6004F1D1534D
                            SHA-512:F6AA67D78A167E553B97F092CC3791B591F800A6D286BE37C06F7ECABDFBCF43A397AEDC6E3EB9EB6A1CB95E8883D4D4F97890CA1877930AFCD5643B0C8548E9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:Navajo) $TZData(:America/Denver).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\PRC

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):166
                            Entropy (8bit):4.854287452296565
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qvwVAIgNtAnL75h4WFKdv:SlSWB9IZaM3yMwVAIgEH5h4wKt
                            MD5:AF9DD8961DB652EE1E0495182D99820D
                            SHA1:979602E3C59719A67DE3C05633242C12E0693C43
                            SHA-256:9A6109D98B35518921E4923B50053E7DE9B007372C5E4FFF75654395D6B56A82
                            SHA-512:F022C3EFABFC3B3D3152C345ACD28387FFEA4B61709CBD42B2F3684D33BED469C4C25F2328E5E7D9D74D968E25A0419E7BCFF0EB55650922906B9D3FF57B06C8
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Shanghai)]} {. LoadTimeZoneFile Asia/Shanghai.}.set TZData(:PRC) $TZData(:Asia/Shanghai).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\PST8PDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8227
                            Entropy (8bit):3.751820462019181
                            Encrypted:false
                            SSDEEP:96:9d89jJC2ZCHtffWsBNwj/lpmlOxGcKcnRH31t+ucgge:49jgNf+aNwj/lpmlOxnKcndIG
                            MD5:DB5250A28A3853951AF00231677AACAC
                            SHA1:1FC1DA1121B9F5557D246396917205B97F6BC295
                            SHA-256:4DFC264F4564957F333C0208DA52DF03301D2FD07943F53D8B51ECCDD1CB8153
                            SHA-512:72594A17B1E29895A6B4FC636AAE1AB28523C9C8D50118FA5A7FDFD3944AD3B742B17B260A69B44756F4BA1671268DD3E8223EF314FF7850AFB81202BA2BBF44
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:PST8PDT) {. {-9223372036854775808 -28800 0 PST}. {-1633269600 -25200 1 PDT}. {-1615129200 -28800 0 PST}. {-1601820000 -25200 1 PDT}. {-1583679600 -28800 0 PST}. {-880207200 -25200 1 PWT}. {-769395600 -25200 1 PPT}. {-765385200 -28800 0 PST}. {-84376800 -25200 1 PDT}. {-68655600 -28800 0 PST}. {-52927200 -25200 1 PDT}. {-37206000 -28800 0 PST}. {-21477600 -25200 1 PDT}. {-5756400 -28800 0 PST}. {9972000 -25200 1 PDT}. {25693200 -28800 0 PST}. {41421600 -25200 1 PDT}. {57747600 -28800 0 PST}. {73476000 -25200 1 PDT}. {89197200 -28800 0 PST}. {104925600 -25200 1 PDT}. {120646800 -28800 0 PST}. {126698400 -25200 1 PDT}. {152096400 -28800 0 PST}. {162381600 -25200 1 PDT}. {183546000 -28800 0 PST}. {199274400 -25200 1 PDT}. {215600400 -28800 0 PST}. {230724000 -25200 1 PDT}. {247050000 -28800 0 PST}. {262778400 -25200 1 PDT}. {278499600 -288

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Apia

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5431
                            Entropy (8bit):3.5627170055641306
                            Encrypted:false
                            SSDEEP:96:2DBgcGFG9qbhX7zHJ4uoyM/15WNQ+NyVy:2DBgcGFGkXxaD/CR
                            MD5:6718CD07DCEBD2CA85FC1764BE45E46C
                            SHA1:0BCD2E4267F2BDB499EA613C17B9C38CCFC2177A
                            SHA-256:5D3D1B4180482099119383DC160520DCDA5D4E3EEC87F22EA20B7D4B599F5249
                            SHA-512:95C16BC92B9B3C80F9FA10F5B49DAEB472D45C2489A455A31177A8679E21EF668F85450E1770CFB77CA43477B68EF11B3A4090C11CE6F7FA518040EA7B502855
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Apia) {. {-9223372036854775808 45184 0 LMT}. {-2445424384 -41216 0 LMT}. {-1861878784 -41400 0 -1130}. {-631110600 -39600 0 -11}. {1285498800 -36000 1 -11}. {1301752800 -39600 0 -11}. {1316872800 -36000 1 -11}. {1325239200 50400 0 +13}. {1333202400 46800 0 +13}. {1348927200 50400 1 +13}. {1365256800 46800 0 +13}. {1380376800 50400 1 +13}. {1396706400 46800 0 +13}. {1411826400 50400 1 +13}. {1428156000 46800 0 +13}. {1443276000 50400 1 +13}. {1459605600 46800 0 +13}. {1474725600 50400 1 +13}. {1491055200 46800 0 +13}. {1506175200 50400 1 +13}. {1522504800 46800 0 +13}. {1538229600 50400 1 +13}. {1554559200 46800 0 +13}. {1569679200 50400 1 +13}. {1586008800 46800 0 +13}. {1601128800 50400 1 +13}. {1617458400 46800 0 +13}. {1632578400 50400 1 +13}. {1648908000 46800 0 +13}. {1664028000 50400 1 +13}. {1680357600 46800 0 +13}. {169

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Auckland

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8487
                            Entropy (8bit):3.8173754903771018
                            Encrypted:false
                            SSDEEP:96:WNj7nBIc0fw4eJ7a1N1oKe13aNiWbF8sYBpYhuVn:Cmc3J7a1N18QOs8
                            MD5:6C008D6437C7490EE498605B5B096FDB
                            SHA1:D7F6E7B3920C54EFE02A44883DBCD0A75C7FC46A
                            SHA-256:B5BD438B748BA911E0E1201A83B623BE3F8130951C1377D278A7E7BC9CB7F672
                            SHA-512:DA6992D257B1BA6124E39F90DDEE17DC3E2F3B38C3A68B77A93065E3E5873D28B8AE5D21CEC223BAADFBDD1B3A735BF1CEC1BDEB0C4BEAB72AAA23433A707207
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Auckland) {. {-9223372036854775808 41944 0 LMT}. {-3192435544 41400 0 NZMT}. {-1330335000 45000 1 NZST}. {-1320057000 41400 0 NZMT}. {-1300699800 43200 1 NZST}. {-1287396000 41400 0 NZMT}. {-1269250200 43200 1 NZST}. {-1255946400 41400 0 NZMT}. {-1237800600 43200 1 NZST}. {-1224496800 41400 0 NZMT}. {-1206351000 43200 1 NZST}. {-1192442400 41400 0 NZMT}. {-1174901400 43200 1 NZST}. {-1160992800 41400 0 NZMT}. {-1143451800 43200 1 NZST}. {-1125914400 41400 0 NZMT}. {-1112607000 43200 1 NZST}. {-1094464800 41400 0 NZMT}. {-1081157400 43200 1 NZST}. {-1063015200 41400 0 NZMT}. {-1049707800 43200 1 NZST}. {-1031565600 41400 0 NZMT}. {-1018258200 43200 1 NZST}. {-1000116000 41400 0 NZMT}. {-986808600 43200 1 NZST}. {-968061600 41400 0 NZMT}. {-955359000 43200 1 NZST}. {-936612000 41400 0 NZMT}. {-923304600 43200 1 NZST}. {-757425600 43200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Bougainville

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):270
                            Entropy (8bit):4.659789664861683
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5Ftgm2OHHhp5PZiuoDZDVeXU8vScCv/yZEiIv:MBp5FtgmdHf5PZiDZJek8HCvK6iIv
                            MD5:A85F8A9502E818ADE7759166B9C7A9AD
                            SHA1:5E706E5491AFE1A8399D7815158924381A1F6D27
                            SHA-256:C910696B4CC7CA3E713EE08A024D26C1E4E4003058DECD5B54B92A0B2F8A17E0
                            SHA-512:682BDC7DA0C9BFFD98992973295E180FB3FAACEA514760211B5291AEE26CABF200B68CA0EA80D9083C52F32C2EE3D0A5E84141363D1784C2A6A9FD24C2CF38E9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Bougainville) {. {-9223372036854775808 37336 0 LMT}. {-2840178136 35312 0 PMMT}. {-2366790512 36000 0 +10}. {-868010400 32400 0 +09}. {-768906000 36000 0 +10}. {1419696000 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Chatham

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7907
                            Entropy (8bit):3.5670394561999235
                            Encrypted:false
                            SSDEEP:96:1zwIBIWUkebw49ikidrGlb0D6DALquK8KfStVt:1jIbw49ikiAcWuB
                            MD5:5DF25A6A6E7322528FE41B6FD5FE5119
                            SHA1:E84915BA27443F01243050D648DF6388A1E8EDBA
                            SHA-256:B6727010950418F6FC142658C74EE1D717E7FD2B46267FC215E53CA3D55E894E
                            SHA-512:842ABE39AB26713D523A36895D7435DC2058846431CB2A0B7B47E204F8C315ADB855F95EC2852D57B73ECA0576CB1A49BB104C0D7BB9DE2E96143DA9C77F9A58
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chatham) {. {-9223372036854775808 44028 0 LMT}. {-3192437628 44100 0 +1215}. {-757426500 45900 0 +1245}. {152632800 49500 1 +1245}. {162309600 45900 0 +1245}. {183477600 49500 1 +1245}. {194968800 45900 0 +1245}. {215532000 49500 1 +1245}. {226418400 45900 0 +1245}. {246981600 49500 1 +1245}. {257868000 45900 0 +1245}. {278431200 49500 1 +1245}. {289317600 45900 0 +1245}. {309880800 49500 1 +1245}. {320767200 45900 0 +1245}. {341330400 49500 1 +1245}. {352216800 45900 0 +1245}. {372780000 49500 1 +1245}. {384271200 45900 0 +1245}. {404834400 49500 1 +1245}. {415720800 45900 0 +1245}. {436284000 49500 1 +1245}. {447170400 45900 0 +1245}. {467733600 49500 1 +1245}. {478620000 45900 0 +1245}. {499183200 49500 1 +1245}. {510069600 45900 0 +1245}. {530632800 49500 1 +1245}. {541519200 45900 0 +1245}. {562082400 49500 1 +1245}. {5735736

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Chuuk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):145
                            Entropy (8bit):4.989695428683993
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDH9CoFeEXGm2OHIOYvXmdcnWZUUJv:SlSWB9X5ZzLm2OHNYPmdcXQ
                            MD5:61C075090B025E69800B23E0AD60459F
                            SHA1:F847CA6D35BD4AF2C70B318D4EE4A2FB5C77D449
                            SHA-256:3237743592D8719D0397FA278BB501E6F403985B643D1DE7E2DA91DD11BE215B
                            SHA-512:5D07FB2FEAA9110D62CFD95BC729AA57F2A176C977D2E2C00374AF36EE84C4FB9416ECBEF179298928AAE9634B69C5FE889C5C9D2DFF290CAC0F6E53EDEC1A48
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Chuuk) {. {-9223372036854775808 36428 0 LMT}. {-2177489228 36000 0 +10}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Easter

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7935
                            Entropy (8bit):3.4518545894421475
                            Encrypted:false
                            SSDEEP:96:OX45AGaHe2Y9btlqStWdmPndSy//TQMpeQkZyYbK6HdtLQOXJ/+:OX45AGdT9ZtWdmPnZ/TQfbbKsXJ2
                            MD5:9B0B358E33E33FEFE38BEF73232919F3
                            SHA1:7164F24730A37875128BE3F2FB4E9BC076AB9F39
                            SHA-256:E02B71C59DF59109D12EBE60ED153922F1DFF3F5C4AD207E267AB025792C51F4
                            SHA-512:A0C4A98B0B40FDE690A8EEE7A2C2F16C3E70C6F406FF0699B98CB837C72C6A1259395167795F2CFBBD2943E602AC0483C62B9D6209B8258018F7D78E103BBB15
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Easter) {. {-9223372036854775808 -26248 0 LMT}. {-2524495352 -26248 0 EMT}. {-1178124152 -25200 0 -07}. {-36619200 -21600 1 -07}. {-23922000 -25200 0 -07}. {-3355200 -21600 1 -07}. {7527600 -25200 0 -07}. {24465600 -21600 1 -07}. {37767600 -25200 0 -07}. {55915200 -21600 1 -07}. {69217200 -25200 0 -07}. {87969600 -21600 1 -07}. {100666800 -25200 0 -07}. {118209600 -21600 1 -07}. {132116400 -25200 0 -07}. {150868800 -21600 1 -07}. {163566000 -25200 0 -07}. {182318400 -21600 1 -07}. {195620400 -25200 0 -07}. {213768000 -21600 1 -07}. {227070000 -25200 0 -07}. {245217600 -21600 1 -07}. {258519600 -25200 0 -07}. {277272000 -21600 1 -07}. {289969200 -25200 0 -07}. {308721600 -21600 1 -07}. {321418800 -25200 0 -07}. {340171200 -21600 1 -07}. {353473200 -25200 0 -07}. {371620800 -21600 1 -07}. {384922800 -21600 0 -06}. {403070400 -180

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Efate

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):705
                            Entropy (8bit):4.002147979275868
                            Encrypted:false
                            SSDEEP:12:MBp5cJmdH6mv6kJ2RX/x6DydjX2tHcsXFX2hE5zuGqptxv:cuesUMkGdXWF3A
                            MD5:48DEC5B1A9AADA4F09D03FEB037A2FE8
                            SHA1:6D25E80F0570236565F098DD0A637F546957F117
                            SHA-256:4F9AC8B0FE89990E8CF841EED9C05D92D53568DE772247F70A70DC11CBD78532
                            SHA-512:0FA4693F3FDAB12DB04B6D50E0782A352CF95A7C2765CF1906BAA35355755E324E1B17005DF3748DBE42743FE824AE983316958B2EC0A9B0B7D136BEC06AB983
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Efate) {. {-9223372036854775808 40396 0 LMT}. {-1829387596 39600 0 +11}. {433256400 43200 1 +11}. {448977600 39600 0 +11}. {467298000 43200 1 +11}. {480427200 39600 0 +11}. {496760400 43200 1 +11}. {511876800 39600 0 +11}. {528210000 43200 1 +11}. {543931200 39600 0 +11}. {559659600 43200 1 +11}. {575380800 39600 0 +11}. {591109200 43200 1 +11}. {606830400 39600 0 +11}. {622558800 43200 1 +11}. {638280000 39600 0 +11}. {654008400 43200 1 +11}. {669729600 39600 0 +11}. {686062800 43200 1 +11}. {696340800 39600 0 +11}. {719931600 43200 1 +11}. {727790400 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Enderbury

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):208
                            Entropy (8bit):4.767926806075848
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5Vm2OH1oePmWXytFBVyv7fPfTVVFmv:MBp5VmdH15PZsBVyDXfZvY
                            MD5:D7EE7623A410715B1F34DC06F5400996
                            SHA1:1ADD299AB66A0BCC32D92EAFBC2CA3B277E1FA3D
                            SHA-256:8CAF3AE352EC168BC0C948E788BB3CBFE3991F36A678A24B47711543D450AED8
                            SHA-512:356C3ECC40211B36FA1ECF8601AA8FAAE8080606F55AA4E706D239B8EE35ADE3987708716376D73053DB7A59B9A9B7A267EEDA6ED2A80A558FABA48E851C0EB1
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Enderbury) {. {-9223372036854775808 -41060 0 LMT}. {-2177411740 -43200 0 -12}. {307627200 -39600 0 -11}. {788871600 46800 0 +13}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Fakaofo

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):178
                            Entropy (8bit):4.865240332098143
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDH4ErKYvcXGm2OH18VkevXmUENBBdNiCPFVFv74v:SlSWB9X5BE3Lm2OH1VePmH7fP+v
                            MD5:6CC11F5FAA361F69262AB8E7F4DB4F90
                            SHA1:EA7ED940C0A3B5941972439DE1D735B4DC4AE0AA
                            SHA-256:21C4C35919A24CD9C80BE1BD51C6714AA7EBF447396B3A2E63D330D905FA9945
                            SHA-512:152709462F29EE14A727BE625E7ABD59625B6C4D4B36A2CE76B68D96CD176EDECA91DF26DAC553346ED360F2CA0F6C62981F50B088AE7BE1B998B425D91EF3B5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fakaofo) {. {-9223372036854775808 -41096 0 LMT}. {-2177411704 -39600 0 -11}. {1325242800 46800 0 +13}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Fiji

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5505
                            Entropy (8bit):3.545141446818078
                            Encrypted:false
                            SSDEEP:96:9ebtKf1V/ncXDwwn+q5Y6h+ueDJyqm5DHzv:EbIf1V/nGD5n+q5YPO
                            MD5:67BE85DD77F7B520FD5705A4412157E3
                            SHA1:04FA33692B8DBB8DDF89EF790646A0535943953D
                            SHA-256:2FE87FF4AEBB58506B4E2552D3CB66AAC1D038D8C62F8C70B0EAF1CC508EC9FA
                            SHA-512:35D4C46D187912D2B39C07A50DB0C56427ACF3755AD4B563B734BE26CA9C441AA0C2836266C803919786BF6DA9118A880CCF221FE9F9A9E30D610BE8E4913A9F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Fiji) {. {-9223372036854775808 42944 0 LMT}. {-1709985344 43200 0 +12}. {909842400 46800 1 +12}. {920124000 43200 0 +12}. {941896800 46800 1 +12}. {951573600 43200 0 +12}. {1259416800 46800 1 +12}. {1269698400 43200 0 +12}. {1287842400 46800 1 +12}. {1299333600 43200 0 +12}. {1319292000 46800 1 +12}. {1327154400 43200 0 +12}. {1350741600 46800 1 +12}. {1358604000 43200 0 +12}. {1382796000 46800 1 +12}. {1390050000 43200 0 +12}. {1414850400 46800 1 +12}. {1421503200 43200 0 +12}. {1446300000 46800 1 +12}. {1452952800 43200 0 +12}. {1478354400 46800 1 +12}. {1484402400 43200 0 +12}. {1509804000 46800 1 +12}. {1515852000 43200 0 +12}. {1541253600 46800 1 +12}. {1547301600 43200 0 +12}. {1572703200 46800 1 +12}. {1579356000 43200 0 +12}. {1604152800 46800 1 +12}. {1610805600 43200 0 +12}. {1636207200 46800 1 +12}. {1642255200 43200

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Funafuti

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):148
                            Entropy (8bit):4.974991227981989
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDH4QwyFtXGm2OHwodGevXmcpXrWXVN0UIvYv:SlSWB9X5BCEm2OHwxePmgSX0a
                            MD5:23994D1C137B8BC2BA6E97739B38E7BD
                            SHA1:36772677B3C869C49A829AF08486923321ADD50A
                            SHA-256:F274C6CD08E5AA46FDEA219095DA8EA60DA0E95E5FD1CBCB9E6611DE47980F9E
                            SHA-512:CB2DB35960D11322AD288912C5D82C8C579791E40E510A90D34AAB20136B17AA019EFD55D1C4A2D9E88F7AF79F15779AF7EC6856F3085161AC84C93872C61176
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Funafuti) {. {-9223372036854775808 43012 0 LMT}. {-2177495812 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Galapagos

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):238
                            Entropy (8bit):4.63034174284777
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5fEjFJm2OHvQYezie7KV9dRncRviWFrN5/uFfXFfrin:MBp5fSFJmdH0zV7O9DdWFN5/uFfXdGn
                            MD5:307B016C9E6A915B1760D9A6AD8E63C1
                            SHA1:26B797811821C09CF6BAB76E05FF612359DF7318
                            SHA-256:F1CB2B1EBD4911857F5F183E446A22E731BD57925AD07B15CA78A7BDDFED611F
                            SHA-512:F7AAAEE32CAC84F7D54C29E07CB8952D61585B85CB4FFFB93DD824A71403FDF356EC0761E5EEE19D9F8139F11A9CAB0A7DAEADBD13B6DD4C0CDF9FB573794542
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Galapagos) {. {-9223372036854775808 -21504 0 LMT}. {-1230746496 -18000 0 -05}. {504939600 -21600 0 -06}. {722930400 -18000 1 -06}. {728888400 -21600 0 -06}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Gambier

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):149
                            Entropy (8bit):4.931482658662627
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDH5hBfcXGm2OHKToxYvUdNfiuvn:SlSWB9X5kTm2OHPxYYquv
                            MD5:98754C9D99442282F5C911725764C5D1
                            SHA1:7E679DC38A7C7873695E10814B04E3919D1BFB41
                            SHA-256:7D09014BE33CB2B50554B6937B3E870156FDCB5C36E9F8E8925711E79C12FC74
                            SHA-512:2044AEEDFEF948E502667D1C60E22814202E4BA657DE89A962B6E9E160A93B3B77BF0AC4F5159FC45D43B2038E624D90A4589FB87F3449CA10D350EF60373D17
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Gambier) {. {-9223372036854775808 -32388 0 LMT}. {-1806678012 -32400 0 -09}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Guadalcanal

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):151
                            Entropy (8bit):4.934129846149006
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDH5RyJTLJyFkXGm2OHddHvpoxYvUdMWdHPVmv:SlSWB9X5LJHgm2OHdFGxYAHPAv
                            MD5:193872CE34E69F8B499203BC70C2639B
                            SHA1:7A2B8E346E3BF3BE48AAA330C3EEE47332E994AB
                            SHA-256:F1D21C339E8155711AA7EF9F4059A738A8A4CE7A6B78FFDD8DCC4AC0DB5A0010
                            SHA-512:D2114AD27922799B8C38B0486D1FAE838EC94A461388960A6F2D19F7763E09FF75A9C4619C52BE2626E8EA2275794B694C1A76E2711D10B77CE6E34259DBF2BE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guadalcanal) {. {-9223372036854775808 38388 0 LMT}. {-1806748788 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Guam

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):204
                            Entropy (8bit):4.833752908914461
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5bm2OHauezyRtAePmdSUUyWGHZFUeMn:MBp5bmdHanzCtBP1yWleMn
                            MD5:AD14439D9E27F2D3545E17082150DC75
                            SHA1:43DE1D4A90ABE54320583FAB46E6F9B428C0B577
                            SHA-256:CE4D3D493E625DA15A8B4CD3008D9CBDF20C73101C82F4D675F5B773F4A5CF70
                            SHA-512:77800323ED5AF49DA5E6314E94938BEAAEDD69BB61E338FAF024C3A22747310307A13C6CBBAFE5A48164855B238C2CAD354426F0EE7201B4FB5C129D68CB0E3B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Guam) {. {-9223372036854775808 -51660 0 LMT}. {-3944626740 34740 0 LMT}. {-2177487540 36000 0 GST}. {977493600 36000 0 ChST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Honolulu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):332
                            Entropy (8bit):4.582125163058844
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5PeQm2OHsVVPBraX3UNFvDrUXaWFvjHovLnvRY7p0:MBp5WQmdH0VPBa0VOT12G7O
                            MD5:17ACB888B597247CB0CA3CA191E51640
                            SHA1:9C2668BF0288D277ED2FE5DBCD5C34F5931004A6
                            SHA-256:719EA0BC1762078A405936791C65E4255B4250FB2B305342FE768A21D6AF34BE
                            SHA-512:9D02F784F0CD2195AEDEAA59E3ECD64B27928D48DCBC3EA2651B36B3BE7F8C6D9CBB66ACDC76DC02D94DF19C0A29306DD8C2A15AD89C24188FC3E4BCFBE6D456
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Honolulu) {. {-9223372036854775808 -37886 0 LMT}. {-2334101314 -37800 0 HST}. {-1157283000 -34200 1 HDT}. {-1155436200 -34200 0 HST}. {-880201800 -34200 1 HWT}. {-769395600 -34200 1 HPT}. {-765376200 -37800 0 HST}. {-712150200 -36000 0 HST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Johnston

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):4.795254976384326
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG2fWGYFedVAIgObT2fWzvNnUDH0KNyFx/hpUDH2fe:SlSWB9IZaM3yc6e8dVAIgOb6ezvNNWya
                            MD5:FA20CE420C5370C228EB169BBC083EFB
                            SHA1:5B4C221AC97292D5002F6ABEB6BC66D7B8E2F01B
                            SHA-256:83A14BF52D181B3229603393EA90B9535A2FF05E3538B8C9AD19F483E6447C09
                            SHA-512:7E385FEBD148368F192FC6B1D5E4B8DD31F58EC4329BF9820D554E97402D0A582AB2EBCF46A5151D0167333349A83476BEB11C49BC0EBAADE5A297C42879E0C3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:Pacific/Johnston) $TZData(:Pacific/Honolulu).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Kiritimati

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):211
                            Entropy (8bit):4.684652862044272
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDH1meEXGm2OHjToevXmUBepRGFz4vQU8F/5f5vARVvVtQCn:SlSWB9X5iLm2OHjkePmLSz4YjRfSzvJn
                            MD5:E22A2C0F847601F128986A48A4B72F90
                            SHA1:4E1D047DC64AA57C311A22FB1DA8497CD7022192
                            SHA-256:88260F34784960C229B2B282F8004FD1AF4BE1BC2883AAEE7D041A622933C3FE
                            SHA-512:A80DAC1A2A3376A47E2A542DE92CCC733E440AF2F05A70823DA52A2490FC9D1762F35CE256E6D1F7CCD435EEFBD6B0FBC533459CD3AD79ACD52C7CA78C29317C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kiritimati) {. {-9223372036854775808 -37760 0 LMT}. {-2177415040 -38400 0 -1040}. {307622400 -36000 0 -10}. {788868000 50400 0 +14}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Kosrae

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):201
                            Entropy (8bit):4.763096849699127
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDH1+AtFkXGm2OHHvvXmc03VLpCcfzvwX0UIv4Q9Hmv:SlSWB9X598Jm2OHHvPmb9fLYX01Yv
                            MD5:96235B4DD81BA681216B74046A5A8780
                            SHA1:24D682CE5D7C4A3DF8C860CB80ED262085CB965C
                            SHA-256:BE400ED502FA7EC34B8DE44B2A3D0AF3033292EF08FD1F5F276147E15460CFF6
                            SHA-512:4B30A0A1806D5D96FE5F9B1208490E23EABB498B634C98D89553059E68292AAAB6B182FE367E2923DBE0BC03D023D9EFC0EC25F5DD19AB8AE878B32478FF4B55
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kosrae) {. {-9223372036854775808 39116 0 LMT}. {-2177491916 39600 0 +11}. {-7988400 43200 0 +12}. {915105600 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Kwajalein

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):205
                            Entropy (8bit):4.788662012960935
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5yErm2OH4T2ePmvfL/XytdrH0a:MBp5XrmdHWPoL8rUa
                            MD5:885C86BCE6B3D83D9CD715D75170AA81
                            SHA1:9607AC6B1756FEBF2BEC2A78138AF12C11FD46F6
                            SHA-256:2E636A3576119F2976D2029E75F26A060A5C0800BF7B719F1CB4562D896A6432
                            SHA-512:410D32CBAB0C1B9D948C2C1416B6D158650600748F1C96D16121DB5F0A9D8384A14067E8603576ED1101BD62F6529C6E7A129428B77CBA1D185214D051F2C6B2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Kwajalein) {. {-9223372036854775808 40160 0 LMT}. {-2177492960 39600 0 +11}. {-7988400 -43200 0 -12}. {745848000 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Majuro

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):173
                            Entropy (8bit):4.868505550342842
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHznHLXGm2OHy3HuxYvXmcQ/VpCcfzvwX0UIvYv:SlSWB9X5Qim2OHyexYPmf/ffLYX0a
                            MD5:5664FAB6368844F8139F48C32A1486B9
                            SHA1:55826443FB44D44B5331082568E2C46257A0F726
                            SHA-256:CBBB814CE6E9F2FA1C8F485BBDB0B759FDA8C859BC989EC28D4756CC10B21A82
                            SHA-512:1BD1D6C2224E0DCC7A1887ECEB38C64E8DEABF44BE52FE29C5A302BAD95C0EB9DBD20E5738F3916B8902FA084606E07BE3723C1BE62416EB1E6DC4AD215A56F0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Majuro) {. {-9223372036854775808 41088 0 LMT}. {-2177493888 39600 0 +11}. {-7988400 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Marquesas

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):153
                            Entropy (8bit):4.930595315407702
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHzrHeHkXGm2OHOx5vUdNpNFvvIVVCC:SlSWB9X5cHeLm2OHOnY/FvQVVL
                            MD5:B41251BE6A78B9BA4F7859D344517738
                            SHA1:8C0DFDD40B8AE1DFA6C3C1BDD44E8452F5EE49E1
                            SHA-256:FC06B45FB8C5ED081BAFA999301354722AEF17DB2A9C58C6CDF81C758E63D899
                            SHA-512:96D302EAA274BEE26325B8334DA8C3782B8DC0E279DDF464D281AF2B0CEE19E9254837A4B1D08F9B777BE892F639D205F6AB85C37C8F8B58A4867EA082FF054B
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Marquesas) {. {-9223372036854775808 -33480 0 LMT}. {-1806676920 -34200 0 -0930}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Midway

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):189
                            Entropy (8bit):4.763101291800624
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGurKeTIVAIgObTurKeUAtnUDHz0HvUDHurKeTv:SlSWB9IZaM3ycieZVAIgObieiZeg
                            MD5:A5A67AC85621952E16528DD73C94346E
                            SHA1:FB3D1AD833CD77B8FE68AC37FAA39FF4A9A69815
                            SHA-256:B4C19E4D05CCBC73ABE5389EBCFCC5586036C1D2275434003949E1CF634B9C26
                            SHA-512:5BB96561582BA3E9F2973322BCF76BD3F9023EC965A0CB504DFE13C127CA2ED562D040EC033DDB946FBB17E9FDD2EAB7532F88B2B0F1182CE880E41C920CFD36
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Midway) $TZData(:Pacific/Pago_Pago).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Nauru

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):235
                            Entropy (8bit):4.6089214752758965
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5Jem2OHceR6sCHST0ikvScCdpShcX0a:MBp5JemdH9sxZHCDEta
                            MD5:CBC3FE6B512B0A3E96B7F47E4CD830EB
                            SHA1:A1962DF38BED723F8F747B8931B57FAAC2E8291C
                            SHA-256:8118062E25736A4672B11D6A603B5A8FE2ED1A82E1814261DF087EA3071A7DD7
                            SHA-512:18E0975189794068033AD000D6A3DA8859EDAAE9D546969AB683399031888307D3F52909DCFEB637CF719782D4F5E87D49A73D6D4B53DEF6FD98041B7A046686
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Nauru) {. {-9223372036854775808 40060 0 LMT}. {-1545131260 41400 0 +1130}. {-877347000 32400 0 +09}. {-800960400 41400 0 +1130}. {294323400 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Niue

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):209
                            Entropy (8bit):4.680590339435768
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5Jm3Lm2OHJPm60jdFBJNsYv8FyGv7Kn:MBp5JmbmdHJPB0mYRGDKn
                            MD5:54FD41634DDEAA58F9F9770DC82B3E5F
                            SHA1:E5296ACE7239C4CD7E13D391676F910376556ACC
                            SHA-256:9D4E202A1ED8609194A97ED0F58B3C36DF83F46AE92EAF09F8337317DCACA75F
                            SHA-512:9A2192C1232368FA5D382062A2C48869155B727C970F5D5BCD5FE424FC9D15417394E637D77FCA793B633517A1BFED8D93E74F239A3BC1A6716615B6D877ADC6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Niue) {. {-9223372036854775808 -40780 0 LMT}. {-2177412020 -40800 0 -1120}. {-599575200 -41400 0 -1130}. {276089400 -39600 0 -11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Norfolk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):269
                            Entropy (8bit):4.580350938236725
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5JJpkLm2OH6uToePmUOvJiQHSJE8Gy+xS7zzv:MBp5JJAmdH6SPIvVH787+xkv
                            MD5:147E5FF4670F8551895B7B0EC1A66D46
                            SHA1:83F0D4DC817ED61E7985CC7AB3268B3EBAD657A3
                            SHA-256:A56472811F35D70F95E74A7366297BFAAFBC034CD10E9C0F3C59EFFA21A74223
                            SHA-512:FE183CA00E7D2B79F8E81E1FAF5E8CE103E430B7159C14CA915FD2BFE6D4381BF42EDB217E9D99C13D728CD09BB0E67562E84D957E9606F6B6C1AB08657DDBF9
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Norfolk) {. {-9223372036854775808 40312 0 LMT}. {-2177493112 40320 0 +1112}. {-599656320 41400 0 +1130}. {152029800 45000 1 +1230}. {162912600 41400 0 +1130}. {1443882600 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Noumea

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):314
                            Entropy (8bit):4.468119357525684
                            Encrypted:false
                            SSDEEP:6:SlSWB9X5JcdJm2OHTYAfIX2pVzOa9FxpZPS62pm+v:MBp5JcLmdHTYJX2fzFjb123v
                            MD5:A966877A1BEBFE5125460233A5C26728
                            SHA1:721103E2BFC0991CE80708D77C3FBEDCC2B3C9D3
                            SHA-256:8C282AC6DA722858D8B1755C710BE3EC4BD8EFEF4832A415E772EED287899315
                            SHA-512:51B5BD7834D4B3BAEEF3E1A2E6F469F6FFC354407182CA87AF67C4F4F26D4CB116A60BBB08BC178950CA3CFF978E2809EFC73002A4F8883B454024A2FFCBD732
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Noumea) {. {-9223372036854775808 39948 0 LMT}. {-1829387148 39600 0 +11}. {250002000 43200 1 +11}. {257342400 39600 0 +11}. {281451600 43200 1 +11}. {288878400 39600 0 +11}. {849366000 43200 1 +11}. {857228400 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Pago_Pago

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.94008377236012
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHurKeTFwSXGm2OH2ivkevXUPi1TsYvUdfWTVvvL:SlSWB9X5XevJm2OH23ePWieYCWZvvL
                            MD5:7ABD13E51C01A85468F6511B6710E4B5
                            SHA1:9DC80A7BFD7028DB672A20EF32C31B11F083BA99
                            SHA-256:AEE9D8FBCB7413536DA1CBDC4F28B7863B3DDD5E6A5AB2A90CE32038AC0EA2B8
                            SHA-512:6F6BBEBB10FD6B3987D3076D93DC06F5F765FAC22A90C4184AAF33C1FFD4CBD98464C8A0B4C0C38808AA6D08F91F5060BCEC83E278B8BEF21124C7FE427A09AF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pago_Pago) {. {-9223372036854775808 45432 0 LMT}. {-2445424632 -40968 0 LMT}. {-1861879032 -39600 0 SST}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Palau

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):145
                            Entropy (8bit):4.920441332270432
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHugEZFwcXGm2OHCAnvXmdQ4+vScCC:SlSWB9X5Xg2wTm2OHPnPmdQRvScCC
                            MD5:4070C7A615EF7977537641B01FA46AD6
                            SHA1:E80FF2BBD448B2399DBE56D279858D7D06EBA691
                            SHA-256:F12CB444E9BA91385BED20E60E7DF1A0DB0CE76C6FC7ACA59EEF029BC56D5EA3
                            SHA-512:5DD3FD1D0AA4D6DA3F274BEEC283A72B4532804AA9901AB4B1616D36C13CB8F5CC51DB8A6B89C019FAD875ABB567EFC8BD894AADC1E63E94A8CAC79F3E82CB6C
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Palau) {. {-9223372036854775808 32276 0 LMT}. {-2177485076 32400 0 +09}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Pitcairn

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.757588870650609
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHuQTWLMWkXGm2OHUVFvvXmXUlgloRNycyf/vGRvn:SlSWB9X5XQyLMCm2OHUVVPmXUKmOhf/+
                            MD5:AB8D0D9514FA6C5E995AE76D2DAEA6D4
                            SHA1:3775349B3BE806AA005174D91597D6F2C54E8EC5
                            SHA-256:3BB856B2C966211D7689CD303DFDDACB3C323F3C2DA0FF47148A8C5B7BC0E1C4
                            SHA-512:AB5D2E00C820D36A2A8B198AAC9350BEFA235EA848A11B16B042EE8124975DCAFC737D30D7C1A01D874B0937E469C2364441FCA686B5EB66A48251F587F55DC5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pitcairn) {. {-9223372036854775808 -31220 0 LMT}. {-2177421580 -30600 0 -0830}. {893665800 -28800 0 -08}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Pohnpei

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):147
                            Entropy (8bit):4.9618148014469705
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHuy3EXGm2OH1/VvXmcrLmv:SlSWB9X5Xybm2OH1NPmSqv
                            MD5:0D8489972CBD248971C83DA074C79030
                            SHA1:3E390EDC1A2F678918220026F03E914BB6E8ED4B
                            SHA-256:A85364C6E79EA16FD0C86A5CF74CCB84843009A6738AAED3B13A709F1BDF0DF7
                            SHA-512:A43E459BAB47F133E27A67CFA448E94FBE796DDC23A2D6C3400437D3BC8F31AC2EF3541C4588CF494E1BBD55856C5FA8553A6CD92534E2243EFA31BE2BF5A4CC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Pohnpei) {. {-9223372036854775808 37972 0 LMT}. {-2177490772 39600 0 +11}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Ponape

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):183
                            Entropy (8bit):4.735143778298082
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGuySedVAIgObTuyvQnUDHu3HppUDHuyu:SlSWB9IZaM3yciySedVAIgObiyvQX3HP
                            MD5:C963ECC06914E8E42F0B96504C1F041C
                            SHA1:82D256793B22E9C07362708EE262A6B46AC13ACD
                            SHA-256:86593D3A9DC648370A658D82DA7C410E26D818DB2749B79F57A802F8CED76BD3
                            SHA-512:0F3691977F992A3FF281AD1577BA0BD4AAF7DB3F167E1A1FF139374C14B14F1A456BE7E7D362D698A8294A6AB906E69AC56E1EE0DAF77C13050553299FB6DAF5
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pohnpei)]} {. LoadTimeZoneFile Pacific/Pohnpei.}.set TZData(:Pacific/Ponape) $TZData(:Pacific/Pohnpei).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Port_Moresby

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):183
                            Entropy (8bit):4.8981931494123065
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHuwKXI3EXGm2OHwdvvXZUeQTnoowFZnqMVVMUJv:SlSWB9X5X/43Lm2OHwdvPZZQTnoDZDVN
                            MD5:AF14EE836FE5D358C83568C5ACFA88C0
                            SHA1:22026C7FE440E466193E6B6935C2047BD321F76B
                            SHA-256:33E0A5DD919E02B7311A35E24DB37F86A20A394A195FE01F5A3BE7336F276665
                            SHA-512:BEF151E1198D57328BA0FC01BB6F00AD51ADEEE99A97C30E0D08FFB3CFCB9E99B34DBAD03FCB3B19F17D60590FA0E6C5F2978954A3585CDFD31E32C93B05154D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Port_Moresby) {. {-9223372036854775808 35320 0 LMT}. {-2840176120 35312 0 PMMT}. {-2366790512 36000 0 +10}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Rarotonga

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):907
                            Entropy (8bit):3.848488423299009
                            Encrypted:false
                            SSDEEP:24:ccekzUF0tMUObNFnNUYWJYu+nkonSAOaJT/rbkoa5SBnLn:1zUuMUOnNUVJYxkonSAOaJTjbkoasRLn
                            MD5:19F22E22F7B136EFCB45E83BC765E871
                            SHA1:500CC7EA47902856727C2B6D23BF4DAFF6817EB4
                            SHA-256:B1235ED60A50282E14F4B2B477F9936D15CAF91495CBB81971A2C9580209C420
                            SHA-512:2FD667F105E57A62821B2BB301A1A31BB56FA6670AADC94F41337445335262FE40DA5DAE7113328E54379E45246B5419B94F8C8AFB73B1F2405E7F08F5D6FBCC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Rarotonga) {. {-9223372036854775808 -38344 0 LMT}. {-2177414456 -37800 0 -1030}. {279714600 -34200 0 -10}. {289387800 -36000 0 -10}. {309952800 -34200 1 -10}. {320837400 -36000 0 -10}. {341402400 -34200 1 -10}. {352287000 -36000 0 -10}. {372852000 -34200 1 -10}. {384341400 -36000 0 -10}. {404906400 -34200 1 -10}. {415791000 -36000 0 -10}. {436356000 -34200 1 -10}. {447240600 -36000 0 -10}. {467805600 -34200 1 -10}. {478690200 -36000 0 -10}. {499255200 -34200 1 -10}. {510139800 -36000 0 -10}. {530704800 -34200 1 -10}. {541589400 -36000 0 -10}. {562154400 -34200 1 -10}. {573643800 -36000 0 -10}. {594208800 -34200 1 -10}. {605093400 -36000 0 -10}. {625658400 -34200 1 -10}. {636543000 -36000 0 -10}. {657108000 -34200 1 -10}. {667992600 -36000 0 -10}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Saipan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.8048918219164065
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG5RFedVAIgObT5RSQnUDHtluKpUDH5Rp:SlSWB9IZaM3ycdedVAIgObaQvKM
                            MD5:BE50B3EE2BD083842CFFB7698DD04CDE
                            SHA1:0B8C8AFC5F94E33226F148202EFFBD0787D61FA2
                            SHA-256:74DD6FE03E3061CE301FF3E8E309CF1B10FC0216EEC52839D48B210BCBD8CF63
                            SHA-512:136BCF692251B67CD3E6922AD0A200F0807018DC191CAE853F2192FD385F8150D5CCF36DF641ED9C09701E4DBBB105BF97C7540D7FA9D9FFC440682B770DF5BA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Guam)]} {. LoadTimeZoneFile Pacific/Guam.}.set TZData(:Pacific/Saipan) $TZData(:Pacific/Guam).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Samoa

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):4.729839728044672
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGurKeTIVAIgObTurKeUAtnUDHthA5nUDHurKeTv:SlSWB9IZaM3ycieZVAIgObieiNXeg
                            MD5:843BBE96C9590D69B09FD885B68DE65A
                            SHA1:25BF176717A4578447E1D77F9BF0140AFF18625A
                            SHA-256:4F031CB2C27A3E311CA4450C20FB5CF4211A168C39591AB02EEEC80A5A8BFB93
                            SHA-512:B50301CFC8E5CF8C257728999B0D91C06E2F7C040D30F71B90BBC612959B519E8D27EE2DA9B8B9002483D3F4F173BB341A07898B4E4C98A146B3D988CA3BD5B2
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:Pacific/Samoa) $TZData(:Pacific/Pago_Pago).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Tahiti

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):148
                            Entropy (8bit):4.900317309402027
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHqhFtXGm2OHl/oevUdNqRU8Cn:SlSWB9X5TTEm2OHloeYqRQn
                            MD5:DDF599B7659B88603DF80E390471CB10
                            SHA1:80FF5E0E99483CB8952EC137A261D034B6759D07
                            SHA-256:B8282EC1E5BFA5E116C7DC5DC974B0605C85D423519F124754126E8F8FE439EC
                            SHA-512:28F15CB6310190066936B7B21024205EC87A54D081415B1E46E72982814E1E2A41A2CE8B808D02E705100CE5ACBB1E69F1859E40A04F629B7004FBD89DD37899
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tahiti) {. {-9223372036854775808 -35896 0 LMT}. {-1806674504 -36000 0 -10}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Tarawa

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):146
                            Entropy (8bit):4.924466748251822
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHqQwcXGm2OHyyFpoevXmciRrWFN0UIvYv:SlSWB9X5TbTm2OHyyFGePmbu0a
                            MD5:AE5E0FFFEEFD0A8E77233CB0E59DE352
                            SHA1:7B7CC1095FB919946F3315C4A28994AEB1ECD51A
                            SHA-256:1FCC6C0CC48538EDB5B8290465156B2D919DFA487C740EB85A1DF472C460B0E6
                            SHA-512:1693FA5DE78FDCF79993CB137EE0568A4B8245D0177DF845356B3C2418641C8AA23CAA7069707C0E180FF9F5345D380A3575EEFFE0C8BC08E18E40ED0E1F6FA3
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tarawa) {. {-9223372036854775808 41524 0 LMT}. {-2177494324 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Tongatapu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):436
                            Entropy (8bit):4.271209640478309
                            Encrypted:false
                            SSDEEP:12:MBp5kJmdHmLP72Dcw8UtnKbUtrtAUt54bUtjg:cOem77il2eQ
                            MD5:C32CDBF9C696134870351ABB80920E08
                            SHA1:43918B7BF46EF2B574D684D36901592E43A45A8A
                            SHA-256:8FE5EF266C660C4A25827BE9C2C4081A206D946DD46EBC1095F8D18F41536399
                            SHA-512:1E10C548659A9CE0A9F0C7E6FD86EAD8627C07A8C9842933E7C6CD28EACDE3735DBFDCF7DD1DE5DDE7F2F102F7D584B3C44B1350AFDF7E1621FE9F565CD32362
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Tongatapu) {. {-9223372036854775808 44360 0 LMT}. {-2177497160 44400 0 +1220}. {-915193200 46800 0 +13}. {915102000 46800 0 +13}. {939214800 50400 1 +13}. {953384400 46800 0 +13}. {973342800 50400 1 +13}. {980596800 46800 0 +13}. {1004792400 50400 1 +13}. {1012046400 46800 0 +13}. {1478350800 50400 1 +13}. {1484398800 46800 0 +13}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Truk

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.865414495402954
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG9CovedVAIgObT9CknUDHqAOsvUDH9Cov:SlSWB9IZaM3yckGedVAIgObkkTAOmy
                            MD5:3282C08FE7BC3A5F4585E97906904AE1
                            SHA1:09497114D1EC149FB5CF167CBB4BE2B5E7FFA982
                            SHA-256:DC6263DCC96F0EB1B6709693B9455CB229C8601A9A0B96A4594A03AF42515633
                            SHA-512:077924E93AC9F610CD9FE158655B631186198BD96995428EB9EE2082449BD36CBF6C214D86E51A6D9A83329FCD5E931C343AA14DBB286C53071D46692B81BC0D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Truk) $TZData(:Pacific/Chuuk).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Wake

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):144
                            Entropy (8bit):4.9366125478034935
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHp8FkXGm2OH4VkxYvXmcDVv0UIvYv:SlSWB9X5PJm2OHYkxYPmyv0a
                            MD5:AD4044C0F87566AA5265DA84CD3DABBA
                            SHA1:15ED1B5960B3E70B23C430B0281B108506BBE76C
                            SHA-256:2C273BA8F8324E1B414B40DC356C78E0FD3C02D5E8158EA5753CA51E1185FC11
                            SHA-512:AD4758B01038BCAA519776226B43D90CED89292BA47988F639D45FD5B5436ED4E3B16C27F9145EC973DCC242FF6ADC514D7CDD6660E7CE8DD8E92A96CDACD947
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wake) {. {-9223372036854775808 39988 0 LMT}. {-2177492788 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Wallis

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):146
                            Entropy (8bit):4.932023172694197
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFx5nUDHpEf/kXGm2OH3UPvXmcCRQH0UIvYv:SlSWB9X5tfTm2OHkPPmiH0a
                            MD5:9FBFA7A7556A081F2352250B44EB0CB6
                            SHA1:CB16A38A9E51FEFC803C4E119395B9BCDBA1CF95
                            SHA-256:29ABBA5D792FB1D754347DED8E17423D12E07231015D5A65A5873BFC0CE474C7
                            SHA-512:CD0FA19597D7188F1D05E8FE9DD9B650DDD30CBBEF3F16646715D5DEF5A261C1E92ADE781DEA609B163808D7A59A0F7AF168332D0134D87DADE42447ABE7E431
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:Pacific/Wallis) {. {-9223372036854775808 44120 0 LMT}. {-2177496920 43200 0 +12}.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Pacific\Yap

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):174
                            Entropy (8bit):4.887747451136248
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG9CovedVAIgObT9CknUDHnHPUDH9Cov:SlSWB9IZaM3yckGedVAIgObkkeBy
                            MD5:63594F45385660A04D21C11B5F203FF4
                            SHA1:CEEC55B952B8EBA952E0965D92220C8EF001E59E
                            SHA-256:4418559478B5881DFAF3FE3246A4BFE2E62C46C1D3D452EE4CF5D9651C4F92B5
                            SHA-512:B9B55B027EFB7E87D44E89191C03A8409A16FA19A52032E29210161AE8FED528A6504B7B487181847125AF2C7C129A0687323CDDC6D5454199229897F97F0AB0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Chuuk)]} {. LoadTimeZoneFile Pacific/Chuuk.}.set TZData(:Pacific/Yap) $TZData(:Pacific/Chuuk).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Poland

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):169
                            Entropy (8bit):4.89278153269951
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVqEGIVyVAIgoqpEGuHtnSi67x/yQa0EGIv:SlSWB9IZaM3ymczVAIgocuN27x6qS
                            MD5:975F22C426CE931547D50A239259609A
                            SHA1:77D68DF6203E3A2C1A2ADD6B6F8E573EF849AE2E
                            SHA-256:309DE0FBCCDAE21114322BD4BE5A8D1375CD95F5FC5A998B3F743E904DC1A131
                            SHA-512:ABDF01FCD0D34B5A8E97C604F3976E199773886E87A13B3CDD2319A92BD34D76533D4BA41978F8AAA134D200B6E87F26CB8C223C2760A4D7A78CD7D889DB79BE
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Warsaw)]} {. LoadTimeZoneFile Europe/Warsaw.}.set TZData(:Poland) $TZData(:Europe/Warsaw).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Portugal

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):171
                            Entropy (8bit):4.887895128079745
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVxMvLSwFVAIgoqyMvLN6nM24h8QavMvLu:SlSWB9IZaM3ymvMv2wFVAIgovMvUe81B
                            MD5:31202B87B7352110A03D740D66DCD967
                            SHA1:439A3700721D4304FA81282E70F6305BB3706C8D
                            SHA-256:8288E9E5FC25549D6240021BFB569ED8EB07FF8610AAA2D39CD45A025EBD2853
                            SHA-512:AB95D3990DC99F6A06BF3384D98D42481E198B2C4D1B2C85E869A2F95B651DDF64406AB15C485698E24F26D1A081E22371CE74809915A7CCA02F2946FB8607BF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Lisbon)]} {. LoadTimeZoneFile Europe/Lisbon.}.set TZData(:Portugal) $TZData(:Europe/Lisbon).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\ROC

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):160
                            Entropy (8bit):4.743612967973961
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8qMvedVAIgNqBolOr4WFKfMv:SlSWB9IZaM3yKMvedVAIgcBoS4wKfMv
                            MD5:A0C5022166493D766E827B88F806CA32
                            SHA1:2A679A391C810122DDD6A7EF722C35328FC09D9C
                            SHA-256:537EA39AFBA7CFC059DE58D484EF450BEE73C7903D36F09A16CA983CB5B8F686
                            SHA-512:85FEF0A89087D2196EC817A6444F9D94A8D315A64EAE9615C615DBB79B30320CED0D49A1A6C2CD566C722971FA8908A675B1C8F7E64D6875505C60400219F938
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Taipei)]} {. LoadTimeZoneFile Asia/Taipei.}.set TZData(:ROC) $TZData(:Asia/Taipei).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\ROK

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):157
                            Entropy (8bit):4.851755466867201
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq8ZQckvFVAIgNtvQstlmFeWFKKQs:SlSWB9IZaM3yJmFVAIgztpwKg
                            MD5:48E7BE02E802A47C0D2F87E633010F38
                            SHA1:A547853A7ED03CE9C07FC3BAA0F57F5ABB4B636B
                            SHA-256:2F362169FD628D6E0CB32507F69AD64177BC812E7E961E5A738F4F492B105128
                            SHA-512:BCBE9BC1C08CFF97B09F8D566EC3B42B9CE8442FA4BECE37A18446CBBF0ECEDA66BA18ABFA5E52E7677B18FB5DABF00DF9E28DE17B094A690B097AFC7130EA89
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Seoul)]} {. LoadTimeZoneFile Asia/Seoul.}.set TZData(:ROK) $TZData(:Asia/Seoul).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Singapore

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.80663340464643
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyq801cwFVAIgNtK1ERLkZ8O5h4WFKf1E:SlSWB9IZaM3yUpFVAIgWWLkth4wKfK
                            MD5:9E2902F20F33CA25B142B6AA51D4D54F
                            SHA1:C1933081F30ABB7780646576D7D0F54DC6F1BC51
                            SHA-256:FCF394D598EC397E1FFEED5282874408D75A9C3FFB260C55EF00F30A80935CA4
                            SHA-512:D56AF44C4E4D5D3E6FC31D56B9BA36BD8499683D1A3C9BC48EEE392C4AC5ACAA10E3E82282F5BDA9586AF26F4B6C0C5649C454399144F040CC94EA35BBB53B48
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Asia/Singapore)]} {. LoadTimeZoneFile Asia/Singapore.}.set TZData(:Singapore) $TZData(:Asia/Singapore).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\AST4

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):196
                            Entropy (8bit):4.951561086936219
                            Encrypted:false
                            SSDEEP:6:SlSNJB9IZaM3y7p5oedVAIgppKNkjx+90pu:JBaIMYYpgN8+90M
                            MD5:A1D42EC950DE9178058EAA95CCFBAA09
                            SHA1:55BE1FAF85F0D5D5604685F9AC19286142FC7133
                            SHA-256:888A93210241F6639FB9A1DB0519407047CB7F5955F0D5382F2A85C0C473D9A5
                            SHA-512:3C6033D1C84B75871B8E37E71BFEE26549900C555D03F8EC20A31076319E2FEBB0240EC075C2CAFC948D629A32023281166A7C69AFEA3586DEE7A2F585CB5E82
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Puerto_Rico)]} {. LoadTimeZoneFile America/Puerto_Rico.}.set TZData(:SystemV/AST4) $TZData(:America/Puerto_Rico).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\AST4ADT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):4.900537547414888
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx02NEO4FVAIg202NEtYFkRDwh4IAcGE2NEOv:SlSNJB9IZaM3y7UEO4FVAIgpUEqFk+4b
                            MD5:CFDB782F87A616B89203623B9D6E3DBF
                            SHA1:1BB9F75215A172B25D3AE27AAAD6F1D74F837FE6
                            SHA-256:62C72CF0A80A5821663EC5923B3F17C12CE5D6BE1E449874744463BF64BCC3D7
                            SHA-512:085E5B6E81E65BC781B5BC635C6FA1E7BF5DC69295CF739C739F6361BF9EB67F36F7124A2D3E5ADA5F854149C84B9C8A7FB22E5C6E8FF57576EBDEA0E4D6560B
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Halifax)]} {. LoadTimeZoneFile America/Halifax.}.set TZData(:SystemV/AST4ADT) $TZData(:America/Halifax).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\CST6

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.911352504536709
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx0sAzE5YyVAIg20sAzEvYvW6kR/eIAcGEsAzEun:SlSNJB9IZaM3y7hzipVAIgphzGCW6kcQ
                            MD5:01215B5D234C433552A3BF0A440B38F6
                            SHA1:B3A469977D38E1156B81A93D90E638693CFDBEEF
                            SHA-256:2199E7DD20502C4AF25D57A58B11B16BA3173DB47EFA7AD2B33FDB72793C4DDB
                            SHA-512:35D3BDE235FF40C563C7CEDD8A2CCBB4BAC2E2AA24A8E072EA0572BB231295D705EA9F84EEAA9FD2C735B1203332D8D97C3592A2B702BCFE9C81828D4F635205
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Regina)]} {. LoadTimeZoneFile America/Regina.}.set TZData(:SystemV/CST6) $TZData(:America/Regina).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\CST6CDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):4.929669998131187
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx096dVAIg2096zAtkRwx/h4IAcGE96s:SlSNJB9IZaM3y796dVAIgp96Wkyxp49c
                            MD5:CDE40B5897D89E19A3F2241912B96826
                            SHA1:00DE53DC7AA97F26B1A8BF83315635FBF634ABB3
                            SHA-256:3C83D3DB23862D9CA221109975B414555809C27D45D1ED8B9456919F8BA3BF25
                            SHA-512:69DFC06ACF544B7F95DEF2928C1DFE4D95FAD48EE753AD994921E1967F27A3AF891A9F31DDEA547E1BED81C5D2ECF5FC93E75019F2327DE1E73A009422BE52EC
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:SystemV/CST6CDT) $TZData(:America/Chicago).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\EST5

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):199
                            Entropy (8bit):4.881715127736134
                            Encrypted:false
                            SSDEEP:6:SlSNJB9IZaM3y73G7mFVAIgp3GBLkkp4903G1:JBaIMY3G7Hp3GBLVp4903G1
                            MD5:87FEA19F6D7D08F44F93870F7CBBD456
                            SHA1:EB768ECB0B1B119560D2ACBB10017A8B3DC77FDD
                            SHA-256:2B5887460D6FB393DED5273D1AA87A6A9E1F9E7196A8FA11B4DEB31FAD8922C8
                            SHA-512:00DA47594E80D2DB6F2BE6E482A1140780B71F8BBE966987821249984627C5D8C31AA1F2F6251B4D5084C33C66C007A47AFF4F379FA5DA4A112BA028B982A85A
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indianapolis)]} {. LoadTimeZoneFile America/Indianapolis.}.set TZData(:SystemV/EST5) $TZData(:America/Indianapolis).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\EST5EDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):190
                            Entropy (8bit):5.071686349792137
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx0wAy0vwVAIg20wAyatkR5ghxEH/h4IAcGEwAy0v:SlSNJB9IZaM3y71KVAIgp1Bkrp4901h
                            MD5:5C43C828D9460B9DF370F0D155B03A5C
                            SHA1:92F92CD64937703D4829C42FE5656C7CCBA22F4E
                            SHA-256:3F833E2C2E03EF1C3CC9E37B92DBFBA429E73449E288BEBE19302E23EB07C78B
                            SHA-512:A88EAA9DAAD9AC622B75BC6C89EB44A2E4855261A2F7077D8D4018F00FC82E5E1EA364E3D1C08754701A545F5EC74752B9F3657BF589CF76E5A3931F81E99BBF
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:SystemV/EST5EDT) $TZData(:America/New_York).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\HST10

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):188
                            Entropy (8bit):4.927529755640769
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqTQG2fWGYFedVAIgObT2fWzvNkRSm1hpUDH2fWRn:SlSNJB9IZaM3yc6e8dVAIgOb6ezvNkQN
                            MD5:1A50997B6F22E36D2E1849D1D95D0882
                            SHA1:F4AC3ABBEA4A67013F4DC52A04616152C4C639A9
                            SHA-256:C94C64BF06FDE0A88F24C435A52BDDE0C5C70F383CD09C62D7E42EAB2C54DD2C
                            SHA-512:CCBD66449983844B3DB440442892004D070E5F0DFF454B25C681E13EB2F25F6359D0221CE5FF7800AC794A32D4474FE1126EA2465DB83707FF7496A1B39E6E1A
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:SystemV/HST10) $TZData(:Pacific/Honolulu).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\MST7

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.953801751537501
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx0utLaDvFVAIg20utLPtkRgFfh4IAcGEutLNn:SlSNJB9IZaM3y7O+FVAIgpObtkch490u
                            MD5:2B415F2251BE08F1035962CE2A04149F
                            SHA1:EFF5CE7CD0A0CBCF366AC531D168CCB2B7C46734
                            SHA-256:569819420F44D127693C6E536CAC77410D751A331268D0C059A1898C0E219CF4
                            SHA-512:971F1763558D8AC17753C01B7BB64E947C448AA29951064ED7C5997D4B4A652C7F5D7C2CB4F8040F73AD83D7E49B491B93047A06D8C699F33B08F4A064BE0DCC
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:SystemV/MST7) $TZData(:America/Phoenix).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\MST7MDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.909831110037175
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqx06RGFwVAIg206RAO0LkRMMFfh4IAcGE6Ru:SlSNJB9IZaM3y7+SwVAIgp+iLkD490+u
                            MD5:895E9BAF5EDF0928D4962C3E6650D843
                            SHA1:52513BFA267CA2E84FDDF3C252A4E8FD059F2847
                            SHA-256:465A4DE93F2B103981A54827CDEBB10350A385515BB8648D493FD376AABD40AF
                            SHA-512:CAF19320F0F507160E024C37E26987A99F2276622F2A6D8D1B7E3068E5459960840F4202FF8A98738B9BCA0F42451304FC136CBD36BBFE39F616622217AD89A3
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:SystemV/MST7MDT) $TZData(:America/Denver).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\PST8

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):187
                            Entropy (8bit):4.782387645904801
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqTQGuQTWLM4YkvFVAIgObTuQTWLvqtkRQB5nUDHuQTWi:SlSNJB9IZaM3yciQyLM4YmFVAIgObiQq
                            MD5:67AE3FD76B2202F3B1CF0BBC664DE8D0
                            SHA1:4603DE0753B684A8D7ACB78A6164D5686542EE8E
                            SHA-256:30B3FC95A7CB0A6AC586BADF47E9EFA4498995C58B80A03DA2F1F3E8A2F3553B
                            SHA-512:BF45D0CA674DD631D3E8442DFB333812B5B31DE61576B8BE33B94E0433936BC1CD568D9FC522C84551E770660BE2A98F45FE3DB4B6577968DF57071795B53AD9
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pitcairn)]} {. LoadTimeZoneFile Pacific/Pitcairn.}.set TZData(:SystemV/PST8) $TZData(:Pacific/Pitcairn).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\PST8PDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):199
                            Entropy (8bit):4.959254419324467
                            Encrypted:false
                            SSDEEP:6:SlSNJB9IZaM3y7DvwFVAIgpdJLkQ1p490Dvn:JBaIMYFpdJLh090z
                            MD5:DFB48E0E2CE5D55DC60B3E95B7D12813
                            SHA1:535E0BF050E41DCFCE08686AFDFAFF9AAFEF220C
                            SHA-256:74096A41C38F6E0641934C84563277EBA33C5159C7C564C7FF316D050083DD6D
                            SHA-512:3ECDF3950ED3FB3123D6C1389A2A877842B90F677873A0C106C4CA6B180EEC38A26C74E21E8A3036DA8980FF7CA9E1578B0E1D1A3EA364A4175772F468747425
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:SystemV/PST8PDT) $TZData(:America/Los_Angeles).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\YST9

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.905971098884841
                            Encrypted:false
                            SSDEEP:3:SlEVFLLJJT8QFCZaMuUyqTQG5hB5pVAIgObT5hBiLkRKlUDH5hBun:SlSNJB9IZaM3ycTpVAIgOb4LkK
                            MD5:CED0A343EF3A316902A10467B2F66B9B
                            SHA1:5884E6BA28FD71A944CA2ED9CB118B9E108EF7CB
                            SHA-256:1BB5A98B80989539135EAB3885BBA20B1E113C19CB664FB2DA6B150DD1F44F68
                            SHA-512:903D1DC6D1E192D4A98B84247037AE171804D250BB5CB84D2C5E145A0BDC50FCD543B70BAFF8440AFF59DA14084C8CEEFB2F912A02B36B7571B0EEEC154983B3
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Gambier)]} {. LoadTimeZoneFile Pacific/Gambier.}.set TZData(:SystemV/YST9) $TZData(:Pacific/Gambier).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\SystemV\YST9YDT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):193
                            Entropy (8bit):4.949109665596263
                            Encrypted:false
                            SSDEEP:6:SlSNJB9IZaM3y7/9EtDvFVAIgp/9EmLkB490/9E6:JBaIMY/944p/9xLN90/9F
                            MD5:D588930E34CF0A03EFEE7BFBC5022BC3
                            SHA1:0714C6ECAAF7B4D23272443E5E401CE141735E78
                            SHA-256:4D1CAE3C453090667549AB83A8DE6F9B654AAC5F540192886E5756A01D21A253
                            SHA-512:ABE69BEF808D7B0BEF9F49804D4A753E033D7C99A7EA57745FE4C3CBE2C26114A8845A219ED6DEAB8FA009FDB86E384687068C1BCF8B704CCF24DA7029455802
                            Malicious:false
                            Preview:# created by ../tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:SystemV/YST9YDT) $TZData(:America/Anchorage).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Turkey

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):175
                            Entropy (8bit):4.882090609090058
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxV0XaDvFVAIgoq3XPHtjCl1yQaqXNn:SlSWB9IZaM3ymQazFVAIgoQPHtSymN
                            MD5:41703ED241199F0588E1FC6FF0F33E90
                            SHA1:08B4785E21E21DFE333766A7198C325CD062347B
                            SHA-256:4B8A8CE69EE94D7E1D49A2E00E2944675B66BD16302FE90E9020845767B0509B
                            SHA-512:F90F6B0002274AF57B2749262E1530E21906162E4D1F3BE89639B5449269F3026A7F710C24765E913BC23DEC5A6BF97FC0DD465972892D851B6EAEEF025846CA
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Istanbul)]} {. LoadTimeZoneFile Europe/Istanbul.}.set TZData(:Turkey) $TZData(:Europe/Istanbul).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\UCT

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):148
                            Entropy (8bit):4.792993822845485
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAmMwFVAIghO6iGMFfh8RS:SlSWB9IZaM3y1wFVAIghFiP8RS
                            MD5:1921CC58408AD2D7ED3B5308C71B1A28
                            SHA1:12F832D7B3682DC28A49481B8FBA8C55DCDC60D0
                            SHA-256:92FC6E3AA418F94C486CE5BF6861FAA4E85047189E98B90DA78D814810E88CE7
                            SHA-512:EB134E2E7F7A811BFA8223EB4E98A94905EA24891FD95AB29B52DE2F683C97E086AA2F7B2EA93FBA2451AAEDD22F01219D700812DABC7D6670028ACF9AAB8367
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UCT)]} {. LoadTimeZoneFile Etc/UCT.}.set TZData(:UCT) $TZData(:Etc/UCT).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Alaska

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):184
                            Entropy (8bit):4.864166947846424
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0/VXEtDvFVAIg20/VXE0JLiOGl0IAcGE/VXE6n:SlSWB9IZaM3y7/9EtDvFVAIgp/9EmLiB
                            MD5:0763082FF8721616592350D8372D59FF
                            SHA1:CEBB03EB7F44530CF52DCA7D55DC912015604D94
                            SHA-256:94FDFE2901596FC5DCE74A5560431F3E777AE1EBEEE59712393AE2323F17ADFA
                            SHA-512:DFE8AAA009C28C209A925BBE5509589C0087F6CC78F94763BFA9F1F311427E3FF2E377EB340590383D790D3578C1BB37D41525408D027763EA96ECB3A3AAD65D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Anchorage)]} {. LoadTimeZoneFile America/Anchorage.}.set TZData(:US/Alaska) $TZData(:America/Anchorage).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Aleutian

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):171
                            Entropy (8bit):4.839824852896375
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0/yO5pVAIg20/yOvYvtiObMEIB/4IAcGE/yOun:SlSWB9IZaM3y7/ykVAIgp/y9FitE8/47
                            MD5:01142938A2E5F30FADE20294C829C116
                            SHA1:8F9317E0D3836AF916ED5530176C2BF7A929C3C7
                            SHA-256:1DD79263FB253217C36A9E7DDCB2B3F35F208E2CE812DCDE5FD924593472E4FE
                            SHA-512:2C47FE8E8ED0833F4724EF353A9A6DFCE3B6614DA744E64364E9AB423EC92565FEF1E8940CB12A0BCCFE0BD6B44583AF230A4ABCC0BAE3D9DC43FBB2C7941CFF
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Adak)]} {. LoadTimeZoneFile America/Adak.}.set TZData(:US/Aleutian) $TZData(:America/Adak).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Arizona

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.886225611026426
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0utLaDvFVAIg20utLPtiQMfQfBx+IAcGEutLNn:SlSWB9IZaM3y7O+FVAIgpObtiZfQfH+v
                            MD5:090DC30F7914D5A5B0033586F3158384
                            SHA1:2F526A63A1C47F88E320BE1C12CA8887DA2DC989
                            SHA-256:47D25266ABBD752D61903C903ED3E9CB485A7C01BD2AA354C5B50DEBC253E01A
                            SHA-512:5FE75328595B5DECDAC8D318BEE89EAD744A881898A4B45DD2ABB5344B13D8AFB180E4A8F8D098A9589488D9379B0153CBC5CF638AF7011DE89C57B554F42757
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Phoenix)]} {. LoadTimeZoneFile America/Phoenix.}.set TZData(:US/Arizona) $TZData(:America/Phoenix).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Central

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):179
                            Entropy (8bit):4.854450230853601
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx096dVAIg2096zAtibXgox/h4IAcGE96s:SlSWB9IZaM3y796dVAIgp96WiB49096s
                            MD5:E0801B5A57F40D42E8AF6D48C2A41467
                            SHA1:A49456A1BF1B73C6B284E0764AEAFD1464E70DDC
                            SHA-256:16C7FFCE60495E5B0CB65D6D5A0C3C5AA9E62BD6BC067ABD3CD0F691DA41C952
                            SHA-512:3DE6A41B88D6485FD1DED2DB9AB9DAD87B9F9F95AA929D38BF6498FC0FD76A1048CE1B68F24CD22C487073F59BD955AFCB9B7BF3B20090F81FA250A5E7674A53
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Chicago)]} {. LoadTimeZoneFile America/Chicago.}.set TZData(:US/Central) $TZData(:America/Chicago).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\East-Indiana

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):223
                            Entropy (8bit):4.715837665658945
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y73GK7mFVAIgp3GKBLi3E0903GK1:MBaIMY3GK7Hp3GKBLi3t903GK1
                            MD5:1A27644D1BF2299B7CDDED7F405D6570
                            SHA1:BD03290A6E7A967152E2E4F95A82E01E7C35F63C
                            SHA-256:1C46FAEDFACEB862B2E4D5BD6AC63E5182E1E2CFD2E1CDFA2661D698CC8B0072
                            SHA-512:9D6F3E945656DD97A7E956886C1123B298A87704D4F5671E4D1E94531C01F8BE377D83239D8BE78E2B3E1C0C20E5779BA3978F817A6982FE607A18A7FDCF57FB
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Indianapolis)]} {. LoadTimeZoneFile America/Indiana/Indianapolis.}.set TZData(:US/East-Indiana) $TZData(:America/Indiana/Indianapolis).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Eastern

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):182
                            Entropy (8bit):4.990255962392122
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0wAy0vwVAIg20wAyati37oxp4IAcGEwAy0v:SlSWB9IZaM3y71KVAIgp1Bi37oxp490n
                            MD5:3FE03D768F8E535506D92A6BC3C03FD2
                            SHA1:F82BF149CE203B5A4A1E106A495D3409AF7A07AC
                            SHA-256:9F46C0E46F6FE26719E2CF1FA05C7646530B65FB17D4101258D357568C489D77
                            SHA-512:ADFDBB270113A192B2378CC347DD8A57FDBDC776B06F9E16033EE8D5EAB49E16234CA2523580EEBB4DCDD27F33222EDD5514F0D7D85723597F059C5D6131E1B0
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/New_York)]} {. LoadTimeZoneFile America/New_York.}.set TZData(:US/Eastern) $TZData(:America/New_York).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Hawaii

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):181
                            Entropy (8bit):4.832149382727646
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQG2fWGYFedVAIgObT2fWzvNioMN75nUDH2fWRn:SlSWB9IZaM3yc6e8dVAIgOb6ezvNioEe
                            MD5:347E51049A05224D18F264D08F360CBB
                            SHA1:A801725A9B01B5E08C63BD2568C8F5D084F0EB02
                            SHA-256:EA5D18E4A7505406D6027AD34395297BCF5E3290283C7CC28B4A34DB8AFBDD97
                            SHA-512:C9B96C005D90DD8F317A697F59393D20663DE74D6E4D0B45BCE109B31A328D7AA62C51FAA8D00C728C0342940EF3B0F0921814B31BD7FE128A6E95F92CF50E06
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Honolulu)]} {. LoadTimeZoneFile Pacific/Honolulu.}.set TZData(:US/Hawaii) $TZData(:Pacific/Honolulu).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Indiana-Starke

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):201
                            Entropy (8bit):4.825742972037525
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y73GKXFVAIgp3GK4NiGIfh4903GKk:MBaIMY3GKXQp3GKeiBfh4903GKk
                            MD5:E111813F4C9B888427B8363949C87C72
                            SHA1:96B6692DCD932DCC856804BE0C2145538C4B2B33
                            SHA-256:4E896634F3A400786BBD996D1FE0D5C9A346E337027B240F1671A7E4B38C8F69
                            SHA-512:97726D7EDB7D7A1F6E815A0B875CAF9E2D2D27F50ECC866FBC6CB1B88836E8C2D64A9C108CD917C9D641B30822397664A2AC8010EADF0FF2A6C205AE4D5E7A2F
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Indiana/Knox)]} {. LoadTimeZoneFile America/Indiana/Knox.}.set TZData(:US/Indiana-Starke) $TZData(:America/Indiana/Knox).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Michigan

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):180
                            Entropy (8bit):4.7846496799669405
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06FQGFwVAIg206FQN6iHaMCELMr4IAcGE6FQu:SlSWB9IZaM3y74PFwVAIgp4xiHaMHL+U
                            MD5:80A9A00EC1C5904A67DC3E8B2FDC3150
                            SHA1:8E79FBEB49D9620E793E4976D0B9085E32C57E83
                            SHA-256:8DB76FC871DD334DA87297660B145F8692AD053B352A19C2EFCD74AF923D762D
                            SHA-512:0A5662E33C60030265ECAD1FF683B18F6B99543CA5FE22F88BCE597702FBEA20358BCB9A568D7F8B32158D9E6A3D294081D183644AD49C22AC3512F97BE480D4
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Detroit)]} {. LoadTimeZoneFile America/Detroit.}.set TZData(:US/Michigan) $TZData(:America/Detroit).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Mountain

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):177
                            Entropy (8bit):4.84430947557215
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx06RGFwVAIg206RAO0LiBOlLo/4IAcGE6Ru:SlSWB9IZaM3y7+SwVAIgp+iLiBY8/49G
                            MD5:13D6C7CF459995691E37741ACAF0A18D
                            SHA1:A0626763930C282DF21ED3AA8F1B35033BA2F9DC
                            SHA-256:223B5C8E34F459D7B221B83C45DBB2827ABE376653BAA1BC56D09D50DF136B08
                            SHA-512:9076DFECC5D02DB38ECE3D2512D52566675D98A857711676E891D8741EA588153954357FE19F4C69305FF05D0F99286F1D496DF0C7FDBC8D59803D1B1CFA5F07
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Denver)]} {. LoadTimeZoneFile America/Denver.}.set TZData(:US/Mountain) $TZData(:America/Denver).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Pacific

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):191
                            Entropy (8bit):4.885594237758327
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqx0ydJg4owFVAIg20ydJEvRLiP+e2IAcGEydJgvn:SlSWB9IZaM3y7DvwFVAIgpdJLip290Dv
                            MD5:EBF51CD015BD387FA2BB30DE8806BDDA
                            SHA1:63C2E2F4CD8BC719A06D59EF4CE4C31F17F53EA0
                            SHA-256:B7AD78FB955E267C0D75B5F7279071EE17B6DD2842DAD61ADA0165129ADE6A86
                            SHA-512:22BECE2AEAD66D921F38B04FDC5A41F2627FCC532A171EA1C9C9457C22CD79EFD1EC3C7CC62BC016751208AD1D064B0F03C2185F096982F73740D8426495F5ED
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific) $TZData(:America/Los_Angeles).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Pacific-New

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):195
                            Entropy (8bit):4.931883193402467
                            Encrypted:false
                            SSDEEP:6:SlSWB9IZaM3y7DvwFVAIgpdJLi0Q90Dvn:MBaIMYFpdJLix90z
                            MD5:01CD3EBFDB7715805572CDA3F81AC78A
                            SHA1:C013C38D2FB9E649EE43FED6910382150C2B3DF5
                            SHA-256:DEFE67C520303EF85B381EBEAED4511C0ACF8C49922519023C525E6A1B09B9DD
                            SHA-512:266F35C34001CD4FF00F51F5CDF05E1F4D0B037F276EFD2D124C8AE3391D00128416D16D886B3ECDF9E9EFC81C66B2FD4ED55F154437ED5AA32876B855289190
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(America/Los_Angeles)]} {. LoadTimeZoneFile America/Los_Angeles.}.set TZData(:US/Pacific-New) $TZData(:America/Los_Angeles).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\US\Samoa

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):183
                            Entropy (8bit):4.789322986138067
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqTQGurKeTIVAIgObTurKeUAti6A5nUDHurKeTv:SlSWB9IZaM3ycieZVAIgObieiidXeg
                            MD5:E883D478518F6DAF8173361A8D308D34
                            SHA1:ABD97858655B0069BFD5E11DD95BF6D7C2109AEA
                            SHA-256:DD4B1812A309F90ABBD001C3C73CC2AF1D4116128787DE961453CCBE53EC9B6A
                            SHA-512:DA1FE6D92424404111CBB18CA39C8E29FA1F9D2FD262D46231FB7A1A78D79D00F92F5D1DEBB9B92565D1E3BA03EF20D2A44B76BA0FC8B257A601EED5976386CC
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Pacific/Pago_Pago)]} {. LoadTimeZoneFile Pacific/Pago_Pago.}.set TZData(:US/Samoa) $TZData(:Pacific/Pago_Pago).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\UTC

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):148
                            Entropy (8bit):4.792993822845485
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLiLB5h8RFu:SlSWB9IZaM3yzUFVAIgBLiLfh8RI
                            MD5:530F5381F9CD8542ED5690E47FC83358
                            SHA1:29A065F004F23A5E3606C2DB50DC0AB28CAFC785
                            SHA-256:AC0FF734DA267E5F20AB573DBD8C0BD7613B84D86FDA3C0809832F848E142BC8
                            SHA-512:4328BDFD6AA935FD539EE2D4A3EBA8DD2A1BD9F44BA0CF30AA0C4EA57B0A58E3CDFAA312366A0F93766AE445E6E210EE57CD5ED60F74173EDF67C1C5CB987C68
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:UTC) $TZData(:Etc/UTC).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Universal

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):154
                            Entropy (8bit):4.829496870339919
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLiL7DJMFfh8RFu:SlSWB9IZaM3yzUFVAIgBLiL7VMr8RI
                            MD5:60878BB8E8BE290911CAB2A16AAFAEF7
                            SHA1:15C01523EDA134D3E38ECC0A5909A4579BD2A00D
                            SHA-256:9324B6C871AC55771C44B82BF4A92AE0BE3B2CC64EBA9FE878571225FD38F818
                            SHA-512:C697401F1C979F5A4D33E1026DCE5C77603E56A48405511A09D8CE178F1BF47D60F217E7897061F71CFEA63CC041E64340EF6BAEE0EB037AFD34C71BF0591E3E
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Universal) $TZData(:Etc/UTC).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\W-SU

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):167
                            Entropy (8bit):4.9534620854837295
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqxVwTwpVAIgoqzTcYFgIuyQauTnn:SlSWB9IZaM3ymdVAIgohYFgXymn
                            MD5:58FBF79D86DBCFF53F74BF7FE5C12DD6
                            SHA1:EA8B3317B012A661B3BA4A1FAE0DC5DEDC03BC26
                            SHA-256:0DECFEACCE2E2D88C29CB696E7974F89A687084B3DB9564CDED6FC97BCD74E1F
                            SHA-512:083B449DE987A634F7199666F9C685EADD643C2C2DD9C8F6C188388266729CE0179F9DC0CD432D713E5FB1649D0AA1A066FE616FC43DA65C4CD787D8E0DE00A6
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Europe/Moscow)]} {. LoadTimeZoneFile Europe/Moscow.}.set TZData(:W-SU) $TZData(:Europe/Moscow).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\WET

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6694
                            Entropy (8bit):3.6896780927557495
                            Encrypted:false
                            SSDEEP:96:D6U5vo30NSfAewvtj544IrvfMS4pBs6nLUxZlJFXmA3SG7iL8malvkUEYo4Q:5PIMj544IrvfMsbxZTH7qwQ
                            MD5:CD86A6ED164FEB33535D74DF52DC49A5
                            SHA1:89843BF23AB113847DCC576990A4FF2CABCA03FE
                            SHA-256:AF28754C77BA41712E9C49EF3C9E08F7D43812E3317AD4E2192E971AD2C9B02D
                            SHA-512:80C0A7C3BDD458CA4C1505B2144A3AD969F7B2F2732CCBE4E773FBB6ED446C2961E0B5AFFBC124D43CE9AB530C42C8AEC7100E7817566629CE9D01AC057E3549
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit..set TZData(:WET) {. {-9223372036854775808 0 0 WET}. {228877200 3600 1 WEST}. {243997200 0 0 WET}. {260326800 3600 1 WEST}. {276051600 0 0 WET}. {291776400 3600 1 WEST}. {307501200 0 0 WET}. {323830800 3600 1 WEST}. {338950800 0 0 WET}. {354675600 3600 1 WEST}. {370400400 0 0 WET}. {386125200 3600 1 WEST}. {401850000 0 0 WET}. {417574800 3600 1 WEST}. {433299600 0 0 WET}. {449024400 3600 1 WEST}. {465354000 0 0 WET}. {481078800 3600 1 WEST}. {496803600 0 0 WET}. {512528400 3600 1 WEST}. {528253200 0 0 WET}. {543978000 3600 1 WEST}. {559702800 0 0 WET}. {575427600 3600 1 WEST}. {591152400 0 0 WET}. {606877200 3600 1 WEST}. {622602000 0 0 WET}. {638326800 3600 1 WEST}. {654656400 0 0 WET}. {670381200 3600 1 WEST}. {686106000 0 0 WET}. {701830800 3600 1 WEST}. {717555600 0 0 WET}. {733280400 3600 1 WEST}. {749005200 0 0 WET}. {764730000 36

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\tzdata\Zulu

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):149
                            Entropy (8bit):4.830292555237936
                            Encrypted:false
                            SSDEEP:3:SlEVFRKvJT8QFCZaMuUyqAxmSwFVAIgESRLtaFBURFu:SlSWB9IZaM3yzUFVAIgBLYFaRI
                            MD5:6C7C2CE174DB462A3E66D9A8B67A28EB
                            SHA1:73B74BEBCDAEBDA4F46748BCA149BC4C7FE82722
                            SHA-256:4472453E5346AAA1E1D4E22B87FDC5F3170AA013F894546087D0DC96D4B6EC43
                            SHA-512:07209059E5E5EB5EE12821C1AC46922DA2715EB7D7196A478F0FA6866594D3C69F4C50006B0EE517CBF6DB07164915F976398EBBD88717A070D750D5D106BA5D
                            Malicious:false
                            Preview:# created by tools/tclZIC.tcl - do not edit.if {![info exists TZData(Etc/UTC)]} {. LoadTimeZoneFile Etc/UTC.}.set TZData(:Zulu) $TZData(:Etc/UTC).

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tcl\word.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4860
                            Entropy (8bit):4.7851008522116585
                            Encrypted:false
                            SSDEEP:96:Le+U54W37GWdh85qWdhAjgr9a+1FeS9D/CkXg6gvF9D/CYjX16AyyrGuA11/JRJZ:q+W/7GW85qW9a+P39DCd6gt9DC+6AjGN
                            MD5:C5DA264DC0CE5669F81702170B2CDC59
                            SHA1:FED571B893EE2DC93DAF8907195503885FFACBB6
                            SHA-256:A5311E3640E42F7EFF5CC1A0D8AD6956F738F093B037155674D46B634542FE5F
                            SHA-512:1F1993F1F19455F87EC9952BF7CEA00A5082BD2F2E1A417FBC4F239835F3CED6C8D5E09CDA6D1A4CD9F8A24AF174F9AB1DC7BD5E94C7A6DEE2DD9F8FE7F690FF
                            Malicious:false
                            Preview:# word.tcl --.#.# This file defines various procedures for computing word boundaries in.# strings. This file is primarily needed so Tk text and entry widgets behave.# properly for different platforms..#.# Copyright (c) 1996 by Sun Microsystems, Inc..# Copyright (c) 1998 by Scritpics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# The following variables are used to determine which characters are.# interpreted as white space...if {$::tcl_platform(platform) eq "windows"} {. # Windows style - any but a unicode space char. if {![info exists ::tcl_wordchars]} {..set ::tcl_wordchars {\S}. }. if {![info exists ::tcl_nonwordchars]} {..set ::tcl_nonwordchars {\s}. }.} else {. # Motif style - any unicode word char (number, letter, or underscore). if {![info exists ::tcl_wordchars]} {..set ::tcl_wordchars {\w}. }. if {![info exists ::tcl_nonwordchars]} {..set ::tcl_nonwo

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk86t.dll

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1468064
                            Entropy (8bit):6.165850680457804
                            Encrypted:false
                            SSDEEP:24576:J7+Vm6O8hbcrckTNrkhaJVQhWnmb7u/DSe9qT03ZjLmFMoERDY5TUT/tXzddGyIK:JCQ69cYY9JVQWx/DSe9qTqJLUMPsJUT/
                            MD5:FDC8A5D96F9576BD70AA1CADC2F21748
                            SHA1:BAE145525A18CE7E5BC69C5F43C6044DE7B6E004
                            SHA-256:1A6D0871BE2FA7153DE22BE008A20A5257B721657E6D4B24DA8B1F940345D0D5
                            SHA-512:816ADA61C1FD941D10E6BB4350BAA77F520E2476058249B269802BE826BAB294A9C18EDC5D590F5ED6F8DAFED502AB7FFB29DB2F44292CB5BEDF2F5FA609F49C
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................B................R..................Rich..................PE..d......\.........." .........J......@........................................p.......f....`.............................................@@..P>..|........{......,....L.......0...?..`................................................ ..P............................text...c........................... ..`.rdata...?... ...@..................@..@.data........`.......N..............@....pdata..,...........................@..@.rsrc....{.......|..................@..@.reloc...?...0...@..................@..B........................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\bgerror.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8246
                            Entropy (8bit):4.8180558683809425
                            Encrypted:false
                            SSDEEP:192:tKrjbDL5//nNFn0rBnDQQ2d4YGpFAImoYyMxZ34wNsf9GnEF5SpcJV+H//iNx:tIjL5//zC/8HLx4XKKv
                            MD5:11D758CEF126C5C2EDFC911237DF80F2
                            SHA1:7911EAA0A8B6630D016D15730310935909632389
                            SHA-256:DA84D32D1B447F7FFE7BBCAC0F7586B0B6DD204717C7AE1F182C6A91510EC77B
                            SHA-512:9E2A767FBC62622C34F468958C861EE3AFE2A63005BAD80F1637045D045E1A82FB1D2698D948D375222EBD0B92514ACE99C12DF6D9CACF75ACD03EC8057494A7
                            Malicious:false
                            Preview:# bgerror.tcl --.#.#.Implementation of the bgerror procedure. It posts a dialog box with.#.the error message and gives the user a chance to see a more detailed.#.stack trace, and possible do something more interesting with that.#.trace (like save it to a log). This is adapted from work done by.#.Donal K. Fellows..#.# Copyright (c) 1998-2000 by Ajuba Solutions..# Copyright (c) 2007 by ActiveState Software Inc..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.# Copyright (c) 2009 Pat Thoyts <patthoyts@users.sourceforge.net>..namespace eval ::tk::dialog::error {. namespace import -force ::tk::msgcat::*. namespace export bgerror. option add *ErrorDialog.function.text [mc "Save To Log"] \..widgetDefault. option add *ErrorDialog.function.command [namespace code SaveToLog]. option add *ErrorDialog*Label.font TkCaptionFont widgetDefault. if {[tk windowingsystem] eq "aqua"} {..option add *ErrorDialog*background systemAlertBackgroundActive \...widgetDefault.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\button.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):20642
                            Entropy (8bit):4.903366631227966
                            Encrypted:false
                            SSDEEP:384:8zVtoY3wFnq+j4SpEdPmVmZ6/IVKuzmSaox2ESo+VtocUP5wFnq+j4SpEdPmV8ZQ:coahPSFMmfoz4oFXhPovzmToQBy0zm2m
                            MD5:309AB5B70F664648774453BCCBE5D3CE
                            SHA1:51BF685DEDD21DE3786FE97BC674AB85F34BD061
                            SHA-256:0D95949CFACF0DF135A851F7330ACC9480B965DAC7361151AC67A6C667C6276D
                            SHA-512:D5139752BD7175747A5C912761916EFB63B3C193DD133AD25D020A28883A1DEA6B04310B751F5FCBE579F392A8F5F18AE556116283B3E137B4EA11A2C536EC6B
                            Malicious:false
                            Preview:# button.tcl --.#.# This file defines the default bindings for Tk label, button,.# checkbutton, and radiobutton widgets and provides procedures.# that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 2002 ActiveState Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for buttons..#-------------------------------------------------------------------------..if {[tk windowingsystem] eq "aqua"} {.. bind Radiobutton <Enter> {..tk::ButtonEnter %W. }. bind Radiobutton <1> {..tk::ButtonDown %W. }. bind Radiobutton <ButtonRelease-1> {..tk::ButtonUp %W. }. bind Checkbutton <Enter> {..tk::ButtonEnter %W. }. bind Checkbutton <1

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\choosedir.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Nim source code, ASCII text
                            Category:dropped
                            Size (bytes):9652
                            Entropy (8bit):4.750454352074374
                            Encrypted:false
                            SSDEEP:192:MvjK3vpIKU7JBhpZofNAieYemp8U3wNV97oZQWpopePXUsyWjocIegf6tq9jJKT4:M4viKeBQ+3M3wNwvwsFyoIegf6wO70fN
                            MD5:E703C16058E7F783E9BB4357F81B564D
                            SHA1:1EDA07870078FC4C3690B54BB5330A722C75AA05
                            SHA-256:30CE631CB1CCCD20570018162C6FFEF31BAD378EF5B2DE2D982C96E65EB62EF6
                            SHA-512:28617F8553766CA7A66F438624AFA5FD7780F93DC9EBDF9BEE865B5649228AA56A69189218FC436CEDF2E5FE3162AD88839CBF49C9CC051238A7559B5C3BA726
                            Malicious:false
                            Preview:# choosedir.tcl --.#.#.Choose directory dialog implementation for Unix/Mac..#.# Copyright (c) 1998-2000 by Scriptics Corporation..# All rights reserved...# Make sure the tk::dialog namespace, in which all dialogs should live, exists.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}..# Make the chooseDir namespace inside the dialog namespace.namespace eval ::tk::dialog::file::chooseDir {. namespace import -force ::tk::msgcat::*.}..# ::tk::dialog::file::chooseDir:: --.#.#.Implements the TK directory selection dialog..#.# Arguments:.#.args..Options parsed by the procedure..#.proc ::tk::dialog::file::chooseDir:: {args} {. variable ::tk::Priv. set dataName __tk_choosedir. upvar ::tk::dialog::file::$dataName data. Config $dataName $args.. if {$data(-parent) eq "."} {. set w .$dataName. } else {. set w $data(-parent).$dataName. }.. # (re)create the dialog box if necessary. #. if {![winfo exists $w]} {..::tk::dialog::file::Create

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\clrpick.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):21432
                            Entropy (8bit):4.987740767386718
                            Encrypted:false
                            SSDEEP:384:HDJsgeqJelEu6i1T26UYdTVDyPHxQlufbSIjVjrdOqAQBxhKN2zD5Ed9bmqU/FC6:jagJJnBfxQef9
                            MD5:E5E462E0EE0C57B31DAEECB07D038488
                            SHA1:E67B3410A7BCECE8B5159AB5327910038096A67B
                            SHA-256:823F6E4BAF5D10185D990B3FBCB8BFB4D5F4B6ED62203EE229922B6B32FE39D4
                            SHA-512:F8442F21E389FF9A3FC5BECCE8811F8554DEF94FBB8F184026396A87AEA37E8108A3E1B3C76FEA2CFBE4E81B2C5FC2BB8A60BE2B9831CC96CB25DAB177616238
                            Malicious:false
                            Preview:# clrpick.tcl --.#.#.Color selection dialog for platforms that do not support a.#.standard color selection dialog..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#.# ToDo:.#.#.(1): Find out how many free colors are left in the colormap and.#. don't allocate too many colors..#.(2): Implement HSV color selection..#..# Make sure namespaces exist.namespace eval ::tk {}.namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::color {. namespace import ::tk::msgcat::*.}..# ::tk::dialog::color:: --.#.#.Create a color dialog and let the user choose a color. This function.#.should not be called directly. It is called by the tk_chooseColor.#.function when a native color selector widget does not exist.#.proc ::tk::dialog::color:: {args} {. variable ::tk::Priv. set dataName __tk__color. upvar ::tk::dialog::color::$dataName data. set w .$dataName.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\comdlg.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8229
                            Entropy (8bit):5.0540566175865
                            Encrypted:false
                            SSDEEP:192:Aq7cPy5HEOjKU8QHyWpSWNRYs50asAZ5QWlO+W0WvHv/3WvWHwV7vWKpTTk:Aq7c6HJjKCyWpZNRYEVVET1rvveuHSOT
                            MD5:427CCBD25BB1559B9B21A80131658140
                            SHA1:B675C0C1B02A527B13AA5DE2AE5A1AA754E9815D
                            SHA-256:586CB7A3C32566EFEB46036A19D07E91194CE8EDAF0D47F3C93BCC974E6EE3E1
                            SHA-512:FEA82D6D7DBAF52EE1883241170BA95396EC282CDD4F682077A238B4FD9A47C4CE6F84B1B4829A86580A4AB794820E6CD4C1E98CFB7BDCE23E09B54566BD6443
                            Malicious:false
                            Preview:# comdlg.tcl --.#.#.Some functions needed for the common dialog boxes. Probably need to go.#.in a different file..#.# Copyright (c) 1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# tclParseConfigSpec --.#.#.Parses a list of "-option value" pairs. If all options and.#.values are legal, the values are stored in.#.$data($option). Otherwise an error message is returned. When.#.an error happens, the data() array may have been partially.#.modified, but all the modified members of the data(0 array are.#.guaranteed to have valid values. This is different than.#.Tk_ConfigureWidget() which does not modify the value of a.#.widget record if any error occurs..#.# Arguments:.#.# w = widget record to modify. Must be the pathname of a widget..#.# specs = {.# {-commandlineswitch resourceName ResourceClass defaultValue verifier}.# {....}.# }.#.# flags = currently unused..#.# argList

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\console.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):32784
                            Entropy (8bit):4.906598115585926
                            Encrypted:false
                            SSDEEP:384:GkptctbjWz4xjtyU/W1ZQWSLEwYGl7nZH5J+ry3+uQlLW44qvRHRJStCO2FfB25b:GkpeZWz4miZeG7J+rMYXaGGWFOYoV
                            MD5:8B5B8B6D49F4CA36B8662923DCF9A46C
                            SHA1:BCD6CA7451BDFB22311D9D54FBABB116D4A7A687
                            SHA-256:7E1EAA998B1D661E9B4B72A4598A534B8311AB75D444525DD613EC73F8126750
                            SHA-512:D7E20377E2FBD147A68E4B647D4F09A1894A203F2FA5435B09AD2B6998FFC2F70222BD2808B6A1D1B6A96271F04E7C7A4E6AB0EAE4C97C7C728A6645C499391F
                            Malicious:false
                            Preview:# console.tcl --.#.# This code constructs the console window for an application. It.# can be used by non-unix systems that do not have built-in support.# for shells..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..# Copyright (c) 2007-2008 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# TODO: history - remember partially written command..namespace eval ::tk::console {. variable blinkTime 500 ; # msecs to blink braced range for. variable blinkRange 1 ; # enable blinking of the entire braced range. variable magicKeys 1 ; # enable brace matching and proc/var recognition. variable maxLines 600 ; # maximum # of lines buffered in console. variable showMatches 1 ; # show multiple expand matches. variable useFontchooser [llength [info command ::tk::fontchooser]]. variable inPlugi

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\dialog.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):6025
                            Entropy (8bit):4.79563398407639
                            Encrypted:false
                            SSDEEP:96:WfPQCAV8OgciKHKKcmQH+DmlYm4Kapo9mBc//IWxIb:WfPQCAVviKHKK4H+DmT4Kapo4cnDOb
                            MD5:EAC165BD7EA915B44FAEC016250E0B06
                            SHA1:7D205F2720E00FBDA5C0AA908CAC3F66BBC84E56
                            SHA-256:6D7BD4A280272E7A2748555CFFFF4FCA7CC57CE611AEB2382E3C80CDD1868D22
                            SHA-512:22D5794E1FF3B94365C560A310CC17B4A27BEA87DBF423DFB44273443477372013B19ED33E170EAB15A1F06BA9186BA2FC184A3751449E7EDC760D23A12B1666
                            Malicious:false
                            Preview:# dialog.tcl --.#.# This file defines the procedure tk_dialog, which creates a dialog.# box containing a bitmap, a message, and one or more buttons..#.# Copyright (c) 1992-1993 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#.# ::tk_dialog:.#.# This procedure displays a dialog box, waits for a button in the dialog.# to be invoked, then returns the index of the selected button. If the.# dialog somehow gets destroyed, -1 is returned..#.# Arguments:.# w -..Window to use for dialog top-level..# title -.Title to display in dialog's decorative frame..# text -.Message to display in dialog..# bitmap -.Bitmap to display in dialog (empty string means none)..# default -.Index of button that is to display the default ring.#..(-1 means none)..# args -.One or more strings to display in buttons across the.#..bottom of t

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\entry.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):16950
                            Entropy (8bit):4.934745561122632
                            Encrypted:false
                            SSDEEP:384:P/eFkH2fRdOnOeQod3tCAERebMIDlXVQgXwVviw:P2FDqUy8V
                            MD5:BE28D16510EE78ECC048B2446EE9A11A
                            SHA1:4829D6E8AB8A283209FB4738134B03B7BD768BAD
                            SHA-256:8F57A23C5190B50FAD00BDEE9430A615EBEBFC47843E702374AE21BEB2AD8B06
                            SHA-512:F56AF7020531249BC26D88B977BAFFC612B6566146730A681A798FF40BE9EBC04D7F80729BAFE0B9D4FAC5B0582B76F9530F3FE376D42A738C9BC4B3B442DF1F
                            Malicious:false
                            Preview:# entry.tcl --.#.# This file defines the default bindings for Tk entry widgets and provides.# procedures that help in implementing those bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a selection)..# pressX -..X-coordinate at which the mouse button was pressed..# selectMode -..The style of selection currently underway:.#...char, word, or line..# x, y -..La

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\focus.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4857
                            Entropy (8bit):4.7675047842795895
                            Encrypted:false
                            SSDEEP:96:mumhRUI7F2WyHm6BUyNhEf6jUHKRUI7F2WyQe6L763AcnK0/61sk2ko5AgEplauw:ERUQFU52CNRUQFpLOQIG1sk2TCLplauw
                            MD5:7EA007F00BF194722FF144BE274C2176
                            SHA1:6835A515E85A9E55D5A27073DAE1F1A5D7424513
                            SHA-256:40D4E101A64B75361F763479B01207AE71535337E79CE6E162265842F6471EED
                            SHA-512:E2520EB065296C431C71DBBD5503709CF61F93E74FE324F4F8F3FE13131D62435B1E124D38E2EC84939B92198A54B8A71DFC0A8D32F0DD94139C54068FBCAAF2
                            Malicious:false
                            Preview:# focus.tcl --.#.# This file defines several procedures for managing the input.# focus..#.# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_focusNext --.# This procedure returns the name of the next window after "w" in.# "focus order" (the window that should receive the focus next if.# Tab is typed in w). "Next" is defined by a pre-order search.# of a top-level and its non-top-level descendants, with the stacking.# order determining the order of siblings. The "-takefocus" options.# on windows determine whether or not they should be skipped..#.# Arguments:.# w -..Name of a window...proc ::tk_focusNext w {. set cur $w. while {1} {...# Descend to just before the first child of the current widget....set parent $cur..set children [winfo children $cur]..set i -1...# Look for the next sibling that isn't a top-level....while {1} {.. incr i..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\fontchooser.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):15840
                            Entropy (8bit):4.7139053935905535
                            Encrypted:false
                            SSDEEP:384:hrAVUJgzMAP2Xg7V5M8Zyc8Ck/YN9G4EM8CPo:hrAVUJgzMAP2Xg7V5MgycO/YpEX
                            MD5:9324DBBE37502E149474E05A3448B6E3
                            SHA1:5584B4EE3BF25E95EE6919437D066586060B6E36
                            SHA-256:CEB558FB76A2C85924CD5F7D3A64E77582E1D461DD9A3C10FEDB4608AD440F5B
                            SHA-512:C688676452F89EC432E93A64AC369CC0B82B19D8D38D2C4034888551591F59D87548FAE12A98EE7735540779566DEB400C27BEAD2C141A9F971BAF9E61C218C6
                            Malicious:false
                            Preview:# fontchooser.tcl -.#.#.A themeable Tk font selection dialog. See TIP #324..#.# Copyright (C) 2008 Keith Vetter.# Copyright (C) 2008 Pat Thoyts <patthoyts@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...namespace eval ::tk::fontchooser {. variable S.. set S(W) .__tk__fontchooser. set S(fonts) [lsort -dictionary [font families]]. set S(styles) [list \. [::msgcat::mc "Regular"] \. [::msgcat::mc "Italic"] \. [::msgcat::mc "Bold"] \. [::msgcat::mc "Bold Italic"] \. ].. set S(sizes) {8 9 10 11 12 14 16 18 20 22 24 26 28 36 48 72}. set S(strike) 0. set S(under) 0. set S(first) 1. set S(sampletext) [::msgcat::mc "AaBbYyZz01"]. set S(-parent) .. set S(-title) [::msgcat::mc "Font"]. set S(-command) "". set S(-font) TkDefaultFont.}..proc ::tk:

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\iconlist.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):15978
                            Entropy (8bit):4.8947909611129905
                            Encrypted:false
                            SSDEEP:192:xj0OECzN+8JERNLKZhbgIDx3VM5BxBTSgvpn8WYYW5Xb50To3u8PYHPtJYa5PWDx:xrDJE36a7BegvV8hFI8gvXaSn9HqD/U0
                            MD5:105529990CEE968AA5EE3BC827A81A0F
                            SHA1:559BD1AABD1D4719EDB60448CF111F78365A57A9
                            SHA-256:DE0195CCFB6482CCA390C94E91B7877F47742E7A9468CAF362B39AA36305D33C
                            SHA-512:03CB42DFF7AC4F801AA7FFE8A4F07555CCE6874AA1B7F568ACF0299E4DD7F440179838485777F15183EE7C057CCB35868672B1783FBFE67B51D97DBBDAC85281
                            Malicious:false
                            Preview:# iconlist.tcl.#.#.Implements the icon-list megawidget used in the "Tk" standard file.#.selection dialog boxes..#.# Copyright (c) 1994-1998 Sun Microsystems, Inc..# Copyright (c) 2009 Donal K. Fellows.#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#.# API Summary:.#.tk::IconList <path> ?<option> <value>? ....#.<path> add <imageName> <itemList>.#.<path> cget <option>.#.<path> configure ?<option>? ?<value>? ....#.<path> deleteall.#.<path> destroy.#.<path> get <itemIndex>.#.<path> index <index>.#.<path> invoke.#.<path> see <index>.#.<path> selection anchor ?<int>?.#.<path> selection clear <first> ?<last>?.#.<path> selection get.#.<path> selection includes <item>.#.<path> selection set <first> ?<last>?...package require Tk 8.6..::tk::Megawidget create ::tk::IconList ::tk::FocusableWidget {. variable w canvas sbar accel accelCB fill font index \..itemList itemsPerColumn list maxIH maxIW maxTH maxTW noSc

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\icons.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10883
                            Entropy (8bit):6.026473720997027
                            Encrypted:false
                            SSDEEP:192:TJjPyYK20kt4zHIXM2MxGwwOw0ac5lCssUOixDgzAjTXBHVXPZmEhr:pO2gz6MioacR2iBgzsFHX5r
                            MD5:2652AAD862E8FE06A4EEDFB521E42B75
                            SHA1:ED22459AD3D192AB05A01A25AF07247B89DC6440
                            SHA-256:A78388D68600331D06BB14A4289BC1A46295F48CEC31CEFF5AE783846EA4D161
                            SHA-512:6ECFBB8D136444A5C0DBBCE2D8A4206F1558BDD95F111D3587B095904769AC10782A9EA125D85033AD6532EDF3190E86E255AC0C0C81DC314E02D95CCA86B596
                            Malicious:false
                            Preview:# icons.tcl --.#.#.A set of stock icons for use in Tk dialogs. The icons used here.#.were provided by the Tango Desktop project which provides a.#.unified set of high quality icons licensed under the.#.Creative Commons Attribution Share-Alike license.#.(http://creativecommons.org/licenses/by-sa/3.0/).#.#.See http://tango.freedesktop.org/Tango_Desktop_Project.#.# Copyright (c) 2009 Pat Thoyts <patthoyts@users.sourceforge.net>..namespace eval ::tk::icons {}..image create photo ::tk::icons::warning -data {. iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAABHNCSVQICAgIfAhkiAAABSZJREFU. WIXll1toVEcYgL+Zc87u2Yu7MYmrWRuTJuvdiMuqiJd4yYKXgMQKVkSjFR80kFIVJfWCWlvpg4h9. 8sXGWGof8iKNICYSo6JgkCBEJRG8ImYThNrNxmaTeM7pQ5IlJkabi0/9YZhhZv7///4z/8zPgf+7. KCNRLgdlJijXwRyuDTlcxV9hbzv8nQmxMjg+XDtiOEplkG9PSfkztGmTgmFQd+FCVzwa3fYN/PHZ. AcpBaReicW5xcbb64IEQqko8Lc26d/58cxS+/BY6hmJvyEfQBoUpwWCmW1FErKaGWHU13uRk4QkE. UtxQNFR7QwIoB4eiKD9PWbVKbb10CZmaCqmpxCormRYO26QQx85B0mcD+AeK0xYvHqu1tNDx+DH6. g

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\README

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):322
                            Entropy (8bit):4.341180398587801
                            Encrypted:false
                            SSDEEP:6:nVhmHdeA1xNZgkrIf3Ju4dFi6VbGWrWhr3W7FxmVFraGVAJFKyVQR7icrtpwB:nPqf1fZgZA4FJbB6dm7FUjAJVVMM
                            MD5:FC8A86E10C264D42D28E23D9C75E7EE5
                            SHA1:F1BA322448D206623F8FE734192F383D8F7FA198
                            SHA-256:2695ADFF8E900C31B4D86414D22B8A49D6DD865CA3DD99678FA355CDC46093A8
                            SHA-512:29C2DF0D516B5FC8E52CB61CFCD07AF9C90B40436DFE64CEFDB2813C0827CE65BA50E0828141256E2876D4DC251E934A6854A8E0B02CDAF466D0389BD778AEF0
                            Malicious:false
                            Preview:README - images directory..This directory includes images for the Tcl Logo and the Tcl Powered.Logo. Please feel free to use the Tcl Powered Logo on any of your.products that employ the use of Tcl or Tk. The Tcl logo may also be.used to promote Tcl in your product documentation, web site or other.places you so desire..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\logo.eps

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PostScript document text conforming DSC level 3.0, type EPS
                            Category:dropped
                            Size (bytes):32900
                            Entropy (8bit):5.235207715374815
                            Encrypted:false
                            SSDEEP:768:gGTVOEcRWsdEmhp6k/GLrPMlK3pJr/IbYDGDMtBF2Fz6fsFA/fSvqHWukLI2d0Nr:gGTVOEcRWsdEvLrPJ5Jr/IbYDGDMtBFh
                            MD5:45175418859AF67FE417BD0A053DB6E5
                            SHA1:2B499B7C4EBC8554ECC07B8408632CAF407FB6D5
                            SHA-256:F3E77FD94198EC4783109355536638E9162F9C579475383074D024037D1797D3
                            SHA-512:114A59FD6B99FFD628BA56B8E14FB3B59A0AB6E752E18DEA038F85DBC072BF98492CE9369D180C169EDE9ED2BD521D8C0D607C5E4988F2C83302FC413C6D6A4C
                            Malicious:false
                            Preview:%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL/TK LOGO.ILLUS).%%CreationDate: (8/1/96) (4:58 PM).%%BoundingBox: 251 331 371 512.%%HiResBoundingBox: 251.3386 331.5616 370.5213 511.775.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%DocumentCustomColors: (TCL RED).%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 90 576 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Level 2 Emul

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\logo100.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 68 x 100
                            Category:dropped
                            Size (bytes):2341
                            Entropy (8bit):6.9734417899888665
                            Encrypted:false
                            SSDEEP:48:qF/mIXn3l7+ejbL/4nZEsKPKer1OPQqVRqJbPpRRKOv/UVO47f:81nHL4T0KorxvRKkc847f
                            MD5:FF04B357B7AB0A8B573C10C6DA945D6A
                            SHA1:BCB73D8AF2628463A1B955581999C77F09F805B8
                            SHA-256:72F6B34D3C8F424FF0A290A793FCFBF34FD5630A916CD02E0A5DDA0144B5957F
                            SHA-512:10DFE631C5FC24CF239D817EEFA14329946E26ED6BCFC1B517E2F9AF81807977428BA2539AAA653A89A372257D494E8136FD6ABBC4F727E6B199400DE05ACCD5
                            Malicious:false
                            Preview:GIF89aD.d...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....D.d........H......*\...z..Ht@Q...92.p...z.$.@@.E..u.Y.2..0c..q.cB.,[..... ..1..qbM.2~*].....s...S.@.L.j..#..\......h..........].D(..m......@.Z....oO...3=.c...G".(..pL...q]..%....[...#...+...X.h....^.....

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\logo64.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 43 x 64
                            Category:dropped
                            Size (bytes):1670
                            Entropy (8bit):6.326462043862671
                            Encrypted:false
                            SSDEEP:48:PF/mIXn3l7+ejbL/4xsgq4sNC6JYp6s/pmp76F:/1nHL404raM/op2
                            MD5:B226CC3DA70AAB2EBB8DFFD0C953933D
                            SHA1:EA52219A37A140FD98AEA66EA54685DD8158D9B1
                            SHA-256:138C240382304F350383B02ED56C69103A9431C0544EB1EC5DCD7DEC7A555DD9
                            SHA-512:3D043F41B887D54CCADBF9E40E48D7FFF99B02B6FAF6B1DD0C6C6FEF0F8A17630252D371DE3C60D3EFBA80A974A0670AF3747E634C59BDFBC78544D878D498D4
                            Malicious:false
                            Preview:GIF89a+.@...............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....+.@........H. .z..(tp......@...92....#. A.......C.\.%...)Z..1a.8s..W/..@....3..C...y$.GW.....5.FU..j..;.F(Pc+W.-..X.D-[.*g....F..`.:mkT...Lw...A/.....u.7p..a..9P.....q2..Xg..G....3}AKv.\.d..yL.>..1.#

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\logoLarge.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 354 x 520
                            Category:dropped
                            Size (bytes):11000
                            Entropy (8bit):7.88559092427108
                            Encrypted:false
                            SSDEEP:192:d+nY6zludc/We/yXy9JHBUoIMSapQdrGlapzmyNMK1vbXkgMmgFW/KxIq3NhZe:YnY6p4c/OCHyowaGUaCcMK1vbXNwFW/l
                            MD5:45D9B00C4CF82CC53723B00D876B5E7E
                            SHA1:DDD10E798AF209EFCE022E97448E5EE11CEB5621
                            SHA-256:0F404764D07A6AE2EF9E1E0E8EAAC278B7D488D61CF1C084146F2F33B485F2ED
                            SHA-512:6E89DACF2077E1307DA05C16EF8FDE26E92566086346085BE10A7FD88658B9CDC87A3EC4D17504AF57D5967861B1652FA476B2DDD4D9C6BCFED9C60BB2B03B6F
                            Malicious:false
                            Preview:GIF89ab.................f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3.............f..3..........f.3...f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3.............f..3............f..3.............f..3....f..f.f..ff.f3.f..3..3.3..3f.33.3...........f..3...f..f..f..f.ff.3f..f..f..f.f.ff.3f..f..f..f..f.ff.3f..ff.ff.ff.fffff3ff.f3.f3.f3.f3ff33f3.f..f..f..f.ff.3f..3..3..3..3.f3.33..3..3..3.3.f3.33..3..3..3..3.f3.33..3f.3f.3f.3ff3f33f.33.33.33.33f33333.3..3..3..3.f3.33.............f..3.............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3...............w..U..D..".....................w..U..D..".....................w..U..D..".................wwwUUUDDD"""......,....b..........H......*\....#J.H....3j.... '.;p....(.8X..^.0c.I...z8O.\.....:....$..Fu<8`...P.>%I.gO.C.h-..+.`....@..h....dJ.?...K...H.,U.._.#...g..[.*^.x.....J.L.!.'........=+eZ..i..ynF.8...].y|..m.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\logoMed.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 87a, 120 x 181
                            Category:dropped
                            Size (bytes):3889
                            Entropy (8bit):7.425138719078912
                            Encrypted:false
                            SSDEEP:48:9qqbIh+cE4C8ric/jxK5mxsFBu3/0GIJ6Qap1Y5uMiR8pw5rB/SgijDb+TOh:hy+mnZ7xK5IsTwDQmkdiiG5rB/BE+6h
                            MD5:BD12B645A9B0036A9C24298CD7A81E5A
                            SHA1:13488E4F28676F1E0CE383F80D13510F07198B99
                            SHA-256:4D0BD3228AB4CC3E5159F4337BE969EC7B7334E265C99B7633E3DAF3C3FCFB62
                            SHA-512:F62C996857CA6AD28C9C938E0F12106E0DF5A20D1B4B0B0D17F6294A112359BA82268961F2A054BD040B5FE4057F712206D02F2E668675BBCF6DA59A4DA0A1BB
                            Malicious:false
                            Preview:GIF87ax............................................................................z.....{..o.....m..b...`{.X....vy...hk.Um.N...I`.D..Z^.LP.?R.;!....?C.5C.3#.l..,6.*&.15...`..#(.If.y.....l...._..#/...Hm.>_.y..4R.k..#6..._......w..*K.^.."<.....G{.w..3_."C.Q..F....v..!K...v.2m.)_.[..!R.u.1t.g..)f. X.O..E..1z.g. _.Z..D..:..0..Z.. f.D..0..'z..m.N..C../.z.svC.q/.m.ze7.\..P..I..1%.,...............................................................................................................................................................................................................................................................................................................................................................................................,....x..........H.......D..!...7.PAQ...._l8.... C.<.a...*.x....0q.. ..M.%.<.HBe.@.....Q..7..XC..P..<z3..X...P.jA.%'@.J.lV.......R.,..+....t....7h.....(..a...+^.'..7..L.....V...s..$....a.....8`.9..}K......

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\pwrdLogo.eps

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PostScript document text conforming DSC level 3.0, type EPS
                            Category:dropped
                            Size (bytes):27809
                            Entropy (8bit):5.331778921404698
                            Encrypted:false
                            SSDEEP:768:geQTVOEcRWsdEmhp6k/GLrPMlK3pJrNIbYDGDMtBgu2Fz6lR5G/r+FWaGK:gnTVOEcRWsdEvLrPJ5JrNIbYDGDMtB9L
                            MD5:BA1051DBED2B8676CAA24593B88C91B2
                            SHA1:8A58FC19B20BFDC8913515D9B32CCBF8ACF92344
                            SHA-256:2944EBC4AF1894951BF9F1250F4E6EDF811C2183745950EA9A8A926715882CF7
                            SHA-512:4260CEBA7DA9463F32B0C76A2AC19D2B20C8FE48CFBA3DC7AF748AAE15FA25DCBDA085072DF7EFC8F4B4F304C7ED166FE9F93DC903E32FA1874E82D59E544DEF
                            Malicious:false
                            Preview:%!PS-Adobe-3.0 EPSF-3.0.%%Creator: Adobe Illustrator(TM) 5.5.%%For: (Bud Northern) (Mark Anderson Design).%%Title: (TCL PWRD LOGO.ILLUS).%%CreationDate: (8/1/96) (4:59 PM).%%BoundingBox: 242 302 377 513.%%HiResBoundingBox: 242.0523 302.5199 376.3322 512.5323.%%DocumentProcessColors: Cyan Magenta Yellow.%%DocumentSuppliedResources: procset Adobe_level2_AI5 1.0 0.%%+ procset Adobe_IllustratorA_AI5 1.0 0.%AI5_FileFormat 1.2.%AI3_ColorUsage: Color.%%CMYKCustomColor: 0 0.45 1 0 (Orange).%%+ 0 0.25 1 0 (Orange Yellow).%%+ 0 0.79 0.91 0 (PANTONE Warm Red CV).%%+ 0 0.79 0.91 0 (TCL RED).%AI3_TemplateBox: 306 396 306 396.%AI3_TileBox: 12 12 600 780.%AI3_DocumentPreview: Macintosh_ColorPic.%AI5_ArtSize: 612 792.%AI5_RulerUnits: 0.%AI5_ArtFlags: 1 0 0 1 0 0 1 1 0.%AI5_TargetResolution: 800.%AI5_NumLayers: 1.%AI5_OpenToView: 102 564 2 938 673 18 1 1 2 40.%AI5_OpenViewLayers: 7.%%EndComments.%%BeginProlog.%%BeginResource: procset Adobe_level2_AI5 1.0 0.%%Title: (Adobe Illustrator (R) Version 5.0 Le

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\pwrdLogo100.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 64 x 100
                            Category:dropped
                            Size (bytes):1615
                            Entropy (8bit):7.461273815456419
                            Encrypted:false
                            SSDEEP:48:aE45BzojC3r1WAQ+HT2gAdKhPFZ/ObchgB8:V5Gb1WN+yfcObmgW
                            MD5:DBFAE61191B9FADD4041F4637963D84F
                            SHA1:BD971E71AE805C2C2E51DD544D006E92363B6C0C
                            SHA-256:BCC0E6458249433E8CBA6C58122B7C0EFA9557CBC8FB5F9392EED5D2579FC70B
                            SHA-512:ACEAD81CC1102284ED7D9187398304F21B8287019EB98B0C4EC7398DD8B5BA8E7D19CAA891AA9E7C22017B73D734110096C8A7B41A070191223B5543C39E87AF
                            Malicious:false
                            Preview:GIF89a@.d.............................f.................f...ff.f3.f..33.3.........f..ff.f3.33.3.f..f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....@.d....@.pH,..E.... ..(...H$..v..j....K....q..5L......^).3.Y7..r..u.v|g..om...\iHl..p...`G..\~....fn[q...P.g.Z.l....y...\.l......f.Z.g...%%....e...e...)....O.f..e. ....O..qf..%..(.H.u..]..&....#4.......@.).....u!.M..2. ..PJ..#..T..a.....P.Gi... <Hb....x..z.3.X.O..f.........].Bt..lB.Q.r...9pP....&...L. ..,`[.....E6.Q.....?.#L......|g........N....[.._........."4......b....G6.........m.zI].....I.@.......I.9...glew...2.B..c>./..2....x.....<...{...7;.....y.I.....4G.Qj0..7..%.W.V...?!..[...X..=..k.h..[Q<.....0.B....(P.x.,.......8O*Z.8P!.$....u.c..Ea!..eC....CB.. .H..E..#..C..E...z..&.Nu........c.0..#.T.M.U........l.p @..s.|..pf!..&.......8.#.8.....*..J>. .t..h6(........#..0.A...*!..)...x..u.Z....*%..H.....*.......`......|.....1.......&.....T*...f.l...

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\pwrdLogo150.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 97 x 150
                            Category:dropped
                            Size (bytes):2489
                            Entropy (8bit):7.708754027741608
                            Encrypted:false
                            SSDEEP:48:/Ev7JJ+3uvz/Hwbcp7igaIwjBui7qFxIIOdJXcI+Ks:M9oWz/7pZAV7qPIImJXtXs
                            MD5:711F4E22670FC5798E4F84250C0D0EAA
                            SHA1:1A1582650E218B0BE6FFDEFFD64D27F4B9A9870F
                            SHA-256:5FC25C30AEE76477F1C4E922931CC806823DF059525583FF5705705D9E913C1C
                            SHA-512:220C36010208A87D0F674DA06D6F5B4D6101D196544ABCB4EE32378C46C781589DB1CE7C7DFE6471A8D8E388EE6A279DB237B18AF1EB9130FF9D0222578F1589
                            Malicious:false
                            Preview:GIF89aa...............................f.................f...ff.f3.f..33.3............f..ff.f3.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,....a......@.pH,...r.l:..TB.T..V..z..H.j..h...&.......t"....F...d..gN~Y...g....}..r....g.....o...g.......Y.w..W......N....Z....W....f...tL.~.f....New............W.M.r.........O.q........W-./i.*...`..z..F9.../9..-.......$6..G..S...........zB.,nw.64...e4.......HOt......f.....)..OX..C.eU.(.Qh.....T..<Q.Y.P.L.YxT....2........ji..3.^)zz..O.a..6 ...TZ........^...7.....>|P.....w$...k.ZF.\R.u....F.]Z.--(v+)[Y....=.!.W..+.]..]._.....&..../Ap...j...!..b.:...{.^.=.`...U.....@Hf..\?.(..Lq@.........0..L...a...&.!.....]#..]G \..q...A.H.X[...(.W......,...1a..B...W(.t.8.AdG.)..(P=...Uu.u..A.KM\...'r.R./.W..d2a.0..G...?...B......#H........1Q.0...R....%+...0.I..{.<......QV.tz'.yn.E.p..0i.I.g......L....%....K...A.l.ph.Q.1e...Z....g..2e...smU&d;.J..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\pwrdLogo175.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 113 x 175
                            Category:dropped
                            Size (bytes):2981
                            Entropy (8bit):7.758793907956808
                            Encrypted:false
                            SSDEEP:48:AmEwM8ioQoHJQBTThKVI7G78NLL120GFBBFXJRxlu+BmO/5lNqm7Eq:B57QoHJQt4II8BZ+jxluZO/5lNqm7Eq
                            MD5:DA5FB10F4215E9A1F4B162257972F9F3
                            SHA1:8DB7FB453B79B8F2B4E67AC30A4BA5B5BDDEBD3B
                            SHA-256:62866E95501C436B329A15432355743C6EFD64A37CFB65BCECE465AB63ECF240
                            SHA-512:990CF306F04A536E4F92257A07DA2D120877C00573BD0F7B17466D74E797D827F6C127E2BEAADB734A529254595918C3A5F54FDBD859BC325A162C8CD8F6F5BE
                            Malicious:false
                            Preview:GIF89aq...............................f.................f...ff.f3.f..33.3............f..ff.f3.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3................................................................!.. -dl-.!.......,....q......@.pH,...r.l:....A}H...v..R......D.VF..,%M....^.....fyzU.P..f...i.....t..Uqe..N..Z..i......~....g......u.....g......\...h.....P...h.....Q..g....Z..h......]......\...M...[..s...c2.+R.$. ......#.....)v..4....MO.b.....9......[.M.........h'..<-..=.....HQD....D?.~......W7. ..V.W0..l....*0p}..KP?c.\@KW.S(..M..B.....-q...S2...*.,..P.{....F..._MAn ....i.Y3............zh.y.j@...a876...ui.i..;K.........p...`.,}w....tv.m...Y..........;.;.e).e&.......-.NC.*4..(........*..F........[,w....f......E....h..a3.T.^.........)...C.N8.h\T...+&.z....g]H..B..#.t6..Z.....j.-..N......TI....A........M?..Q&V'...Mb.f.x...h.$r.U .9..Ci. ].4.Zb..@...X....%..<..b)V!........Y)x......T.....h.p.d..h..(........]@.**J.M.U.Jf...Y.:....F..g:..d..6q.-..

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\pwrdLogo200.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 130 x 200
                            Category:dropped
                            Size (bytes):3491
                            Entropy (8bit):7.790611381196208
                            Encrypted:false
                            SSDEEP:96:ROGuxkQ9mcV7RXcECEtqCa+6GK8WseNXhewFIp9ZmL4u:ROGwpVOEbqCrWsUhtIk4u
                            MD5:A5E4284D75C457F7A33587E7CE0D1D99
                            SHA1:FA98A0FD8910DF2EFB14EDAEC038B4E391FEAB3C
                            SHA-256:BAD9116386343F4A4C394BDB87146E49F674F687D52BB847BD9E8198FDA382CC
                            SHA-512:4448664925D1C1D9269567905D044BBA48163745646344E08203FCEF5BA1524BA7E03A8903A53DAF7D73FE0D9D820CC9063D4DA2AA1E08EFBF58524B1D69D359
                            Malicious:false
                            Preview:GIF89a................................f.................f...ff.f3.f..33.3............f..ff.3f.33.3.f..ff.ff.ffff3ff333f.3f.33.33f.3...................................................................!.. -dl-.!.......,...........@.pH,...r.l:..T..F$XIe..V$.x..V.Z.z..F.pxd~..........{....o....l..{.b...hi[}P.k...y.....y.f.._R.\...............m.....y.....x......^.Q...j.....\S.....^.......l......]...[.......).....{....7...`..<...`..">..i.?/..@............>..Z.z@....0B..r...j.V.I.@..;%R...*...J.p.A.t.*..$A*...>`.....@g5BP.A..p.x.............q..8...... ...(.Q..#..@...F..YSK..M..#o.....D.m..-.....k}...BT..V......'.....`.d..~;..9+..6...<b.eZ..y^0]0..I...=.6.....}.0<.Z...M...Y1*35.e.....b...U0F~.-.HT......l2.s.q`-....y...e....dPZ....~.zT.M.... "r.E/k. ...*..Lj@'........Pcd&.(..mxF_w.."K..x!..--Y`..A.....Be.jH.A..\..j.....du#.....]^...>......].i.FMO..].9n1",Y...F...EW.9.....0TY.T...Cv!i`%...Hz@.]..U.!Y...#Dv&pi.z(.mn.A....@Q.0.%...&.4.v.cw(.`cd'|..M9..."...,*.......

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\pwrdLogo75.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 48 x 75
                            Category:dropped
                            Size (bytes):1171
                            Entropy (8bit):7.289201491091023
                            Encrypted:false
                            SSDEEP:24:DOfHIzP8hqiF+oyPOmp3XHhPBlMVvG0ffWLpfc:DGoPM+o0OmZXHhOv5WRc
                            MD5:7013CFC23ED23BFF3BDA4952266FA7F4
                            SHA1:E5B1DED49095332236439538ECD9DD0B1FD4934B
                            SHA-256:462A8FF8FD051A8100E8C6C086F497E4056ACE5B20B44791F4AAB964B010A448
                            SHA-512:A887A5EC33B82E4DE412564E86632D9A984E8498F02D8FE081CC4AC091A68DF6CC1A82F4BF99906CFB6EA9D0EF47ADAC2D1B0778DCB997FB24E62FC7A6D77D41
                            Malicious:false
                            Preview:GIF89a0.K.............................f.................f...ff.f3.f..33.3.........f..ff.f3.3f.33.3.f..ff.ff.f3ff333f.3f.33.33f.3......................................................................!.. -dl-.!.......,....0.K....@.pH,...GD.<:..%SR.Z......<.V.$l.....z......:.. .|v[D..f...z.W.G.Vr...NgsU.yl..qU..`.......`fe`.......Fg....(.&...g.Y.. .."..q.V.$.'.Ez.W....y...Y.U...(#Xrf.........Xux.U..........(U.4...X....G.B..t..1S...R..Y. ...l ..".>.h......,%K....A.....<s....#..8.iK.....a.y$h..DQh.PE)....6.....MyL.qzF..... ."..Y0..a......2..*t..Ma..b...M..R.....\..st..=....Q......,>s`....Qt.,..B.R.....!.$..%.....(...s...B.T...`,".h(. D....8..dC..\Q.p.......x.#A.....:..du..(D.XV......7....S.#n8a....2`...f.:G,...==(......`!..$...t....b..../N|...f..J.x... P&.|.d._!N...].1w.3D.0!....@o&H...N.B.J....pz8..w.i....=r.............@5.-!.......H."..[.j.AB<..p....h...V.D..6.h...ab1F.g...I !.V~.H..V.........:.G..|c...,.....TD5..c[.W.....LC.....FJ..71[..lH.M.....8.:$......

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\images\tai-ku.gif

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:GIF image data, version 89a, 100 x 100
                            Category:dropped
                            Size (bytes):5473
                            Entropy (8bit):7.754239979431754
                            Encrypted:false
                            SSDEEP:96:+EqG96vSGfyJZ26G6U1LI7nTD2enhjc+2VBnOqcUERVIim:+46KcyJI6G6uU7/LhjlkhQR7m
                            MD5:048AFE69735F6974D2CA7384B879820C
                            SHA1:267A9520C4390221DCE50177E789A4EBD590F484
                            SHA-256:E538F8F4934CA6E1CE29416D292171F28E67DA6C72ED9D236BA42F37445EA41E
                            SHA-512:201DA67A52DADA3AE7C533DE49D3C08A9465F7AA12317A0AE90A8C9C04AA69A85EC00AF2D0069023CD255DDA8768977C03C73516E4848376250E8D0D53D232CB
                            Malicious:false
                            Preview:GIF89ad.d...................RJJ...B99.......RBB..B11ZBB!....R991!!...)....{{B!!R)).JJ.ss.ZZ.BB.kk.RR.JJ.BB9...JJR!!.ZZ.BB.11.99.{s.sk.kc.cZ.ZR.JB.ZR.JB.JB.RJ.B9.91.B9...{.JB.91.B9.B9.1){)!.)!.9)..ZR.JB{91.cR{1).ZJ.ZJ.RB.J9.B1.B1.9).1!....{B9.{k.scc1).kZZ)!c)!.9).B1.9).9).1!.1!.1!.B).9!.9!.1..).....{.sZ1)R)!.B1.B1.ZBR!..9).ZB.9).R9.R9.1!.J1.J1.B).B).9!.9!.1..1..).....sZ.J9.ZB.cJJ!.{1!.B).9!{)..9!.J).B!.B!.9..R1).kJ)!.B1{9).R9.cB.Z9.Z9.B).Z9.B).R1.9!.R1.J).J).B!.1..9....{.s.J9.{Z.ZB.sR.kJk1!.cB.cB.R1.R).1..B!.J!.B.....R91.J1).c.kJ.J).Z1.B!.B!..9!..{R.sJ.Z9.R1{9!..s.R9.Z...J91Z9){B)...............B91..1)!..............................RJR............B)1......R19........BJ.9B..{..s{......!.......,....d.d.@............0@PHa....*.p...7.8.y...C.s6Z.%Q.#s.`:B.N....4jd.K.0..|y....F@.......1~ ......'Y.B"C&R.V.R.4$k.3...D.......Ef*Y3..M........BDV._.....\..).]..>s..$H\%y0WL...d.......D..'..v..1Kz.Zp$;S

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\license.terms

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2267
                            Entropy (8bit):5.097909341674822
                            Encrypted:false
                            SSDEEP:48:JlZuZcRTvy3DauG4+bHnr32s3eGw8YKxPiOXR3ojdS+mFf:JScFaz+bL3e8n3XR3ojdtOf
                            MD5:C88F99DECEC11AFA967AD33D314F87FE
                            SHA1:58769F631EB2C8DED0C274AB1D399085CC7AA845
                            SHA-256:2CDE822B93CA16AE535C954B7DFE658B4AD10DF2A193628D1B358F1765E8B198
                            SHA-512:4CD59971A2614891B2F0E24FD8A42A706AE10A2E54402D774E5DAA5F6A37DE186F1A45B1722A7C0174F9F80625B13D7C9F48FDB03A7DDBC6E6881F56537B5478
                            Malicious:false
                            Preview:This software is copyrighted by the Regents of the University of.California, Sun Microsystems, Inc., Scriptics Corporation, ActiveState.Corporation, Apple Inc. and other parties. The following terms apply to.all files associated with the software unless explicitly disclaimed in.individual files...The authors hereby grant permission to use, copy, modify, distribute,.and license this software and its documentation for any purpose, provided.that existing copyright notices are retained in all copies and that this.notice is included verbatim in any distributions. No written agreement,.license, or royalty fee is required for any of the authorized uses..Modifications to this software may be copyrighted by their authors.and need not follow the licensing terms described here, provided that.the new terms are clearly indicated on the first page of each file where.they apply...IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY.FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQ

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\listbox.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):14594
                            Entropy (8bit):4.895853767062079
                            Encrypted:false
                            SSDEEP:384:ZBjtAc4YusFvbg36UFchqHjNw8wSdy+1a22YDE/q:ZFgqUBjW8RQcf
                            MD5:C33963D3A512F2E728F722E584C21552
                            SHA1:75499CFA62F2DA316915FADA2580122DC3318BAD
                            SHA-256:39721233855E97BFA508959B6DD91E1924456E381D36FDFC845E589D82B1B0CC
                            SHA-512:EA01D8CB36D446ACE31C5D7E50DFAE575576FD69FD5D413941EEBBA7CCC1075F6774AF3C69469CD7BAF6E1068AA5E5B4C560F550EDD2A8679124E48C55C8E8D7
                            Malicious:false
                            Preview:# listbox.tcl --.#.# This file defines the default bindings for Tk listbox widgets.# and provides procedures that help in implementing those bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...#--------------------------------------------------------------------------.# tk::Priv elements used in this file:.#.# afterId -..Token returned by "after" for autoscanning..# listboxPrev -.The last element to be selected or deselected.#...during a selection operation..# listboxSelection -.All of the items that were selected before the.#...current selection operation (such as a mouse.#...drag) started; used to cancel an operation..#--------------------------------------------------------------------------..#-------------------------------------

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\megawidget.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):9569
                            Entropy (8bit):4.736161258754494
                            Encrypted:false
                            SSDEEP:192:cp4NSZKF/bcaQTViJ8pox8tJRd/v0tAANQSLkROOp+4BQjBC:jSZKF/Iaarpocdn07NQS34ao
                            MD5:7176A4FE8EC3EA648854F1FC1BB2EA89
                            SHA1:28D96419585881C6222BC917EDB9A5863E7C519B
                            SHA-256:D454FC4E25D9DFC704556A689A17AA6F3D726F99592995952BC6492FC8F19F6E
                            SHA-512:8C33E1CD3490945DDC5DA0585E655A7FC78C9950886F68C096D103AE510C1024632AB3D41E9573937BB4359D365FFB8F5A10B1CA7BFBD37442F40985107C1C8D
                            Malicious:false
                            Preview:# megawidget.tcl.#.#.Basic megawidget support classes. Experimental for any use other than.#.the ::tk::IconList megawdget, which is itself only designed for use in.#.the Unix file dialogs..#.# Copyright (c) 2009-2010 Donal K. Fellows.#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES..#..package require Tk 8.6...::oo::class create ::tk::Megawidget {. superclass ::oo::class. method unknown {w args} {..if {[string match .* $w]} {.. [self] create $w {*}$args.. return $w..}..next $w {*}$args. }. unexport new unknown. self method create {name superclasses body} {..next $name [list \...superclass ::tk::MegawidgetClass {*}$superclasses]\;$body. }.}..::oo::class create ::tk::MegawidgetClass {. variable w hull options IdleCallbacks. constructor args {..# Extract the "widget name" from the object name..set w [namespace tail [self]]...# Configure things..tclParseConfigSpec [my varname op

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\menu.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):38077
                            Entropy (8bit):4.872052715667624
                            Encrypted:false
                            SSDEEP:768:0K5IzCPGH0a9tVbQDBTo06DpSCeihpzuxdyQYEuH9DAe1:0K5i1HDE6AWuxdRYxHS8
                            MD5:181ED74919F081EEB34269500E228470
                            SHA1:953EB429F6D98562468327858ED0967BDC21B5AD
                            SHA-256:564AC0040176CC5744E3860ABC36B5FFBC648DA20B26A710DC3414EAE487299B
                            SHA-512:220E496B464575115BAF1DEDE838E70D5DDD6D199B5B8ACC1763E66D66801021B2D7CD0E1E1846868782116AD8A1F127682073D6EACD7E73F91BCED89F620109
                            Malicious:false
                            Preview:# menu.tcl --.#.# This file defines the default bindings for Tk menus and menubuttons..# It also implements keyboard traversal of menus and implements a few.# other utility procedures related to menus..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998-1999 by Scriptics Corporation..# Copyright (c) 2007 Daniel A. Steffen <das@users.sourceforge.net>.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# cursor -..Saves the -cursor option for the posted menubutton..# focus -..Saves the focus during a menu selection operation..#...Focus gets restored here when the menu is unposted..# grabGlobal -..Used in conjunction with tk::Priv(oldGrab): if.#...tk::Priv(oldGrab) is non-empty, then tk::Pr

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\mkpsenc.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):29352
                            Entropy (8bit):5.110577585375791
                            Encrypted:false
                            SSDEEP:768:hmie+xwcBO/SHAqFySrhkvQueYpx8DPF52qdREXXZ2/OODi:I+xwcBO/SHAqFySrhAQueYD8D95TOL
                            MD5:5F3793E7E582111C17C85E23194AEFD5
                            SHA1:925D973B70252384D1DE9B388C6C2038E646FDDF
                            SHA-256:0AC9D11D4046EF4D8E6D219F6941BF69C6AE448C6A1C2F7FC382F84B5786F660
                            SHA-512:2922546BA69232DBC205FE83EF54916E334E7AC93B7A26A208341F9C101209DA84C73F48C52BDB8E63E71A545853652B86378EBEB88F000BC16FCFB0EF5D8517
                            Malicious:false
                            Preview:# mkpsenc.tcl --.#.# This file generates the postscript prolog used by Tk...namespace eval ::tk {. # Creates Postscript encoding vector for ISO-8859-1 (could theoretically. # handle any 8-bit encoding, but Tk never generates characters outside. # ASCII).. #. proc CreatePostscriptEncoding {} {..variable psglyphs..# Now check for known. Even if it is known, it can be other than we..# need. GhostScript seems to be happy with such approach..set result "\[\n"..for {set i 0} {$i<256} {incr i 8} {.. for {set j 0} {$j<8} {incr j} {...set enc [encoding convertfrom "iso8859-1" \....[format %c [expr {$i+$j}]]]...catch {... set hexcode {}... set hexcode [format %04X [scan $enc %c]]...}...if {[info exists psglyphs($hexcode)]} {... append result "/$psglyphs($hexcode)"...} else {... append result "/space"...}.. }.. append result "\n"..}..append result "\]"..return $result. }.. # List of adobe glyph names. Converted from glyphlist.txt, downloaded from. # Ad

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgbox.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:xbm image (32x, ASCII text
                            Category:dropped
                            Size (bytes):16527
                            Entropy (8bit):4.679051291122852
                            Encrypted:false
                            SSDEEP:384:aWsDPYblrrfcRcfjAwnAVDTS3ifQjvwMXEcjY:aTRcfjAwGTfQjvPXt0
                            MD5:C93F295967350F7010207874992E01A5
                            SHA1:CAE8EF749F7618326B3307DA7ED6DEBB380286DD
                            SHA-256:52C5B87C99C142D5FC77E0C22B78B7CD63A4861756FD6B39648A2E9A8EDDE953
                            SHA-512:F7E60211C0BC1ECEDE03022D622C5B9AAEAE3C203A60B6B034E1886F857C8FAD6BA6B1F7BA1EE7D733720775E7108F1BFD4C5B54A0F4919CE4EB43851D1190F8
                            Malicious:false
                            Preview:# msgbox.tcl --.#.#.Implements messageboxes for platforms that do not have native.#.messagebox support..#.# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# Ensure existence of ::tk::dialog namespace.#.namespace eval ::tk::dialog {}..image create bitmap ::tk::dialog::b1 -foreground black \.-data "#define b1_width 32\n#define b1_height 32.static unsigned char q1_bits[] = {. 0x00, 0xf8, 0x1f, 0x00, 0x00, 0x07, 0xe0, 0x00, 0xc0, 0x00, 0x00, 0x03,. 0x20, 0x00, 0x00, 0x04, 0x10, 0x00, 0x00, 0x08, 0x08, 0x00, 0x00, 0x10,. 0x04, 0x00, 0x00, 0x20, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x00, 0x80,. 0x01, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00, 0x40,. 0x04, 0x00, 0x00, 0x20, 0x08, 0x00,

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\cs.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4158
                            Entropy (8bit):4.744283779865612
                            Encrypted:false
                            SSDEEP:48:RC98Kz+4GgKafRXwSl51gmJnANlsgPVG5QOFWQfl5:RC98/4PGi51gmAsgPVjm5
                            MD5:EBAFA3EE899EBB06D52C204493CEE27A
                            SHA1:95E6C71E4525A8DD91E488B952665AE9C5FBDDED
                            SHA-256:D1B0FED0BEA51B3FAF08D8634034C7388BE7148F9B807460B7D185706DB8416F
                            SHA-512:ADDE3C85A7A4148BAFD6C8B8902FC8C229F1D1AAF118BE85F44E4667237E66938864E2B7B4486B7C68C89EB4559F1D8367F9F563B9C6C8BCAB66118B36E670B8
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset cs "&Abort" "&P\u0159eru\u0161it". ::msgcat::mcset cs "&About..." "&O programu...". ::msgcat::mcset cs "All Files" "V\u0161echny soubory". ::msgcat::mcset cs "Application Error" "Chyba programu". ::msgcat::mcset cs "Bold Italic". ::msgcat::mcset cs "&Blue" "&Modr\341". ::msgcat::mcset cs "Cancel" "Zru\u0161it". ::msgcat::mcset cs "&Cancel" "&Zru\u0161it". ::msgcat::mcset cs "Cannot change to the directory \"%1\$s\".\nPermission denied." "Nemohu zm\u011bnit atku\341ln\355 adres\341\u0159 na \"%1\$s\".\nP\u0159\355stup odm\355tnut.". ::msgcat::mcset cs "Choose Directory" "V\375b\u011br adres\341\u0159e". ::msgcat::mcset cs "Cl&ear" "Sma&zat". ::msgcat::mcset cs "&Clear Console" "&Smazat konzolu". ::msgcat::mcset cs "Color" "Barva". ::msgcat::mcset cs "Console" "Konzole". ::msgcat::mcset cs "&Copy" "&Kop\355rovat". ::msgcat::mcset cs "Cu&t" "V&y\u0159\355znout". ::msgcat::mcset cs "&Delete" "&Smazat"

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\da.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3909
                            Entropy (8bit):4.6030170761850915
                            Encrypted:false
                            SSDEEP:48:G8ONjSf5s80vWCUx5kTvgXTfODYE9lAUt:G8OmB0ZUx5kTv4sbt
                            MD5:C414C6972F0AAD5DFA31297919D0587F
                            SHA1:529AE0B0CB9D1DBC7F8844F346149E151DE0A36B
                            SHA-256:85E6CEE6001927376725F91EAA55D17B3D9E38643E17755A42C05FE491C63BDE
                            SHA-512:0F2A777B9C3D6C525097E19D1CC4525E9BAF78E0CABF54DD693C64BC1FD4EA75402D906A8302489997BA83ABA5AFD7CA1DE30FFE0888CD19950F56A9D38B018A
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset da "&Abort" "&Afbryd". ::msgcat::mcset da "&About..." "&Om...". ::msgcat::mcset da "All Files" "Alle filer". ::msgcat::mcset da "Application Error" "Programfejl". ::msgcat::mcset da "&Blue" "&Bl\u00E5". ::msgcat::mcset da "Cancel" "Annuller". ::msgcat::mcset da "&Cancel" "&Annuller". ::msgcat::mcset da "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ikke skifte til katalog \"%1\$s\".\nIngen rettigheder.". ::msgcat::mcset da "Choose Directory" "V\u00E6lg katalog". ::msgcat::mcset da "Cl&ear" "&Ryd". ::msgcat::mcset da "&Clear Console" "&Ryd konsolen". ::msgcat::mcset da "Color" "Farve". ::msgcat::mcset da "Console" "Konsol". ::msgcat::mcset da "&Copy" "&Kopier". ::msgcat::mcset da "Cu&t" "Kli&p". ::msgcat::mcset da "&Delete" "&Slet". ::msgcat::mcset da "Details >>" "Detailer". ::msgcat::mcset da "Directory \"%1\$s\" does not exist." "Katalog \"%1\$s\" findes ikke.". ::msg

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\de.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4823
                            Entropy (8bit):4.5738552657551566
                            Encrypted:false
                            SSDEEP:96:13LquGgagtG6vz8MFi9dDvbwKAN92qqMXg07Qt:L1/w5jwKYH1Et
                            MD5:07DF877A1166E81256273F1183B5BDC9
                            SHA1:CB455F910208E2E55B27A96ABD845FEEDA88711A
                            SHA-256:06DD7572626DF5CB0A8D3AFFBAC9BB74CB12469076836D66FD19AE5B5FAB42C7
                            SHA-512:197B09F37647D1D5130A084EA1D99D0CC16C815EC0AC31EC07875BEB2DFAE2197E2AF3E323FE8CB35F90912D76D3EB88D1E56F6E026F87AEDFADB7534BA2675A
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset de "&Abort" "&Abbruch". ::msgcat::mcset de "&About..." "&\u00dcber...". ::msgcat::mcset de "All Files" "Alle Dateien". ::msgcat::mcset de "Application Error" "Applikationsfehler". ::msgcat::mcset de "&Apply" "&Anwenden". ::msgcat::mcset de "Bold" "Fett". ::msgcat::mcset de "Bold Italic" "Fett kursiv". ::msgcat::mcset de "&Blue" "&Blau". ::msgcat::mcset de "Cancel" "Abbruch". ::msgcat::mcset de "&Cancel" "&Abbruch". ::msgcat::mcset de "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kann nicht in das Verzeichnis \"%1\$s\" wechseln.\nKeine Rechte vorhanden.". ::msgcat::mcset de "Choose Directory" "W\u00e4hle Verzeichnis". ::msgcat::mcset de "Cl&ear" "&R\u00fccksetzen". ::msgcat::mcset de "&Clear Console" "&Konsole l\u00f6schen". ::msgcat::mcset de "Color" "Farbe". ::msgcat::mcset de "Console" "Konsole". ::msgcat::mcset de "&Copy" "&Kopieren". ::msgcat::mcset de "Cu&t" "Aus&schneid

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\el.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text, with very long lines (355)
                            Category:dropped
                            Size (bytes):8698
                            Entropy (8bit):4.296709418881547
                            Encrypted:false
                            SSDEEP:48:tCrF5o/cmSHbkI8+ETnFI3mC2hk9I+c6M30UPfMNDz91yBFkm5w+kGR8MOFiL0xu:wp5RmSHlsFerVIfM5Loam5VOMAkV
                            MD5:C802EA5388476451CD76934417761AA6
                            SHA1:25531DF6262E3B1170055735C5A874B9124FEA83
                            SHA-256:1D56D0A7C07D34BB8165CBA47FA49351B8BC5A9DB244290B9601C5885D16155C
                            SHA-512:251FABBE8B596C74BC1231823C60F5F99CF55A29212327723F5DBE604F678E8E464F2D604D1049754B7C02350712B83BCF4D9542D8167F3CAB9C9B7E5C88EC7D
                            Malicious:false
                            Preview:## Messages for the Greek (Hellenic - "el") language..## Please report any changes/suggestions to:.## petasis@iit.demokritos.gr..namespace eval ::tk {. ::msgcat::mcset el "&Abort" "\u03a4\u03b5\u03c1\u03bc\u03b1\u03c4\u03b9\u03c3\u03bc\u03cc\u03c2". ::msgcat::mcset el "About..." "\u03a3\u03c7\u03b5\u03c4\u03b9\u03ba\u03ac...". ::msgcat::mcset el "All Files" "\u038c\u03bb\u03b1 \u03c4\u03b1 \u0391\u03c1\u03c7\u03b5\u03af\u03b1". ::msgcat::mcset el "Application Error" "\u039b\u03ac\u03b8\u03bf\u03c2 \u0395\u03c6\u03b1\u03c1\u03bc\u03bf\u03b3\u03ae\u03c2". ::msgcat::mcset el "&Blue" "\u039c\u03c0\u03bb\u03b5". ::msgcat::mcset el "&Cancel" "\u0391\u03ba\u03cd\u03c1\u03c9\u03c3\u03b7". ::msgcat::mcset el \."Cannot change to the directory \"%1\$s\".\nPermission denied." \."\u0394\u03b5\u03bd \u03b5\u03af\u03bd\u03b1\u03b9 \u03b4\u03c5\u03bd\u03b1\u03c4\u03ae \u03b7 \u03b1\u03bb\u03bb\u03b1\u03b3\u03ae \u03ba\u

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\en.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3286
                            Entropy (8bit):4.214322279125194
                            Encrypted:false
                            SSDEEP:24:sqHa4IUXCtvLPgyq1+1ylnJzqFtC2NAXSxFFRRTDubLorIlnB:d64I5tDPgDNnH2SXSZRRTDuPZlB
                            MD5:64725ED622DBF1CB3F00479BA84157D7
                            SHA1:575429AEABAF6640425AC1BC397B3382C1ED1122
                            SHA-256:673C76A48ADA09A154CB038534BF90E3B9C0BA5FD6B1619DB33507DE65553362
                            SHA-512:4EBDCAB20D095789BB8D94476CCFD29DEE8DFCF96F1C2030387F0521827A140E22BBB0DAD4B73EABE26D70E1642C9981BC5CBBF0045FEABB9EF98C7CDB67795E
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset en "&Abort". ::msgcat::mcset en "&About...". ::msgcat::mcset en "All Files". ::msgcat::mcset en "Application Error". ::msgcat::mcset en "&Apply". ::msgcat::mcset en "Bold". ::msgcat::mcset en "Bold Italic". ::msgcat::mcset en "&Blue". ::msgcat::mcset en "Cancel". ::msgcat::mcset en "&Cancel". ::msgcat::mcset en "Cannot change to the directory \"%1\$s\".\nPermission denied.". ::msgcat::mcset en "Choose Directory". ::msgcat::mcset en "Cl&ear". ::msgcat::mcset en "&Clear Console". ::msgcat::mcset en "Color". ::msgcat::mcset en "Console". ::msgcat::mcset en "&Copy". ::msgcat::mcset en "Cu&t". ::msgcat::mcset en "&Delete". ::msgcat::mcset en "Details >>". ::msgcat::mcset en "Directory \"%1\$s\" does not exist.". ::msgcat::mcset en "&Directory:". ::msgcat::mcset en "&Edit". ::msgcat::mcset en "Effects". ::msgcat::mcset en "Error: %1\$s". ::msgcat::mcset en "E&xit". ::msgcat

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\en_gb.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):63
                            Entropy (8bit):4.185724027617087
                            Encrypted:false
                            SSDEEP:3:fEGp6fR1FAGoW8vMKEQXK:sooLoQO6
                            MD5:EC6A7E69AB0B8B767367DB54CC0499A8
                            SHA1:6C2D6B622429AB8C17E07C2E0F546469823ABE57
                            SHA-256:FB93D455A9D9CF3F822C968DFB273ED931E433F2494D71D6B5F8D83DDE7EACC2
                            SHA-512:72077EAB988979EB2EE292ACDB72537172A5E96B4262CE7278B76F0FEBD7E850D18221DB551D1DE3C6EB520985B5E9642936BEEB66032F920593276784525702
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset en_gb Color Colour.}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\eo.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3916
                            Entropy (8bit):4.556739397782912
                            Encrypted:false
                            SSDEEP:48:9714zhrzeU10xrFf+/eR0Mqp+cIFIXd/KcrtCcuUc6Sq4Pe:97145eFrF2GSMqgcIFIXdyAene
                            MD5:09EF4B30B49A71FD4DEA931E334896E1
                            SHA1:6C2366CE5961CFDA53259A43E087A813CEE41841
                            SHA-256:5DE113DC4CE0DF0D8C54D4812C15EC31387127BF9AFEA028D20C6A5AA8E3AB85
                            SHA-512:9DB3BB6B76B1299AE4612DF2A2872ECEE6642FC7DF971BE3A22437154AD25E81E1B1F3E1AA7A281CB3F48F8F8198A846BCB008CCFF91A9720440AFE5BAB7DE84
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset eo "&Abort" "&\u0108esigo". ::msgcat::mcset eo "&About..." "Pri...". ::msgcat::mcset eo "All Files" "\u0108ioj dosieroj". ::msgcat::mcset eo "Application Error" "Aplikoerraro". ::msgcat::mcset eo "&Blue" "&Blua". ::msgcat::mcset eo "Cancel" "Rezignu". ::msgcat::mcset eo "&Cancel" "&Rezignu". ::msgcat::mcset eo "Cannot change to the directory \"%1\$s\".\nPermission denied." "Neeble \u0109angi al dosierulon \"%1\$s\".\nVi ne rajtas tion.". ::msgcat::mcset eo "Choose Directory" "Elektu Dosierujo". ::msgcat::mcset eo "Cl&ear" "&Klaru". ::msgcat::mcset eo "&Clear Console" "&Klaru konzolon". ::msgcat::mcset eo "Color" "Farbo". ::msgcat::mcset eo "Console" "Konzolo". ::msgcat::mcset eo "&Copy" "&Kopiu". ::msgcat::mcset eo "Cu&t" "&Enpo\u015digu". ::msgcat::mcset eo "&Delete" "&Forprenu". ::msgcat::mcset eo "Details >>" "Detaloj >>". ::msgcat::mcset eo "Directory \"%1\$s\" does not exist." "La dosieruj

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\es.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3948
                            Entropy (8bit):4.486102294561867
                            Encrypted:false
                            SSDEEP:48:vTaZD2XRgGiWXirZe0uoH02QyTaBi2DcDmQ/jY33l4TCyFv:vmZaXhFbyGB3ELjDV
                            MD5:93FFA957E3DCF851DD7EBE587A38F2D5
                            SHA1:8C3516F79FB72F32848B40091DA67C81E40FDEFE
                            SHA-256:91DC4718DC8566C36E4BCD0C292C01F467CA7661EFF601B870ABCDFE4A94ECBB
                            SHA-512:8EC7048DDFF521DE444F697EAB305777BAC24AEA37716DA4FE5374E93CEF66DDD58D535BE8FCBCD2636D623337643B1242798BB8AC7292EA2D81AE030C3A605C
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset es "&Abort" "&Abortar". ::msgcat::mcset es "&About..." "&Acerca de ...". ::msgcat::mcset es "All Files" "Todos los archivos". ::msgcat::mcset es "Application Error" "Error de la aplicaci\u00f3n". ::msgcat::mcset es "&Blue" "&Azul". ::msgcat::mcset es "Cancel" "Cancelar". ::msgcat::mcset es "&Cancel" "&Cancelar". ::msgcat::mcset es "Cannot change to the directory \"%1\$s\".\nPermission denied." "No es posible acceder al directorio \"%1\$s\".\nPermiso denegado.". ::msgcat::mcset es "Choose Directory" "Elegir directorio". ::msgcat::mcset es "Cl&ear" "&Borrar". ::msgcat::mcset es "&Clear Console" "&Borrar consola". ::msgcat::mcset es "Color". ::msgcat::mcset es "Console" "Consola". ::msgcat::mcset es "&Copy" "&Copiar". ::msgcat::mcset es "Cu&t" "Cor&tar". ::msgcat::mcset es "&Delete" "&Borrar". ::msgcat::mcset es "Details >>" "Detalles >>". ::msgcat::mcset es "Directory \"%1\$s\" does not exist." "

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\fr.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3805
                            Entropy (8bit):4.582498923493114
                            Encrypted:false
                            SSDEEP:48:fiESNtfQIFBqFHjUp4KiOzbgRuhzSAEFlBGr3jd:fiESP1aVdKiHRXcN
                            MD5:9FC55235C334F6F6026D5B38AFFB9E10
                            SHA1:CAD3805900E860B9491E3EE5C2C0F52ADCA67065
                            SHA-256:0A8BBB4D1FD87BF7A90DDFA50F4724994C9CE78D1F3E91CF40C1177DB7941DC5
                            SHA-512:FBB5E72BC376DDB9F43B8C79398CA287AFAAAF8292A8CB3AF63241973B1748FD578D49075A1287DA054BA81D3ED61A723F3DE9E10855D5E85620B371D70D9BBD
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset fr "&Abort" "&Annuler". ::msgcat::mcset fr "About..." "\u00c0 propos...". ::msgcat::mcset fr "All Files" "Tous les fichiers". ::msgcat::mcset fr "Application Error" "Erreur d'application". ::msgcat::mcset fr "&Blue" "&Bleu". ::msgcat::mcset fr "Cancel" "Annuler". ::msgcat::mcset fr "&Cancel" "&Annuler". ::msgcat::mcset fr "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossible d'acc\u00e9der au r\u00e9pertoire \"%1\$s\".\nPermission refus\u00e9e.". ::msgcat::mcset fr "Choose Directory" "Choisir r\u00e9pertoire". ::msgcat::mcset fr "Cl&ear" "Effacer". ::msgcat::mcset fr "Color" "Couleur". ::msgcat::mcset fr "Console". ::msgcat::mcset fr "Copy" "Copier". ::msgcat::mcset fr "Cu&t" "Couper". ::msgcat::mcset fr "Delete" "Effacer". ::msgcat::mcset fr "Details >>" "D\u00e9tails >>". ::msgcat::mcset fr "Directory \"%1\$s\" does not exist." "Le r\u00e9pertoire \"%1\$s\" n'existe pas.".

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\hu.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4600
                            Entropy (8bit):4.752507976327236
                            Encrypted:false
                            SSDEEP:96:IYIzxGy0Kt9C81y/HSzVqUaJf9q/x5a/mETsN:IB1FCt/4vZM+EA
                            MD5:E1BA9C40A350BAD78611839A59065BF0
                            SHA1:1A148D230C9F8D748D96A79CD4E261AF264D6524
                            SHA-256:C8134EAD129E44E9C5043E1DAD81A6A900F0DE71DB3468E2603840038687F1D8
                            SHA-512:17EC7F14C708C4D8C77731C26D0CE8AF6EBAB3D1CA878FB9682F15F0546031E39EF601683832631CA329549A630F2C9A3A69B1CC6E3CC927353605834FC62CAE
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset hu "&Abort" "&Megszak\u00edt\u00e1s". ::msgcat::mcset hu "&About..." "N\u00e9vjegy...". ::msgcat::mcset hu "All Files" "Minden f\u00e1jl". ::msgcat::mcset hu "Application Error" "Alkalmaz\u00e1s hiba". ::msgcat::mcset hu "&Blue" "&K\u00e9k". ::msgcat::mcset hu "Cancel" "M\u00e9gsem". ::msgcat::mcset hu "&Cancel" "M\u00e9g&sem". ::msgcat::mcset hu "Cannot change to the directory \"%1\$s\".\nPermission denied." "A k\u00f6nyvt\u00e1rv\u00e1lt\u00e1s nem siker\u00fclt: \"%1\$s\".\nHozz\u00e1f\u00e9r\u00e9s megtagadva.". ::msgcat::mcset hu "Choose Directory" "K\u00f6nyvt\u00e1r kiv\u00e1laszt\u00e1sa". ::msgcat::mcset hu "Cl&ear" "T\u00f6rl\u00e9s". ::msgcat::mcset hu "&Clear Console" "&T\u00f6rl\u00e9s Konzol". ::msgcat::mcset hu "Color" "Sz\u00edn". ::msgcat::mcset hu "Console" "Konzol". ::msgcat::mcset hu "&Copy" "&M\u00e1sol\u00e1s". ::msgcat::mcset hu "Cu&t" "&Kiv\u00e1g\u00e1s". ::msgcat::mcset hu "

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\it.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3692
                            Entropy (8bit):4.444986253861924
                            Encrypted:false
                            SSDEEP:48:rtcxronR9zvjZ3hWsH9TYT/dllvOr80nC2dnGHc839kUqg:xcxoXBhlHiT/dlcY0HpVg
                            MD5:ADB80EC5B23FC906A1A3313A30D789E6
                            SHA1:5FB163BC1086D3366228204078F219FE4BB67CB3
                            SHA-256:9F83DD0309ED621100F3187FFCDAE50B75F5973BBE74AF550A78EF0010495DED
                            SHA-512:BA6E0C165561CDAEAB565EF1FED4087AB3B41EC3C18432C1BDA9B011E5C7C2E12F6B2CFC9F5C0CFAC1134AE53D80459D8E5B638739C61A851232047DEA7F3BA2
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset it "&Abort" "&Interrompi". ::msgcat::mcset it "&About..." "Informazioni...". ::msgcat::mcset it "All Files" "Tutti i file". ::msgcat::mcset it "Application Error" "Errore dell' applicazione". ::msgcat::mcset it "&Blue" "&Blu". ::msgcat::mcset it "Cancel" "Annulla". ::msgcat::mcset it "&Cancel" "&Annulla". ::msgcat::mcset it "Cannot change to the directory \"%1\$s\".\nPermission denied." "Impossibile accedere alla directory \"%1\$s\".\nPermesso negato.". ::msgcat::mcset it "Choose Directory" "Scegli una directory". ::msgcat::mcset it "Cl&ear" "Azzera". ::msgcat::mcset it "&Clear Console" "Azzera Console". ::msgcat::mcset it "Color" "Colore". ::msgcat::mcset it "Console". ::msgcat::mcset it "&Copy" "Copia". ::msgcat::mcset it "Cu&t" "Taglia". ::msgcat::mcset it "Delete" "Cancella". ::msgcat::mcset it "Details >>" "Dettagli >>". ::msgcat::mcset it "Directory \"%1\$s\" does not exist." "La director

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\nl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4466
                            Entropy (8bit):4.472386382725933
                            Encrypted:false
                            SSDEEP:48:791wMjS3Md15YNISfTMEu5KIXTLLBIafWUuvfbLnZj4gT7VT4k7BLyslwI6Blb4t:DVe3MX8ISUKYuXbLnZj4MRJhjSIO4t
                            MD5:B628EAFD489335ED620014B56821B792
                            SHA1:8F6AFF68B42B747D30870D6DA7E058294921406A
                            SHA-256:D3D07AAD792C0E83F4704B304931EA549D12CBB3D99A573D9815E954A5710707
                            SHA-512:C33D097D2897D20F75A197E30B859DC83C8B4E42F260150BC7205918779D77A8C2390BE65376622F6705C38ECDF6F14B6ABAD29EDE3DE79603025BBBC39BEBC7
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset nl "&Abort" "&Afbreken". ::msgcat::mcset nl "&About..." "Over...". ::msgcat::mcset nl "All Files" "Alle Bestanden". ::msgcat::mcset nl "Application Error" "Toepassingsfout". ::msgcat::mcset nl "&Apply" "Toepassen". ::msgcat::mcset nl "Bold" "Vet". ::msgcat::mcset nl "Bold Italic" "Vet Cursief". ::msgcat::mcset nl "&Blue" "&Blauw". ::msgcat::mcset nl "Cancel" "Annuleren". ::msgcat::mcset nl "&Cancel" "&Annuleren". ::msgcat::mcset nl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan niet naar map \"%1\$s\" gaan.\nU heeft hiervoor geen toestemming.". ::msgcat::mcset nl "Choose Directory" "Kies map". ::msgcat::mcset nl "Cl&ear" "Wissen". ::msgcat::mcset nl "&Clear Console" "&Wis Console". ::msgcat::mcset nl "Color" "Kleur". ::msgcat::mcset nl "Console". ::msgcat::mcset nl "&Copy" "Kopi\u00ebren". ::msgcat::mcset nl "Cu&t" "Knippen". ::msgcat::mcset nl "&Delete" "Wissen". ::

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\pl.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4841
                            Entropy (8bit):4.754441208797498
                            Encrypted:false
                            SSDEEP:48:mYpnddv1H+BBv5vVXKjB+y7ldBU63XQ3DGHolytTzEQdWaz0ybBaKG:zpdzH+3vLKnG63XdHoMpYYaL
                            MD5:17B63EFE0A99F44D27DD41C4CC0A8A7B
                            SHA1:3E45C0102B287908D770A31D1906678E785088C2
                            SHA-256:1993B4EC2DC009D2E6CA185D0BD565D3F33A4EFA79BACA39E4F97F574D63F305
                            SHA-512:F8B9E7BC76A4ED5F948A9E505F3B1A321E322DD57CF88BEF36B6A9AF793462E45432709402151B4BB520B12B089A043CA23FF86106ED7B5C73DFBB6E233907F4
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset pl "&Abort" "&Przerwij". ::msgcat::mcset pl "&About..." "O programie...". ::msgcat::mcset pl "All Files" "Wszystkie pliki". ::msgcat::mcset pl "Application Error" "B\u0142\u0105d w programie". ::msgcat::mcset pl "&Apply" "Zastosuj". ::msgcat::mcset pl "Bold" "Pogrubienie". ::msgcat::mcset pl "Bold Italic" "Pogrubiona kursywa". ::msgcat::mcset pl "&Blue" "&Niebieski". ::msgcat::mcset pl "Cancel" "Anuluj". ::msgcat::mcset pl "&Cancel" "&Anuluj". ::msgcat::mcset pl "Cannot change to the directory \"%1\$s\".\nPermission denied." "Nie mo\u017cna otworzy\u0107 katalogu \"%1\$s\".\nOdmowa dost\u0119pu.". ::msgcat::mcset pl "Choose Directory" "Wybierz katalog". ::msgcat::mcset pl "Cl&ear" "&Wyczy\u015b\u0107". ::msgcat::mcset pl "&Clear Console" "&Wyczy\u015b\u0107 konsol\u0119". ::msgcat::mcset pl "Color" "Kolor". ::msgcat::mcset pl "Console" "Konsola". ::msgcat::mcset pl "&Copy" "&Kopiuj". ::msgcat::

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\pt.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3913
                            Entropy (8bit):4.5841256573492135
                            Encrypted:false
                            SSDEEP:48:k82mOQNHHouc2Ib2dxwj0Hpn4KeJ4iFHh29wDPK8+i92M5L:k82mOenox2x5Hp47mi3ZUMB
                            MD5:236356817E391D8871EA59667F47DA0C
                            SHA1:948EE95F4549DA8C7D412911D17B4B62CBA22ADD
                            SHA-256:AD0E466131D3789DE321D9D0588E19E4647BA82EDE41EEE6EBEF464786F8BDBE
                            SHA-512:3AB10D1980D4C1367EA0BB54E50709DF32A870E851EDE80F30F66DA4B09C1ACFFF4E77C462BD815DD67F485DDFF77FEBD09CA29D77EEE55FE8A00D115D600C32
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset pt "&Abort" "&Abortar". ::msgcat::mcset pt "About..." "Sobre ...". ::msgcat::mcset pt "All Files" "Todos os arquivos". ::msgcat::mcset pt "Application Error" "Erro de aplica\u00e7\u00e3o". ::msgcat::mcset pt "&Blue" "&Azul". ::msgcat::mcset pt "Cancel" "Cancelar". ::msgcat::mcset pt "&Cancel" "&Cancelar". ::msgcat::mcset pt "Cannot change to the directory \"%1\$s\".\nPermission denied." "N\u00e3o foi poss\u00edvel mudar para o diret\u00f3rio \"%1\$s\".\nPermiss\u00e3o negada.". ::msgcat::mcset pt "Choose Directory" "Escolha um diret\u00f3rio". ::msgcat::mcset pt "Cl&ear" "Apagar". ::msgcat::mcset pt "&Clear Console" "Apagar Console". ::msgcat::mcset pt "Color" "Cor". ::msgcat::mcset pt "Console". ::msgcat::mcset pt "&Copy" "Copiar". ::msgcat::mcset pt "Cu&t" "Recortar". ::msgcat::mcset pt "&Delete" "Excluir". ::msgcat::mcset pt "Details >>" "Detalhes >>". ::msgcat::mcset pt "Directory \"%1\$s\"

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\ru.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7214
                            Entropy (8bit):4.358559144448363
                            Encrypted:false
                            SSDEEP:96:ZUEBGTT4Ys7LT3xXkhF2xSrwFlOzFAn9E/j49cDRqRjGSQvN8Nfo5hgV9aWTRtaa:SraFGImk+4RKOGqRyRu
                            MD5:D7C27DBDF7B349BE13E09F35BA61A5F8
                            SHA1:40A52544B557F19736EA1767BFBF5708A9BBC318
                            SHA-256:C863DEBAB79F9682FD0D52D864E328E7333D03F4E9A75DBB342C30807EFDCFFB
                            SHA-512:DAF10336096B0574F060757CB6DD24049692F81B969B01BB8FA212035D955B8DA53F5ECDE3613E6AEF3C47165F075CC14363E4B854B2407EA452EAB4D4D31955
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset ru "&Abort" "&\u041e\u0442\u043c\u0435\u043d\u0438\u0442\u044c". ::msgcat::mcset ru "&About..." "\u041f\u0440\u043e...". ::msgcat::mcset ru "All Files" "\u0412\u0441\u0435 \u0444\u0430\u0439\u043b\u044b". ::msgcat::mcset ru "Application Error" "\u041e\u0448\u0438\u0431\u043a\u0430 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435". ::msgcat::mcset ru "&Blue" " &\u0413\u043e\u043b\u0443\u0431\u043e\u0439". ::msgcat::mcset ru "Cancel" "\u041e\u0442&\u043c\u0435\u043d\u0430". ::msgcat::mcset ru "&Cancel" "\u041e\u0442&\u043c\u0435\u043d\u0430". ::msgcat::mcset ru "Cannot change to the directory \"%1\$s\".\nPermission denied." \...."\u041d\u0435 \u043c\u043e\u0433\u0443 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u0432 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \"%1\$s\".\n\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430".

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\msgs\sv.msg

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3832
                            Entropy (8bit):4.609382297476727
                            Encrypted:false
                            SSDEEP:48:g4HXcfWBJdE10M4/00li6z8XIxTB2iDxypdmmZbWxOt:FXcf6H00li9IxTEbQsb7t
                            MD5:DB1712B1C1FF0E3A46F8E86FBB78AA4D
                            SHA1:28D9DB9CBEE791C09BD272D9C2A6C3DA80EB89EA
                            SHA-256:B76EBFA21BC1E937A04A04E5122BE64B5CDEE1F47C7058B71D8B923D70C3B17B
                            SHA-512:F79CD72DCD6D1B4212A5058DA5A020E8A157E72E6D84CAFB96463E76C1CED5AC367A2295EF743FDE70C9AB1CF2F4D88A4A73300DFD4F799AA3ECDA6FBF04E588
                            Malicious:false
                            Preview:namespace eval ::tk {. ::msgcat::mcset sv "&Abort" "&Avsluta". ::msgcat::mcset sv "&About..." "&Om...". ::msgcat::mcset sv "All Files" "Samtliga filer". ::msgcat::mcset sv "Application Error" "Programfel". ::msgcat::mcset sv "&Blue" "&Bl\u00e5". ::msgcat::mcset sv "Cancel" "Avbryt". ::msgcat::mcset sv "&Cancel" "&Avbryt". ::msgcat::mcset sv "Cannot change to the directory \"%1\$s\".\nPermission denied." "Kan ej n\u00e5 mappen \"%1\$s\".\nSaknar r\u00e4ttigheter.". ::msgcat::mcset sv "Choose Directory" "V\u00e4lj mapp". ::msgcat::mcset sv "Cl&ear" "&Radera". ::msgcat::mcset sv "&Clear Console" "&Radera konsollen". ::msgcat::mcset sv "Color" "F\u00e4rg". ::msgcat::mcset sv "Console" "Konsoll". ::msgcat::mcset sv "&Copy" "&Kopiera". ::msgcat::mcset sv "Cu&t" "Klipp u&t". ::msgcat::mcset sv "&Delete" "&Radera". ::msgcat::mcset sv "Details >>" "Detaljer >>". ::msgcat::mcset sv "Directory \"%1\$s\" does not exist." "Mappen \"%1\$s\" finns

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\obsolete.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5594
                            Entropy (8bit):4.9941618573215525
                            Encrypted:false
                            SSDEEP:96:oz4CrtmsXVwM3Er4VAEQ93NZB1o+IFF5ZYi4GUoLf33yLLddzA:oUCrtmsFREEs999o7FF5ZYi4GjLfS/d2
                            MD5:7763C90F811620A6C1F0A36BAF9B89CA
                            SHA1:30E24595DD683E470FE9F12814D27D6D266B511E
                            SHA-256:F6929A5E0D18BC4C6666206C63AC4AAA66EDC4B9F456DFC083300CFA95A44BCD
                            SHA-512:2E2887392C67D05EA85DB2E6BFD4AA27779BC82D3B607A7DD221A99EFF0D2A21A6BA47A4F2D2CDFC7CFECD7E93B2B38064C4D5A51406471AE142EC9CC71F5C48
                            Malicious:false
                            Preview:# obsolete.tcl --.#.# This file contains obsolete procedures that people really shouldn't.# be using anymore, but which are kept around for backward compatibility..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# The procedures below are here strictly for backward compatibility with.# Tk version 3.6 and earlier. The procedures are no longer needed, so.# they are no-ops. You should not use these procedures anymore, since.# they may be removed in some future release...proc tk_menuBar args {}.proc tk_bindForTraversal args {}..# ::tk::classic::restore --.#.# Restore the pre-8.5 (Tk classic) look as the widget defaults for classic.# Tk widgets..#.# The value following an 'option add' call is the new 8.5 value..#.namespace eval ::tk::classic {. # This may need to be adjusted for some windo

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\optMenu.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1586
                            Entropy (8bit):4.733749898743743
                            Encrypted:false
                            SSDEEP:48:k2hguC4Zxk+Z0cIWR3afbR1EIC+KtVa+6WX13jZQl9:k6T9N3atqIkeS9FQD
                            MD5:D17FE676A057F373B44C9197114F5A69
                            SHA1:9745C83EEC8565602F8D74610424848009FFA670
                            SHA-256:76DBDBF9216678D48D1640F8FD1E278E7140482E1CAC7680127A9A425CC61DEE
                            SHA-512:FF7D9EB64D4367BB11C567E64837CB1DAAA9BE0C8A498CAD00BF63AF45C1826632BC3A09E65D6F51B26EBF2D07285802813ED55C5D697460FC95AF30A943EF8F
                            Malicious:false
                            Preview:# optMenu.tcl --.#.# This file defines the procedure tk_optionMenu, which creates.# an option button and its associated menu..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_optionMenu --.# This procedure creates an option button named $w and an associated.# menu. Together they provide the functionality of Motif option menus:.# they can be used to select one of many values, and the current value.# appears in the global variable varName, as well as in the text of.# the option menubutton. The name of the menu is returned as the.# procedure's result, so that the caller can use it to change configuration.# options on the menu or otherwise manipulate it..#.# Arguments:.# w -...The name to use for the menubutton..# varName -..Global variable to hold the currently selected value..# first

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\palette.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8174
                            Entropy (8bit):4.9180898441277705
                            Encrypted:false
                            SSDEEP:192:ZUW5yUd51URCJWgWWWuWVWUKoDOdnAjLDlJymGH91QOW86vkQI:ZLXaCI3dFUlPdnAP69W89
                            MD5:ABE618A0891CD6909B945A2098C77D75
                            SHA1:A322CCFB33FF73E4A4730B5B21DE4290F9D94622
                            SHA-256:60B8579368BB3063F16D25F007385111E0EF8D97BB296B03656DC176E351E3CA
                            SHA-512:2DF5A50F3CA7D21F43651651879BCAE1433FF44B0A7ECE349CCF73BECC4780160125B21F69348C97DCD60503FC79A6525DB723962197E8550B42D0AE257FD8E7
                            Malicious:false
                            Preview:# palette.tcl --.#.# This file contains procedures that change the color palette used.# by Tk..#.# Copyright (c) 1995-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk_setPalette --.# Changes the default color scheme for a Tk application by setting.# default colors in the option database and by modifying all of the.# color options for existing widgets that have the default value..#.# Arguments:.# The arguments consist of either a single color name, which.# will be used as the new background color (all other colors will.# be computed from this) or an even number of values consisting of.# option names and values. The name for an option is the one used.# for the option database, such as activeForeground, not -activeforeground...proc ::tk_setPalette {args} {. if {[winfo depth .] == 1} {..# Just return on monochrome displays, otherwise errors will occur..return. }.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\panedwindow.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5176
                            Entropy (8bit):4.933519639131517
                            Encrypted:false
                            SSDEEP:96:PmpWHrga3awUrH6kdX3pBz6tkm71cHXYV23EmkiYlgfY8:+pWHrP36r6kJ3pBetkm6HXVUmPYlgfY8
                            MD5:2DA0A23CC9D6FD970FE00915EA39D8A2
                            SHA1:DFE3DC663C19E9A50526A513043D2393869D8F90
                            SHA-256:4ADF738B17691489C71C4B9D9A64B12961ADA8667B81856F7ADBC61DFFEADF29
                            SHA-512:B458F3D391DF9522D4E7EAE8640AF308B4209CE0D64FD490BFC0177FDE970192295C1EA7229CE36D14FC3E582C7649460B8B7B0214E0FF5629B2B430A99307D4
                            Malicious:false
                            Preview:# panedwindow.tcl --.#.# This file defines the default bindings for Tk panedwindow widgets and.# provides procedures that help in implementing those bindings...bind Panedwindow <Button-1> { ::tk::panedwindow::MarkSash %W %x %y 1 }.bind Panedwindow <Button-2> { ::tk::panedwindow::MarkSash %W %x %y 0 }..bind Panedwindow <B1-Motion> { ::tk::panedwindow::DragSash %W %x %y 1 }.bind Panedwindow <B2-Motion> { ::tk::panedwindow::DragSash %W %x %y 0 }..bind Panedwindow <ButtonRelease-1> {::tk::panedwindow::ReleaseSash %W 1}.bind Panedwindow <ButtonRelease-2> {::tk::panedwindow::ReleaseSash %W 0}..bind Panedwindow <Motion> { ::tk::panedwindow::Motion %W %x %y }..bind Panedwindow <Leave> { ::tk::panedwindow::Leave %W }..# Initialize namespace.namespace eval ::tk::panedwindow {}..# ::tk::panedwindow::MarkSash --.#.# Handle marking the correct sash for possible dragging.#.# Arguments:.# w..the widget.# x..widget local x coord.# y..widget local y coord.# proxy.whether this should be a prox

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\pkgIndex.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):363
                            Entropy (8bit):4.977735142707899
                            Encrypted:false
                            SSDEEP:6:Cjtl17nOJRVxTc6ynID/cL44ncleXNyLMQ9HECJBIQ08PbDMQ9HECJBIQem8:ot7rOJdg6LYUlVfBIUjjfBIFF
                            MD5:A6448AF2C8FAFC9A4F42EACA6BF6AB2E
                            SHA1:0B295B46B6DF906E89F40A907022068BC6219302
                            SHA-256:CD44EE7F76C37C0C522BD0CFCA41C38CDEDDC74392B2191A3AF1A63D9D18888E
                            SHA-512:5B1A8CA5B09B7281DE55460D21D5195C4EE086BEBDC35FA561001181490669FFC67D261F99EAA900467FE97E980EB733C5FFBF9D8C541EDE18992BF4A435C749
                            Malicious:false
                            Preview:if {[catch {package present Tcl 8.6.0}]} { return }.if {($::tcl_platform(platform) eq "unix") && ([info exists ::env(DISPLAY)]..|| ([info exists ::argv] && ("-display" in $::argv)))} {. package ifneeded Tk 8.6.9 [list load [file join $dir .. .. bin libtk8.6.dll] Tk].} else {. package ifneeded Tk 8.6.9 [list load [file join $dir .. .. bin tk86t.dll] Tk].}.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\safetk.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):7381
                            Entropy (8bit):4.833263771361282
                            Encrypted:false
                            SSDEEP:192:keEoaa0QfsimXZrjpgj47e5QeO9uMfUKvLAN6Zo:keEoRHsiWddgkoiUeG
                            MD5:EFC567E407C48BF2BE4E09CB18DEFC11
                            SHA1:EDEDB6776963B7D629C6ACE9440D24EB78DEA878
                            SHA-256:9708F5A1E81E1C3FEAF189020105BE28D27AA8808FF9FB2DCCA040500CF2642A
                            SHA-512:BDA5F92BD2F7B9CD29C5A732EC77A71291778A0EC3EABE81575C55DE3E207F663BA28DA4C95174045A74EFFF71B95D907C9D056BAA9E585E6F6DC14A133760BC
                            Malicious:false
                            Preview:# safetk.tcl --.#.# Support procs to use Tk in safe interpreters..#.# Copyright (c) 1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# see safetk.n for documentation..#.#.# Note: It is now ok to let untrusted code being executed.# between the creation of the interp and the actual loading.# of Tk in that interp because the C side Tk_Init will.# now look up the master interp and ask its safe::TkInit.# for the actual parameters to use for it's initialization (if allowed),.# not relying on the slave state..#..# We use opt (optional arguments parsing).package require opt 0.4.1;..namespace eval ::safe {.. # counter for safe toplevels. variable tkSafeId 0.}..#.# tkInterpInit : prepare the slave interpreter for tk loading.# most of the real job is done by loadTk.# returns the slave name (tkInterpInit does).#.proc ::safe::tkInterpIni

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\scale.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):7766
                            Entropy (8bit):4.933555104215445
                            Encrypted:false
                            SSDEEP:192:q1xTLI9LUAp8cZIQ+Umuy9vYE2dLTaQfiwHZeABypyTtB:HUN1Umn2dKuHIpCB
                            MD5:1CE32CDAEB04C75BFCEEA5FB94B8A9F0
                            SHA1:CC7614C9EADE999963EE78B422157B7B0739894C
                            SHA-256:58C662DD3D2C653786B05AA2C88831F4E971B9105E4869D866FB6186E83ED365
                            SHA-512:1EE5A187615AE32F17936931B30FEA9551F9E3022C1F45A2BCA81624404F4E68022FCF0B03FBD61820EC6958983A8F2FBFC3AD2EC158433F8E8DE9B8FCF48476
                            Malicious:false
                            Preview:# scale.tcl --.#.# This file defines the default bindings for Tk scale widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1995 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for entries..#-------------------------------------------------------------------------..# Standard Motif bindings:..bind Scale <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. tk::ScaleActivate %W %x %y.}.bind Scale <Motion> {. tk::ScaleActivate %W %x %y.}.bind Scale <Leave> {. if {$tk_strictMotif} {..%W configure -activebackground $tk::Priv(activeBg). }.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\scrlbar.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):12748
                            Entropy (8bit):5.026700023745507
                            Encrypted:false
                            SSDEEP:192:AfVS+eV9fKbBevrpQQtfJMZqSwiXEfY4yhIa7yLIVNpIgdWmD3T1gFpN:Pf4wTGOfmkSwORVqaGcV4q7kpN
                            MD5:4CBFFC4E6B3F56A5890E3F7C31C6C378
                            SHA1:75DB5205B311F55D1CA1D863B8688A628BF6012A
                            SHA-256:6BA3E2D62BD4856D7D7AE87709FCAA23D81EFC38C375C6C5D91639555A84C35D
                            SHA-512:65DF7AE09E06C200A8456748DC89095BB8417253E01EC4FDAFB28A84483147DDC77AAF6B49BE9E18A326A94972086A99044BEE3CE5CF8026337DFC6972C92C04
                            Malicious:false
                            Preview:# scrlbar.tcl --.#.# This file defines the default bindings for Tk scrollbar widgets..# It also provides procedures that help in implementing the bindings..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# The code below creates the default class bindings for scrollbars..#-------------------------------------------------------------------------..# Standard Motif bindings:.if {[tk windowingsystem] eq "x11" || [tk windowingsystem] eq "aqua"} {..bind Scrollbar <Enter> {. if {$tk_strictMotif} {..set tk::Priv(activeBg) [%W cget -activebackground]..%W configure -activebackground [%W cget -background]. }. %W activate [%W identify %x %y].}.bind Scrollbar <Motion> {. %W activate [%W identify %x %y].}..# The

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\spinbox.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):15640
                            Entropy (8bit):5.001694129885997
                            Encrypted:false
                            SSDEEP:192:aR1yvxxVRQRrclOniQ14Yvg5bbVFMio1UF9w9P75uaMY+c6RhO1ON6Ql4qRiZ0NO:MyF5XVF61iwZ75/YRhO464z8wdEt
                            MD5:9971530F110AC2FB7D7EC91789EA2364
                            SHA1:AB553213C092EF077524ED56FC37DA29404C79A7
                            SHA-256:5D6E939B44F630A29C4FCB1E2503690C453118607FF301BEF3C07FA980D5075A
                            SHA-512:81B4CEC39B03FBECA59781AA54960F0A10A09733634F401D5553E1AAA3EBF12A110C9D555946FCDD70A9CC897514663840745241AD741DC440BB081A12DCF411
                            Malicious:false
                            Preview:# spinbox.tcl --.#.# This file defines the default bindings for Tk spinbox widgets and provides.# procedures that help in implementing those bindings. The spinbox builds.# off the entry widget, so it can reuse Entry bindings and procedures..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1999-2000 Jeffrey Hobbs.# Copyright (c) 2000 Ajuba Solutions.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for example,.#...start dragging out a

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\tclIndex

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):20270
                            Entropy (8bit):4.749624735829406
                            Encrypted:false
                            SSDEEP:384:edtm3fv2ZzffGIgowSDxD7n2s7AcBnaUuFyLWFot5gzSG3k96vNTWuoJnfOvWhbk:eds3fv2ZzffGIgowSDxD7nd7AcBnahFN
                            MD5:4AD192C43972A6A4834D1D5A7C511750
                            SHA1:09CA39647AA1C14DB16014055E48A9B0237639BA
                            SHA-256:8E8ECECFD6046FE413F37A91933EEA086E31959B3FBEB127AFDD05CD9141BE9A
                            SHA-512:287FAADBC6F65FCC3EA9C1EC10B190712BB36A06D28E59F8D268EA585B4E6B13494BA111DFF6AC2EBF998578999C9C36965C714510FC21A9ACB65FF9B75097CB
                            Malicious:false
                            Preview:# Tcl autoload index file, version 2.0.# This file is generated by the "auto_mkindex" command.# and sourced to set up indexing information for one or.# more commands. Typically each line is a command that.# sets an element in the auto_index array, where the.# element name is the name of a command and the value is.# a script that loads the command...set auto_index(::tk::dialog::error::Return) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Details) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::SaveToLog) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::Destroy) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::dialog::error::bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(bgerror) [list source [file join $dir bgerror.tcl]].set auto_index(::tk::ButtonInvoke) [list source [file join $dir button.tcl]].set auto_index(::tk::ButtonAutoInvoke) [list source [file join

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\tearoff.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5142
                            Entropy (8bit):4.672280480827932
                            Encrypted:false
                            SSDEEP:96:MgPXEnPQcTtD7zxeHK7ijhgdhAhbbjymL/KK2pLQY4QYNHL43EwzS6ejW:MgPUnPtTtFeqmjhgdhIbbjymL/KKeLQW
                            MD5:214FA0731A27E33826F2303750B64784
                            SHA1:C2DA41761FB7BAE38DDDEFA22AB57B337F54F5D8
                            SHA-256:FB6B35ECB1438BB8A2D816B86FB0C55500C6EA8D24AECB359CC3C7D3B3C54DE0
                            SHA-512:2E2A2412CBB090C0728333480B0E07C85087ED932974A235D5BC8C9725DE937520205D988872E1B5BEFA1E80201E046C500BC875A5CBD584A5099930EBBD115A
                            Malicious:false
                            Preview:# tearoff.tcl --.#.# This file contains procedures that implement tear-off menus..#.# Copyright (c) 1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..# ::tk::TearoffMenu --.# Given the name of a menu, this procedure creates a torn-off menu.# that is identical to the given menu (including nested submenus)..# The new torn-off menu exists as a toplevel window managed by the.# window manager. The return value is the name of the new menu..# The window is created at the point specified by x and y.#.# Arguments:.# w -...The menu to be torn-off (duplicated)..# x -...x coordinate where window is created.# y -...y coordinate where window is created..proc ::tk::TearOffMenu {w {x 0} {y 0}} {. # Find a unique name to use for the torn-off menu. Find the first. # ancestor of w that is a toplevel but not a menu,

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\text.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):33155
                            Entropy (8bit):4.908284262811967
                            Encrypted:false
                            SSDEEP:384:ThZXGSuWlNGbyBFFRzGagUNKEFx8wredkG/gVVFaO/9bembFWaHnla98ffRiqiPp:TYaNGKF6uNdyO4Ona98ffRUAlde
                            MD5:03CC27E28E0CFCE1B003C3E936797AB0
                            SHA1:C7FE5AE7F35C86EC3724F6A111EAAF2C1A18ABE9
                            SHA-256:BCCC1039F0EB331C4BB6BD5848051BB745F242016952723478C93B009F63D254
                            SHA-512:5091B10EE8446E6853EF7060EC13AB8CADA0D6448F9081FEBD07546C061F69FC273BBF23BA7AF05D8359E618DD68A5C27F0453480FE3F26E744DB19BFCD115C7
                            Malicious:false
                            Preview:# text.tcl --.#.# This file defines the default bindings for Tk text widgets and provides.# procedures that help in implementing the bindings..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 1998 by Scriptics Corporation..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..#-------------------------------------------------------------------------.# Elements of ::tk::Priv that are used in this file:.#.# afterId -..If non-null, it means that auto-scanning is underway.#...and it gives the "after" id for the next auto-scan.#...command to be executed..# char -..Character position on the line; kept in order.#...to allow moving up or down past short lines while.#...still remembering the desired position..# mouseMoved -..Non-zero means the mouse has moved a significant.#...amount since the button went down (so, for exampl

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\tk.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:Tcl script, ASCII text
                            Category:dropped
                            Size (bytes):23142
                            Entropy (8bit):5.097142507145225
                            Encrypted:false
                            SSDEEP:384:dmAlIQ7ylH462gngqeObubqLwvoGah0QSA4jLGn3WB0MCdPAWD+g190K5TzMSW4d:dmOIQulHokh0QzMemB0MCD+g1bk+
                            MD5:3250EC5B2EFE5BBE4D3EC271F94E5359
                            SHA1:6A0FE910041C8DF4F3CDC19871813792E8CC4E4C
                            SHA-256:E1067A0668DEBB2D8E8EC3B7BC1AEC3723627649832B20333F9369F28E4DFDBF
                            SHA-512:F8E403F3D59D44333BCE2AA7917E6D8115BEC0FE5AE9A1306F215018B05056467643B7AA228154DDCED176072BC903DFB556CB2638F5C55C1285C376079E8FE3
                            Malicious:false
                            Preview:# tk.tcl --.#.# Initialization script normally executed in the interpreter for each Tk-based.# application. Arranges class bindings for widgets..#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Ajuba Solutions..#.# See the file "license.terms" for information on usage and redistribution of.# this file, and for a DISCLAIMER OF ALL WARRANTIES...# Verify that we have Tk binary and script components from the same release.package require -exact Tk 8.6.9...# Create a ::tk namespace.namespace eval ::tk {. # Set up the msgcat commands. namespace eval msgcat {..namespace export mc mcmax. if {[interp issafe] || [catch {package require msgcat}]} {. # The msgcat package is not available. Supply our own. # minimal replacement.. proc mc {src args} {. return [format $src {*}$args]. }. proc mcmax {args} {.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\tkfbox.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):38373
                            Entropy (8bit):5.143151103117394
                            Encrypted:false
                            SSDEEP:384:a6NFLvIIaE2wCpxQYt/rJTkA3NN5YAGnk1c6gHZZgkO0Z6INfdpsaUpWz8ZlhL5S:akJ2wKFXuNzClMGH87f12Vb4
                            MD5:21985684C432CB918A3E862517842F75
                            SHA1:4DBACAEEF8454C1B08993D76857C5F09AA75405A
                            SHA-256:AE448DF6FDBBA45D450ABEFEF12799F8362177B0B9FE06F3CA3CB0EDA5E6AA58
                            SHA-512:AFEA6C47001455D7E40A5A7728FA4DFAD7BB66B02191E807BB15355847F5B265DEEE6015516807B10E1273710A3D03FAAC7856CB16EFA773813105B23A11960F
                            Malicious:false
                            Preview:# tkfbox.tcl --.#.#.Implements the "TK" standard file selection dialog box. This dialog.#.box is used on the Unix platforms whenever the tk_strictMotif flag is.#.not set..#.#.The "TK" standard file selection dialog box is similar to the file.#.selection dialog box on Win95(TM). The user can navigate the.#.directories by clicking on the folder icons or by selecting the.#."Directory" option menu. The user can select files by clicking on the.#.file icons or by entering a filename in the "Filename:" entry..#.# Copyright (c) 1994-1998 Sun Microsystems, Inc..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {. namespace import -force ::tk::msgcat::*. variable showHiddenBtn 0. variable showHiddenVar 1.. # Create the images if they did not already exist.. if {![info exists ::tk::Priv(updirImage)]} {..set ::tk::Priv(updirImage)

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\altTheme.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3683
                            Entropy (8bit):4.872530668776095
                            Encrypted:false
                            SSDEEP:48:xICsIX5RupDdMrwuQb8BQEQWQEQK9FVGQJFVGDusxzUFIG0usf2kGKQH+n5dvW8m:h7oFAzfphta9DwuTa
                            MD5:8FF9D357AF3806D997BB8654E95F530C
                            SHA1:62292163299CC229031BB4EAFBE900323056561A
                            SHA-256:E36864B33D7C2B47FE26646377BE86FB341BBF2B6DF13E33BD799E87D24FC193
                            SHA-512:ECDC47E7D1F0F9C0C052ACA2EB2DE10E78B2256E8DB85D7B52F365C1074A4E24CDB1C7A2780B36DFA36F174FF87B6A31C49F61CC0AC3D2412B3915234D911C9C
                            Malicious:false
                            Preview:#.# Ttk widget set: Alternate theme.#..namespace eval ttk::theme::alt {.. variable colors. array set colors {..-frame .."#d9d9d9"..-window.."#ffffff"..-darker ."#c3c3c3"..-border.."#414141"..-activebg ."#ececec"..-disabledfg."#a3a3a3"..-selectbg."#4a6984"..-selectfg."#ffffff"..-altindicator."#aaaaaa". }.. ttk::style theme settings alt {...ttk::style configure "." \.. -background .$colors(-frame) \.. -foreground .black \.. -troughcolor.$colors(-darker) \.. -bordercolor.$colors(-border) \.. -selectbackground .$colors(-selectbg) \.. -selectforeground .$colors(-selectfg) \.. -font ..TkDefaultFont \.. ;...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)] ;..ttk::style map "." -foreground [list disabled $colors(-disabledfg)] ;. ttk::style map "." -embossed [list disabled 1] ;...ttk::style configure TButton \.. -anchor center -width -11 -padding "1 1" \.. -relief raised -shiftrelief 1 \.. -highl

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\aquaTheme.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2245
                            Entropy (8bit):4.988082031411997
                            Encrypted:false
                            SSDEEP:48:tdlBlblITKleKgNX1gPc+JFzVPb9ZLJY2ZL7X0jX4:p51gRK7F9DzrMo
                            MD5:6466DBA5F7DDB28F280A24E2397DD875
                            SHA1:060C504D08B014EB388EFAF48E3720CE5D7F0132
                            SHA-256:CBC17D1C434CACD0AB42CDCC4D62ED193F926447189AD258C13738D4EC154A80
                            SHA-512:5FAAC1C5FC868DCE8B7A9431BEAEB8117ADDE5C752306CAD7B6FA8123758F2CF37FB1CF18CAC2934F7D07B14FAFCE01581BAD0CA952BFECFCBD9E1E26FF9A64C
                            Malicious:false
                            Preview:#.# Aqua theme (OSX native look and feel).#..namespace eval ttk::theme::aqua {. ttk::style theme settings aqua {...ttk::style configure . \.. -font TkDefaultFont \.. -background systemWindowBody \.. -foreground systemModelessDialogActiveText \.. -selectbackground systemHighlight \.. -selectforeground systemModelessDialogActiveText \.. -selectborderwidth 0 \.. -insertwidth 1...ttk::style map . \.. -foreground {disabled systemModelessDialogInactiveText... background systemModelessDialogInactiveText} \.. -selectbackground {background systemHighlightSecondary... !focus systemHighlightSecondary} \.. -selectforeground {background systemModelessDialogInactiveText... !focus systemDialogActiveText}...# Workaround for #1100117:..# Actually, on Aqua we probably shouldn't stipple images in..# disabled buttons even if it did work.....ttk::style configure . -stipple {}...ttk::style configure TButton -anchor center -width -6..ttk::style configure Toolbutton -

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\button.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2978
                            Entropy (8bit):4.8919006418640265
                            Encrypted:false
                            SSDEEP:48:hpNRZ/rtWkRMC0ScGHsAEfKPi7K1MFNQ6z4Dvh8niT6CUI+SfRHThp:DNRZzse1cGH3UvKmFNQ6z2hT6CUI+4Hb
                            MD5:EA7CF40852AFD55FFDA9DB29A0E11322
                            SHA1:B7B42FAC93E250B54EB76D95048AC3132B10E6D8
                            SHA-256:391B6E333D16497C4B538A7BDB5B16EF11359B6E3B508D470C6E3703488E3B4D
                            SHA-512:123D78D6AC34AF4833D05814220757DCCF2A9AF4761FE67A8FE5F67A0D258B3C8D86ED346176FFB936AB3717CFD75B4FAB7373F7853D44FA356BE6E3A75E51B9
                            Malicious:false
                            Preview:#.# Bindings for Buttons, Checkbuttons, and Radiobuttons..#.# Notes: <Button1-Leave>, <Button1-Enter> only control the "pressed".# state; widgets remain "active" if the pointer is dragged out..# This doesn't seem to be conventional, but it's a nice way.# to provide extra feedback while the grab is active..# (If the button is released off the widget, the grab deactivates and.# we get a <Leave> event then, which turns off the "active" state).#.# Normally, <ButtonRelease> and <ButtonN-Enter/Leave> events are .# delivered to the widget which received the initial <ButtonPress>.# event. However, Tk [grab]s (#1223103) and menu interactions.# (#1222605) can interfere with this. To guard against spurious.# <Button1-Enter> events, the <Button1-Enter> binding only sets.# the pressed state if the button is currently active..#..namespace eval ttk::button {}..bind TButton <Enter> ..{ %W instate !disabled {%W state active} }.bind TButton <Leave>..{ %W state !active }.bind TButton <Key-space>.{ ttk:

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\clamTheme.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4742
                            Entropy (8bit):4.859511673200619
                            Encrypted:false
                            SSDEEP:48:9zDTlU3tCKW3PiAu4UZQsk+EBSucCtCqM368CtTU/+xgxaYgxaf/sY2+rF5usxzk:ZuHjO7uCkqM3JCNU/igxNgxor2tpuTM
                            MD5:AA2987DC061DAA998B73A1AD937EE4BB
                            SHA1:33FE9DFA76FB08B9D8D5C3554D13482D330C2DB1
                            SHA-256:4ED0ACDD29FC1FB45C6BDC9EFB2CBADE34B93C45D5DBB269A4A4A3044CF4CB7A
                            SHA-512:5A83B1FC88E42BB1DAD60D89CD5F2193E6AB59C4902A6C727E0090D1F395C2F122521FDFF250A14109EE5113D5034319199FB260129416EA962559350F217A03
                            Malicious:false
                            Preview:#.# "Clam" theme..#.# Inspired by the XFCE family of Gnome themes..#..namespace eval ttk::theme::clam {. variable colors . array set colors {..-disabledfg.."#999999"..-frame .."#dcdad5"..-window .."#ffffff"..-dark..."#cfcdc8"..-darker .."#bab5ab"..-darkest.."#9e9a91"..-lighter.."#eeebe7"..-lightest .."#ffffff"..-selectbg.."#4a6984"..-selectfg.."#ffffff"..-altindicator.."#5895bc"..-disabledaltindicator."#a0a0a0". }.. ttk::style theme settings clam {...ttk::style configure "." \.. -background $colors(-frame) \.. -foreground black \.. -bordercolor $colors(-darkest) \.. -darkcolor $colors(-dark) \.. -lightcolor $colors(-lighter) \.. -troughcolor $colors(-darker) \.. -selectbackground $colors(-selectbg) \.. -selectforeground $colors(-selectfg) \.. -selectborderwidth 0 \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -background [list disabled $colors(-frame) \.... active $colors(-lighter)] \.. -foreground [list disabled $colors(

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\classicTheme.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3828
                            Entropy (8bit):4.892728136244756
                            Encrypted:false
                            SSDEEP:48:yAJZjsTMw96Ey6kvzuVuby+x0M+x06uxjFVGQJFVGQuxzUFIGQutK2MRvD7J+iSz:yAJZ8MVJiVR+x/+xefVItuTy7Urt
                            MD5:7DBF35F3F0F9FB68626019FF94EFBCD3
                            SHA1:213F18224BF0573744836CD3BEDC83D5E443A406
                            SHA-256:30E6766E9B8292793395324E412B0F5A8888512B84B080E247F95BF6EFB11A9D
                            SHA-512:9081E5C89ECDE8337C5A52531DEF24924C0BCB3A1F0596D3B986CC59E635F67A78327ABF26209BF71A9BA370A93174298E6ABD11586382D7D70ADEA7E5CCF854
                            Malicious:false
                            Preview:#.# "classic" Tk theme..#.# Implements Tk's traditional Motif-like look and feel..#..namespace eval ttk::theme::classic {.. variable colors; array set colors {..-frame.."#d9d9d9"..-window.."#ffffff"..-activebg."#ececec"..-troughbg."#c3c3c3"..-selectbg."#c3c3c3"..-selectfg."#000000"..-disabledfg."#a3a3a3"..-indicator."#b03060"..-altindicator."#b05e5e". }.. ttk::style theme settings classic {..ttk::style configure "." \.. -font..TkDefaultFont \.. -background..$colors(-frame) \.. -foreground..black \.. -selectbackground.$colors(-selectbg) \.. -selectforeground.$colors(-selectfg) \.. -troughcolor.$colors(-troughbg) \.. -indicatorcolor.$colors(-frame) \.. -highlightcolor.$colors(-frame) \.. -highlightthickness.1 \.. -selectborderwidth.1 \.. -insertwidth.2 \.. ;...# To match pre-Xft X11 appearance, use:..#.ttk::style configure . -font {Helvetica 12 bold}...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activeb

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\combobox.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):12493
                            Entropy (8bit):5.024195855137721
                            Encrypted:false
                            SSDEEP:192:l/9k9hqpFXQN9uK5Bt3NvnIW+KYNbrulkL90t98VrQETczIT9QeSaQjJI1/P0lcx:BhllSBtVL5MmI0K
                            MD5:FBCAA6A08D9830114248F91E10D4C918
                            SHA1:FA63C94824BEBD3531086816650D3F3FA73FE434
                            SHA-256:9D80AA9701E82862467684D3DFF1A9EC5BBC2BBBA4F4F070518BBDE7E38499BB
                            SHA-512:B377C31CC9137851679CBA0560EFE4265792D1576BD781DD42C22014A7A8F3D10D9D48A1154BB88A2987197594C8B728B71FA689CE1B32928F8513796A6A0AA3
                            Malicious:false
                            Preview:#.# Combobox bindings..#.# <<NOTE-WM-TRANSIENT>>:.#.#.Need to set [wm transient] just before mapping the popdown.#.instead of when it's created, in case a containing frame.#.has been reparented [#1818441]..#.#.On Windows: setting [wm transient] prevents the parent.#.toplevel from becoming inactive when the popdown is posted.#.(Tk 8.4.8+).#.#.On X11: WM_TRANSIENT_FOR on override-redirect windows.#.may be used by compositing managers and by EWMH-aware.#.window managers (even though the older ICCCM spec says.#.it's meaningless)..#.#.On OSX: [wm transient] does utterly the wrong thing..#.Instead, we use [MacWindowStyle "help" "noActivates hideOnSuspend"]..#.The "noActivates" attribute prevents the parent toplevel.#.from deactivating when the popdown is posted, and is also.#.necessary for "help" windows to receive mouse events..#."hideOnSuspend" makes the popdown disappear (resp. reappear).#.when the parent toplevel is deactivated (resp. reactivated)..#.(see [#1814778]). Also set [wm resiz

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\cursors.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4007
                            Entropy (8bit):4.827479665184231
                            Encrypted:false
                            SSDEEP:48:xtIni2E1nmuVoLlTxG6qVXvDiPOaCkhxKLbqnJ2RLWumgMJVZlZPDjsfMh8vIviX:sn+myoLBxG3laOqJlZT3rkdSVOJm0
                            MD5:74596004DFDBF2ECF6AF9C851156415D
                            SHA1:933318C992B705BF9F8511621B4458ECB8772788
                            SHA-256:7BDFFA1C2692C5D1CF67B518F9ACB32FA4B4D9936ED076F4DB835943BC1A00D6
                            SHA-512:0D600B21DB67BF9DADBDD49559573078EFB41E473E94124AC4D2551BC10EC764846DC1F7674DAA79F8D2A8AEB4CA27A5E11C2F30EDE47E3ECEE77D60D7842262
                            Malicious:false
                            Preview:#.# Map symbolic cursor names to platform-appropriate cursors..#.# The following cursors are defined:.#.#.standard.-- default cursor for most controls.#.""..-- inherit cursor from parent window.#.none..-- no cursor.#.#.text..-- editable widgets (entry, text).#.link..-- hyperlinks within text.#.crosshair.-- graphic selection, fine control.#.busy..-- operation in progress.#.forbidden.-- action not allowed.#.#.hresize..-- horizontal resizing.#.vresize..-- vertical resizing.#.# Also resize cursors for each of the compass points,.# {nw,n,ne,w,e,sw,s,se}resize..#.# Platform notes:.#.# Windows doesn't distinguish resizing at the 8 compass points,.# only horizontal, vertical, and the two diagonals..#.# OSX doesn't have resize cursors for nw, ne, sw, or se corners..# We use the Tk-defined X11 fallbacks for these..#.# X11 doesn't have a "forbidden" cursor (usually a slashed circle);.# "pirate" seems to be the conventional cursor for this purpose..#.# Windows has an IDC_HELP cursor, but it's not

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\defaults.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4490
                            Entropy (8bit):4.888203318286333
                            Encrypted:false
                            SSDEEP:96:AMUoi/higxS4JAigxS4J/1+tDtj/9uTaf30QOdt:AMUoQhigQ42igQ4kFMY3n0t
                            MD5:0E03292F7678540CB4F3440859863B0C
                            SHA1:909849894B02F2C213BDE0FBCED8C1378EB9B81E
                            SHA-256:304FF31FC82F6086C93AAA594D83D8DA25866CE1C2AF1208F9E7585D74CA9A51
                            SHA-512:87E5D2484E5E7E3C00B319219028B012576B7D73B84A9A13ED15551C9431BF216C0B96376AE5A7070B5A391D9887E55ABF9FA4AFEE971177408B7969363D9302
                            Malicious:false
                            Preview:#.# Settings for default theme..#..namespace eval ttk::theme::default {. variable colors. array set colors {..-frame..."#d9d9d9"..-foreground.."#000000"..-window..."#ffffff"..-text .."#000000"..-activebg.."#ececec"..-selectbg.."#4a6984"..-selectfg.."#ffffff"..-darker .."#c3c3c3"..-disabledfg.."#a3a3a3"..-indicator.."#4a6984"..-disabledindicator."#a3a3a3"..-altindicator.."#9fbdd8"..-disabledaltindicator."#c0c0c0". }.. ttk::style theme settings default {...ttk::style configure "." \.. -borderwidth .1 \.. -background .$colors(-frame) \.. -foreground .$colors(-foreground) \.. -troughcolor .$colors(-darker) \.. -font ..TkDefaultFont \.. -selectborderwidth.1 \.. -selectbackground.$colors(-selectbg) \.. -selectforeground.$colors(-selectfg) \.. -insertwidth .1 \.. -indicatordiameter.10 \.. ;...ttk::style map "." -background \.. [list disabled $colors(-frame) active $colors(-activebg)]..ttk::style map "." -foreground \.. [list disabled $colo

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\entry.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):16408
                            Entropy (8bit):4.974125903666712
                            Encrypted:false
                            SSDEEP:192:hRy3ALQksU0oayTUXIQzNiQ2iEL8QmOhQVqknFoTOXyJtcC1JMuZm4FZxO252ExD:GoUXmiEyOFWiTOEtcC1q252Ezp
                            MD5:F9B29AB14304F18E32821A29233BE816
                            SHA1:6D0253274D777E081FA36CC38E51C2ABB9259D0E
                            SHA-256:62D1DF52C510A83103BADAB4F3A77ABB1AA3A0E1E21F68ECE0CECCA2CA2F1341
                            SHA-512:698DB665E29B29864F9FE65934CCA83A5092D81D5130FFD1EAC68C51327AE9EBC007A60A60E1AF37063017E448CE84A4024D4A412990A1078287B605DF344C70
                            Malicious:false
                            Preview:#.# DERIVED FROM: tk/library/entry.tcl r1.22.#.# Copyright (c) 1992-1994 The Regents of the University of California..# Copyright (c) 1994-1997 Sun Microsystems, Inc..# Copyright (c) 2004, Joe English.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES..#..namespace eval ttk {. namespace eval entry {..variable State...set State(x) 0..set State(selectMode) none..set State(anchor) 0..set State(scanX) 0..set State(scanIndex) 0..set State(scanMoved) 0...# Button-2 scan speed is (scanNum/scanDen) characters..# per pixel of mouse movement...# The standard Tk entry widget uses the equivalent of..# scanNum = 10, scanDen = average character width...# I don't know why that was chosen...#..set State(scanNum) 1..set State(scanDen) 1..set State(deadband) 3.;# #pixels for mouse-moved deadband.. }.}..### Option database settings..#.option add *TEntry.cursor [ttk::cursor text] widgetDefault..### Bindings..#.# Removed

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\fonts.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5576
                            Entropy (8bit):4.956417003071239
                            Encrypted:false
                            SSDEEP:96:Nduphbitcq1Zs/ZrBiZy227IhLkdhetOstWGbRafkeHH+4:3CheHvsbiZyDmJbRa3+4
                            MD5:7017B5C1D53F341F703322A40C76C925
                            SHA1:57540C56C92CC86F94B47830A00C29F826DEF28E
                            SHA-256:0EB518251FBE9CF0C9451CC1FEF6BB6AEE16D62DA00B0050C83566DA053F68D0
                            SHA-512:FD18976A8FBB7E59B12944C2628DBD66D463B2F7342661C8F67160DF37A393FA3C0CE7FDDA31073674B7A46E0A0A7D0A7B29EBE0D9488AFD9EF8B3A39410B5A8
                            Malicious:false
                            Preview:#.# Font specifications..#.# This file, [source]d at initialization time, sets up the following.# symbolic fonts based on the current platform:.#.# TkDefaultFont.-- default for GUI items not otherwise specified.# TkTextFont.-- font for user text (entry, listbox, others).# TkFixedFont.-- standard fixed width font.# TkHeadingFont.-- headings (column headings, etc).# TkCaptionFont -- dialog captions (primary text in alert dialogs, etc.).# TkTooltipFont.-- font to use for tooltip windows.# TkIconFont.-- font to use for icon captions.# TkMenuFont.-- used to use for menu items.#.# In Tk 8.5, some of these fonts may be provided by the TIP#145 implementation.# (On Windows and Mac OS X as of Oct 2007)..#.# +++ Platform notes:.#.# Windows:.#.The default system font changed from "MS Sans Serif" to "Tahoma".# .in Windows XP/Windows 2000..#.#.MS documentation says to use "Tahoma 8" in Windows 2000/XP,.#.although many MS programs still use "MS Sans Serif 8".#.#.Should use SystemParametersInfo() inst

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\menubutton.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4913
                            Entropy (8bit):4.841521491900473
                            Encrypted:false
                            SSDEEP:96:1reigApQy38gaQJy+3nN+PN8JdNhtOPqoK4J+wQCV7EkGxIaqc9ld9qtlWnITOZI:hfbJvnN+PN8JdNHs64J+wQCPGxtqWrqf
                            MD5:DB24841643CEBD38D5FFD1D42B42E7F4
                            SHA1:E394AF7FAF83FAD863C7B13D855FCF3705C4F1C7
                            SHA-256:81B0B7818843E293C55FF541BD95168DB51FE760941D32C7CDE9A521BB42E956
                            SHA-512:380272D003D5F90C13571952D0C73F5FCE2A22330F98F29707F3D5BFC29C99D9BF11A947CF2CA64CF7B8DF5E4AFE56FFA00F9455BB30D15611FC5C86130346BE
                            Malicious:false
                            Preview:#.# Bindings for Menubuttons..#.# Menubuttons have three interaction modes:.#.# Pulldown: Press menubutton, drag over menu, release to activate menu entry.# Popdown: Click menubutton to post menu.# Keyboard: <Key-space> or accelerator key to post menu.#.# (In addition, when menu system is active, "dropdown" -- menu posts.# on mouse-over. Ttk menubuttons don't implement this)..#.# For keyboard and popdown mode, we hand off to tk_popup and let .# the built-in Tk bindings handle the rest of the interaction..#.# ON X11:.#.# Standard Tk menubuttons use a global grab on the menubutton..# This won't work for Ttk menubuttons in pulldown mode,.# since we need to process the final <ButtonRelease> event,.# and this might be delivered to the menu. So instead we.# rely on the passive grab that occurs on <ButtonPress> events,.# and transition to popdown mode when the mouse is released.# or dragged outside the menubutton..# .# ON WINDOWS:.#.# I'm not sure what the hell is going on here. [$menu pos

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\notebook.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):5619
                            Entropy (8bit):4.937953914483602
                            Encrypted:false
                            SSDEEP:96:d4tDJf49tzG809fhQAKWCgQOK/6PF+hEi8YYFSL+3FJVCj0QlK2kfJcQIni:d4tktzwfWngQOK/6PF+hDDYFNJVCj0Q2
                            MD5:82C9DFC512E143DDA78F91436937D4DD
                            SHA1:26ABC23C1E0C201A217E3CEA7A164171418973B0
                            SHA-256:D1E5267CDE3D7BE408B4C94220F7E1833C9D452BB9BA3E194E12A5EB2F9ADB80
                            SHA-512:A9D3C04AD67E0DC3F1C12F9E21EF28A61FA84DBF710313D4CA656BDF35DFBBFBA9C268C018004C1F5614DB3A1128025D795BC14B4FFFAA5603A5313199798D04
                            Malicious:false
                            Preview:#.# Bindings for TNotebook widget.#..namespace eval ttk::notebook {. variable TLNotebooks ;# See enableTraversal.}..bind TNotebook <ButtonPress-1>..{ ttk::notebook::Press %W %x %y }.bind TNotebook <Key-Right>..{ ttk::notebook::CycleTab %W 1; break }.bind TNotebook <Key-Left>..{ ttk::notebook::CycleTab %W -1; break }.bind TNotebook <Control-Key-Tab>.{ ttk::notebook::CycleTab %W 1; break }.bind TNotebook <Control-Shift-Key-Tab>.{ ttk::notebook::CycleTab %W -1; break }.catch {.bind TNotebook <Control-ISO_Left_Tab>.{ ttk::notebook::CycleTab %W -1; break }.}.bind TNotebook <Destroy>..{ ttk::notebook::Cleanup %W }..# ActivateTab $nb $tab --.#.Select the specified tab and set focus..#.# Desired behavior:.#.+ take focus when reselecting the currently-selected tab;.#.+ keep focus if the notebook already has it;.#.+ otherwise set focus to the first traversable widget.#. in the newly-selected tab;.#.+ do not leave the focus in a deselected tab..#.proc ttk::notebook::ActivateTab {w tab} {.

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\panedwindow.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1920
                            Entropy (8bit):4.916119835701688
                            Encrypted:false
                            SSDEEP:24:kfkVpfktNZz51kfkB6fkO/cfkyk2fkI4fkI1fkxUufkYfkEtNMiyHvyPHfk9tNZ5:0ZPhMiyHvyPQZNtiisZvUriZPaa+fdl
                            MD5:A12915FA5CAF93E23518E9011200F5A4
                            SHA1:A61F665A408C10419FB81001578D99B43D048720
                            SHA-256:CE0053D637B580170938CF552B29AE890559B98EB28038C2F0A23A265DDEB273
                            SHA-512:669E1D66F1223CCA6CEB120914D5D876BD3CF401EE4A46F35825361076F19C7341695596A7DBB00D6CFF4624666FB4E7A2D8E7108C3C56A12BDA7B04E99E6F9A
                            Malicious:false
                            Preview:#.# Bindings for ttk::panedwindow widget..#..namespace eval ttk::panedwindow {. variable State. array set State {..pressed 0. .pressX.-..pressY.-..sash .-..sashPos -. }.}..## Bindings:.#.bind TPanedwindow <ButtonPress-1> .{ ttk::panedwindow::Press %W %x %y }.bind TPanedwindow <B1-Motion>..{ ttk::panedwindow::Drag %W %x %y }.bind TPanedwindow <ButtonRelease-1> .{ ttk::panedwindow::Release %W %x %y }..bind TPanedwindow <Motion> ..{ ttk::panedwindow::SetCursor %W %x %y }.bind TPanedwindow <Enter> ..{ ttk::panedwindow::SetCursor %W %x %y }.bind TPanedwindow <Leave> ..{ ttk::panedwindow::ResetCursor %W }.# See <<NOTE-PW-LEAVE-NOTIFYINFERIOR>>.bind TPanedwindow <<EnteredChild>>.{ ttk::panedwindow::ResetCursor %W }..## Sash movement:.#.proc ttk::panedwindow::Press {w x y} {. variable State.. set sash [$w identify $x $y]. if {$sash eq ""} {. .set State(pressed) 0..return. }. set State(pressed) .1. set State(pressX) .$x. set State(pressY) .$y. set State(sa

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\progress.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):1089
                            Entropy (8bit):4.7101709883442755
                            Encrypted:false
                            SSDEEP:24:o83oOUyNSiBj0oNA7h5EwIa2s0ImxamrNlUImyJDirNPpwWgJ:oMtS6j0eyEw0s02mhlU4khPp4J
                            MD5:B0074341A4BDA36BCDFF3EBCAE39EB73
                            SHA1:D070A01CC5A787249BC6DAD184B249C4DD37396A
                            SHA-256:A9C34F595E547CE94EE65E27C415195D2B210653A9FFCFB39559C5E0FA9C06F8
                            SHA-512:AF23563602886A648A42B03CC5485D84FCC094AB90B08DF5261434631B6C31CE38D83A3A60CC7820890C797F6C778D5B5EFF47671CE3EE4710AB14C6110DCC35
                            Malicious:false
                            Preview:#.# Ttk widget set: progress bar utilities..#..namespace eval ttk::progressbar {. variable Timers.;# Map: widget name -> after ID.}..# Autoincrement --.#.Periodic callback procedure for autoincrement mode.#.proc ttk::progressbar::Autoincrement {pb steptime stepsize} {. variable Timers.. if {![winfo exists $pb]} {. .# widget has been destroyed -- cancel timer..unset -nocomplain Timers($pb)..return. }.. set Timers($pb) [after $steptime \. .[list ttk::progressbar::Autoincrement $pb $steptime $stepsize] ].. $pb step $stepsize.}..# ttk::progressbar::start --.#.Start autoincrement mode. Invoked by [$pb start] widget code..#.proc ttk::progressbar::start {pb {steptime 50} {stepsize 1}} {. variable Timers. if {![info exists Timers($pb)]} {..Autoincrement $pb $steptime $stepsize. }.}..# ttk::progressbar::stop --.#.Cancel autoincrement mode. Invoked by [$pb stop] widget code..#.proc ttk::progressbar::stop {pb} {. variable Timers. if {[info exists Timers($pb

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\scale.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2698
                            Entropy (8bit):4.7624002445430955
                            Encrypted:false
                            SSDEEP:48:6Zsdayx/HZtYRqucO6wEKyRtZt0TcKVqZ4TFZkPDMiNf:Wde/5tYRquMwEKyFt0TcKVG4TrkLMwf
                            MD5:B41A9DF31924DEA36D69CB62891E8472
                            SHA1:4C2877FBB210FDBBDE52EA8B5617F68AD2DF7B93
                            SHA-256:25D0FE2B415292872EF7ACDB2DFA12D04C080B7F9B1C61F28C81AA2236180479
                            SHA-512:A50DB6DA3D40D07610629DE45F06A438C6F2846324C3891C54C99074CFB7BEED329F27918C8A85BADB22C6B64740A2053B891F8E5D129D9B0A1FF103E7137D83
                            Malicious:false
                            Preview:# scale.tcl - Copyright (C) 2004 Pat Thoyts <patthoyts@users.sourceforge.net>.#.# Bindings for the TScale widget..namespace eval ttk::scale {. variable State. array set State {..dragging 0. }.}..bind TScale <ButtonPress-1> { ttk::scale::Press %W %x %y }.bind TScale <B1-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-1> { ttk::scale::Release %W %x %y }..bind TScale <ButtonPress-2> { ttk::scale::Jump %W %x %y }.bind TScale <B2-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-2> { ttk::scale::Release %W %x %y }..bind TScale <ButtonPress-3> { ttk::scale::Jump %W %x %y }.bind TScale <B3-Motion> { ttk::scale::Drag %W %x %y }.bind TScale <ButtonRelease-3> { ttk::scale::Release %W %x %y }..## Keyboard navigation bindings:.#.bind TScale <<LineStart>> { %W set [%W cget -from] }.bind TScale <<LineEnd>> { %W set [%W cget -to] }..bind TScale <<PrevChar>> { ttk::scale::Increment %W -1 }.bind TScale <<PrevLine>> {

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\scrollbar.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):3097
                            Entropy (8bit):4.913511104649656
                            Encrypted:false
                            SSDEEP:96:OsSofRsvfH3Noo2kvrjnWG3Lcyst0Rhrdy:plcHdoorDjWEFeuTy
                            MD5:93181DBE76EF9C39849A09242D6DF8C0
                            SHA1:DE3B47AFC3E5371BF1CD0541790A9B78A97570AB
                            SHA-256:5932043286A30A3CFFB2B6CE68CCDB9172A718F32926E25D3A962AE63CAD515C
                            SHA-512:5C85284E063A5DE17F6CE432B3EF899D046A78725BD1F930229576BED1116C03A3EE0611B988E9903F47DA8F694483E5A76464450C48EB14622F6784004B8F7E
                            Malicious:false
                            Preview:#.# Bindings for TScrollbar widget.#..# Still don't have a working ttk::scrollbar under OSX -.# Swap in a [tk::scrollbar] on that platform,.# unless user specifies -class or -style..#.if {[tk windowingsystem] eq "aqua"} {. rename ::ttk::scrollbar ::ttk::_scrollbar. proc ttk::scrollbar {w args} {..set constructor ::tk::scrollbar..foreach {option _} $args {.. if {$option eq "-class" || $option eq "-style"} {...set constructor ::ttk::_scrollbar...break.. }..}..return [$constructor $w {*}$args]. }.}..namespace eval ttk::scrollbar {. variable State. # State(xPress).--. # State(yPress).-- initial position of mouse at start of drag.. # State(first).-- value of -first at start of drag..}..bind TScrollbar <ButtonPress-1> .{ ttk::scrollbar::Press %W %x %y }.bind TScrollbar <B1-Motion>..{ ttk::scrollbar::Drag %W %x %y }.bind TScrollbar <ButtonRelease-1>.{ ttk::scrollbar::Release %W %x %y }..bind TScrollbar <ButtonPress-2> .{ ttk::scrollbar::Jump %W %x %y }.bind TScrollb

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\sizegrip.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2406
                            Entropy (8bit):4.78080326075935
                            Encrypted:false
                            SSDEEP:48:KqL4LUBItZ3EZEhHR4vuRbMMie8GMW/H7vZZNQdqrYfy2nL+ZZvBb:KDYBIjHHRmiM1qvbnNQdqriyQIvB
                            MD5:3C8916A58C6EE1D61836E500A54C9321
                            SHA1:54F3F709698FAD020A048668749CB5A09EDE35AB
                            SHA-256:717D2EDD71076EA059903C7144588F8BBD8B0AFE69A55CBF23953149D6694D33
                            SHA-512:2B71569A5A96CAC1B708E894A2466B1054C3FAE5405E10799B182012141634BD2A7E9E9F516658E1A6D6E9E776E397608B581501A6CFE2EB4EC54459E9ECB267
                            Malicious:false
                            Preview:#.# Sizegrip widget bindings..#.# Dragging a sizegrip widget resizes the containing toplevel..#.# NOTE: the sizegrip widget must be in the lower right hand corner..#..switch -- [tk windowingsystem] {. x11 -. win32 {..option add *TSizegrip.cursor [ttk::cursor seresize] widgetDefault. }. aqua {. .# Aqua sizegrips use default Arrow cursor.. }.}..namespace eval ttk::sizegrip {. variable State. array set State {..pressed .0..pressX ..0..pressY ..0..width ..0..height ..0..widthInc.1..heightInc.1. resizeX 1. resizeY 1..toplevel .{}. }.}..bind TSizegrip <ButtonPress-1> ..{ ttk::sizegrip::Press.%W %X %Y }.bind TSizegrip <B1-Motion> ..{ ttk::sizegrip::Drag .%W %X %Y }.bind TSizegrip <ButtonRelease-1> .{ ttk::sizegrip::Release %W %X %Y }..proc ttk::sizegrip::Press {W X Y} {. variable State.. if {[$W instate disabled]} { return }.. set top [winfo toplevel $W].. # If the toplevel is not resizable then bail. foreach {State(resiz

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\spinbox.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4255
                            Entropy (8bit):4.9576194953603006
                            Encrypted:false
                            SSDEEP:96:17n+wMf6/ocy2nO6lz+Ni2QQ0Q3LqSFLfhrxJSS3hQb:ln+wMOxVlaNi2QQ0QbdFLfhrxJzhQb
                            MD5:86BCA3AB915C2774425B70420E499140
                            SHA1:FD4798D79EEBA9CFFABCB2548068591DB531A716
                            SHA-256:51F8A6C772648541684B48622FFE41B77871A185A8ACD11E9DEC9EC41D65D9CD
                            SHA-512:659FB7E1631ED898E3C11670A04B953EB05CECB42A3C5EFBDD1BD97A7F99061920FD5DB3915476F224BB2C72358623E1B474B0FC3FBB7FD3734487B87A388FD7
                            Malicious:false
                            Preview:#.# ttk::spinbox bindings.#..namespace eval ttk::spinbox { }..### Spinbox bindings..#.# Duplicate the Entry bindings, override if needed:.#..ttk::copyBindings TEntry TSpinbox..bind TSpinbox <Motion>...{ ttk::spinbox::Motion %W %x %y }.bind TSpinbox <ButtonPress-1> ..{ ttk::spinbox::Press %W %x %y }.bind TSpinbox <ButtonRelease-1> .{ ttk::spinbox::Release %W }.bind TSpinbox <Double-Button-1> .{ ttk::spinbox::DoubleClick %W %x %y }.bind TSpinbox <Triple-Button-1> .{} ;# disable TEntry triple-click..bind TSpinbox <KeyPress-Up>..{ event generate %W <<Increment>> }.bind TSpinbox <KeyPress-Down> ..{ event generate %W <<Decrement>> }..bind TSpinbox <<Increment>>..{ ttk::spinbox::Spin %W +1 }.bind TSpinbox <<Decrement>> ..{ ttk::spinbox::Spin %W -1 }..ttk::bindMouseWheel TSpinbox ..[list ttk::spinbox::MouseWheel %W]..## Motion --.#.Sets cursor..#.proc ttk::spinbox::Motion {w x y} {. if { [$w identify $x $y] eq "textarea". && [$w instate {!readonly !disabled}]. } {..ttk::setCurso

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\treeview.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8898
                            Entropy (8bit):4.860766938410698
                            Encrypted:false
                            SSDEEP:96:2Ou002WQZ4sNNxjKomA3xj9L/37NbbF3r3G4eeMxCSbk3TPMrngEibSB1GjwPBKf:ZWeZ5BDFK+DsXibSQUMHLCGLdE2bZ
                            MD5:46B1D0EADBCF11AC51DD14B1A215AE04
                            SHA1:339026AE9533F4C331ADF8C71799B222DDD89D4F
                            SHA-256:DB6FAA8540C322F3E314968256D8AFFF39A1E4700EC17C7EFE364241F355D80F
                            SHA-512:0FC81426857949D5AC9FE7FF3C85A1270BD35BF6E6EAF3FE7AE0DE22A0C0E5CD96D6C9471216DC1DA673FAD949CA96A3751C3D3222474D2206AA9D8A455BA12E
                            Malicious:false
                            Preview:#.# ttk::treeview widget bindings and utilities..#..namespace eval ttk::treeview {. variable State.. # Enter/Leave/Motion. #. set State(activeWidget) .{}. set State(activeHeading) .{}.. # Press/drag/release:. #. set State(pressMode) .none. set State(pressX)..0.. # For pressMode == "resize". set State(resizeColumn).#0.. # For pressmode == "heading". set State(heading) .{}.}..### Widget bindings..#..bind Treeview.<Motion> ..{ ttk::treeview::Motion %W %x %y }.bind Treeview.<B1-Leave>..{ #nothing }.bind Treeview.<Leave>...{ ttk::treeview::ActivateHeading {} {}}.bind Treeview.<ButtonPress-1> .{ ttk::treeview::Press %W %x %y }.bind Treeview.<Double-ButtonPress-1> .{ ttk::treeview::DoubleClick %W %x %y }.bind Treeview.<ButtonRelease-1> .{ ttk::treeview::Release %W %x %y }.bind Treeview.<B1-Motion> ..{ ttk::treeview::Drag %W %x %y }.bind Treeview .<KeyPress-Up> .{ ttk::treeview::Keynav %W up }.bind Treeview .<KeyPress-Down> .{ ttk::treeview::Keynav %

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\ttk.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):4546
                            Entropy (8bit):4.888987944406022
                            Encrypted:false
                            SSDEEP:96:53a25129CKELfMonw+PzpaVnNqovaq2126262R2D2q2k2j+/2FhbtpGt0vcWOQRg:53j5MoKE7JEnN7CTMDDA6Tlj+uFhbttK
                            MD5:E38B399865C45E49419C01FF2ADDCE75
                            SHA1:F8A79CBC97A32622922D4A3A5694BCCB3F19DECB
                            SHA-256:61BAA0268770F127394A006340D99CE831A1C7AD773181C0C13122F7D2C5B7F6
                            SHA-512:285F520B648F5EC70DD79190C3B456F4D6DA2053210985F9E2C84139D8D51908296E4962B336894EE30536F09FAE84B912BC2ABF44A7011620F66CC5D9F71A8C
                            Malicious:false
                            Preview:#.# Ttk widget set initialization script..#..### Source library scripts..#..namespace eval ::ttk {. variable library. if {![info exists library]} {..set library [file dirname [info script]]. }.}..source [file join $::ttk::library fonts.tcl].source [file join $::ttk::library cursors.tcl].source [file join $::ttk::library utils.tcl]..## ttk::deprecated $old $new --.#.Define $old command as a deprecated alias for $new command.#.$old and $new must be fully namespace-qualified..#.proc ttk::deprecated {old new} {. interp alias {} $old {} ttk::do'deprecate $old $new.}.## do'deprecate --.#.Implementation procedure for deprecated commands --.#.issue a warning (once), then re-alias old to new..#.proc ttk::do'deprecate {old new args} {. deprecated'warning $old $new. interp alias {} $old {} $new. uplevel 1 [linsert $args 0 $new].}..## deprecated'warning --.#.Gripe about use of deprecated commands..#.proc ttk::deprecated'warning {old new} {. puts stderr "$old deprecated -- u

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\utils.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):8562
                            Entropy (8bit):4.958950985117383
                            Encrypted:false
                            SSDEEP:192:MpEpXI4jqmW/y3gp9F+QE9PBRc+vWHJOfqW8j3ki3LDRdielRu+MXw+:6yXuwg1oPnc+epOEj31/s/5
                            MD5:65193FE52D77B8726B75FBF909EE860A
                            SHA1:991DEDD4666462DD9776FDF6C21F24D6CF794C85
                            SHA-256:C7CC9A15CFA999CF3763772729CC59F629E7E060AF67B7D783C50530B9B756E1
                            SHA-512:E43989F5F368D2E19C9A3521FB82C6C1DD9EEB91DF936A980FFC7674C8B236CB84E113908B8C9899B85430E8FC30315BDEC891071822D701C91C5978096341B7
                            Malicious:false
                            Preview:#.# Utilities for widget implementations..#..### Focus management..#.# See also: #1516479.#..## ttk::takefocus --.#.This is the default value of the "-takefocus" option.#.for ttk::* widgets that participate in keyboard navigation..#.# NOTES:.#.tk::FocusOK (called by tk_focusNext) tests [winfo viewable].#.if -takefocus is 1, empty, or missing; but not if it's a.#.script prefix, so we have to check that here as well..#.#.proc ttk::takefocus {w} {. expr {[$w instate !disabled] && [winfo viewable $w]}.}..## ttk::GuessTakeFocus --.#.This routine is called as a fallback for widgets.#.with a missing or empty -takefocus option..#.#.It implements the same heuristics as tk::FocusOK..#.proc ttk::GuessTakeFocus {w} {. # Don't traverse to widgets with '-state disabled':. #. if {![catch {$w cget -state} state] && $state eq "disabled"} {..return 0. }.. # Allow traversal to widgets with explicit key or focus bindings:. #. if {[regexp {Key|Focus} [concat [bind $w] [bind [winfo c

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\vistaTheme.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):9670
                            Entropy (8bit):4.6132627565634055
                            Encrypted:false
                            SSDEEP:192:kSsdZ6XzgE2kiSCyNPNVVSCIA5l/r5l/rW+i/CE38S7r/2JeJnpna+yfdyMq53Id:QZ6XzD2kFVeArPKJ3z7cQ0383cdd
                            MD5:ED071B9CEA98B7594A7E74593211BD38
                            SHA1:90998A1A51BCBAA3B4D72B08F5CBF19E330148D2
                            SHA-256:98180630FC1E8D7D7C1B20A5FF3352C8BD8CF259DD4EB3B829B8BD4CB8AE76A4
                            SHA-512:60C1EA45481AF5CFA3C5E579514DD3F4AC6C8D168553F374D0A3B3E1342E76CB71FA825C306233E185BED057E2B99877BAF9A5E88EBD48CF6DE171A8E7F6A230
                            Malicious:false
                            Preview:#.# Settings for Microsoft Windows Vista and Server 2008.#..# The Vista theme can only be defined on Windows Vista and above. The theme.# is created in C due to the need to assign a theme-enabled function for .# detecting when themeing is disabled. On systems that cannot support the.# Vista theme, there will be no such theme created and we must not.# evaluate this script...if {"vista" ni [ttk::style theme names]} {. return.}..namespace eval ttk::theme::vista {.. ttk::style theme settings vista {.. .ttk::style configure . \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -insertcolor SystemWindowText \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -foreground [list disabled SystemGrayText] \.. ;...ttk::style configure TButton -anchor center -padding {1 1} -width -11..ttk::style configure TRadiobutton -padding 2..ttk::style configure TCheckbutton -pa

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\winTheme.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2867
                            Entropy (8bit):4.876730704118724
                            Encrypted:false
                            SSDEEP:48:679ahSh6FPGh0Ds0IXF6yjAfSAfqFRaBgLtei42kt+5Ql/n+iOaVhttZLgtKZLtO:6UJM0uTk5tm4RX0
                            MD5:0AE8205DFBA3C9B8EEAD01AC11C965D6
                            SHA1:61E8D2E909CF46886F6EA8571D4234DD336FEFB3
                            SHA-256:93E4011CAA9F01802D6DD5E02C3104E619084799E949974DFEE5E0C94D1E3952
                            SHA-512:E4448B922CA0FB425F879988537B9DB8F8C8A5A773805607574499506FDD9DEEB9CD41660E497002F78727AFBE3BEC17D9674E99CEF4A9D66FFD9C4536AFE153
                            Malicious:false
                            Preview:#.# Settings for 'winnative' theme..#..namespace eval ttk::theme::winnative {. ttk::style theme settings winnative {...ttk::style configure "." \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -fieldbackground SystemWindow \.. -insertcolor SystemWindowText \.. -troughcolor SystemScrollbar \.. -font TkDefaultFont \.. ;...ttk::style map "." -foreground [list disabled SystemGrayText] ;. ttk::style map "." -embossed [list disabled 1] ;...ttk::style configure TButton \.. -anchor center -width -11 -relief raised -shiftrelief 1..ttk::style configure TCheckbutton -padding "2 4"..ttk::style configure TRadiobutton -padding "2 4"..ttk::style configure TMenubutton \.. -padding "8 4" -arrowsize 3 -relief raised...ttk::style map TButton -relief {{!disabled pressed} sunken}...ttk::style configure TEntry \.. -padding 2 -selectborderwidth 0 -insertwidth 1..t

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\ttk\xpTheme.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):2375
                            Entropy (8bit):4.931678702435916
                            Encrypted:false
                            SSDEEP:48:NaxYun9ahShCd/T5QNt+7aVzEmAf8Afb9AfMMB+iOaVhttZLgtKZLti:k41eTXM
                            MD5:BD892A940333C1B804DF5C4594B0A5E6
                            SHA1:4E187F09F45898749CFE7860EDEF0D5EB83D764E
                            SHA-256:196C6FEF40FB6296D7762F30058AA73273083906F72F490E69FC77F1D5589B88
                            SHA-512:8273A8F789D695601A7BC74DFA2A6BD7FE280EC528869F502A578E90B6DD1613C4BCC5B6CD0D93A5CA0E6538BE740CD370F634DA84064213E1F50B919EBF35B8
                            Malicious:false
                            Preview:#.# Settings for 'xpnative' theme.#..namespace eval ttk::theme::xpnative {.. ttk::style theme settings xpnative {...ttk::style configure . \.. -background SystemButtonFace \.. -foreground SystemWindowText \.. -selectforeground SystemHighlightText \.. -selectbackground SystemHighlight \.. -insertcolor SystemWindowText \.. -font TkDefaultFont \.. ;...ttk::style map "." \.. -foreground [list disabled SystemGrayText] \.. ;...ttk::style configure TButton -anchor center -padding {1 1} -width -11..ttk::style configure TRadiobutton -padding 2..ttk::style configure TCheckbutton -padding 2..ttk::style configure TMenubutton -padding {8 4}...ttk::style configure TNotebook -tabmargins {2 2 2 0}..ttk::style map TNotebook.Tab \.. -expand [list selected {2 2 2 2}]...# Treeview:..ttk::style configure Heading -font TkHeadingFont..ttk::style configure Treeview -background SystemWindow..ttk::style map Treeview \.. -background [list selected SystemHighlight] \.. -fore

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\unsupported.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):10252
                            Entropy (8bit):5.02143730499245
                            Encrypted:false
                            SSDEEP:192:1kMv11IDCB7PFPHGosvS6UMn8O9MGM/OTMjcrrwrt:xuMYMj+sZ
                            MD5:C832FDF24CA1F5C5E9B33FA5ECD11CAC
                            SHA1:8082FDE50C428D2511B05F529FCCF02651D5AC93
                            SHA-256:E34D828E740F151B96022934AAEC7BB8343E23D040FB54C04641888F51767EB8
                            SHA-512:58BEB05778271D4C91527B1CB23491962789D95ACCBC6C28E25D05BD3D6172AAC9A90E7741CD606C69FB8CECC29EE515DA7C7D4E6098BF67F08F18DFB7983323
                            Malicious:false
                            Preview:# unsupported.tcl --.#.# Commands provided by Tk without official support. Use them at your.# own risk. They may change or go away without notice..#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...# ----------------------------------------------------------------------.# Unsupported compatibility interface for folks accessing Tk's private.# commands and variable against recommended usage..# ----------------------------------------------------------------------..namespace eval ::tk::unsupported {.. # Map from the old global names of Tk private commands to their. # new namespace-encapsulated names... variable PrivateCommands. array set PrivateCommands {..tkButtonAutoInvoke..::tk::ButtonAutoInvoke..tkButtonDown...::tk::ButtonDown..tkButtonEnter...::tk::ButtonEnter..tkButtonInvoke...::tk::ButtonInvoke..tkButtonLeave...::tk::ButtonLeave..tkButtonUp...::tk::ButtonUp..tkCancelRepeat...::tk::Cance

                            C:\Users\user\AppData\Local\Temp\_MEI6002\tk\xmfbox.tcl

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):26075
                            Entropy (8bit):4.9212533677507535
                            Encrypted:false
                            SSDEEP:384:obPA7Xi6V2+Bec3ipnFH6HZ1KDZvRcbQ3sd1GkjDo413lK/RIV5MXrSomsjiETwM:orA3TVJc3sd1GkF3cIVf591w
                            MD5:F863B7C5680017EE9F744900CC6C3834
                            SHA1:155E6E8752F6D48EF8D32CE2228E17EE58C2768E
                            SHA-256:9C78A976BBC933863FB0E4C23EE62B26F8EB3D7F101D7D32E6768579499E43B1
                            SHA-512:34F5B51EA1A2EFCD53B51A74E7E9B69FB154E017527BBD1CB3961F1619E74BE9D49D0583D193DBA7E8A3904F6C7446F278BC7977011DCCDAEBBE42D71FA5630C
                            Malicious:false
                            Preview:# xmfbox.tcl --.#.#.Implements the "Motif" style file selection dialog for the.#.Unix platform. This implementation is used only if the.#."::tk_strictMotif" flag is set..#.# Copyright (c) 1996 Sun Microsystems, Inc..# Copyright (c) 1998-2000 Scriptics Corporation.#.# See the file "license.terms" for information on usage and redistribution.# of this file, and for a DISCLAIMER OF ALL WARRANTIES...namespace eval ::tk::dialog {}.namespace eval ::tk::dialog::file {}...# ::tk::MotifFDialog --.#.#.Implements a file dialog similar to the standard Motif file.#.selection box..#.# Arguments:.#.type.."open" or "save".#.args..Options parsed by the procedure..#.# Results:.#.When -multiple is set to 0, this returns the absolute pathname.#.of the selected file. (NOTE: This is not the same as a single.#.element list.).#.#.When -multiple is set to > 0, this returns a Tcl list of absolute.# pathnames. The argument for -multiple is ignored, but for consistency.# with Windows it defines the max

                            C:\Users\user\AppData\Local\Temp\_MEI6002\ultraddos.exe.manifest

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1497
                            Entropy (8bit):5.27362511703281
                            Encrypted:false
                            SSDEEP:24:2dt4+iNpogOMPgi0iiNK+bkgxIme7cb3jgMkb4+GE:cSFpogOSEK+bkgxImeMcn3GE
                            MD5:344FB14BBDDA6FD9A2563B496CD2A32C
                            SHA1:73125F59538DF4CA9F8C76F9994074B5863E53F1
                            SHA-256:F971155B7F3546022210116780D75AF40038AD34956F0E7960AAD8C52228296F
                            SHA-512:58801455478F85FBD60E25B125DC0F00EDCDDB779277E2E48F85C6D8CA144FCEAB2A89AFA38372B2BF212C3BA14DD441CF03FC57468BF815065850C3C5B8F07A
                            Malicious:true
                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity type="win32" name="ultraddos" processorArchitecture="amd64" version="1.0.0.0"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false"/>.. </requestedPrivileges>.. </security>.. </trustInfo>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" language="*" processorArchitecture="*" version="6.0.0.0" publicKeyToken="6595b64144ccf1df"/>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"/>.. </dependentAssembly>.. </dependency>.. <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">.. <application>.. <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>.. <supportedOS Id="{35138b9a-5d96-4fbd-8e2

                            C:\Users\user\AppData\Local\Temp\_MEI6002\unicodedata.pyd

                            Download File
                            Process:C:\Users\user\Desktop\ultraddos.exe
                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                            Category:dropped
                            Size (bytes):1121512
                            Entropy (8bit):5.373359326679334
                            Encrypted:false
                            SSDEEP:12288:bezMmuZ63N7QCb5Pfhnzr0ql8L8kkM7IRG5eeme6VZyrIBHdQLhfFE+uE1SJ:bezusZV0m88MMREtV6Vo4uYEgJ
                            MD5:87F3E3CF017614F58C89C087F63A9C95
                            SHA1:0EDC1309E514F8A147D62F7E9561172F3B195CD7
                            SHA-256:BA6606DCDF1DB16A1F0EF94C87ADF580BB816105D60CF08BC570B17312A849DA
                            SHA-512:73F00F44239B2744C37664DBF2B7DF9C178A11AA320B9437055901746036003367067F417414382977BF8379DF8738C862B69D8D36C6E6AA0B0650833052C85F
                            Malicious:false
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 0%
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N$~./J-./J-./J-.W.-./J-.ZK,./J-.ZO,./J-.ZN,./J-.ZI,./J-_ZK,./J-.DK,./J-./K-./J-_ZG,./J-_ZJ,./J-_Z.-./J-_ZH,./J-Rich./J-........PE..d...a>-a.........." .....J..........T).......................................@......s.....`.........................................p...X............ .......................0......`L..T............................L..8............`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................

                            Static File Info

                            General

                            File type:PE32+ executable (console) x86-64, for MS Windows
                            Entropy (8bit):7.994080143588319
                            TrID:
                            • Win64 Executable Console (202006/5) 92.65%
                            • Win64 Executable (generic) (12005/4) 5.51%
                            • Generic Win/DOS Executable (2004/3) 0.92%
                            • DOS Executable Generic (2002/1) 0.92%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                            File name:ultraddos.exe
                            File size:13'137'648 bytes
                            MD5:9d847ce73c7b1392348732f66790dc28
                            SHA1:1c3de96158925d938aabb6b0098f9db260895a3f
                            SHA256:5a000dfadc5854935e75024fc35aeaa461d8f9ac997730310fe19638006745ac
                            SHA512:66e5d505ac87ca9c3fe14efbd8ca3c68ae4893afc8ef53a261d4246ebe9b28129e8691800bca8df9a5416c80ac2aac1086be2e328e690848676fb87c27f3d44d
                            SSDEEP:393216:JU9lz21WCx1InEroXgfEqirRRo5tN3ZWU03xToggqiD+iU4:+C1Vx+ErUswvstN37+gqc93
                            TLSH:C5D6331AAF558CCDF1212234E370582AD078BDA90F2D69A69E78741ACE7FADD3D74340
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C(.."FX."FX."FX.IBY."FX.IEY."FX.ICYm"FX.M.X."FX.VCY."FX.VBY."FX.VEY."FX.IGY."FX."GX."FX.VBY."FX.VDY."FXRich."FX........PE..d..

                            File Icon

                            Icon Hash:ffffffd0cdbfffff

                            Static PE Info

                            General

                            Entrypoint:0x140009d04
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x140000000
                            Subsystem:windows cui
                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                            Time Stamp:0x61062589 [Sun Aug 1 04:39:37 2021 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:
                            OS Version Major:5
                            OS Version Minor:2
                            File Version Major:5
                            File Version Minor:2
                            Subsystem Version Major:5
                            Subsystem Version Minor:2
                            Import Hash:2cdcfb3a828433ba76b5b41f45519bd9

                            Entrypoint Preview

                            Instruction
                            dec eax
                            sub esp, 28h
                            call 00007F15388B8DBCh
                            dec eax
                            add esp, 28h
                            jmp 00007F15388B8737h
                            int3
                            int3
                            inc eax
                            push ebx
                            dec eax
                            sub esp, 20h
                            dec eax
                            mov ebx, ecx
                            xor ecx, ecx
                            call dword ptr [0001B3E7h]
                            dec eax
                            mov ecx, ebx
                            call dword ptr [0001B3D6h]
                            call dword ptr [0001B358h]
                            dec eax
                            mov ecx, eax
                            mov edx, C0000409h
                            dec eax
                            add esp, 20h
                            pop ebx
                            dec eax
                            jmp dword ptr [0001B3CCh]
                            dec eax
                            mov dword ptr [esp+08h], ecx
                            dec eax
                            sub esp, 38h
                            mov ecx, 00000017h
                            call dword ptr [0001B3C0h]
                            test eax, eax
                            je 00007F15388B88C9h
                            mov ecx, 00000002h
                            int 29h
                            dec eax
                            lea ecx, dword ptr [0003C2BEh]
                            call 00007F15388B8A8Eh
                            dec eax
                            mov eax, dword ptr [esp+38h]
                            dec eax
                            mov dword ptr [0003C3A5h], eax
                            dec eax
                            lea eax, dword ptr [esp+38h]
                            dec eax
                            add eax, 08h
                            dec eax
                            mov dword ptr [0003C335h], eax
                            dec eax
                            mov eax, dword ptr [0003C38Eh]
                            dec eax
                            mov dword ptr [0003C1FFh], eax
                            dec eax
                            mov eax, dword ptr [esp+40h]
                            dec eax
                            mov dword ptr [0003C303h], eax
                            mov dword ptr [0003C1D9h], C0000409h
                            mov dword ptr [0003C1D3h], 00000001h
                            mov dword ptr [0003C1DDh], 00000001h

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x359600x3c.rdata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x1b290.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x480000x1e0c.pdata
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x670000x73c.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x337e00x1c.rdata
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x338000x138.rdata
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x250000x328.rdata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x235200x23600005fa3c431f3d0f1fc815ef603750e9cFalse0.5647636925795053zlib compressed data6.469513140952825IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .rdata0x250000x1147c0x11600537c9f75e1e0a3ad952dec4473429e14False0.4949134442446043OpenPGP Public Key Version 35.726468133256132IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .data0x370000x103b80xe00e72304a9e9f9718bd2a4b7dfcb43ccdaFalse0.12081473214285714data1.650862563713066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .pdata0x480000x1e0c0x200015f095e2a81a7269bcf276c3bf00a592False0.463134765625data5.140154113071622IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            _RDATA0x4a0000xf40x2002da00c611f87ac523528ea22d612a913False0.302734375data1.9609019971855859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .rsrc0x4b0000x1b2900x1b400228a68f8192d2938fd7546699b7d735dFalse0.1781823394495413data6.250610227890807IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x670000x73c0x800aef3fe5d01c63e9b3a006bad387e1444False0.5712890625data5.233690242725189IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountryZLIB Complexity
                            RT_ICON0x4b1d80x2576PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9991657977059437
                            RT_ICON0x4d7500x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.06076245120075713
                            RT_ICON0x5df780x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m0.11750118091639113
                            RT_ICON0x621a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m0.18952282157676348
                            RT_ICON0x647480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m0.28283302063789867
                            RT_ICON0x657f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m0.5913120567375887
                            RT_GROUP_ICON0x65c580x5adata0.7555555555555555
                            RT_MANIFEST0x65cb40x5d9XML 1.0 document, ASCII text, with CRLF line terminators0.42685370741482964

                            Imports

                            DLLImport
                            KERNEL32.dllGetCommandLineW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LoadLibraryA, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, SetEndOfFile, GetProcAddress, GetModuleFileNameW, SetDllDirectoryW, GetStartupInfoW, GetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RaiseException, GetCommandLineA, ReadFile, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, GetFileAttributesExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStringTypeW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW
                            ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW

                            Network Behavior

                            No network behavior found

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:03:29:59
                            Start date:05/07/2024
                            Path:C:\Users\user\Desktop\ultraddos.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\ultraddos.exe"
                            Imagebase:0x7ff617700000
                            File size:13'137'648 bytes
                            MD5 hash:9D847CE73C7B1392348732F66790DC28
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            General

                            Target ID:1
                            Start time:03:29:59
                            Start date:05/07/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff7699e0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:2
                            Start time:03:30:06
                            Start date:05/07/2024
                            Path:C:\Users\user\Desktop\ultraddos.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\ultraddos.exe"
                            Imagebase:0x7ff617700000
                            File size:13'137'648 bytes
                            MD5 hash:9D847CE73C7B1392348732F66790DC28
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:false

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:10.8%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:12.2%
                              Total number of Nodes:2000
                              Total number of Limit Nodes:42
                              execution_graph 14302 7ff61770bfb8 14303 7ff61770bfda 14302->14303 14304 7ff61770bffd 14302->14304 14316 7ff617715850 14303->14316 14304->14303 14305 7ff61770c002 14304->14305 14315 7ff61770cbc0 EnterCriticalSection 14305->14315 14312 7ff61770bfea 14322 7ff617718cb4 GetLastError 14316->14322 14318 7ff61770bfdf 14319 7ff617715730 14318->14319 14403 7ff617715680 14319->14403 14323 7ff617718cd6 14322->14323 14324 7ff617718cdb 14322->14324 14345 7ff6177180dc 14323->14345 14328 7ff617718ce3 SetLastError 14324->14328 14349 7ff617718124 14324->14349 14328->14318 14332 7ff617718d2f 14334 7ff617718124 _invalid_parameter_noinfo 6 API calls 14332->14334 14333 7ff617718d1f 14335 7ff617718124 _invalid_parameter_noinfo 6 API calls 14333->14335 14336 7ff617718d37 14334->14336 14337 7ff617718d26 14335->14337 14338 7ff617718d3b 14336->14338 14339 7ff617718d4d 14336->14339 14361 7ff617715870 14337->14361 14341 7ff617718124 _invalid_parameter_noinfo 6 API calls 14338->14341 14366 7ff6177188e8 14339->14366 14341->14337 14371 7ff617717d0c 14345->14371 14350 7ff617717d0c try_get_function 5 API calls 14349->14350 14351 7ff617718152 14350->14351 14352 7ff61771815c 14351->14352 14353 7ff617718164 TlsSetValue 14351->14353 14352->14328 14354 7ff617717c34 14352->14354 14353->14352 14359 7ff617717c45 _invalid_parameter_noinfo 14354->14359 14355 7ff617717c96 14358 7ff617715850 _get_daylight 12 API calls 14355->14358 14356 7ff617717c7a RtlAllocateHeap 14357 7ff617717c94 14356->14357 14356->14359 14357->14332 14357->14333 14358->14357 14359->14355 14359->14356 14380 7ff61771da14 14359->14380 14362 7ff6177158a7 14361->14362 14363 7ff617715875 RtlRestoreThreadPreferredUILanguages 14361->14363 14362->14328 14363->14362 14364 7ff617715890 14363->14364 14365 7ff617715850 _get_daylight 12 API calls 14364->14365 14365->14362 14389 7ff6177187c0 14366->14389 14372 7ff617717d6d TlsGetValue 14371->14372 14378 7ff617717d68 try_get_function 14371->14378 14373 7ff617717e50 14373->14372 14375 7ff617717e5e GetProcAddress 14373->14375 14374 7ff617717d9c LoadLibraryExW 14376 7ff617717dbd GetLastError 14374->14376 14374->14378 14375->14372 14376->14378 14377 7ff617717e35 FreeLibrary 14377->14378 14378->14372 14378->14373 14378->14374 14378->14377 14379 7ff617717df7 LoadLibraryExW 14378->14379 14379->14378 14383 7ff61771da44 14380->14383 14388 7ff61771ad2c EnterCriticalSection 14383->14388 14401 7ff61771ad2c EnterCriticalSection 14389->14401 14404 7ff617718cb4 _invalid_parameter_noinfo 13 API calls 14403->14404 14405 7ff6177156a5 14404->14405 14406 7ff6177156b6 14405->14406 14411 7ff617715750 IsProcessorFeaturePresent 14405->14411 14406->14312 14412 7ff617715763 14411->14412 14415 7ff61771551c 14412->14415 14416 7ff617715556 _wfindfirst32i64 memcpy_s 14415->14416 14417 7ff61771557e RtlCaptureContext RtlLookupFunctionEntry 14416->14417 14418 7ff6177155b8 RtlVirtualUnwind 14417->14418 14419 7ff6177155ee IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14417->14419 14418->14419 14422 7ff617715640 _wfindfirst32i64 14419->14422 14423 7ff617709a80 14422->14423 14424 7ff617709a8a 14423->14424 14425 7ff617709a96 GetCurrentProcess TerminateProcess 14424->14425 14426 7ff617709d4c IsProcessorFeaturePresent 14424->14426 14427 7ff617709d64 14426->14427 14432 7ff617709f40 RtlCaptureContext 14427->14432 14433 7ff617709f5a RtlLookupFunctionEntry 14432->14433 14434 7ff617709d77 14433->14434 14435 7ff617709f70 RtlVirtualUnwind 14433->14435 14436 7ff617709d18 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14434->14436 14435->14433 14435->14434 17233 7ff6177189b8 17234 7ff6177189d2 17233->17234 17235 7ff6177189bd 17233->17235 17239 7ff6177189d8 17235->17239 17240 7ff617718a22 17239->17240 17241 7ff617718a1a 17239->17241 17242 7ff617715870 __free_lconv_num 13 API calls 17240->17242 17243 7ff617715870 __free_lconv_num 13 API calls 17241->17243 17244 7ff617718a2f 17242->17244 17243->17240 17245 7ff617715870 __free_lconv_num 13 API calls 17244->17245 17246 7ff617718a3c 17245->17246 17247 7ff617715870 __free_lconv_num 13 API calls 17246->17247 17248 7ff617718a49 17247->17248 17249 7ff617715870 __free_lconv_num 13 API calls 17248->17249 17250 7ff617718a56 17249->17250 17251 7ff617715870 __free_lconv_num 13 API calls 17250->17251 17252 7ff617718a63 17251->17252 17253 7ff617715870 __free_lconv_num 13 API calls 17252->17253 17254 7ff617718a70 17253->17254 17255 7ff617715870 __free_lconv_num 13 API calls 17254->17255 17256 7ff617718a7d 17255->17256 17257 7ff617715870 __free_lconv_num 13 API calls 17256->17257 17258 7ff617718a8d 17257->17258 17259 7ff617715870 __free_lconv_num 13 API calls 17258->17259 17260 7ff617718a9d 17259->17260 17265 7ff617718888 17260->17265 17279 7ff61771ad2c EnterCriticalSection 17265->17279 14437 7ff61770c1c8 14438 7ff61770c1fe 14437->14438 14439 7ff61770c1df 14437->14439 14449 7ff61770cbc0 EnterCriticalSection 14438->14449 14440 7ff617715850 _get_daylight 13 API calls 14439->14440 14442 7ff61770c1e4 14440->14442 14444 7ff617715730 _invalid_parameter_noinfo 30 API calls 14442->14444 14447 7ff61770c1ef 14444->14447 18186 7ff617724250 18187 7ff617724260 18186->18187 18190 7ff61770cbcc LeaveCriticalSection 18187->18190 17176 7ff617719f54 17177 7ff61771a13c 17176->17177 17179 7ff617719f97 _isindst 17176->17179 17178 7ff617715850 _get_daylight 13 API calls 17177->17178 17194 7ff61771a12e 17178->17194 17179->17177 17182 7ff61771a013 _isindst 17179->17182 17180 7ff617709a80 _wfindfirst32i64 8 API calls 17181 7ff61771a157 17180->17181 17197 7ff617720404 17182->17197 17187 7ff61771a168 17189 7ff617715750 _wfindfirst32i64 17 API calls 17187->17189 17191 7ff61771a17c 17189->17191 17194->17180 17195 7ff61771a070 17195->17194 17221 7ff617720444 17195->17221 17198 7ff617720412 17197->17198 17200 7ff61771a031 17197->17200 17228 7ff61771ad2c EnterCriticalSection 17198->17228 17203 7ff61771f800 17200->17203 17204 7ff61771f809 17203->17204 17205 7ff61771a046 17203->17205 17206 7ff617715850 _get_daylight 13 API calls 17204->17206 17205->17187 17209 7ff61771f830 17205->17209 17207 7ff61771f80e 17206->17207 17208 7ff617715730 _invalid_parameter_noinfo 30 API calls 17207->17208 17208->17205 17210 7ff61771f839 17209->17210 17214 7ff61771a057 17209->17214 17211 7ff617715850 _get_daylight 13 API calls 17210->17211 17212 7ff61771f83e 17211->17212 17213 7ff617715730 _invalid_parameter_noinfo 30 API calls 17212->17213 17213->17214 17214->17187 17215 7ff61771f860 17214->17215 17216 7ff61771f869 17215->17216 17217 7ff61771a068 17215->17217 17218 7ff617715850 _get_daylight 13 API calls 17216->17218 17217->17187 17217->17195 17219 7ff61771f86e 17218->17219 17220 7ff617715730 _invalid_parameter_noinfo 30 API calls 17219->17220 17220->17217 17229 7ff61771ad2c EnterCriticalSection 17221->17229 16630 7ff6177084e0 16631 7ff61770850e 16630->16631 16632 7ff6177084f5 16630->16632 16632->16631 16634 7ff617717cac 14 API calls 16632->16634 16633 7ff617708568 16634->16633 18207 7ff61770cb64 18208 7ff61770cb6f 18207->18208 18216 7ff617718380 18208->18216 18229 7ff61771ad2c EnterCriticalSection 18216->18229 17409 7ff6177243e6 17412 7ff61770cbcc LeaveCriticalSection 17409->17412 18238 7ff61771296c 18243 7ff61771ad2c EnterCriticalSection 18238->18243 16635 7ff617716870 16636 7ff617716899 16635->16636 16637 7ff6177168b1 16635->16637 16638 7ff617715830 _fread_nolock 13 API calls 16636->16638 16639 7ff61771692b 16637->16639 16644 7ff6177168e2 16637->16644 16640 7ff61771689e 16638->16640 16641 7ff617715830 _fread_nolock 13 API calls 16639->16641 16642 7ff617715850 _get_daylight 13 API calls 16640->16642 16643 7ff617716930 16641->16643 16647 7ff6177168a6 16642->16647 16645 7ff617715850 _get_daylight 13 API calls 16643->16645 16659 7ff6177125a0 EnterCriticalSection 16644->16659 16648 7ff617716938 16645->16648 16650 7ff617715730 _invalid_parameter_noinfo 30 API calls 16648->16650 16650->16647 18265 7ff61771bc7c 18276 7ff6177217b0 18265->18276 18278 7ff6177217db 18276->18278 18277 7ff617715870 __free_lconv_num 13 API calls 18277->18278 18278->18277 18279 7ff6177217f3 18278->18279 18280 7ff617715870 __free_lconv_num 13 API calls 18279->18280 18281 7ff61771bc85 18279->18281 18280->18279 18282 7ff61771ad2c EnterCriticalSection 18281->18282 17813 7ff617714300 17816 7ff617714284 17813->17816 17823 7ff61771ad2c EnterCriticalSection 17816->17823 14450 7ff617709b88 14471 7ff617709ff0 14450->14471 14453 7ff617709ba9 __scrt_acquire_startup_lock 14456 7ff617709ce9 14453->14456 14462 7ff617709bc7 __scrt_release_startup_lock 14453->14462 14454 7ff617709cdf 14569 7ff61770a31c IsProcessorFeaturePresent 14454->14569 14457 7ff61770a31c 7 API calls 14456->14457 14459 7ff617709cf4 14457->14459 14458 7ff617709bec 14460 7ff617709c72 14479 7ff617713ea0 14460->14479 14462->14458 14462->14460 14558 7ff61771423c 14462->14558 14464 7ff617709c77 14485 7ff617701000 14464->14485 14468 7ff617709c9b 14468->14459 14565 7ff61770a184 14468->14565 14576 7ff61770a5a8 14471->14576 14474 7ff61770a01f 14578 7ff617714900 14474->14578 14478 7ff617709ba1 14478->14453 14478->14454 14480 7ff617713eb0 14479->14480 14481 7ff617713ec5 14479->14481 14480->14481 14621 7ff617713968 14480->14621 14481->14464 14486 7ff617701011 14485->14486 14685 7ff6177063c0 14486->14685 14488 7ff617701023 14696 7ff617710a64 14488->14696 14493 7ff61770290f 14495 7ff617709a80 _wfindfirst32i64 8 API calls 14493->14495 14496 7ff617702923 14495->14496 14563 7ff61770a470 GetModuleHandleW 14496->14563 14497 7ff61770287c 14497->14493 14721 7ff6177056f0 14497->14721 14499 7ff6177028ba 14736 7ff617705c90 14499->14736 14504 7ff61770293a 14505 7ff617702955 14504->14505 14809 7ff617702740 14504->14809 14513 7ff617702995 14505->14513 14813 7ff6177068b0 14505->14813 14506 7ff617701a70 106 API calls 14509 7ff6177028f3 14506->14509 14509->14504 14511 7ff6177028f7 14509->14511 14510 7ff617702975 14514 7ff61770297a 14510->14514 14515 7ff617702988 SetDllDirectoryW 14510->14515 14803 7ff617701c70 14511->14803 14747 7ff617704c10 14513->14747 14517 7ff617701c70 77 API calls 14514->14517 14515->14513 14517->14493 14519 7ff6177029f0 14931 7ff617704b90 14519->14931 14522 7ff6177029fa 14524 7ff617702aa6 14522->14524 14532 7ff617702a03 14522->14532 14751 7ff617702550 14524->14751 14529 7ff6177029c7 14851 7ff617704430 14529->14851 14530 7ff6177029e6 14925 7ff617704710 14530->14925 14532->14493 14942 7ff6177026b0 14532->14942 14537 7ff6177029d1 14537->14530 14540 7ff6177029d5 14537->14540 14919 7ff617704aa0 14540->14919 14541 7ff6177056f0 83 API calls 14545 7ff617702ae7 14541->14545 14542 7ff617702a81 14546 7ff617704710 FreeLibrary 14542->14546 14545->14493 14772 7ff617705cd0 14545->14772 14547 7ff617702a95 14546->14547 14548 7ff617704b90 14 API calls 14547->14548 14548->14493 14559 7ff617714260 14558->14559 14560 7ff617714272 14558->14560 14559->14460 16581 7ff61771494c 14560->16581 14564 7ff61770a481 14563->14564 14564->14468 14566 7ff61770a195 14565->14566 14567 7ff617709cb2 14566->14567 14568 7ff61770b424 __scrt_initialize_crt 7 API calls 14566->14568 14567->14458 14568->14567 14570 7ff61770a342 _wfindfirst32i64 memcpy_s 14569->14570 14571 7ff61770a361 RtlCaptureContext RtlLookupFunctionEntry 14570->14571 14572 7ff61770a3c6 memcpy_s 14571->14572 14573 7ff61770a38a RtlVirtualUnwind 14571->14573 14574 7ff61770a3f8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14572->14574 14573->14572 14575 7ff61770a44a _wfindfirst32i64 14574->14575 14575->14456 14577 7ff61770a012 __scrt_dllmain_crt_thread_attach 14576->14577 14577->14474 14577->14478 14579 7ff61771d950 14578->14579 14580 7ff61770a024 14579->14580 14588 7ff617716c08 14579->14588 14580->14478 14582 7ff61770b424 14580->14582 14583 7ff61770b436 14582->14583 14584 7ff61770b42c 14582->14584 14583->14478 14600 7ff61770b6a0 14584->14600 14599 7ff61771ad2c EnterCriticalSection 14588->14599 14601 7ff61770b431 14600->14601 14602 7ff61770b6af 14600->14602 14604 7ff61770b6f8 14601->14604 14608 7ff61770b8c4 14602->14608 14605 7ff61770b723 14604->14605 14606 7ff61770b706 DeleteCriticalSection 14605->14606 14607 7ff61770b727 14605->14607 14606->14605 14607->14583 14612 7ff61770b730 14608->14612 14613 7ff61770b773 try_get_function 14612->14613 14618 7ff61770b848 TlsFree 14612->14618 14614 7ff61770b7a0 LoadLibraryExW 14613->14614 14615 7ff61770b837 GetProcAddress 14613->14615 14613->14618 14620 7ff61770b7e3 LoadLibraryExW 14613->14620 14616 7ff61770b817 14614->14616 14617 7ff61770b7c1 GetLastError 14614->14617 14615->14618 14616->14615 14619 7ff61770b82e FreeLibrary 14616->14619 14617->14613 14619->14615 14620->14613 14620->14616 14622 7ff61771397d 14621->14622 14623 7ff617713981 14621->14623 14622->14481 14631 7ff617713d04 14622->14631 14639 7ff61771cee0 GetEnvironmentStringsW 14623->14639 14626 7ff61771398e 14628 7ff617715870 __free_lconv_num 13 API calls 14626->14628 14628->14622 14630 7ff617715870 __free_lconv_num 13 API calls 14630->14626 14632 7ff617713d1f 14631->14632 14633 7ff617713d32 14631->14633 14632->14481 14633->14632 14634 7ff617717c34 _invalid_parameter_noinfo 13 API calls 14633->14634 14635 7ff617713da8 14633->14635 14636 7ff617719e98 MultiByteToWideChar _fread_nolock 14633->14636 14638 7ff617715870 __free_lconv_num 13 API calls 14633->14638 14634->14633 14637 7ff617715870 __free_lconv_num 13 API calls 14635->14637 14636->14633 14637->14632 14638->14633 14640 7ff617713986 14639->14640 14641 7ff61771cf04 14639->14641 14640->14626 14646 7ff617713ad8 14640->14646 14663 7ff617717cac 14641->14663 14643 7ff617715870 __free_lconv_num 13 API calls 14645 7ff61771cf5e FreeEnvironmentStringsW 14643->14645 14644 7ff61771cf3e memcpy_s 14644->14643 14645->14640 14647 7ff617713b00 14646->14647 14648 7ff617717c34 _invalid_parameter_noinfo 13 API calls 14647->14648 14658 7ff617713b3b 14648->14658 14649 7ff617713bb0 14650 7ff617715870 __free_lconv_num 13 API calls 14649->14650 14651 7ff61771399b 14650->14651 14651->14630 14652 7ff617717c34 _invalid_parameter_noinfo 13 API calls 14652->14658 14653 7ff617713ba1 14679 7ff617713bec 14653->14679 14657 7ff617713bd8 14660 7ff617715750 _wfindfirst32i64 17 API calls 14657->14660 14658->14649 14658->14652 14658->14653 14658->14657 14661 7ff617715870 __free_lconv_num 13 API calls 14658->14661 14670 7ff61771aebc 14658->14670 14659 7ff617715870 __free_lconv_num 13 API calls 14659->14649 14662 7ff617713bea 14660->14662 14661->14658 14664 7ff617717cf7 14663->14664 14668 7ff617717cbb _invalid_parameter_noinfo 14663->14668 14666 7ff617715850 _get_daylight 13 API calls 14664->14666 14665 7ff617717cde RtlAllocateHeap 14667 7ff617717cf5 14665->14667 14665->14668 14666->14667 14667->14644 14668->14664 14668->14665 14669 7ff61771da14 _invalid_parameter_noinfo 2 API calls 14668->14669 14669->14668 14671 7ff61771aec9 14670->14671 14673 7ff61771aed3 14670->14673 14671->14673 14677 7ff61771aeef 14671->14677 14672 7ff617715850 _get_daylight 13 API calls 14674 7ff61771aedb 14672->14674 14673->14672 14675 7ff617715730 _invalid_parameter_noinfo 30 API calls 14674->14675 14676 7ff61771aee7 14675->14676 14676->14658 14677->14676 14678 7ff617715850 _get_daylight 13 API calls 14677->14678 14678->14674 14680 7ff617713ba9 14679->14680 14681 7ff617713bf1 14679->14681 14680->14659 14682 7ff617713c1a 14681->14682 14683 7ff617715870 __free_lconv_num 13 API calls 14681->14683 14684 7ff617715870 __free_lconv_num 13 API calls 14682->14684 14683->14681 14684->14680 14688 7ff6177063df 14685->14688 14686 7ff6177063e7 14686->14488 14687 7ff617706430 WideCharToMultiByte 14687->14688 14689 7ff6177064d7 14687->14689 14688->14686 14688->14687 14688->14689 14690 7ff617706486 WideCharToMultiByte 14688->14690 15002 7ff617701cd0 14689->15002 14690->14688 14690->14689 14692 7ff617706521 14694 7ff61770c984 __vcrt_freefls 14 API calls 14692->14694 14693 7ff617706503 14693->14692 15009 7ff61770c984 14693->15009 14694->14686 14701 7ff61771a2ac 14696->14701 14697 7ff61771a32f 14698 7ff617715850 _get_daylight 13 API calls 14697->14698 14699 7ff61771a334 14698->14699 14702 7ff617715730 _invalid_parameter_noinfo 30 API calls 14699->14702 14700 7ff61771a2f0 15080 7ff61771a188 14700->15080 14701->14697 14701->14700 14704 7ff61770285c 14702->14704 14705 7ff617701b60 14704->14705 14706 7ff617701b75 14705->14706 14708 7ff617701b90 14706->14708 15088 7ff617701c30 14706->15088 14708->14493 14709 7ff617702c80 14708->14709 15109 7ff617709a10 14709->15109 14712 7ff617702cd2 15111 7ff6177069c0 14712->15111 14713 7ff617702cbb 14714 7ff617701cd0 77 API calls 14713->14714 14717 7ff617702cce 14714->14717 14719 7ff617709a80 _wfindfirst32i64 8 API calls 14717->14719 14718 7ff617701c70 77 API calls 14718->14717 14720 7ff617702d0f 14719->14720 14720->14497 14722 7ff6177056fa 14721->14722 14723 7ff6177068b0 79 API calls 14722->14723 14724 7ff61770571c GetEnvironmentVariableW 14723->14724 14725 7ff617705734 ExpandEnvironmentStringsW 14724->14725 14726 7ff617705786 14724->14726 14728 7ff6177069c0 79 API calls 14725->14728 14727 7ff617709a80 _wfindfirst32i64 8 API calls 14726->14727 14729 7ff617705798 14727->14729 14730 7ff61770575c 14728->14730 14729->14499 14730->14726 14731 7ff617705766 14730->14731 15122 7ff617714974 14731->15122 14734 7ff617709a80 _wfindfirst32i64 8 API calls 14735 7ff61770577e 14734->14735 14735->14499 14737 7ff6177068b0 79 API calls 14736->14737 14738 7ff617705ca7 SetEnvironmentVariableW 14737->14738 14739 7ff61770c984 __vcrt_freefls 14 API calls 14738->14739 14740 7ff6177028d3 14739->14740 14741 7ff617701a70 14740->14741 14742 7ff617701a80 14741->14742 14742->14742 14746 7ff617701aff 14742->14746 15138 7ff617701790 14742->15138 14746->14504 14746->14506 14748 7ff617704c25 14747->14748 14749 7ff61770299a 14748->14749 14750 7ff617701c30 77 API calls 14748->14750 14749->14519 14827 7ff6177048f0 14749->14827 14750->14749 14753 7ff617702604 14751->14753 14758 7ff6177025c3 14751->14758 14752 7ff617702643 14755 7ff617709a80 _wfindfirst32i64 8 API calls 14752->14755 14753->14752 14754 7ff617701b20 65 API calls 14753->14754 14754->14753 14756 7ff617702655 14755->14756 14756->14493 14761 7ff617705c20 14756->14761 14758->14753 15492 7ff617701430 14758->15492 15526 7ff617701df0 14758->15526 15570 7ff617701760 14758->15570 14762 7ff6177068b0 79 API calls 14761->14762 14763 7ff617705c3f 14762->14763 14764 7ff6177068b0 79 API calls 14763->14764 14765 7ff617705c4f 14764->14765 14766 7ff617712068 31 API calls 14765->14766 14767 7ff617705c5d 14766->14767 14768 7ff61770c984 __vcrt_freefls 14 API calls 14767->14768 14769 7ff617705c67 14768->14769 14770 7ff61770c984 __vcrt_freefls 14 API calls 14769->14770 14771 7ff617702adb 14770->14771 14771->14541 14773 7ff617705ce0 14772->14773 14774 7ff6177068b0 79 API calls 14773->14774 14775 7ff617705d11 14774->14775 16213 7ff617712cf8 14775->16213 14778 7ff617712cf8 16 API calls 14779 7ff617705d2a 14778->14779 14780 7ff617712cf8 16 API calls 14779->14780 14781 7ff617705d34 14780->14781 14782 7ff617712cf8 16 API calls 14781->14782 14783 7ff617705d3e GetStartupInfoW 14782->14783 14784 7ff617705d8b 14783->14784 16231 7ff6177149ec 14784->16231 14788 7ff617705d9a 14789 7ff6177149ec _fread_nolock 30 API calls 14788->14789 14790 7ff617705db1 14789->14790 14791 7ff6177128ac 30 API calls 14790->14791 14792 7ff617705db8 14791->14792 14804 7ff617701c8e 14803->14804 14805 7ff617701bb0 68 API calls 14804->14805 14806 7ff617701cac 14805->14806 14807 7ff617701d20 77 API calls 14806->14807 14808 7ff617701cbb 14807->14808 14808->14493 14810 7ff617702780 14809->14810 14812 7ff617702757 14809->14812 14810->14505 14811 7ff617701760 77 API calls 14811->14812 14812->14810 14812->14811 14814 7ff6177068d1 MultiByteToWideChar 14813->14814 14815 7ff617706957 MultiByteToWideChar 14813->14815 14816 7ff6177068f7 14814->14816 14823 7ff61770691c 14814->14823 14817 7ff61770699f 14815->14817 14818 7ff61770697a 14815->14818 14820 7ff617701cd0 77 API calls 14816->14820 14817->14510 14819 7ff617701cd0 77 API calls 14818->14819 14821 7ff61770698d 14819->14821 14822 7ff61770690a 14820->14822 14821->14510 14822->14510 14823->14815 14824 7ff617706932 14823->14824 14825 7ff617701cd0 77 API calls 14824->14825 14826 7ff617706945 14825->14826 14826->14510 14828 7ff617704914 14827->14828 14833 7ff617704941 14827->14833 14829 7ff61770493c 14828->14829 14830 7ff6177029b2 14828->14830 14831 7ff617701760 77 API calls 14828->14831 14828->14833 16250 7ff6177012a0 14829->16250 14830->14519 14838 7ff6177044a0 14830->14838 14831->14828 14833->14830 14834 7ff617704a77 14833->14834 14836 7ff617704a17 memcpy_s 14833->14836 14835 7ff617701c70 77 API calls 14834->14835 14835->14830 14836->14830 14837 7ff61770c984 __vcrt_freefls 14 API calls 14836->14837 14837->14830 14839 7ff6177044b3 memcpy_s 14838->14839 14844 7ff6177046ec 14839->14844 14847 7ff617701430 144 API calls 14839->14847 14848 7ff6177046d5 14839->14848 14850 7ff6177045f6 14839->14850 16276 7ff617701640 14839->16276 14841 7ff61770c984 __vcrt_freefls 14 API calls 14842 7ff6177046b3 14841->14842 14843 7ff617709a80 _wfindfirst32i64 8 API calls 14842->14843 14845 7ff6177029c3 14843->14845 14846 7ff617701c70 77 API calls 14844->14846 14845->14529 14845->14530 14846->14850 14847->14839 14849 7ff617701c70 77 API calls 14848->14849 14849->14850 14850->14841 16281 7ff617705eb0 14851->16281 14854 7ff617705eb0 80 API calls 14855 7ff617704455 14854->14855 14856 7ff61770447a 14855->14856 14857 7ff61770446d GetProcAddress 14855->14857 14858 7ff617701c70 77 API calls 14856->14858 14861 7ff617704d4c GetProcAddress 14857->14861 14863 7ff617704d29 14857->14863 14860 7ff617704486 14858->14860 14860->14537 14862 7ff617704d71 GetProcAddress 14861->14862 14861->14863 14862->14863 14865 7ff617704d96 GetProcAddress 14862->14865 14864 7ff617701cd0 77 API calls 14863->14864 14866 7ff617704d3c 14864->14866 14865->14863 14867 7ff617704dbe GetProcAddress 14865->14867 14866->14537 14867->14863 14868 7ff617704de6 GetProcAddress 14867->14868 14868->14863 14869 7ff617704e0e GetProcAddress 14868->14869 14870 7ff617704e2a 14869->14870 14871 7ff617704e36 GetProcAddress 14869->14871 14870->14871 14872 7ff617704e52 14871->14872 14873 7ff617704e5e GetProcAddress 14871->14873 14872->14873 14874 7ff617704e7a 14873->14874 14875 7ff617704e86 GetProcAddress 14873->14875 14874->14875 14876 7ff617704ea2 14875->14876 14877 7ff617704eae GetProcAddress 14875->14877 14876->14877 14878 7ff617704eca 14877->14878 14879 7ff617704ed6 GetProcAddress 14877->14879 14878->14879 14880 7ff617704ef2 14879->14880 14881 7ff617704efe GetProcAddress 14879->14881 14880->14881 14882 7ff617704f1a 14881->14882 14883 7ff617704f26 GetProcAddress 14881->14883 14882->14883 14884 7ff617704f42 14883->14884 14885 7ff617704f4e GetProcAddress 14883->14885 14884->14885 14886 7ff617704f6a 14885->14886 14887 7ff617704f76 GetProcAddress 14885->14887 14886->14887 14888 7ff617704f92 14887->14888 14889 7ff617704f9e GetProcAddress 14887->14889 14888->14889 14890 7ff617704fba 14889->14890 14891 7ff617704fc6 GetProcAddress 14889->14891 14890->14891 14892 7ff617704fe2 14891->14892 14893 7ff617704fee GetProcAddress 14891->14893 14892->14893 14894 7ff61770500a 14893->14894 14895 7ff617705016 GetProcAddress 14893->14895 14894->14895 14896 7ff617705032 14895->14896 14897 7ff61770503e GetProcAddress 14895->14897 14896->14897 14898 7ff61770505a 14897->14898 14899 7ff617705066 GetProcAddress 14897->14899 14898->14899 14900 7ff617705082 14899->14900 14901 7ff61770508e GetProcAddress 14899->14901 14900->14901 14902 7ff6177050aa 14901->14902 14903 7ff6177050b6 GetProcAddress 14901->14903 14902->14903 14904 7ff6177050d2 14903->14904 14905 7ff6177050de GetProcAddress 14903->14905 14904->14905 14906 7ff6177050fa 14905->14906 14907 7ff617705106 GetProcAddress 14905->14907 14906->14907 14908 7ff617705122 14907->14908 14909 7ff61770512e GetProcAddress 14907->14909 14908->14909 14910 7ff61770514a 14909->14910 14911 7ff617705156 GetProcAddress 14909->14911 14910->14911 14920 7ff617704abd 14919->14920 14921 7ff6177029e4 14920->14921 14922 7ff617701c70 77 API calls 14920->14922 14921->14522 14923 7ff617704b09 14922->14923 14924 7ff617704710 FreeLibrary 14923->14924 14924->14921 14926 7ff617704722 14925->14926 14930 7ff617704736 14925->14930 14927 7ff6177047cf 14926->14927 14926->14930 16286 7ff617705e90 FreeLibrary 14926->16286 14927->14930 16287 7ff617705e90 FreeLibrary 14927->16287 14930->14519 14932 7ff617704bf2 14931->14932 14933 7ff617704ba5 14931->14933 14932->14522 14934 7ff617704bb6 14933->14934 14935 7ff61770c984 __vcrt_freefls 14 API calls 14933->14935 14936 7ff617704bc7 14934->14936 14937 7ff61770c984 __vcrt_freefls 14 API calls 14934->14937 14935->14934 14938 7ff617704bd8 14936->14938 14939 7ff61770c984 __vcrt_freefls 14 API calls 14936->14939 14937->14936 14940 7ff61770c984 __vcrt_freefls 14 API calls 14938->14940 14939->14938 14941 7ff617704be0 14940->14941 14941->14522 14943 7ff6177026bc 14942->14943 14944 7ff6177016c0 77 API calls 14943->14944 14947 7ff6177026e0 14944->14947 14945 7ff617702721 14946 7ff617709a80 _wfindfirst32i64 8 API calls 14945->14946 14948 7ff617702731 14946->14948 14947->14945 14949 7ff617702717 14947->14949 14950 7ff617701c70 77 API calls 14947->14950 14952 7ff6177022e0 14948->14952 16288 7ff6177060e0 MultiByteToWideChar 14949->16288 14950->14949 14953 7ff6177022ed 14952->14953 16301 7ff6177039b0 14953->16301 14957 7ff617709a80 _wfindfirst32i64 8 API calls 14959 7ff617702539 14957->14959 14958 7ff617702325 14969 7ff617702382 14958->14969 16349 7ff617703780 14958->16349 14959->14542 14961 7ff617702335 14961->14969 16360 7ff6177038b0 14961->16360 14964 7ff61770238b 14967 7ff6177023a4 14964->14967 14972 7ff6177023ba 14964->14972 14965 7ff617702376 14966 7ff617701c70 77 API calls 14965->14966 14966->14969 14968 7ff617701c70 77 API calls 14967->14968 14968->14969 14969->14957 14970 7ff617701760 77 API calls 14970->14972 14971 7ff6177012a0 106 API calls 14971->14972 14972->14969 14972->14970 14972->14971 14973 7ff617702511 14972->14973 14975 7ff6177024f4 14972->14975 14977 7ff6177024dc 14972->14977 14978 7ff61770c984 __vcrt_freefls 14 API calls 14972->14978 14974 7ff617701c70 77 API calls 14973->14974 14974->14969 14976 7ff617701c70 77 API calls 14975->14976 14976->14969 14979 7ff617701c70 77 API calls 14977->14979 14978->14972 14979->14969 15015 7ff617701d20 15002->15015 15010 7ff617715870 15009->15010 15011 7ff6177158a7 15010->15011 15012 7ff617715875 RtlRestoreThreadPreferredUILanguages 15010->15012 15011->14693 15012->15011 15013 7ff617715890 15012->15013 15014 7ff617715850 _get_daylight 13 API calls 15013->15014 15014->15011 15016 7ff617701d30 15015->15016 15038 7ff6177066f0 MultiByteToWideChar 15016->15038 15018 7ff617701d90 15059 7ff617701bb0 15018->15059 15021 7ff617709a80 _wfindfirst32i64 8 API calls 15022 7ff617701cf7 GetLastError 15021->15022 15023 7ff617706270 15022->15023 15024 7ff61770627c 15023->15024 15025 7ff61770629d FormatMessageW 15024->15025 15026 7ff617706297 GetLastError 15024->15026 15027 7ff6177062d0 15025->15027 15028 7ff6177062ec WideCharToMultiByte 15025->15028 15026->15025 15029 7ff617701cd0 74 API calls 15027->15029 15030 7ff6177062e3 15028->15030 15031 7ff617706326 15028->15031 15029->15030 15033 7ff617709a80 _wfindfirst32i64 8 API calls 15030->15033 15032 7ff617701cd0 74 API calls 15031->15032 15032->15030 15034 7ff617701d04 15033->15034 15035 7ff617701c00 15034->15035 15036 7ff617701d20 77 API calls 15035->15036 15037 7ff617701c22 15036->15037 15037->14693 15039 7ff617706753 15038->15039 15040 7ff617706739 15038->15040 15042 7ff617706783 MultiByteToWideChar 15039->15042 15043 7ff617706769 15039->15043 15041 7ff617701cd0 73 API calls 15040->15041 15056 7ff61770674c 15041->15056 15045 7ff6177067c0 WideCharToMultiByte 15042->15045 15046 7ff6177067a6 15042->15046 15044 7ff617701cd0 73 API calls 15043->15044 15044->15056 15048 7ff6177067f6 15045->15048 15050 7ff6177067ed 15045->15050 15047 7ff617701cd0 73 API calls 15046->15047 15047->15056 15049 7ff61770681b WideCharToMultiByte 15048->15049 15048->15050 15049->15050 15052 7ff617706864 15049->15052 15051 7ff617701cd0 73 API calls 15050->15051 15053 7ff617706858 15051->15053 15055 7ff61770c984 __vcrt_freefls 14 API calls 15052->15055 15054 7ff61770c984 __vcrt_freefls 14 API calls 15053->15054 15054->15056 15057 7ff61770686c 15055->15057 15056->15018 15057->15056 15058 7ff61770c984 __vcrt_freefls 14 API calls 15057->15058 15058->15056 15060 7ff617701bd6 15059->15060 15063 7ff61771006c 15060->15063 15064 7ff6177100a7 15063->15064 15065 7ff617710092 15063->15065 15064->15065 15066 7ff6177100ac 15064->15066 15067 7ff617715850 _get_daylight 13 API calls 15065->15067 15072 7ff61770cce0 15066->15072 15068 7ff617710097 15067->15068 15070 7ff617715730 _invalid_parameter_noinfo 30 API calls 15068->15070 15071 7ff617701bec 15070->15071 15071->15021 15079 7ff61770cbc0 EnterCriticalSection 15072->15079 15087 7ff61770cbc0 EnterCriticalSection 15080->15087 15089 7ff617701d20 77 API calls 15088->15089 15090 7ff617701c57 15089->15090 15093 7ff61770cc34 15090->15093 15108 7ff6177125a0 EnterCriticalSection 15093->15108 15110 7ff617702c8c GetModuleFileNameW 15109->15110 15110->14712 15110->14713 15112 7ff6177069e4 WideCharToMultiByte 15111->15112 15113 7ff617706a52 WideCharToMultiByte 15111->15113 15115 7ff617706a0e 15112->15115 15119 7ff617706a25 15112->15119 15114 7ff617706a7f 15113->15114 15117 7ff617702ce5 15113->15117 15116 7ff617701cd0 77 API calls 15114->15116 15118 7ff617701cd0 77 API calls 15115->15118 15116->15117 15117->14717 15117->14718 15118->15117 15119->15113 15120 7ff617706a3b 15119->15120 15121 7ff617701cd0 77 API calls 15120->15121 15121->15117 15123 7ff61770576e 15122->15123 15124 7ff61771498b 15122->15124 15123->14734 15124->15123 15129 7ff617714a14 15124->15129 15127 7ff617715750 _wfindfirst32i64 17 API calls 15128 7ff6177149e8 15127->15128 15130 7ff617714a2b 15129->15130 15131 7ff617714a21 15129->15131 15132 7ff617715850 _get_daylight 13 API calls 15130->15132 15131->15130 15136 7ff617714a46 15131->15136 15133 7ff617714a32 15132->15133 15134 7ff617715730 _invalid_parameter_noinfo 30 API calls 15133->15134 15135 7ff6177149b8 15134->15135 15135->15123 15135->15127 15136->15135 15137 7ff617715850 _get_daylight 13 API calls 15136->15137 15137->15133 15139 7ff6177017b3 15138->15139 15154 7ff6177017c3 15138->15154 15182 7ff617702d90 15139->15182 15141 7ff6177018b0 15142 7ff61770c984 __vcrt_freefls 14 API calls 15141->15142 15143 7ff6177018be 15142->15143 15144 7ff6177018d5 15143->15144 15145 7ff6177018f2 15143->15145 15169 7ff6177018a6 15143->15169 15146 7ff617701c30 77 API calls 15144->15146 15147 7ff61770bef0 _fread_nolock 46 API calls 15145->15147 15146->15169 15152 7ff617701907 15147->15152 15148 7ff61770189e 15150 7ff61770c984 __vcrt_freefls 14 API calls 15148->15150 15149 7ff61770190d 15151 7ff617701c30 77 API calls 15149->15151 15150->15169 15151->15169 15152->15149 15155 7ff6177019a5 15152->15155 15156 7ff617701988 15152->15156 15154->15141 15154->15148 15154->15169 15192 7ff61770bef0 15154->15192 15158 7ff61770bef0 _fread_nolock 46 API calls 15155->15158 15157 7ff617701c30 77 API calls 15156->15157 15157->15169 15159 7ff6177019ba 15158->15159 15159->15149 15160 7ff6177019cc 15159->15160 15195 7ff61770bc64 15160->15195 15163 7ff6177019e4 15165 7ff617701c70 77 API calls 15163->15165 15164 7ff6177019f7 15166 7ff617701a34 15164->15166 15167 7ff617701c70 77 API calls 15164->15167 15165->15169 15168 7ff61770bbd4 64 API calls 15166->15168 15166->15169 15167->15166 15168->15169 15169->14746 15170 7ff61770bbd4 15169->15170 15171 7ff61770bc09 15170->15171 15172 7ff61770bbeb 15170->15172 15173 7ff61770bbfb 15171->15173 15491 7ff61770cbc0 EnterCriticalSection 15171->15491 15174 7ff617715850 _get_daylight 13 API calls 15172->15174 15173->14746 15176 7ff61770bbf0 15174->15176 15178 7ff617715730 _invalid_parameter_noinfo 30 API calls 15176->15178 15178->15173 15183 7ff617702d9c 15182->15183 15184 7ff6177068b0 79 API calls 15183->15184 15185 7ff617702dc7 15184->15185 15186 7ff6177068b0 79 API calls 15185->15186 15187 7ff617702dda 15186->15187 15201 7ff617711028 15187->15201 15190 7ff617709a80 _wfindfirst32i64 8 API calls 15191 7ff617702df9 15190->15191 15191->15154 15477 7ff61770bf10 15192->15477 15196 7ff61770bc6d 15195->15196 15200 7ff6177019e0 15195->15200 15197 7ff617715850 _get_daylight 13 API calls 15196->15197 15198 7ff61770bc72 15197->15198 15199 7ff617715730 _invalid_parameter_noinfo 30 API calls 15198->15199 15199->15200 15200->15163 15200->15164 15202 7ff617710f5c 15201->15202 15203 7ff617710f82 15202->15203 15206 7ff617710fb5 15202->15206 15204 7ff617715850 _get_daylight 13 API calls 15203->15204 15205 7ff617710f87 15204->15205 15207 7ff617715730 _invalid_parameter_noinfo 30 API calls 15205->15207 15208 7ff617710fc8 15206->15208 15209 7ff617710fbb 15206->15209 15210 7ff617702de9 15207->15210 15220 7ff617715a88 15208->15220 15211 7ff617715850 _get_daylight 13 API calls 15209->15211 15210->15190 15211->15210 15233 7ff61771ad2c EnterCriticalSection 15220->15233 15478 7ff61770bf08 15477->15478 15479 7ff61770bf3a 15477->15479 15478->15154 15479->15478 15480 7ff61770bf86 15479->15480 15481 7ff61770bf49 memcpy_s 15479->15481 15490 7ff61770cbc0 EnterCriticalSection 15480->15490 15484 7ff617715850 _get_daylight 13 API calls 15481->15484 15486 7ff61770bf5e 15484->15486 15488 7ff617715730 _invalid_parameter_noinfo 30 API calls 15486->15488 15488->15478 15574 7ff617705480 15492->15574 15494 7ff617701444 15495 7ff617701449 15494->15495 15583 7ff6177057a0 15494->15583 15495->14758 15498 7ff617701497 15500 7ff6177014d0 15498->15500 15502 7ff617702d90 106 API calls 15498->15502 15499 7ff617701477 15501 7ff617701c30 77 API calls 15499->15501 15505 7ff617701506 15500->15505 15506 7ff6177014e6 15500->15506 15519 7ff61770148d 15501->15519 15503 7ff6177014af 15502->15503 15503->15500 15504 7ff6177014b7 15503->15504 15507 7ff617701c70 77 API calls 15504->15507 15509 7ff617701524 15505->15509 15510 7ff61770150c 15505->15510 15508 7ff617701c30 77 API calls 15506->15508 15512 7ff6177014c6 15507->15512 15508->15512 15513 7ff617701546 15509->15513 15525 7ff617701565 15509->15525 15599 7ff617701040 15510->15599 15514 7ff617701614 15512->15514 15518 7ff61770bbd4 64 API calls 15512->15518 15516 7ff617701c30 77 API calls 15513->15516 15515 7ff61770bbd4 64 API calls 15514->15515 15515->15519 15516->15512 15517 7ff6177015c3 15520 7ff61770c984 __vcrt_freefls 14 API calls 15517->15520 15518->15514 15519->14758 15520->15512 15521 7ff61770bef0 _fread_nolock 46 API calls 15521->15525 15522 7ff6177015c5 15524 7ff617701c30 77 API calls 15522->15524 15524->15517 15525->15517 15525->15521 15525->15522 15621 7ff61770c8f8 15525->15621 15528 7ff617701e06 15526->15528 15527 7ff617702229 15528->15527 15998 7ff617702240 15528->15998 15531 7ff617701f47 15533 7ff617705480 113 API calls 15531->15533 15532 7ff617702240 55 API calls 15534 7ff617701f43 15532->15534 15535 7ff617701f4f 15533->15535 15534->15531 15536 7ff617701fb5 15534->15536 15537 7ff617701f6c 15535->15537 16004 7ff617705360 15535->16004 15538 7ff617702240 55 API calls 15536->15538 15540 7ff617701c70 77 API calls 15537->15540 15542 7ff617701f86 15537->15542 15541 7ff617701fde 15538->15541 15540->15542 15543 7ff617702038 15541->15543 15544 7ff617702240 55 API calls 15541->15544 15546 7ff617709a80 _wfindfirst32i64 8 API calls 15542->15546 15543->15537 15545 7ff617705480 113 API calls 15543->15545 15547 7ff61770200b 15544->15547 15550 7ff617702048 15545->15550 15548 7ff617701faa 15546->15548 15547->15543 15549 7ff617702240 55 API calls 15547->15549 15548->14758 15549->15543 15550->15537 15551 7ff617701b60 77 API calls 15550->15551 15552 7ff617702166 15550->15552 15556 7ff61770209f 15551->15556 15552->15537 15561 7ff61770217e 15552->15561 15553 7ff617702202 15554 7ff617701c70 77 API calls 15553->15554 15555 7ff617702161 15554->15555 15557 7ff617701b20 65 API calls 15555->15557 15556->15537 15556->15553 15560 7ff61770212c 15556->15560 15557->15537 15558 7ff617701430 144 API calls 15558->15561 15559 7ff617701760 77 API calls 15559->15561 15562 7ff617701790 106 API calls 15560->15562 15561->15542 15561->15558 15561->15559 15563 7ff6177021e4 15561->15563 15564 7ff617702143 15562->15564 15565 7ff617701c70 77 API calls 15563->15565 15564->15561 15566 7ff617702147 15564->15566 15567 7ff6177021f5 15565->15567 15568 7ff617701c30 77 API calls 15566->15568 15569 7ff617701b20 65 API calls 15567->15569 15568->15555 15569->15542 15571 7ff617701781 15570->15571 15572 7ff617701775 15570->15572 15571->14758 15573 7ff617701c70 77 API calls 15572->15573 15573->15571 15575 7ff617705492 15574->15575 15580 7ff6177054c8 15574->15580 15630 7ff6177016c0 15575->15630 15580->15494 15581 7ff617701c70 77 API calls 15582 7ff6177054bd 15581->15582 15582->15494 15584 7ff6177057b0 15583->15584 15594 7ff617705969 15584->15594 15968 7ff617710c38 15584->15968 15585 7ff617709a80 _wfindfirst32i64 8 API calls 15586 7ff61770146f 15585->15586 15586->15498 15586->15499 15588 7ff617705919 15589 7ff6177068b0 79 API calls 15588->15589 15591 7ff617705931 15589->15591 15590 7ff617705958 15592 7ff617702d90 106 API calls 15590->15592 15591->15590 15593 7ff617701c70 77 API calls 15591->15593 15592->15594 15593->15590 15594->15585 15595 7ff61770583d 15595->15588 15595->15594 15596 7ff617710c38 37 API calls 15595->15596 15597 7ff6177068b0 79 API calls 15595->15597 15598 7ff617706560 32 API calls 15595->15598 15596->15595 15597->15595 15598->15595 15600 7ff617701096 15599->15600 15601 7ff6177010c3 15600->15601 15602 7ff61770109d 15600->15602 15605 7ff6177010dd 15601->15605 15606 7ff6177010f9 15601->15606 15603 7ff617701c70 77 API calls 15602->15603 15604 7ff6177010b0 15603->15604 15604->15512 15607 7ff617701c30 77 API calls 15605->15607 15608 7ff61770110b 15606->15608 15612 7ff617701127 memcpy_s 15606->15612 15611 7ff6177010f4 15607->15611 15609 7ff617701c30 77 API calls 15608->15609 15609->15611 15610 7ff61770bef0 _fread_nolock 46 API calls 15610->15612 15613 7ff61770c984 __vcrt_freefls 14 API calls 15611->15613 15612->15610 15612->15611 15618 7ff61770c8f8 64 API calls 15612->15618 15619 7ff6177011ee 15612->15619 15620 7ff61770bc64 30 API calls 15612->15620 15614 7ff61770126e 15613->15614 15615 7ff61770c984 __vcrt_freefls 14 API calls 15614->15615 15616 7ff617701276 15615->15616 15616->15512 15617 7ff617701c70 77 API calls 15617->15611 15618->15612 15619->15617 15620->15612 15622 7ff61770c918 15621->15622 15623 7ff61770c932 15621->15623 15622->15623 15624 7ff61770c93a 15622->15624 15625 7ff61770c922 15622->15625 15623->15525 15990 7ff61770c6a8 15624->15990 15626 7ff617715850 _get_daylight 13 API calls 15625->15626 15628 7ff61770c927 15626->15628 15629 7ff617715730 _invalid_parameter_noinfo 30 API calls 15628->15629 15629->15623 15632 7ff6177016e5 15630->15632 15631 7ff617701722 15634 7ff6177054e0 15631->15634 15632->15631 15633 7ff617701c70 77 API calls 15632->15633 15633->15631 15635 7ff6177054f8 15634->15635 15636 7ff61770556b 15635->15636 15637 7ff617705518 15635->15637 15638 7ff617705570 GetTempPathW GetCurrentProcessId 15636->15638 15639 7ff6177056f0 83 API calls 15637->15639 15650 7ff61770559e 15638->15650 15640 7ff617705524 15639->15640 15711 7ff617705210 15640->15711 15646 7ff617709a80 _wfindfirst32i64 8 API calls 15649 7ff6177054ad 15646->15649 15648 7ff61770c984 __vcrt_freefls 14 API calls 15652 7ff617705554 15648->15652 15649->15580 15649->15581 15651 7ff617705646 15650->15651 15653 7ff61770c984 __vcrt_freefls 14 API calls 15650->15653 15658 7ff6177055d1 15650->15658 15690 7ff617713298 15650->15690 15693 7ff617706560 15650->15693 15655 7ff6177069c0 79 API calls 15651->15655 15652->15638 15654 7ff617705558 15652->15654 15653->15650 15656 7ff617701c70 77 API calls 15654->15656 15657 7ff617705657 15655->15657 15659 7ff617705564 15656->15659 15660 7ff61770c984 __vcrt_freefls 14 API calls 15657->15660 15662 7ff6177068b0 79 API calls 15658->15662 15689 7ff617705622 15658->15689 15659->15689 15661 7ff61770565f 15660->15661 15664 7ff6177068b0 79 API calls 15661->15664 15661->15689 15663 7ff6177055e7 15662->15663 15665 7ff6177055ec 15663->15665 15666 7ff617705629 SetEnvironmentVariableW 15663->15666 15667 7ff617705675 15664->15667 15669 7ff6177068b0 79 API calls 15665->15669 15668 7ff61770c984 __vcrt_freefls 14 API calls 15666->15668 15670 7ff6177056ad SetEnvironmentVariableW 15667->15670 15671 7ff61770567a 15667->15671 15668->15689 15672 7ff6177055fc 15669->15672 15688 7ff6177056a8 15670->15688 15673 7ff6177068b0 79 API calls 15671->15673 15676 7ff617712068 31 API calls 15672->15676 15674 7ff61770568a 15673->15674 15677 7ff617712068 31 API calls 15674->15677 15675 7ff61770c984 __vcrt_freefls 14 API calls 15675->15689 15678 7ff61770560a 15676->15678 15679 7ff617705698 15677->15679 15680 7ff61770c984 __vcrt_freefls 14 API calls 15678->15680 15681 7ff61770c984 __vcrt_freefls 14 API calls 15679->15681 15682 7ff617705612 15680->15682 15683 7ff6177056a0 15681->15683 15684 7ff61770c984 __vcrt_freefls 14 API calls 15682->15684 15686 7ff61770c984 __vcrt_freefls 14 API calls 15683->15686 15685 7ff61770561a 15684->15685 15687 7ff61770c984 __vcrt_freefls 14 API calls 15685->15687 15686->15688 15687->15689 15688->15675 15689->15646 15743 7ff617712efc 15690->15743 15694 7ff617709a10 15693->15694 15695 7ff617706570 GetCurrentProcess OpenProcessToken 15694->15695 15696 7ff617706631 15695->15696 15697 7ff6177065bb GetTokenInformation 15695->15697 15700 7ff61770c984 __vcrt_freefls 14 API calls 15696->15700 15698 7ff6177065dd GetLastError 15697->15698 15699 7ff6177065e8 15697->15699 15698->15696 15698->15699 15699->15696 15704 7ff6177065fe GetTokenInformation 15699->15704 15701 7ff617706639 15700->15701 15702 7ff617706644 CloseHandle 15701->15702 15703 7ff61770664a 15701->15703 15702->15703 15706 7ff617706673 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 15703->15706 15704->15696 15705 7ff617706624 ConvertSidToStringSidW 15704->15705 15705->15696 15707 7ff6177066a6 CreateDirectoryW 15706->15707 15708 7ff6177066b8 15706->15708 15707->15708 15709 7ff617709a80 _wfindfirst32i64 8 API calls 15708->15709 15710 7ff6177066d1 15709->15710 15710->15650 15712 7ff61770521c 15711->15712 15713 7ff6177068b0 79 API calls 15712->15713 15714 7ff61770523e 15713->15714 15715 7ff617705259 ExpandEnvironmentStringsW 15714->15715 15716 7ff617705246 15714->15716 15718 7ff61770c984 __vcrt_freefls 14 API calls 15715->15718 15717 7ff617701c70 77 API calls 15716->15717 15725 7ff617705252 15717->15725 15719 7ff617705282 15718->15719 15720 7ff617705299 15719->15720 15721 7ff617705286 15719->15721 15859 7ff617710ea8 15720->15859 15722 7ff617701c70 77 API calls 15721->15722 15722->15725 15724 7ff617709a80 _wfindfirst32i64 8 API calls 15727 7ff617705352 15724->15727 15725->15724 15727->15689 15733 7ff617712068 15727->15733 15728 7ff6177052b6 15729 7ff617701c70 77 API calls 15728->15729 15729->15725 15730 7ff61770532c CreateDirectoryW 15730->15725 15731 7ff6177052c6 memcpy_s 15731->15730 15732 7ff617705309 CreateDirectoryW 15731->15732 15732->15731 15734 7ff617712088 15733->15734 15735 7ff617712075 15733->15735 15960 7ff617711ce4 15734->15960 15736 7ff617715850 _get_daylight 13 API calls 15735->15736 15738 7ff61771207a 15736->15738 15740 7ff617715730 _invalid_parameter_noinfo 30 API calls 15738->15740 15741 7ff61770554a 15740->15741 15741->15648 15786 7ff61771bb28 15743->15786 15836 7ff61771b8a4 15786->15836 15857 7ff61771ad2c EnterCriticalSection 15836->15857 15860 7ff617710ec7 15859->15860 15861 7ff617710f30 15859->15861 15860->15861 15863 7ff617710ecc 15860->15863 15900 7ff61771a650 15861->15900 15865 7ff617710efc 15863->15865 15866 7ff617710edf 15863->15866 15864 7ff6177052ae 15864->15728 15864->15731 15881 7ff617710cdc GetFullPathNameW 15865->15881 15873 7ff617710c68 GetFullPathNameW 15866->15873 15871 7ff617710f1a 15871->15864 15872 7ff61770c984 __vcrt_freefls 14 API calls 15871->15872 15872->15864 15874 7ff617710c8e GetLastError 15873->15874 15877 7ff617710ca4 15873->15877 15875 7ff6177157e0 _fread_nolock 13 API calls 15874->15875 15876 7ff617710c9b 15875->15876 15878 7ff617715850 _get_daylight 13 API calls 15876->15878 15879 7ff617715850 _get_daylight 13 API calls 15877->15879 15880 7ff617710ca0 15877->15880 15878->15880 15879->15880 15880->15864 15882 7ff617710d13 GetLastError 15881->15882 15887 7ff617710d29 15881->15887 15883 7ff6177157e0 _fread_nolock 13 API calls 15882->15883 15884 7ff617710d20 15883->15884 15888 7ff617715850 _get_daylight 13 API calls 15884->15888 15885 7ff617710d25 15891 7ff617710dc0 15885->15891 15886 7ff617710d47 15886->15885 15890 7ff617710d80 GetFullPathNameW 15886->15890 15887->15885 15887->15886 15889 7ff61770c984 __vcrt_freefls 14 API calls 15887->15889 15888->15885 15889->15886 15890->15882 15890->15885 15894 7ff617710e39 memcpy_s 15891->15894 15895 7ff617710de9 memcpy_s 15891->15895 15892 7ff617710e22 15893 7ff617715850 _get_daylight 13 API calls 15892->15893 15899 7ff617710e27 15893->15899 15894->15871 15895->15892 15895->15894 15896 7ff617710e5b 15895->15896 15896->15894 15898 7ff617715850 _get_daylight 13 API calls 15896->15898 15897 7ff617715730 _invalid_parameter_noinfo 30 API calls 15897->15894 15898->15899 15899->15897 15903 7ff61771a468 15900->15903 15904 7ff61771a4bd 15903->15904 15905 7ff61771a494 15903->15905 15906 7ff61771a4c1 15904->15906 15907 7ff61771a4e2 15904->15907 15908 7ff617715850 _get_daylight 13 API calls 15905->15908 15934 7ff61771a5d0 15906->15934 15946 7ff617719bbc 15907->15946 15911 7ff61771a499 15908->15911 15913 7ff617715730 _invalid_parameter_noinfo 30 API calls 15911->15913 15925 7ff61771a4a4 15913->15925 15914 7ff61771a4ca 15915 7ff617715830 _fread_nolock 13 API calls 15914->15915 15917 7ff61771a4cf 15915->15917 15916 7ff61771a4e7 15919 7ff61771a58b 15916->15919 15924 7ff61771a50f 15916->15924 15920 7ff617715850 _get_daylight 13 API calls 15917->15920 15918 7ff617709a80 _wfindfirst32i64 8 API calls 15921 7ff61771a4b2 15918->15921 15919->15905 15922 7ff61771a593 15919->15922 15920->15911 15921->15864 15923 7ff617710c68 15 API calls 15922->15923 15923->15925 15926 7ff617710cdc 17 API calls 15924->15926 15925->15918 15927 7ff61771a54c 15926->15927 15928 7ff61771a550 15927->15928 15929 7ff61771a573 15927->15929 15930 7ff617710dc0 30 API calls 15928->15930 15929->15925 15931 7ff61770c984 __vcrt_freefls 14 API calls 15929->15931 15932 7ff61771a559 15930->15932 15931->15925 15932->15925 15933 7ff61770c984 __vcrt_freefls 14 API calls 15932->15933 15933->15925 15935 7ff61771a609 15934->15935 15936 7ff61771a5ea 15934->15936 15937 7ff61771a605 15935->15937 15938 7ff61771a614 GetDriveTypeW 15935->15938 15939 7ff617715830 _fread_nolock 13 API calls 15936->15939 15941 7ff617709a80 _wfindfirst32i64 8 API calls 15937->15941 15938->15937 15940 7ff61771a5ef 15939->15940 15942 7ff617715850 _get_daylight 13 API calls 15940->15942 15943 7ff61771a4c6 15941->15943 15944 7ff61771a5fa 15942->15944 15943->15914 15943->15916 15945 7ff617715730 _invalid_parameter_noinfo 30 API calls 15944->15945 15945->15937 15947 7ff61770b060 memcpy_s 15946->15947 15948 7ff617719bf2 GetCurrentDirectoryW 15947->15948 15949 7ff617719c09 15948->15949 15950 7ff617719c30 15948->15950 15952 7ff617709a80 _wfindfirst32i64 8 API calls 15949->15952 15951 7ff617717c34 _invalid_parameter_noinfo 13 API calls 15950->15951 15953 7ff617719c3f 15951->15953 15954 7ff617719c9d 15952->15954 15955 7ff617719c49 GetCurrentDirectoryW 15953->15955 15956 7ff617719c58 15953->15956 15954->15916 15955->15956 15958 7ff617719c5d 15955->15958 15957 7ff617715850 _get_daylight 13 API calls 15956->15957 15957->15958 15959 7ff617715870 __free_lconv_num 13 API calls 15958->15959 15959->15949 15967 7ff61771ad2c EnterCriticalSection 15960->15967 15969 7ff617718b38 33 API calls 15968->15969 15970 7ff617710c4d 15969->15970 15971 7ff61771a461 15970->15971 15974 7ff61771a388 15970->15974 15977 7ff617709e20 15971->15977 15975 7ff617709a80 _wfindfirst32i64 8 API calls 15974->15975 15976 7ff61771a456 15975->15976 15976->15595 15980 7ff617709e34 IsProcessorFeaturePresent 15977->15980 15981 7ff617709e4b 15980->15981 15986 7ff617709ed0 RtlCaptureContext RtlLookupFunctionEntry 15981->15986 15987 7ff617709f00 RtlVirtualUnwind 15986->15987 15988 7ff617709e5f 15986->15988 15987->15988 15989 7ff617709d18 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15988->15989 15997 7ff61770cbc0 EnterCriticalSection 15990->15997 15999 7ff617702274 15998->15999 16000 7ff6177022ab 15999->16000 16028 7ff61771095c 15999->16028 16002 7ff617709a80 _wfindfirst32i64 8 API calls 16000->16002 16003 7ff617701ef6 16002->16003 16003->15531 16003->15532 16005 7ff61770536e 16004->16005 16006 7ff617702d90 106 API calls 16005->16006 16007 7ff617705395 16006->16007 16008 7ff6177057a0 120 API calls 16007->16008 16009 7ff6177053a3 16008->16009 16010 7ff617705453 16009->16010 16011 7ff6177053bd 16009->16011 16013 7ff61770bbd4 64 API calls 16010->16013 16014 7ff61770544f 16010->16014 16187 7ff61770bc38 16011->16187 16013->16014 16015 7ff617709a80 _wfindfirst32i64 8 API calls 16014->16015 16017 7ff617705475 16015->16017 16016 7ff617705430 16018 7ff61770bbd4 64 API calls 16016->16018 16017->15537 16019 7ff617705447 16018->16019 16021 7ff61770bbd4 64 API calls 16019->16021 16020 7ff61770bef0 _fread_nolock 46 API calls 16026 7ff6177053c2 16020->16026 16021->16014 16022 7ff61770c8f8 64 API calls 16022->16026 16023 7ff61770bc64 30 API calls 16023->16026 16024 7ff6177053f9 16193 7ff6177132b4 16024->16193 16025 7ff61770bc38 30 API calls 16025->16026 16026->16016 16026->16020 16026->16022 16026->16023 16026->16024 16026->16025 16029 7ff617710979 16028->16029 16030 7ff617710985 16028->16030 16045 7ff617710280 16029->16045 16031 7ff61770d630 33 API calls 16030->16031 16033 7ff6177109ad 16031->16033 16036 7ff6177109bd 16033->16036 16069 7ff617717f34 16033->16069 16034 7ff61771097e 16034->16000 16072 7ff617710108 16036->16072 16039 7ff617710a29 16041 7ff617710280 52 API calls 16039->16041 16040 7ff617710a15 16040->16034 16042 7ff617715870 __free_lconv_num 13 API calls 16040->16042 16043 7ff617710a35 16041->16043 16042->16034 16043->16034 16044 7ff617715870 __free_lconv_num 13 API calls 16043->16044 16044->16034 16046 7ff6177102bb 16045->16046 16047 7ff61771029f 16045->16047 16046->16047 16049 7ff6177102ce CreateFileW 16046->16049 16048 7ff617715830 _fread_nolock 13 API calls 16047->16048 16050 7ff6177102a4 16048->16050 16051 7ff617710348 16049->16051 16052 7ff617710301 16049->16052 16054 7ff617715850 _get_daylight 13 API calls 16050->16054 16120 7ff617710850 16051->16120 16094 7ff6177103cc GetFileType 16052->16094 16057 7ff6177102ab 16054->16057 16061 7ff617715730 _invalid_parameter_noinfo 30 API calls 16057->16061 16058 7ff61771030f 16063 7ff6177102b6 16058->16063 16065 7ff61771032a CloseHandle 16058->16065 16059 7ff61771035d 16143 7ff61771060c 16059->16143 16060 7ff617710351 16062 7ff6177157e0 _fread_nolock 13 API calls 16060->16062 16061->16063 16068 7ff61771035b 16062->16068 16063->16034 16065->16063 16068->16058 16070 7ff617717d0c try_get_function 5 API calls 16069->16070 16071 7ff617717f54 16070->16071 16071->16036 16073 7ff617710131 16072->16073 16074 7ff617710153 16072->16074 16078 7ff617715870 __free_lconv_num 13 API calls 16073->16078 16084 7ff61771013f 16073->16084 16075 7ff617710157 16074->16075 16076 7ff6177101ac 16074->16076 16079 7ff61771016b 16075->16079 16080 7ff617715870 __free_lconv_num 13 API calls 16075->16080 16075->16084 16184 7ff617719e98 16076->16184 16078->16084 16081 7ff617717cac _fread_nolock 14 API calls 16079->16081 16080->16079 16081->16084 16084->16039 16084->16040 16095 7ff6177104d7 16094->16095 16096 7ff61771041a 16094->16096 16098 7ff6177104df 16095->16098 16099 7ff617710501 16095->16099 16097 7ff617710446 GetFileInformationByHandle 16096->16097 16101 7ff617710748 23 API calls 16096->16101 16102 7ff61771046f 16097->16102 16103 7ff6177104f2 GetLastError 16097->16103 16098->16103 16104 7ff6177104e3 16098->16104 16100 7ff617710524 PeekNamedPipe 16099->16100 16118 7ff6177104c2 16099->16118 16100->16118 16109 7ff617710434 16101->16109 16105 7ff61771060c 34 API calls 16102->16105 16107 7ff6177157e0 _fread_nolock 13 API calls 16103->16107 16106 7ff617715850 _get_daylight 13 API calls 16104->16106 16110 7ff61771047a 16105->16110 16106->16118 16107->16118 16108 7ff617709a80 _wfindfirst32i64 8 API calls 16111 7ff61771055d 16108->16111 16109->16097 16109->16118 16160 7ff617710574 16110->16160 16111->16058 16114 7ff617710574 10 API calls 16115 7ff617710499 16114->16115 16116 7ff617710574 10 API calls 16115->16116 16117 7ff6177104aa 16116->16117 16117->16118 16119 7ff617715850 _get_daylight 13 API calls 16117->16119 16118->16108 16119->16118 16121 7ff617710886 16120->16121 16123 7ff617715850 _get_daylight 13 API calls 16121->16123 16139 7ff61771092e 16121->16139 16122 7ff617709a80 _wfindfirst32i64 8 API calls 16124 7ff61771034d 16122->16124 16125 7ff61771089a 16123->16125 16124->16059 16124->16060 16126 7ff617715850 _get_daylight 13 API calls 16125->16126 16127 7ff6177108a1 16126->16127 16128 7ff617710ea8 39 API calls 16127->16128 16129 7ff6177108b7 16128->16129 16130 7ff6177108c8 16129->16130 16131 7ff6177108bf 16129->16131 16133 7ff617715850 _get_daylight 13 API calls 16130->16133 16132 7ff617715850 _get_daylight 13 API calls 16131->16132 16141 7ff6177108c4 16132->16141 16134 7ff6177108cd 16133->16134 16135 7ff617710923 16134->16135 16136 7ff617715850 _get_daylight 13 API calls 16134->16136 16137 7ff61770c984 __vcrt_freefls 14 API calls 16135->16137 16138 7ff6177108d7 16136->16138 16137->16139 16140 7ff617710ea8 39 API calls 16138->16140 16139->16122 16140->16141 16141->16135 16142 7ff617710911 GetDriveTypeW 16141->16142 16142->16135 16144 7ff617710634 16143->16144 16152 7ff61771036a 16144->16152 16167 7ff617719d28 16144->16167 16146 7ff6177106c8 16147 7ff617719d28 34 API calls 16146->16147 16146->16152 16148 7ff6177106db 16147->16148 16149 7ff617719d28 34 API calls 16148->16149 16148->16152 16150 7ff6177106ee 16149->16150 16151 7ff617719d28 34 API calls 16150->16151 16150->16152 16151->16152 16153 7ff617710748 16152->16153 16154 7ff617710762 16153->16154 16155 7ff61771079a 16154->16155 16156 7ff617710772 16154->16156 16157 7ff617719bbc 23 API calls 16155->16157 16158 7ff6177157e0 _fread_nolock 13 API calls 16156->16158 16159 7ff617710782 16156->16159 16157->16159 16158->16159 16159->16068 16161 7ff6177105a0 FileTimeToSystemTime 16160->16161 16162 7ff617710593 16160->16162 16163 7ff61771059b 16161->16163 16164 7ff6177105b2 SystemTimeToTzSpecificLocalTime 16161->16164 16162->16161 16162->16163 16165 7ff617709a80 _wfindfirst32i64 8 API calls 16163->16165 16164->16163 16166 7ff617710489 16165->16166 16166->16114 16168 7ff617719d59 16167->16168 16169 7ff617719d35 16167->16169 16172 7ff617719d93 16168->16172 16174 7ff617719db2 16168->16174 16169->16168 16170 7ff617719d3a 16169->16170 16171 7ff617715850 _get_daylight 13 API calls 16170->16171 16175 7ff617719d3f 16171->16175 16173 7ff617715850 _get_daylight 13 API calls 16172->16173 16176 7ff617719d98 16173->16176 16177 7ff61770d630 33 API calls 16174->16177 16178 7ff617715730 _invalid_parameter_noinfo 30 API calls 16175->16178 16179 7ff617715730 _invalid_parameter_noinfo 30 API calls 16176->16179 16183 7ff617719dbf 16177->16183 16180 7ff617719d4a 16178->16180 16181 7ff617719da3 16179->16181 16180->16146 16181->16146 16182 7ff61771f6cc 34 API calls 16182->16183 16183->16181 16183->16182 16185 7ff617719ea0 MultiByteToWideChar 16184->16185 16188 7ff61770bc41 16187->16188 16192 7ff61770bc51 16187->16192 16189 7ff617715850 _get_daylight 13 API calls 16188->16189 16190 7ff61770bc46 16189->16190 16191 7ff617715730 _invalid_parameter_noinfo 30 API calls 16190->16191 16191->16192 16192->16026 16194 7ff6177132bc 16193->16194 16195 7ff6177132d8 16194->16195 16196 7ff6177132f9 16194->16196 16197 7ff617715850 _get_daylight 13 API calls 16195->16197 16212 7ff61770cbc0 EnterCriticalSection 16196->16212 16199 7ff6177132dd 16197->16199 16201 7ff617715730 _invalid_parameter_noinfo 30 API calls 16199->16201 16208 7ff6177132e7 16201->16208 16208->16016 16214 7ff617712d20 16213->16214 16229 7ff617712dd3 memcpy_s 16213->16229 16215 7ff617712de3 16214->16215 16217 7ff617712d37 16214->16217 16220 7ff617718cb4 _invalid_parameter_noinfo 13 API calls 16215->16220 16215->16229 16216 7ff617715850 _get_daylight 13 API calls 16218 7ff617705d20 16216->16218 16249 7ff61771ad2c EnterCriticalSection 16217->16249 16218->14778 16222 7ff617712dff 16220->16222 16227 7ff617717cac _fread_nolock 14 API calls 16222->16227 16222->16229 16227->16229 16229->16216 16229->16218 16232 7ff6177149f5 16231->16232 16234 7ff617705d93 16231->16234 16233 7ff617715850 _get_daylight 13 API calls 16232->16233 16235 7ff6177149fa 16233->16235 16237 7ff6177128ac 16234->16237 16236 7ff617715730 _invalid_parameter_noinfo 30 API calls 16235->16236 16236->16234 16238 7ff6177128b5 16237->16238 16239 7ff6177128ca 16237->16239 16240 7ff617715830 _fread_nolock 13 API calls 16238->16240 16242 7ff617715830 _fread_nolock 13 API calls 16239->16242 16245 7ff6177128c2 16239->16245 16241 7ff6177128ba 16240->16241 16243 7ff617715850 _get_daylight 13 API calls 16241->16243 16244 7ff617712905 16242->16244 16243->16245 16246 7ff617715850 _get_daylight 13 API calls 16244->16246 16245->14788 16247 7ff61771290d 16246->16247 16248 7ff617715730 _invalid_parameter_noinfo 30 API calls 16247->16248 16248->16245 16251 7ff6177012e8 16250->16251 16252 7ff6177012b6 16250->16252 16255 7ff61770131f 16251->16255 16256 7ff6177012fe 16251->16256 16253 7ff617702d90 106 API calls 16252->16253 16254 7ff6177012c6 16253->16254 16254->16251 16257 7ff6177012ce 16254->16257 16262 7ff617701354 16255->16262 16263 7ff617701334 16255->16263 16258 7ff617701c30 77 API calls 16256->16258 16259 7ff617701c70 77 API calls 16257->16259 16261 7ff617701315 16258->16261 16260 7ff6177012de 16259->16260 16260->14833 16261->14833 16265 7ff61770136e 16262->16265 16272 7ff617701385 16262->16272 16264 7ff617701c30 77 API calls 16263->16264 16266 7ff61770134f 16264->16266 16267 7ff617701040 85 API calls 16265->16267 16269 7ff617701411 16266->16269 16271 7ff61770bbd4 64 API calls 16266->16271 16268 7ff61770137f 16267->16268 16268->16266 16274 7ff61770c984 __vcrt_freefls 14 API calls 16268->16274 16269->14833 16270 7ff61770bef0 _fread_nolock 46 API calls 16270->16272 16271->16269 16272->16266 16272->16270 16273 7ff6177013ce 16272->16273 16275 7ff617701c30 77 API calls 16273->16275 16274->16266 16275->16268 16277 7ff617701659 16276->16277 16278 7ff61770169b 16276->16278 16277->16278 16279 7ff617701c70 77 API calls 16277->16279 16278->14839 16280 7ff6177016af 16279->16280 16280->14839 16282 7ff6177068b0 79 API calls 16281->16282 16283 7ff617705ec7 LoadLibraryExW 16282->16283 16284 7ff61770c984 __vcrt_freefls 14 API calls 16283->16284 16285 7ff617704442 16284->16285 16285->14854 16286->14927 16287->14930 16289 7ff617706129 16288->16289 16291 7ff617706120 16288->16291 16290 7ff61770614f MultiByteToWideChar 16289->16290 16289->16291 16290->16291 16293 7ff617706187 LoadLibraryA GetProcAddress GetProcAddress 16290->16293 16292 7ff617701cd0 77 API calls 16291->16292 16294 7ff617706185 16292->16294 16295 7ff617706258 16293->16295 16296 7ff6177061c6 16293->16296 16294->16293 16295->14945 16296->16295 16297 7ff61770c984 __vcrt_freefls 14 API calls 16296->16297 16298 7ff617706215 16297->16298 16299 7ff617706270 77 API calls 16298->16299 16300 7ff61770622f 16298->16300 16299->16295 16300->14945 16302 7ff6177039c0 16301->16302 16303 7ff6177039fb 16302->16303 16306 7ff617703a1b 16302->16306 16304 7ff617701c70 77 API calls 16303->16304 16305 7ff617703a11 16304->16305 16308 7ff617709a80 _wfindfirst32i64 8 API calls 16305->16308 16307 7ff617703a5a 16306->16307 16309 7ff617703a72 16306->16309 16311 7ff617701c70 77 API calls 16306->16311 16365 7ff617702d20 16307->16365 16313 7ff61770230a 16308->16313 16310 7ff617703aa9 16309->16310 16314 7ff617701c70 77 API calls 16309->16314 16315 7ff617705eb0 80 API calls 16310->16315 16311->16307 16313->14969 16323 7ff617703d30 16313->16323 16314->16310 16317 7ff617703ab6 16315->16317 16318 7ff617703add 16317->16318 16319 7ff617703abb 16317->16319 16371 7ff617702ed0 GetProcAddress 16318->16371 16320 7ff617701cd0 77 API calls 16319->16320 16320->16305 16322 7ff617705eb0 80 API calls 16322->16309 16324 7ff6177068b0 79 API calls 16323->16324 16325 7ff617703d4f 16324->16325 16326 7ff617703d54 16325->16326 16327 7ff617703d6b 16325->16327 16328 7ff617701c70 77 API calls 16326->16328 16330 7ff6177068b0 79 API calls 16327->16330 16329 7ff617703d60 16328->16329 16329->14958 16331 7ff617703d99 16330->16331 16334 7ff617703e40 16331->16334 16335 7ff617703e1b 16331->16335 16346 7ff617703d9e 16331->16346 16332 7ff617701c70 77 API calls 16333 7ff617703f15 16332->16333 16333->14958 16337 7ff6177068b0 79 API calls 16334->16337 16336 7ff617701c70 77 API calls 16335->16336 16338 7ff617703e30 16336->16338 16339 7ff617703e59 16337->16339 16338->14958 16339->16346 16473 7ff617703b10 16339->16473 16343 7ff617703ee2 16345 7ff61770c984 __vcrt_freefls 14 API calls 16343->16345 16344 7ff617703eaa 16344->16343 16344->16346 16347 7ff61770c984 __vcrt_freefls 14 API calls 16344->16347 16345->16346 16346->16332 16348 7ff617703efe 16346->16348 16347->16344 16348->14958 16350 7ff617703797 16349->16350 16350->16350 16351 7ff6177037b9 16350->16351 16359 7ff6177037d0 16350->16359 16352 7ff617701c70 77 API calls 16351->16352 16353 7ff6177037c5 16352->16353 16353->14961 16354 7ff61770389a 16354->14961 16355 7ff6177012a0 106 API calls 16355->16359 16356 7ff617701760 77 API calls 16356->16359 16357 7ff617701c70 77 API calls 16357->16359 16358 7ff61770c984 __vcrt_freefls 14 API calls 16358->16359 16359->16354 16359->16355 16359->16356 16359->16357 16359->16358 16361 7ff617702345 16360->16361 16363 7ff6177038cb 16360->16363 16361->14964 16361->14965 16361->14969 16362 7ff617701760 77 API calls 16362->16363 16363->16361 16363->16362 16364 7ff617701c70 77 API calls 16363->16364 16364->16363 16366 7ff617702d2a 16365->16366 16367 7ff6177068b0 79 API calls 16366->16367 16368 7ff617702d52 16367->16368 16369 7ff617709a80 _wfindfirst32i64 8 API calls 16368->16369 16370 7ff617702d7a 16369->16370 16370->16309 16370->16322 16372 7ff617702ef2 16371->16372 16373 7ff617702f10 GetProcAddress 16371->16373 16376 7ff617701cd0 77 API calls 16372->16376 16373->16372 16374 7ff617702f35 GetProcAddress 16373->16374 16374->16372 16375 7ff617702f5a GetProcAddress 16374->16375 16375->16372 16377 7ff617702f82 GetProcAddress 16375->16377 16378 7ff617702f05 16376->16378 16377->16372 16379 7ff617702faa GetProcAddress 16377->16379 16378->16305 16379->16372 16380 7ff617702fd2 GetProcAddress 16379->16380 16380->16372 16381 7ff617702ffa GetProcAddress 16380->16381 16382 7ff617703022 GetProcAddress 16381->16382 16383 7ff617703016 16381->16383 16384 7ff61770303e 16382->16384 16385 7ff61770304a GetProcAddress 16382->16385 16383->16382 16384->16385 16386 7ff617703072 GetProcAddress 16385->16386 16387 7ff617703066 16385->16387 16388 7ff61770308e 16386->16388 16389 7ff61770309a GetProcAddress 16386->16389 16387->16386 16388->16389 16390 7ff6177030c2 GetProcAddress 16389->16390 16391 7ff6177030b6 16389->16391 16392 7ff6177030de 16390->16392 16393 7ff6177030ea GetProcAddress 16390->16393 16391->16390 16392->16393 16394 7ff617703112 GetProcAddress 16393->16394 16395 7ff617703106 16393->16395 16396 7ff61770312e 16394->16396 16397 7ff61770313a GetProcAddress 16394->16397 16395->16394 16396->16397 16398 7ff617703162 GetProcAddress 16397->16398 16399 7ff617703156 16397->16399 16400 7ff61770317e 16398->16400 16401 7ff61770318a GetProcAddress 16398->16401 16399->16398 16400->16401 16402 7ff6177031b2 GetProcAddress 16401->16402 16403 7ff6177031a6 16401->16403 16404 7ff6177031ce 16402->16404 16405 7ff6177031da GetProcAddress 16402->16405 16403->16402 16404->16405 16406 7ff617703202 GetProcAddress 16405->16406 16407 7ff6177031f6 16405->16407 16408 7ff61770321e 16406->16408 16409 7ff61770322a GetProcAddress 16406->16409 16407->16406 16408->16409 16410 7ff617703252 GetProcAddress 16409->16410 16411 7ff617703246 16409->16411 16412 7ff61770326e 16410->16412 16413 7ff61770327a GetProcAddress 16410->16413 16411->16410 16412->16413 16414 7ff6177032a2 GetProcAddress 16413->16414 16415 7ff617703296 16413->16415 16415->16414 16478 7ff617703b2a mbstowcs 16473->16478 16474 7ff617703cd6 16475 7ff617709a80 _wfindfirst32i64 8 API calls 16474->16475 16477 7ff617703cf5 16475->16477 16476 7ff617701760 77 API calls 16476->16478 16499 7ff617706ab0 16477->16499 16478->16474 16478->16476 16479 7ff617703c38 16478->16479 16481 7ff617703d0e 16478->16481 16479->16474 16480 7ff6177149ec _fread_nolock 30 API calls 16479->16480 16482 7ff617703c4f 16480->16482 16484 7ff617701c70 77 API calls 16481->16484 16510 7ff6177112c0 16482->16510 16484->16474 16485 7ff617703c5b 16486 7ff6177149ec _fread_nolock 30 API calls 16485->16486 16487 7ff617703c6d 16486->16487 16488 7ff6177112c0 32 API calls 16487->16488 16489 7ff617703c79 16488->16489 16529 7ff617711790 16489->16529 16500 7ff617706acf 16499->16500 16501 7ff617706ad7 16500->16501 16502 7ff617706b20 MultiByteToWideChar 16500->16502 16504 7ff617706b68 MultiByteToWideChar 16500->16504 16506 7ff617706bac 16500->16506 16501->16344 16502->16500 16502->16506 16503 7ff617701cd0 77 API calls 16505 7ff617706bd8 16503->16505 16504->16500 16504->16506 16507 7ff617706bf1 16505->16507 16508 7ff61770c984 __vcrt_freefls 14 API calls 16505->16508 16506->16503 16509 7ff61770c984 __vcrt_freefls 14 API calls 16507->16509 16508->16505 16509->16501 16511 7ff617711319 16510->16511 16512 7ff6177112e9 16510->16512 16513 7ff61771132b 16511->16513 16514 7ff61771131e 16511->16514 16512->16511 16520 7ff617711309 16512->16520 16515 7ff617711394 16513->16515 16519 7ff61771135b 16513->16519 16516 7ff617715850 _get_daylight 13 API calls 16514->16516 16517 7ff617715850 _get_daylight 13 API calls 16515->16517 16528 7ff617711323 16516->16528 16518 7ff61771130e 16517->16518 16523 7ff617715730 _invalid_parameter_noinfo 30 API calls 16518->16523 16535 7ff6177125a0 EnterCriticalSection 16519->16535 16522 7ff617715850 _get_daylight 13 API calls 16520->16522 16522->16518 16523->16528 16528->16485 16530 7ff61771179e 16529->16530 16531 7ff6177117a5 16529->16531 16582 7ff617718b38 33 API calls 16581->16582 16583 7ff617714955 16582->16583 16586 7ff617714a74 16583->16586 16595 7ff617712a3c 16586->16595 16621 7ff617712924 16595->16621 16626 7ff61771ad2c EnterCriticalSection 16621->16626 17848 7ff617724314 17849 7ff617724323 17848->17849 17851 7ff61772432d 17848->17851 17852 7ff61771ad80 LeaveCriticalSection 17849->17852 18352 7ff617709aa4 18353 7ff617709ab4 18352->18353 18369 7ff617711280 18353->18369 18355 7ff617709ac0 18375 7ff61770a03c 18355->18375 18357 7ff61770a31c 7 API calls 18360 7ff617709b59 18357->18360 18358 7ff617709ad8 _RTC_Initialize 18367 7ff617709b2d 18358->18367 18380 7ff61770a1ec 18358->18380 18361 7ff617709aed 18383 7ff617713778 18361->18383 18367->18357 18368 7ff617709b49 18367->18368 18370 7ff617711291 18369->18370 18371 7ff617715850 _get_daylight 13 API calls 18370->18371 18372 7ff617711299 18370->18372 18373 7ff6177112a8 18371->18373 18372->18355 18374 7ff617715730 _invalid_parameter_noinfo 30 API calls 18373->18374 18374->18372 18376 7ff61770a04d 18375->18376 18379 7ff61770a052 __scrt_acquire_startup_lock 18375->18379 18377 7ff61770a31c 7 API calls 18376->18377 18376->18379 18378 7ff61770a0c6 18377->18378 18379->18358 18408 7ff61770a1b0 18380->18408 18382 7ff61770a1f5 18382->18361 18384 7ff617713798 18383->18384 18390 7ff617709af9 18383->18390 18385 7ff6177137b6 GetModuleFileNameW 18384->18385 18386 7ff6177137a0 18384->18386 18391 7ff6177137e1 18385->18391 18387 7ff617715850 _get_daylight 13 API calls 18386->18387 18388 7ff6177137a5 18387->18388 18389 7ff617715730 _invalid_parameter_noinfo 30 API calls 18388->18389 18389->18390 18390->18367 18407 7ff61770a2c0 InitializeSListHead 18390->18407 18392 7ff617713718 13 API calls 18391->18392 18393 7ff617713821 18392->18393 18394 7ff617713829 18393->18394 18398 7ff617713841 18393->18398 18395 7ff617715850 _get_daylight 13 API calls 18394->18395 18396 7ff61771382e 18395->18396 18397 7ff617715870 __free_lconv_num 13 API calls 18396->18397 18397->18390 18399 7ff617713863 18398->18399 18401 7ff6177138a8 18398->18401 18402 7ff61771388f 18398->18402 18400 7ff617715870 __free_lconv_num 13 API calls 18399->18400 18400->18390 18404 7ff617715870 __free_lconv_num 13 API calls 18401->18404 18403 7ff617715870 __free_lconv_num 13 API calls 18402->18403 18405 7ff617713898 18403->18405 18404->18399 18406 7ff617715870 __free_lconv_num 13 API calls 18405->18406 18406->18390 18409 7ff61770a1ca 18408->18409 18411 7ff61770a1c3 18408->18411 18412 7ff61771478c 18409->18412 18411->18382 18415 7ff6177143d8 18412->18415 18422 7ff61771ad2c EnterCriticalSection 18415->18422 16660 7ff61771af24 16661 7ff61771af48 16660->16661 16665 7ff61771af5c 16660->16665 16662 7ff617715850 _get_daylight 13 API calls 16661->16662 16663 7ff61771af4d 16662->16663 16664 7ff61771b1f6 16666 7ff617715850 _get_daylight 13 API calls 16664->16666 16665->16664 16667 7ff61771af9f 16665->16667 16775 7ff61771b568 16665->16775 16683 7ff61771b02b 16666->16683 16669 7ff61771affb 16667->16669 16671 7ff61771afc5 16667->16671 16678 7ff61771afef 16667->16678 16673 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16669->16673 16669->16683 16670 7ff61771b0a9 16676 7ff61771b118 16670->16676 16680 7ff61771b0c6 16670->16680 16790 7ff617713df0 16671->16790 16675 7ff61771b011 16673->16675 16679 7ff617715870 __free_lconv_num 13 API calls 16675->16679 16676->16683 16688 7ff61771d890 33 API calls 16676->16688 16678->16670 16678->16683 16796 7ff617721500 16678->16796 16686 7ff61771b01f 16679->16686 16684 7ff617715870 __free_lconv_num 13 API calls 16680->16684 16681 7ff61771afd3 16681->16678 16685 7ff61771b568 33 API calls 16681->16685 16682 7ff617715870 __free_lconv_num 13 API calls 16682->16663 16683->16682 16687 7ff61771b0cf 16684->16687 16685->16678 16686->16678 16686->16683 16690 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16686->16690 16696 7ff61771b0d4 16687->16696 16832 7ff61771d890 16687->16832 16689 7ff61771b153 16688->16689 16691 7ff617715870 __free_lconv_num 13 API calls 16689->16691 16693 7ff61771b04a 16690->16693 16691->16696 16695 7ff617715870 __free_lconv_num 13 API calls 16693->16695 16694 7ff61771b100 16697 7ff617715870 __free_lconv_num 13 API calls 16694->16697 16695->16678 16696->16683 16696->16696 16698 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16696->16698 16697->16696 16699 7ff61771b19d 16698->16699 16700 7ff61771b1e4 16699->16700 16702 7ff617714a14 30 API calls 16699->16702 16701 7ff617715870 __free_lconv_num 13 API calls 16700->16701 16701->16683 16703 7ff61771b1b4 16702->16703 16704 7ff61771b1b8 16703->16704 16705 7ff61771b22f 16703->16705 16841 7ff617721618 16704->16841 16706 7ff617715750 _wfindfirst32i64 17 API calls 16705->16706 16709 7ff61771b243 16706->16709 16710 7ff61771b26c 16709->16710 16714 7ff61771b280 16709->16714 16712 7ff617715850 _get_daylight 13 API calls 16710->16712 16711 7ff617715850 _get_daylight 13 API calls 16711->16700 16713 7ff61771b271 16712->16713 16715 7ff61771b513 16714->16715 16717 7ff61771b2bf 16714->16717 16760 7ff61771b650 16714->16760 16716 7ff617715850 _get_daylight 13 API calls 16715->16716 16753 7ff61771b34a 16716->16753 16719 7ff61771b319 16717->16719 16720 7ff61771b2e7 16717->16720 16728 7ff61771b30d 16717->16728 16723 7ff61771b341 16719->16723 16727 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16719->16727 16719->16753 16860 7ff617713e2c 16720->16860 16721 7ff61771b3c8 16730 7ff61771b3e5 16721->16730 16737 7ff61771b438 16721->16737 16725 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16723->16725 16723->16728 16723->16753 16731 7ff61771b36c 16725->16731 16733 7ff61771b333 16727->16733 16728->16721 16728->16753 16866 7ff6177213c0 16728->16866 16729 7ff617715870 __free_lconv_num 13 API calls 16729->16713 16734 7ff617715870 __free_lconv_num 13 API calls 16730->16734 16735 7ff617715870 __free_lconv_num 13 API calls 16731->16735 16732 7ff61771b2f5 16732->16728 16739 7ff61771b650 33 API calls 16732->16739 16736 7ff617715870 __free_lconv_num 13 API calls 16733->16736 16738 7ff61771b3ee 16734->16738 16735->16728 16736->16723 16740 7ff61771d890 33 API calls 16737->16740 16737->16753 16743 7ff61771d890 33 API calls 16738->16743 16745 7ff61771b3f4 16738->16745 16739->16728 16741 7ff61771b474 16740->16741 16742 7ff617715870 __free_lconv_num 13 API calls 16741->16742 16742->16745 16744 7ff61771b420 16743->16744 16746 7ff617715870 __free_lconv_num 13 API calls 16744->16746 16745->16745 16747 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16745->16747 16745->16753 16746->16745 16748 7ff61771b4bf 16747->16748 16749 7ff61771b501 16748->16749 16750 7ff61771aebc _wfindfirst32i64 30 API calls 16748->16750 16751 7ff617715870 __free_lconv_num 13 API calls 16749->16751 16752 7ff61771b4d5 16750->16752 16751->16753 16754 7ff61771b4d9 SetEnvironmentVariableW 16752->16754 16755 7ff61771b551 16752->16755 16753->16729 16754->16749 16756 7ff61771b4fc 16754->16756 16757 7ff617715750 _wfindfirst32i64 17 API calls 16755->16757 16758 7ff617715850 _get_daylight 13 API calls 16756->16758 16759 7ff61771b565 16757->16759 16758->16749 16761 7ff61771b690 16760->16761 16762 7ff61771b673 16760->16762 16763 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16761->16763 16762->16717 16769 7ff61771b6b4 16763->16769 16764 7ff61771b715 16766 7ff617715870 __free_lconv_num 13 API calls 16764->16766 16765 7ff617714a74 33 API calls 16767 7ff61771b73e 16765->16767 16766->16762 16768 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16768->16769 16769->16764 16769->16768 16770 7ff617715870 __free_lconv_num 13 API calls 16769->16770 16771 7ff61771aebc _wfindfirst32i64 30 API calls 16769->16771 16772 7ff61771b724 16769->16772 16774 7ff61771b738 16769->16774 16770->16769 16771->16769 16773 7ff617715750 _wfindfirst32i64 17 API calls 16772->16773 16773->16774 16774->16765 16776 7ff61771b59d 16775->16776 16777 7ff61771b585 16775->16777 16778 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16776->16778 16777->16667 16784 7ff61771b5c1 16778->16784 16779 7ff617714a74 33 API calls 16781 7ff61771b64c 16779->16781 16780 7ff61771b622 16782 7ff617715870 __free_lconv_num 13 API calls 16780->16782 16782->16777 16783 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16783->16784 16784->16780 16784->16783 16785 7ff617715870 __free_lconv_num 13 API calls 16784->16785 16786 7ff617714a14 30 API calls 16784->16786 16787 7ff61771b631 16784->16787 16789 7ff61771b646 16784->16789 16785->16784 16786->16784 16788 7ff617715750 _wfindfirst32i64 17 API calls 16787->16788 16788->16789 16789->16779 16791 7ff617713e09 16790->16791 16792 7ff617713e00 16790->16792 16791->16664 16791->16681 16792->16791 16890 7ff6177138fc 16792->16890 16797 7ff61772150d 16796->16797 16798 7ff6177206a4 16796->16798 16800 7ff61770d630 33 API calls 16797->16800 16799 7ff6177206b1 16798->16799 16804 7ff6177206e7 16798->16804 16803 7ff617715850 _get_daylight 13 API calls 16799->16803 16818 7ff617720658 16799->16818 16801 7ff617721541 16800->16801 16808 7ff617721557 16801->16808 16812 7ff61772156e 16801->16812 16829 7ff617721546 16801->16829 16802 7ff617720711 16805 7ff617715850 _get_daylight 13 API calls 16802->16805 16806 7ff6177206bb 16803->16806 16804->16802 16807 7ff617720736 16804->16807 16809 7ff617720716 16805->16809 16810 7ff617715730 _invalid_parameter_noinfo 30 API calls 16806->16810 16811 7ff617720721 16807->16811 16819 7ff61770d630 33 API calls 16807->16819 16813 7ff617715850 _get_daylight 13 API calls 16808->16813 16814 7ff617715730 _invalid_parameter_noinfo 30 API calls 16809->16814 16815 7ff6177206c6 16810->16815 16811->16678 16816 7ff617721578 16812->16816 16817 7ff61772158a 16812->16817 16820 7ff61772155c 16813->16820 16814->16811 16815->16678 16821 7ff617715850 _get_daylight 13 API calls 16816->16821 16822 7ff61772159b 16817->16822 16823 7ff6177215b2 16817->16823 16818->16678 16819->16811 16824 7ff617715730 _invalid_parameter_noinfo 30 API calls 16820->16824 16825 7ff61772157d 16821->16825 17109 7ff6177206f4 16822->17109 17118 7ff617723260 16823->17118 16824->16829 16828 7ff617715730 _invalid_parameter_noinfo 30 API calls 16825->16828 16828->16829 16829->16678 16831 7ff617715850 _get_daylight 13 API calls 16831->16829 16833 7ff61771d8cf 16832->16833 16834 7ff61771d8b2 16832->16834 16836 7ff61771d8d9 16833->16836 17153 7ff617721fa8 16833->17153 16834->16833 16835 7ff61771d8c0 16834->16835 16837 7ff617715850 _get_daylight 13 API calls 16835->16837 17160 7ff617721fe4 16836->17160 16839 7ff61771d8c5 memcpy_s 16837->16839 16839->16694 16842 7ff61770d630 33 API calls 16841->16842 16843 7ff61772167e 16842->16843 16844 7ff61772168c 16843->16844 16845 7ff617717f34 5 API calls 16843->16845 16846 7ff617710108 16 API calls 16844->16846 16845->16844 16847 7ff6177216e4 16846->16847 16848 7ff617721770 16847->16848 16849 7ff61770d630 33 API calls 16847->16849 16851 7ff617721781 16848->16851 16853 7ff617715870 __free_lconv_num 13 API calls 16848->16853 16850 7ff6177216f7 16849->16850 16852 7ff617721700 16850->16852 16855 7ff617717f34 5 API calls 16850->16855 16854 7ff61771b1db 16851->16854 16856 7ff617715870 __free_lconv_num 13 API calls 16851->16856 16857 7ff617710108 16 API calls 16852->16857 16853->16851 16854->16700 16854->16711 16855->16852 16856->16854 16858 7ff617721757 16857->16858 16858->16848 16859 7ff61772175f SetEnvironmentVariableW 16858->16859 16859->16848 16861 7ff617713e3c 16860->16861 16862 7ff617713e45 16860->16862 16861->16862 16863 7ff617713968 33 API calls 16861->16863 16862->16715 16862->16732 16864 7ff617713e4e 16863->16864 16864->16862 16865 7ff617713d04 14 API calls 16864->16865 16865->16862 16867 7ff6177213cd 16866->16867 16869 7ff6177213fa 16866->16869 16868 7ff6177213d2 16867->16868 16867->16869 16870 7ff617715850 _get_daylight 13 API calls 16868->16870 16871 7ff61772143e 16869->16871 16874 7ff61772145d 16869->16874 16888 7ff617721432 __crtLCMapStringW 16869->16888 16872 7ff6177213d7 16870->16872 16873 7ff617715850 _get_daylight 13 API calls 16871->16873 16875 7ff617715730 _invalid_parameter_noinfo 30 API calls 16872->16875 16876 7ff617721443 16873->16876 16877 7ff617721467 16874->16877 16878 7ff617721479 16874->16878 16879 7ff6177213e2 16875->16879 16881 7ff617715730 _invalid_parameter_noinfo 30 API calls 16876->16881 16882 7ff617715850 _get_daylight 13 API calls 16877->16882 16880 7ff61770d630 33 API calls 16878->16880 16879->16728 16883 7ff617721486 16880->16883 16881->16888 16884 7ff61772146c 16882->16884 16883->16888 17172 7ff617722e40 16883->17172 16885 7ff617715730 _invalid_parameter_noinfo 30 API calls 16884->16885 16885->16888 16888->16728 16889 7ff617715850 _get_daylight 13 API calls 16889->16888 16891 7ff617713911 16890->16891 16892 7ff617713915 16890->16892 16891->16791 16902 7ff617713c30 16891->16902 16910 7ff61771caa4 16892->16910 16897 7ff617713927 16900 7ff617715870 __free_lconv_num 13 API calls 16897->16900 16900->16891 16901 7ff617715870 __free_lconv_num 13 API calls 16901->16897 16903 7ff617713c4f 16902->16903 16904 7ff617713c62 16902->16904 16903->16791 16904->16903 16905 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16904->16905 16906 7ff617713cf4 16904->16906 16907 7ff61771a678 WideCharToMultiByte 16904->16907 16909 7ff617715870 __free_lconv_num 13 API calls 16904->16909 16905->16904 16908 7ff617715870 __free_lconv_num 13 API calls 16906->16908 16907->16904 16908->16903 16909->16904 16911 7ff61771cab1 16910->16911 16915 7ff61771391a 16910->16915 16945 7ff617718c0c 16911->16945 16916 7ff61771cddc GetEnvironmentStringsW 16915->16916 16917 7ff61771ce0a 16916->16917 16918 7ff61771ceac 16916->16918 16921 7ff61771a678 WideCharToMultiByte 16917->16921 16919 7ff61771ceb6 FreeEnvironmentStringsW 16918->16919 16920 7ff61771391f 16918->16920 16919->16920 16920->16897 16928 7ff6177139d0 16920->16928 16922 7ff61771ce5c 16921->16922 16922->16918 16923 7ff617717cac _fread_nolock 14 API calls 16922->16923 16924 7ff61771ce6b 16923->16924 16925 7ff61771ce95 16924->16925 16926 7ff61771a678 WideCharToMultiByte 16924->16926 16927 7ff617715870 __free_lconv_num 13 API calls 16925->16927 16926->16925 16927->16918 16929 7ff6177139f7 16928->16929 16930 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16929->16930 16940 7ff617713a2c 16930->16940 16931 7ff617713a9b 16932 7ff617715870 __free_lconv_num 13 API calls 16931->16932 16933 7ff617713934 16932->16933 16933->16901 16934 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16934->16940 16935 7ff617713a8c 16937 7ff617713bec 13 API calls 16935->16937 16936 7ff617714a14 30 API calls 16936->16940 16938 7ff617713a94 16937->16938 16939 7ff617715870 __free_lconv_num 13 API calls 16938->16939 16939->16931 16940->16931 16940->16934 16940->16935 16940->16936 16941 7ff617713ac3 16940->16941 16943 7ff617715870 __free_lconv_num 13 API calls 16940->16943 16942 7ff617715750 _wfindfirst32i64 17 API calls 16941->16942 16944 7ff617713ad5 16942->16944 16943->16940 16946 7ff617718c22 16945->16946 16947 7ff617718c1d 16945->16947 16949 7ff617718124 _invalid_parameter_noinfo 6 API calls 16946->16949 16951 7ff617718c2a 16946->16951 16948 7ff6177180dc _invalid_parameter_noinfo 6 API calls 16947->16948 16948->16946 16950 7ff617718c41 16949->16950 16950->16951 16952 7ff617717c34 _invalid_parameter_noinfo 13 API calls 16950->16952 16953 7ff617714a74 33 API calls 16951->16953 16958 7ff617718ca4 16951->16958 16955 7ff617718c54 16952->16955 16954 7ff617718cb2 16953->16954 16956 7ff617718c72 16955->16956 16957 7ff617718c62 16955->16957 16959 7ff617718124 _invalid_parameter_noinfo 6 API calls 16956->16959 16960 7ff617718124 _invalid_parameter_noinfo 6 API calls 16957->16960 16970 7ff61771c82c 16958->16970 16961 7ff617718c7a 16959->16961 16962 7ff617718c69 16960->16962 16963 7ff617718c7e 16961->16963 16964 7ff617718c90 16961->16964 16965 7ff617715870 __free_lconv_num 13 API calls 16962->16965 16966 7ff617718124 _invalid_parameter_noinfo 6 API calls 16963->16966 16967 7ff6177188e8 _invalid_parameter_noinfo 13 API calls 16964->16967 16965->16951 16966->16962 16968 7ff617718c98 16967->16968 16969 7ff617715870 __free_lconv_num 13 API calls 16968->16969 16969->16951 16988 7ff61771c9ec 16970->16988 16972 7ff61771c855 17003 7ff61771c538 16972->17003 16975 7ff61771c86f 16975->16915 16976 7ff617717cac _fread_nolock 14 API calls 16979 7ff61771c880 16976->16979 16977 7ff61771c91b 16978 7ff617715870 __free_lconv_num 13 API calls 16977->16978 16978->16975 16979->16977 17010 7ff61771cb20 16979->17010 16982 7ff61771c916 16983 7ff617715850 _get_daylight 13 API calls 16982->16983 16983->16977 16984 7ff61771c978 16984->16977 17021 7ff61771c37c 16984->17021 16985 7ff61771c93b 16985->16984 16986 7ff617715870 __free_lconv_num 13 API calls 16985->16986 16986->16984 16989 7ff61771ca0f 16988->16989 16990 7ff61771ca19 16989->16990 17036 7ff61771ad2c EnterCriticalSection 16989->17036 16992 7ff61771ca8b 16990->16992 16995 7ff617714a74 33 API calls 16990->16995 16992->16972 16997 7ff61771caa3 16995->16997 16999 7ff617718c0c 33 API calls 16997->16999 17002 7ff61771caf6 16997->17002 17000 7ff61771cae0 16999->17000 17001 7ff61771c82c 43 API calls 17000->17001 17001->17002 17002->16972 17004 7ff61770d630 33 API calls 17003->17004 17005 7ff61771c54c 17004->17005 17006 7ff61771c558 GetOEMCP 17005->17006 17007 7ff61771c56a 17005->17007 17008 7ff61771c57f 17006->17008 17007->17008 17009 7ff61771c56f GetACP 17007->17009 17008->16975 17008->16976 17009->17008 17011 7ff61771c538 35 API calls 17010->17011 17012 7ff61771cb4b 17011->17012 17013 7ff61771cb88 IsValidCodePage 17012->17013 17019 7ff61771cbcb memcpy_s 17012->17019 17015 7ff61771cb99 17013->17015 17013->17019 17014 7ff617709a80 _wfindfirst32i64 8 API calls 17016 7ff61771c90f 17014->17016 17017 7ff61771cbd0 GetCPInfo 17015->17017 17020 7ff61771cba2 memcpy_s 17015->17020 17016->16982 17016->16985 17017->17019 17017->17020 17019->17014 17037 7ff61771c648 17020->17037 17108 7ff61771ad2c EnterCriticalSection 17021->17108 17038 7ff61771c685 GetCPInfo 17037->17038 17039 7ff61771c77b 17037->17039 17038->17039 17040 7ff61771c698 17038->17040 17041 7ff617709a80 _wfindfirst32i64 8 API calls 17039->17041 17048 7ff61771d2f4 17040->17048 17043 7ff61771c814 17041->17043 17043->17019 17047 7ff617721ef8 37 API calls 17047->17039 17049 7ff61770d630 33 API calls 17048->17049 17050 7ff61771d336 17049->17050 17051 7ff617719e98 _fread_nolock MultiByteToWideChar 17050->17051 17053 7ff61771d36c 17051->17053 17052 7ff61771d373 17054 7ff617709a80 _wfindfirst32i64 8 API calls 17052->17054 17053->17052 17055 7ff617717cac _fread_nolock 14 API calls 17053->17055 17057 7ff61771d398 memcpy_s 17053->17057 17056 7ff61771c70f 17054->17056 17055->17057 17063 7ff617721ef8 17056->17063 17058 7ff617719e98 _fread_nolock MultiByteToWideChar 17057->17058 17059 7ff61771d430 17057->17059 17060 7ff61771d412 17058->17060 17059->17052 17061 7ff617715870 __free_lconv_num 13 API calls 17059->17061 17060->17059 17062 7ff61771d416 GetStringTypeW 17060->17062 17061->17052 17062->17059 17064 7ff61770d630 33 API calls 17063->17064 17065 7ff617721f1d 17064->17065 17068 7ff617721be0 17065->17068 17069 7ff617721c22 17068->17069 17070 7ff617719e98 _fread_nolock MultiByteToWideChar 17069->17070 17073 7ff617721c6c 17070->17073 17071 7ff617721eab 17072 7ff617709a80 _wfindfirst32i64 8 API calls 17071->17072 17074 7ff61771c742 17072->17074 17073->17071 17075 7ff617717cac _fread_nolock 14 API calls 17073->17075 17078 7ff617721c9f 17073->17078 17074->17047 17075->17078 17076 7ff617719e98 _fread_nolock MultiByteToWideChar 17077 7ff617721d11 17076->17077 17079 7ff617721da3 17077->17079 17096 7ff6177181dc 17077->17096 17078->17076 17078->17079 17079->17071 17081 7ff617715870 __free_lconv_num 13 API calls 17079->17081 17081->17071 17083 7ff617721d60 17083->17079 17086 7ff6177181dc __crtLCMapStringW 6 API calls 17083->17086 17084 7ff617721db2 17085 7ff617717cac _fread_nolock 14 API calls 17084->17085 17087 7ff617721dcc 17084->17087 17085->17087 17086->17079 17087->17079 17088 7ff6177181dc __crtLCMapStringW 6 API calls 17087->17088 17090 7ff617721e4d 17088->17090 17089 7ff617721e82 17089->17079 17091 7ff617715870 __free_lconv_num 13 API calls 17089->17091 17090->17089 17102 7ff61771a678 17090->17102 17091->17079 17097 7ff617717d0c try_get_function 5 API calls 17096->17097 17098 7ff61771821a 17097->17098 17100 7ff61771821f 17098->17100 17105 7ff6177182b8 17098->17105 17100->17079 17100->17083 17100->17084 17101 7ff61771827b LCMapStringW 17101->17100 17104 7ff61771a69b WideCharToMultiByte 17102->17104 17106 7ff617717d0c try_get_function 5 API calls 17105->17106 17107 7ff6177182e6 __crtLCMapStringW 17106->17107 17107->17101 17110 7ff617720728 17109->17110 17111 7ff617720711 17109->17111 17110->17111 17113 7ff617720736 17110->17113 17112 7ff617715850 _get_daylight 13 API calls 17111->17112 17114 7ff617720716 17112->17114 17116 7ff61770d630 33 API calls 17113->17116 17117 7ff617720721 17113->17117 17115 7ff617715730 _invalid_parameter_noinfo 30 API calls 17114->17115 17115->17117 17116->17117 17117->16829 17119 7ff61770d630 33 API calls 17118->17119 17120 7ff617723285 17119->17120 17123 7ff617722f00 17120->17123 17127 7ff617722f4a 17123->17127 17124 7ff617722fd5 17125 7ff617709a80 _wfindfirst32i64 8 API calls 17124->17125 17126 7ff6177215d9 17125->17126 17126->16829 17126->16831 17127->17124 17128 7ff617722fd1 17127->17128 17130 7ff617722fbc GetCPInfo 17127->17130 17128->17124 17129 7ff617719e98 _fread_nolock MultiByteToWideChar 17128->17129 17132 7ff617723069 17129->17132 17130->17124 17130->17128 17131 7ff61772309c 17134 7ff617719e98 _fread_nolock MultiByteToWideChar 17131->17134 17135 7ff617723219 17131->17135 17132->17124 17132->17131 17133 7ff617717cac _fread_nolock 14 API calls 17132->17133 17133->17131 17136 7ff61772310b 17134->17136 17135->17124 17138 7ff617715870 __free_lconv_num 13 API calls 17135->17138 17136->17135 17137 7ff617719e98 _fread_nolock MultiByteToWideChar 17136->17137 17139 7ff617723131 17137->17139 17138->17124 17139->17135 17140 7ff617717cac _fread_nolock 14 API calls 17139->17140 17141 7ff61772315a 17139->17141 17140->17141 17142 7ff617719e98 _fread_nolock MultiByteToWideChar 17141->17142 17144 7ff6177231fd 17141->17144 17143 7ff6177231cb 17142->17143 17143->17144 17147 7ff617717f70 17143->17147 17144->17135 17145 7ff617715870 __free_lconv_num 13 API calls 17144->17145 17145->17135 17148 7ff617717d0c try_get_function 5 API calls 17147->17148 17149 7ff617717fae 17148->17149 17150 7ff6177182b8 __crtLCMapStringW 5 API calls 17149->17150 17151 7ff617717fb3 17149->17151 17152 7ff61771800f CompareStringW 17150->17152 17151->17144 17152->17151 17154 7ff617721fca HeapSize 17153->17154 17155 7ff617721fb1 17153->17155 17156 7ff617715850 _get_daylight 13 API calls 17155->17156 17157 7ff617721fb6 17156->17157 17158 7ff617715730 _invalid_parameter_noinfo 30 API calls 17157->17158 17159 7ff617721fc1 17158->17159 17159->16836 17161 7ff617721ff9 17160->17161 17162 7ff617722003 17160->17162 17163 7ff617717cac _fread_nolock 14 API calls 17161->17163 17164 7ff617722008 17162->17164 17170 7ff61772200f _invalid_parameter_noinfo 17162->17170 17168 7ff617722001 17163->17168 17165 7ff617715870 __free_lconv_num 13 API calls 17164->17165 17165->17168 17166 7ff617722042 HeapReAlloc 17166->17168 17166->17170 17167 7ff617722015 17169 7ff617715850 _get_daylight 13 API calls 17167->17169 17168->16839 17169->17168 17170->17166 17170->17167 17171 7ff61771da14 _invalid_parameter_noinfo 2 API calls 17170->17171 17171->17170 17173 7ff617722e69 __crtLCMapStringW 17172->17173 17174 7ff617717f70 6 API calls 17173->17174 17175 7ff6177214c2 17173->17175 17174->17175 17175->16888 17175->16889

                              Executed Functions

                              Function 00007FF61771FE60 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 280timeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 160 7ff61771fe60-7ff61771fea0 call 7ff61771f7f0 call 7ff61771f7f8 call 7ff61771f860 167 7ff61771fea6-7ff61771feb1 call 7ff61771f800 160->167 168 7ff6177200de-7ff617720129 call 7ff617715750 call 7ff61771f7f0 call 7ff61771f7f8 call 7ff61771f860 160->168 167->168 173 7ff61771feb7-7ff61771fec1 167->173 193 7ff617720267-7ff6177202d5 call 7ff617715750 call 7ff61771bb48 168->193 194 7ff61772012f-7ff61772013a call 7ff61771f800 168->194 176 7ff61771fee7-7ff61771feeb 173->176 177 7ff61771fec3-7ff61771fec6 173->177 180 7ff61771feee-7ff61771fef6 176->180 179 7ff61771fec9-7ff61771fed4 177->179 182 7ff61771fed6-7ff61771fedd 179->182 183 7ff61771fedf-7ff61771fee1 179->183 180->180 184 7ff61771fef8-7ff61771ff0b call 7ff617717cac 180->184 182->179 182->183 183->176 186 7ff6177200c9-7ff6177200dd 183->186 191 7ff6177200c1-7ff6177200c4 call 7ff617715870 184->191 192 7ff61771ff11-7ff61771ff23 call 7ff617715870 184->192 191->186 200 7ff61771ff2a-7ff61771ff32 192->200 214 7ff6177202d7-7ff6177202dc 193->214 215 7ff6177202de-7ff6177202e1 193->215 194->193 204 7ff617720140-7ff61772014b call 7ff61771f830 194->204 200->200 203 7ff61771ff34-7ff61771ff42 call 7ff61771aebc 200->203 203->168 212 7ff61771ff48-7ff61771ffa1 call 7ff61770b060 * 4 call 7ff61771fd7c 203->212 204->193 213 7ff617720151-7ff617720174 call 7ff617715870 GetTimeZoneInformation 204->213 272 7ff61771ffa3-7ff61771ffa7 212->272 230 7ff61772017a-7ff61772019b 213->230 231 7ff61772023c-7ff617720266 call 7ff61771f7e8 call 7ff61771f7d8 call 7ff61771f7e0 213->231 216 7ff61772032f-7ff617720341 214->216 219 7ff6177202e8-7ff6177202fb call 7ff617717cac 215->219 220 7ff6177202e3-7ff6177202e6 215->220 222 7ff617720343-7ff617720346 216->222 223 7ff617720352 call 7ff6177200f4 216->223 234 7ff617720306-7ff617720321 call 7ff61771bb48 219->234 235 7ff6177202fd 219->235 220->216 222->223 227 7ff617720348-7ff617720350 call 7ff61771fe60 222->227 238 7ff617720357-7ff617720383 call 7ff617715870 call 7ff617709a80 223->238 227->238 232 7ff6177201a6-7ff6177201ad 230->232 233 7ff61772019d-7ff6177201a3 230->233 240 7ff6177201af-7ff6177201b7 232->240 241 7ff6177201c1 232->241 233->232 258 7ff617720328 234->258 259 7ff617720323-7ff617720326 234->259 242 7ff6177202ff-7ff617720304 call 7ff617715870 235->242 240->241 248 7ff6177201b9-7ff6177201bf 240->248 250 7ff6177201c3-7ff617720237 call 7ff61770b060 * 4 call 7ff61771cfbc call 7ff617720384 * 2 241->250 242->220 248->250 250->231 258->216 264 7ff61772032a call 7ff617715870 258->264 259->242 264->216 274 7ff61771ffa9 272->274 275 7ff61771ffad-7ff61771ffb1 272->275 274->275 275->272 277 7ff61771ffb3-7ff61771ffda call 7ff617718470 275->277 283 7ff61771ffdd-7ff61771ffe1 277->283 285 7ff61771fff0-7ff61771fff4 283->285 286 7ff61771ffe3-7ff61771ffee 283->286 285->283 286->285 289 7ff61771fff6-7ff61771fffa 286->289 291 7ff61772007b-7ff617720080 289->291 292 7ff61771fffc-7ff617720024 call 7ff617718470 289->292 293 7ff617720087-7ff617720094 291->293 294 7ff617720082-7ff617720084 291->294 300 7ff617720026 292->300 301 7ff617720042-7ff617720046 292->301 296 7ff617720096-7ff6177200ad call 7ff61771fd7c 293->296 297 7ff6177200b0-7ff6177200bf call 7ff61771f7e8 call 7ff61771f7d8 293->297 294->293 296->297 297->191 304 7ff617720029-7ff617720030 300->304 301->291 306 7ff617720048-7ff617720066 call 7ff617718470 301->306 304->301 307 7ff617720032-7ff617720040 304->307 312 7ff617720072-7ff617720079 306->312 307->301 307->304 312->291 313 7ff617720068-7ff61772006c 312->313 313->291 314 7ff61772006e 313->314 314->312
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                              • String ID: Eastern Standard Time$Eastern Summer Time
                              • API String ID: 435049134-239921721
                              • Opcode ID: 7926fffbcd92fb7f0d61bd8eaa1d345db742b531728ad10996b80f461cf94914
                              • Instruction ID: 59b247264c0a68e59dcc1bd41d2b5bd752aa64d1a37698b1b0d48f18457effe5
                              • Opcode Fuzzy Hash: 7926fffbcd92fb7f0d61bd8eaa1d345db742b531728ad10996b80f461cf94914
                              • Instruction Fuzzy Hash: 2EB1C026B18A4286E720DF22D8605BAA761FF84FA4F444135EE5DC7A97EF3CE449C740
                              Function 00007FF6177054E0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              • GetTempPathW.KERNEL32(00000000,00000000,?,00007FF6177054AD), ref: 00007FF61770557A
                              • GetCurrentProcessId.KERNEL32(?,00007FF6177054AD), ref: 00007FF617705580
                                • Part of subcall function 00007FF6177056F0: GetEnvironmentVariableW.KERNEL32(00007FF6177028BA), ref: 00007FF61770572A
                                • Part of subcall function 00007FF6177056F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF617705747
                                • Part of subcall function 00007FF617712068: _invalid_parameter_noinfo.LIBCMT ref: 00007FF617712081
                              • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF617705631
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Environment$Variable$CurrentExpandPathProcessStringsTemp_invalid_parameter_noinfo
                              • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                              • API String ID: 1556224225-1116378104
                              • Opcode ID: 345b8c05ce7d44c837a7ddcadc812cc1679a359c2669e3434ed96b0893632256
                              • Instruction ID: 3f34ec6d0dd01a61b061cf5fa0695cd84dd18730052784d8ff8a01a156c69b5a
                              • Opcode Fuzzy Hash: 345b8c05ce7d44c837a7ddcadc812cc1679a359c2669e3434ed96b0893632256
                              • Instruction Fuzzy Hash: 43519D51B19E4340FA54E732AA656BA92919F8AFF0F540034ED4EC7B97EE2EE00D8740
                              Function 00007FF6177200F4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149timeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 658 7ff6177200f4-7ff617720129 call 7ff61771f7f0 call 7ff61771f7f8 call 7ff61771f860 665 7ff617720267-7ff6177202d5 call 7ff617715750 call 7ff61771bb48 658->665 666 7ff61772012f-7ff61772013a call 7ff61771f800 658->666 678 7ff6177202d7-7ff6177202dc 665->678 679 7ff6177202de-7ff6177202e1 665->679 666->665 671 7ff617720140-7ff61772014b call 7ff61771f830 666->671 671->665 677 7ff617720151-7ff617720174 call 7ff617715870 GetTimeZoneInformation 671->677 691 7ff61772017a-7ff61772019b 677->691 692 7ff61772023c-7ff617720266 call 7ff61771f7e8 call 7ff61771f7d8 call 7ff61771f7e0 677->692 680 7ff61772032f-7ff617720341 678->680 682 7ff6177202e8-7ff6177202fb call 7ff617717cac 679->682 683 7ff6177202e3-7ff6177202e6 679->683 685 7ff617720343-7ff617720346 680->685 686 7ff617720352 call 7ff6177200f4 680->686 695 7ff617720306-7ff617720321 call 7ff61771bb48 682->695 696 7ff6177202fd 682->696 683->680 685->686 689 7ff617720348-7ff617720350 call 7ff61771fe60 685->689 699 7ff617720357-7ff617720383 call 7ff617715870 call 7ff617709a80 686->699 689->699 693 7ff6177201a6-7ff6177201ad 691->693 694 7ff61772019d-7ff6177201a3 691->694 700 7ff6177201af-7ff6177201b7 693->700 701 7ff6177201c1 693->701 694->693 716 7ff617720328 695->716 717 7ff617720323-7ff617720326 695->717 702 7ff6177202ff-7ff617720304 call 7ff617715870 696->702 700->701 707 7ff6177201b9-7ff6177201bf 700->707 709 7ff6177201c3-7ff617720237 call 7ff61770b060 * 4 call 7ff61771cfbc call 7ff617720384 * 2 701->709 702->683 707->709 709->692 716->680 721 7ff61772032a call 7ff617715870 716->721 717->702 721->680
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _get_daylight_invalid_parameter_noinfo$InformationLanguagesPreferredRestoreThreadTimeZone
                              • String ID: Eastern Standard Time$Eastern Summer Time
                              • API String ID: 1896592209-239921721
                              • Opcode ID: 27aa70a0de4e12fa5301b8ae42f5d465542245741182a0eb01e9cb667ff60a3c
                              • Instruction ID: b80d92801bc5d8d324061c701c141ee61ee8545e4a17d44e190f4e6d0873b4c1
                              • Opcode Fuzzy Hash: 27aa70a0de4e12fa5301b8ae42f5d465542245741182a0eb01e9cb667ff60a3c
                              • Instruction Fuzzy Hash: 23618D32A18A4286E720DF31E8915A9A761FF48FA4F844136EE5DC3A97DF3CE408C750
                              Function 00007FF61771AF24 Relevance: 1.9, APIs: 1, Instructions: 439COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 91d134c85f57d0cbb245767cbb3180c959f54b551f3ec4ab118eed46b5b4efce
                              • Instruction ID: 8093c964bf0a9a78506049b525ca9587d32babf7600293945449f09e7a307135
                              • Opcode Fuzzy Hash: 91d134c85f57d0cbb245767cbb3180c959f54b551f3ec4ab118eed46b5b4efce
                              • Instruction Fuzzy Hash: E202D121B1EE4681FA24AB11982027967B4AF01FB0F594739DD6DC77E3EE7CE8099300
                              Function 00007FF617701790 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 198COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 7ff617701790-7ff6177017b1 1 7ff6177017b3-7ff6177017be call 7ff617702d90 0->1 2 7ff6177017d2-7ff6177017e8 call 7ff61770c998 0->2 5 7ff6177017c3-7ff6177017cc 1->5 8 7ff6177017ee-7ff6177017fe call 7ff61770c1c0 2->8 9 7ff6177018b6-7ff6177018c1 call 7ff61770c984 2->9 5->2 7 7ff6177018e8-7ff6177018ed 5->7 11 7ff617701a54-7ff617701a6c 7->11 8->9 15 7ff617701804-7ff617701813 call 7ff61770c698 8->15 9->7 16 7ff6177018c3-7ff6177018d3 call 7ff61770c1c0 9->16 15->9 21 7ff617701819 15->21 22 7ff6177018d5-7ff6177018e3 call 7ff617701c30 16->22 23 7ff6177018f2-7ff61770190b call 7ff61770bef0 16->23 24 7ff617701820-7ff617701839 21->24 22->7 30 7ff61770190d 23->30 31 7ff61770192a-7ff617701986 call 7ff61770c1c0 call 7ff61770c998 23->31 28 7ff61770189e-7ff6177018ab call 7ff61770c984 24->28 29 7ff61770183b-7ff61770184b call 7ff61770c1c0 24->29 28->11 29->28 40 7ff61770184d-7ff61770185b call 7ff61770bef0 29->40 34 7ff617701914-7ff617701925 call 7ff617701c30 30->34 46 7ff6177019a5-7ff6177019be call 7ff61770bef0 31->46 47 7ff617701988-7ff6177019a0 call 7ff617701c30 31->47 34->11 45 7ff617701860-7ff617701863 40->45 45->28 48 7ff617701865-7ff61770186c 45->48 56 7ff6177019c0-7ff6177019c7 46->56 57 7ff6177019cc-7ff6177019e2 call 7ff61770bc64 46->57 47->11 50 7ff617701895-7ff61770189c 48->50 51 7ff61770186e-7ff61770187f 48->51 50->24 50->28 54 7ff617701882-7ff617701885 51->54 58 7ff61770188c-7ff617701893 54->58 59 7ff617701887-7ff61770188a 54->59 56->34 63 7ff6177019e4-7ff6177019f5 call 7ff617701c70 57->63 64 7ff6177019f7-7ff6177019ff 57->64 58->50 58->54 59->58 61 7ff6177018b0-7ff6177018b3 59->61 61->9 63->11 66 7ff617701a42-7ff617701a48 64->66 67 7ff617701a01-7ff617701a2c 64->67 71 7ff617701a52 66->71 72 7ff617701a4a call 7ff61770bbd4 66->72 69 7ff617701a2e-7ff617701a32 67->69 70 7ff617701a36-7ff617701a3d call 7ff617701c70 67->70 69->67 73 7ff617701a34 69->73 70->66 71->11 76 7ff617701a4f 72->76 73->66 76->71
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _fread_nolock
                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                              • API String ID: 840049012-1463511288
                              • Opcode ID: 19d28ec0a33a4c4da871a49a77138139b9f167b4ae1656981c51bab15768784b
                              • Instruction ID: 6d54b1933403424449b2d75677661ab99d49da57e827241c6ec1fda86badb472
                              • Opcode Fuzzy Hash: 19d28ec0a33a4c4da871a49a77138139b9f167b4ae1656981c51bab15768784b
                              • Instruction Fuzzy Hash: DC817B72B19A4296EA14DB25E5402BC63A1FF06FA0F548531EE1DC3BD3DF3AE5698700
                              Function 00007FF617701430 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 77 7ff617701430-7ff617701447 call 7ff617705480 80 7ff617701452-7ff617701475 call 7ff6177057a0 77->80 81 7ff617701449-7ff617701451 77->81 84 7ff617701497-7ff61770149d 80->84 85 7ff617701477-7ff617701492 call 7ff617701c30 80->85 86 7ff6177014d0-7ff6177014e4 call 7ff61770c1c0 84->86 87 7ff61770149f-7ff6177014aa call 7ff617702d90 84->87 92 7ff617701625-7ff617701637 85->92 96 7ff617701506-7ff61770150a 86->96 97 7ff6177014e6-7ff617701501 call 7ff617701c30 86->97 93 7ff6177014af-7ff6177014b5 87->93 93->86 95 7ff6177014b7-7ff6177014cb call 7ff617701c70 93->95 108 7ff617701607-7ff61770160d 95->108 100 7ff617701524-7ff617701544 call 7ff61770c998 96->100 101 7ff61770150c-7ff617701518 call 7ff617701040 96->101 97->108 109 7ff617701565-7ff61770156b 100->109 110 7ff617701546-7ff617701560 call 7ff617701c30 100->110 106 7ff61770151d-7ff61770151f 101->106 106->108 111 7ff61770160f call 7ff61770bbd4 108->111 112 7ff61770161b-7ff61770161e call 7ff61770bbd4 108->112 115 7ff6177015f5-7ff6177015f8 call 7ff61770c984 109->115 116 7ff617701571-7ff617701576 109->116 123 7ff6177015fd-7ff617701602 110->123 122 7ff617701614 111->122 118 7ff617701623 112->118 115->123 121 7ff617701580-7ff6177015a2 call 7ff61770bef0 116->121 118->92 126 7ff6177015d5-7ff6177015dc 121->126 127 7ff6177015a4-7ff6177015bc call 7ff61770c8f8 121->127 122->112 123->108 128 7ff6177015e3-7ff6177015eb call 7ff617701c30 126->128 132 7ff6177015c5-7ff6177015d3 127->132 133 7ff6177015be-7ff6177015c1 127->133 136 7ff6177015f0 128->136 132->128 133->121 135 7ff6177015c3 133->135 135->136 136->115
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                              • API String ID: 0-666925554
                              • Opcode ID: eeae7c0edcf92e7d322bd55c91c44ed42b543812a2d872d4e1c45028997d05b1
                              • Instruction ID: 828cefa0a94ee87f06ebf3fb6c0e2f55e684910a5a9418b2046dcca54f6b4f48
                              • Opcode Fuzzy Hash: eeae7c0edcf92e7d322bd55c91c44ed42b543812a2d872d4e1c45028997d05b1
                              • Instruction Fuzzy Hash: 10518C61B18E4281EA10DB25E4446BD6361AF46FF8F544531EE1EC77A7EE3EE50D8300
                              Function 00007FF617706560 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                              • String ID: D:(A;;FA;;;%s)$S-1-3-4
                              • API String ID: 4998090-2855260032
                              • Opcode ID: 934a40d539d61d22322c14c41d09098e20338d92e71b9f2e771ab2188d75e782
                              • Instruction ID: 964bed46eca84f1711292ba9b2ace31557abe892235d23ecaf1819174f5e3f5d
                              • Opcode Fuzzy Hash: 934a40d539d61d22322c14c41d09098e20338d92e71b9f2e771ab2188d75e782
                              • Instruction Fuzzy Hash: 50415131618E8282E7509B61E8546AAB360FF85BB4F540231EE6EC66D6DF3DD54CCB40
                              Function 00007FF617720DCC Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 385 7ff617720dcc-7ff617720e3f call 7ff617720afc 388 7ff617720e59-7ff617720e63 call 7ff6177126b0 385->388 389 7ff617720e41-7ff617720e4a call 7ff617715830 385->389 395 7ff617720e7e-7ff617720ee7 CreateFileW 388->395 396 7ff617720e65-7ff617720e7c call 7ff617715830 call 7ff617715850 388->396 394 7ff617720e4d-7ff617720e54 call 7ff617715850 389->394 408 7ff617721192-7ff6177211b2 394->408 399 7ff617720ee9-7ff617720eef 395->399 400 7ff617720f64-7ff617720f6f GetFileType 395->400 396->394 405 7ff617720f31-7ff617720f5f GetLastError call 7ff6177157e0 399->405 406 7ff617720ef1-7ff617720ef5 399->406 402 7ff617720f71-7ff617720fac GetLastError call 7ff6177157e0 CloseHandle 400->402 403 7ff617720fc2-7ff617720fc9 400->403 402->394 419 7ff617720fb2-7ff617720fbd call 7ff617715850 402->419 411 7ff617720fcb-7ff617720fcf 403->411 412 7ff617720fd1-7ff617720fd4 403->412 405->394 406->405 413 7ff617720ef7-7ff617720f2f CreateFileW 406->413 417 7ff617720fda-7ff61772102b call 7ff6177125c8 411->417 412->417 418 7ff617720fd6 412->418 413->400 413->405 423 7ff61772104a-7ff61772107a call 7ff617720868 417->423 424 7ff61772102d-7ff617721039 call 7ff617720d08 417->424 418->417 419->394 431 7ff61772103d-7ff617721045 call 7ff6177159c8 423->431 432 7ff61772107c-7ff6177210bf 423->432 424->423 430 7ff61772103b 424->430 430->431 431->408 434 7ff6177210e1-7ff6177210ec 432->434 435 7ff6177210c1-7ff6177210c5 432->435 438 7ff617721190 434->438 439 7ff6177210f2-7ff6177210f6 434->439 435->434 437 7ff6177210c7-7ff6177210dc 435->437 437->434 438->408 439->438 440 7ff6177210fc-7ff617721141 CloseHandle CreateFileW 439->440 441 7ff617721176-7ff61772118b 440->441 442 7ff617721143-7ff617721171 GetLastError call 7ff6177157e0 call 7ff6177127f0 440->442 441->438 442->441
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                              • String ID:
                              • API String ID: 1330151763-0
                              • Opcode ID: eccfba207a59d3cee0f3233f3982c820af0bdd3ec00bb8bdfca65c5d96ff0363
                              • Instruction ID: 613a0ff6670f39444eea4e0370520c7c390d0790562a92b0c9a6487c9a867a1e
                              • Opcode Fuzzy Hash: eccfba207a59d3cee0f3233f3982c820af0bdd3ec00bb8bdfca65c5d96ff0363
                              • Instruction Fuzzy Hash: F0C19D36B28E4686EB14DF75D4902AC3771FB48BA8F104229DE2E97796DF38D55AC300
                              Function 00007FF617701040 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 447 7ff617701040-7ff61770109b call 7ff617708770 450 7ff6177010c3-7ff6177010db call 7ff61770c998 447->450 451 7ff61770109d-7ff6177010c2 call 7ff617701c70 447->451 456 7ff6177010dd-7ff6177010f4 call 7ff617701c30 450->456 457 7ff6177010f9-7ff617701109 call 7ff61770c998 450->457 464 7ff61770125c-7ff617701271 call 7ff617708460 call 7ff61770c984 * 2 456->464 462 7ff61770110b-7ff617701122 call 7ff617701c30 457->462 463 7ff617701127-7ff617701137 457->463 462->464 466 7ff617701140-7ff617701165 call 7ff61770bef0 463->466 480 7ff617701276-7ff617701290 464->480 473 7ff61770124e 466->473 474 7ff61770116b-7ff617701175 call 7ff61770bc64 466->474 476 7ff617701254 473->476 474->473 481 7ff61770117b-7ff617701187 474->481 476->464 482 7ff617701190-7ff6177011b8 call 7ff617706c30 481->482 485 7ff617701231-7ff61770124c call 7ff617701c70 482->485 486 7ff6177011ba-7ff6177011bd 482->486 485->476 488 7ff6177011bf-7ff6177011c9 486->488 489 7ff61770122c 486->489 490 7ff6177011f3-7ff6177011f6 488->490 491 7ff6177011cb-7ff6177011d8 call 7ff61770c8f8 488->491 489->485 494 7ff617701209-7ff61770120e 490->494 495 7ff6177011f8-7ff617701206 call 7ff61770a790 490->495 496 7ff6177011dd-7ff6177011e0 491->496 494->482 498 7ff617701210-7ff617701213 494->498 495->494 499 7ff6177011e2-7ff6177011ec call 7ff61770bc64 496->499 500 7ff6177011ee-7ff6177011f1 496->500 502 7ff617701215-7ff617701218 498->502 503 7ff617701227-7ff61770122a 498->503 499->494 499->500 500->485 502->485 505 7ff61770121a-7ff617701222 502->505 503->476 505->466
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                              • API String ID: 0-1060636955
                              • Opcode ID: 3a8ead27f8925f5f64af8c0d185a79718a41d622cc2084a478c664cf4c2ceb7c
                              • Instruction ID: c61838448648bf07468aacff922cd43bae202fc22468be7a1a157aa792bb16d9
                              • Opcode Fuzzy Hash: 3a8ead27f8925f5f64af8c0d185a79718a41d622cc2084a478c664cf4c2ceb7c
                              • Instruction Fuzzy Hash: 9851BE22B09E8285EA609B21E4403BE6291FF86FA4F544135EE5EC7797EE3DE54DC700
                              Function 00007FF617705CD0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                                • Part of subcall function 00007FF6177068B0: MultiByteToWideChar.KERNEL32(00007FF61770571C,00007FF6177028BA), ref: 00007FF6177068EA
                                • Part of subcall function 00007FF617712CF8: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF617714A8C), ref: 00007FF617712D65
                                • Part of subcall function 00007FF617712CF8: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF617714A8C), ref: 00007FF617712D80
                              • GetStartupInfoW.KERNEL32 ref: 00007FF617705D57
                                • Part of subcall function 00007FF6177149EC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF617714A00
                                • Part of subcall function 00007FF6177128AC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF617712913
                              • GetCommandLineW.KERNEL32 ref: 00007FF617705DDF
                              • CreateProcessW.KERNELBASE ref: 00007FF617705E21
                              • WaitForSingleObject.KERNEL32 ref: 00007FF617705E35
                              • GetExitCodeProcess.KERNEL32 ref: 00007FF617705E45
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                              • String ID: CreateProcessW$Error creating child process!
                              • API String ID: 1742298069-3524285272
                              • Opcode ID: 78be9020f0eb94c7fd96e608d743dfc682eb13f2774208791c5f1b7df5354e4a
                              • Instruction ID: 06ac28e072d1225d5b31258d8728db7e7b818f39af0ad561822927a760282ccf
                              • Opcode Fuzzy Hash: 78be9020f0eb94c7fd96e608d743dfc682eb13f2774208791c5f1b7df5354e4a
                              • Instruction Fuzzy Hash: 04414232A0CB8182D720DB64E4556AEB3A0FF95B60F500135EA9E87A97DF7CD458CB40
                              Function 00007FF6177162AC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 545 7ff6177162ac-7ff6177162d2 546 7ff6177162ed-7ff6177162f1 545->546 547 7ff6177162d4-7ff6177162e8 call 7ff617715830 call 7ff617715850 545->547 549 7ff6177162f7-7ff6177162fe 546->549 550 7ff6177166d0-7ff6177166dc call 7ff617715830 call 7ff617715850 546->550 565 7ff6177166e7 547->565 549->550 551 7ff617716304-7ff617716336 549->551 568 7ff6177166e2 call 7ff617715730 550->568 551->550 554 7ff61771633c-7ff617716343 551->554 557 7ff61771635c-7ff61771635f 554->557 558 7ff617716345-7ff617716357 call 7ff617715830 call 7ff617715850 554->558 563 7ff6177166cc-7ff6177166ce 557->563 564 7ff617716365-7ff617716367 557->564 558->568 566 7ff6177166ea-7ff617716701 563->566 564->563 569 7ff61771636d-7ff617716370 564->569 565->566 568->565 569->558 572 7ff617716372-7ff617716398 569->572 574 7ff6177163d7-7ff6177163df 572->574 575 7ff61771639a-7ff61771639d 572->575 576 7ff6177163a9-7ff6177163c0 call 7ff617715830 call 7ff617715850 call 7ff617715730 574->576 577 7ff6177163e1-7ff617716409 call 7ff617717cac call 7ff617715870 * 2 574->577 578 7ff61771639f-7ff6177163a7 575->578 579 7ff6177163c5-7ff6177163d2 575->579 608 7ff617716560 576->608 610 7ff617716426-7ff617716457 call 7ff617716a04 577->610 611 7ff61771640b-7ff617716421 call 7ff617715850 call 7ff617715830 577->611 578->576 578->579 580 7ff61771645b-7ff61771646e 579->580 583 7ff6177164ea-7ff6177164f4 call 7ff61771dbec 580->583 584 7ff617716470-7ff617716478 580->584 595 7ff6177164fa-7ff61771650f 583->595 596 7ff61771657e 583->596 584->583 589 7ff61771647a-7ff61771647c 584->589 589->583 593 7ff61771647e-7ff617716495 589->593 593->583 598 7ff617716497-7ff6177164a3 593->598 595->596 600 7ff617716511-7ff617716523 GetConsoleMode 595->600 604 7ff617716583-7ff6177165a3 ReadFile 596->604 598->583 602 7ff6177164a5-7ff6177164a7 598->602 600->596 607 7ff617716525-7ff61771652d 600->607 602->583 609 7ff6177164a9-7ff6177164c1 602->609 605 7ff617716696-7ff61771669f GetLastError 604->605 606 7ff6177165a9-7ff6177165b1 604->606 615 7ff6177166bc-7ff6177166bf 605->615 616 7ff6177166a1-7ff6177166b7 call 7ff617715850 call 7ff617715830 605->616 606->605 612 7ff6177165b7 606->612 607->604 614 7ff61771652f-7ff617716551 ReadConsoleW 607->614 617 7ff617716563-7ff61771656d call 7ff617715870 608->617 609->583 618 7ff6177164c3-7ff6177164cf 609->618 610->580 611->608 620 7ff6177165be-7ff6177165d3 612->620 622 7ff617716572-7ff61771657c 614->622 623 7ff617716553 GetLastError 614->623 627 7ff617716559-7ff61771655b call 7ff6177157e0 615->627 628 7ff6177166c5-7ff6177166c7 615->628 616->608 617->566 618->583 626 7ff6177164d1-7ff6177164d3 618->626 620->617 631 7ff6177165d5-7ff6177165e0 620->631 622->620 623->627 626->583 635 7ff6177164d5-7ff6177164e5 626->635 627->608 628->617 637 7ff617716607-7ff61771660f 631->637 638 7ff6177165e2-7ff6177165fb call 7ff617715e70 631->638 635->583 641 7ff617716611-7ff617716623 637->641 642 7ff617716684-7ff617716691 call 7ff617715c28 637->642 645 7ff617716600-7ff617716602 638->645 646 7ff617716677-7ff61771667f 641->646 647 7ff617716625 641->647 642->645 645->617 646->617 649 7ff61771662a-7ff617716631 647->649 650 7ff61771666d-7ff617716671 649->650 651 7ff617716633-7ff617716637 649->651 650->646 652 7ff617716639-7ff617716640 651->652 653 7ff617716653 651->653 652->653 655 7ff617716642-7ff617716646 652->655 654 7ff617716659-7ff617716669 653->654 654->649 656 7ff61771666b 654->656 655->653 657 7ff617716648-7ff617716651 655->657 656->646 657->654
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 6da1cf200132f4bea2326a7f02dc7d67121c7af1e14d5f9f4ef9d9c51e0ba55f
                              • Instruction ID: 49c8e951397e4407204776fd855987702fbfe8131bc96cdcc246cf932268651f
                              • Opcode Fuzzy Hash: 6da1cf200132f4bea2326a7f02dc7d67121c7af1e14d5f9f4ef9d9c51e0ba55f
                              • Instruction Fuzzy Hash: 3EC1C022A0CF8681E7619B2590602BE6BB0EB80FA4F594135DE4EC7797CE7CE85DC740
                              Function 00007FF6177175EC Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 735 7ff6177175ec-7ff617717611 736 7ff617717617-7ff61771761a 735->736 737 7ff6177178b5 735->737 738 7ff61771763b-7ff617717662 736->738 739 7ff61771761c-7ff617717636 call 7ff617715830 call 7ff617715850 call 7ff617715730 736->739 740 7ff6177178b7-7ff6177178ce 737->740 741 7ff61771766d-7ff617717673 738->741 742 7ff617717664-7ff61771766b 738->742 739->740 744 7ff617717683-7ff617717691 call 7ff61771dbec 741->744 745 7ff617717675-7ff61771767e call 7ff617716a04 741->745 742->739 742->741 753 7ff617717697-7ff6177176a7 744->753 754 7ff6177177a2-7ff6177177b2 744->754 745->744 753->754 758 7ff6177176ad-7ff6177176c0 call 7ff617718b38 753->758 756 7ff617717801-7ff617717826 WriteFile 754->756 757 7ff6177177b4-7ff6177177b9 754->757 759 7ff617717828-7ff61771782e GetLastError 756->759 760 7ff617717831 756->760 761 7ff6177177bb-7ff6177177be 757->761 762 7ff6177177ed-7ff6177177ff call 7ff617717170 757->762 770 7ff6177176d8-7ff6177176f4 GetConsoleMode 758->770 771 7ff6177176c2-7ff6177176d2 758->771 759->760 764 7ff617717834 760->764 765 7ff6177177d9-7ff6177177eb call 7ff617717390 761->765 766 7ff6177177c0-7ff6177177c3 761->766 776 7ff617717796-7ff61771779d 762->776 772 7ff617717839 764->772 765->776 773 7ff61771783e-7ff617717848 766->773 774 7ff6177177c5-7ff6177177d7 call 7ff617717274 766->774 770->754 777 7ff6177176fa-7ff6177176fd 770->777 771->754 771->770 772->773 778 7ff61771784a-7ff61771784f 773->778 779 7ff6177178ae-7ff6177178b3 773->779 774->776 776->772 782 7ff617717703-7ff61771770a 777->782 783 7ff617717784-7ff617717791 call 7ff617716c84 777->783 784 7ff61771787e-7ff61771788f 778->784 785 7ff617717851-7ff617717854 778->785 779->740 782->773 788 7ff617717710-7ff61771771e 782->788 783->776 789 7ff617717896-7ff6177178a6 call 7ff617715850 call 7ff617715830 784->789 790 7ff617717891-7ff617717894 784->790 791 7ff617717856-7ff617717866 call 7ff617715850 call 7ff617715830 785->791 792 7ff617717871-7ff617717879 call 7ff6177157e0 785->792 788->764 794 7ff617717724 788->794 789->779 790->737 790->789 791->792 792->784 798 7ff617717727-7ff61771773e call 7ff61771dcb8 794->798 807 7ff617717776-7ff61771777f GetLastError 798->807 808 7ff617717740-7ff61771774a 798->808 807->764 809 7ff617717767-7ff61771776e 808->809 810 7ff61771774c-7ff61771775e call 7ff61771dcb8 808->810 809->764 812 7ff617717774 809->812 810->807 814 7ff617717760-7ff617717765 810->814 812->798 814->809
                              APIs
                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF61771762E
                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6177175AB,?,?,?,00007FF61771799E), ref: 00007FF6177176EC
                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6177175AB,?,?,?,00007FF61771799E), ref: 00007FF617717776
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 2210144848-0
                              • Opcode ID: e18f827d3883068ea42ff7be6241009b9d69548c514fabc03335d3842ec8a367
                              • Instruction ID: e561adccff4462abde673b814ff9bd997809bcc7e6c945c58fba92ce51cbef10
                              • Opcode Fuzzy Hash: e18f827d3883068ea42ff7be6241009b9d69548c514fabc03335d3842ec8a367
                              • Instruction Fuzzy Hash: 48819E22E18E5285F7109B6588606BCA7B0BB44FB8F944135DE0ED3B97DE3CE44AC790
                              Function 00007FF617701000 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 815 7ff617701000-7ff617702869 call 7ff61770bb48 call 7ff61770bb40 call 7ff6177063c0 call 7ff617709a10 call 7ff61770cb50 call 7ff617710a64 call 7ff617701b60 831 7ff61770290f 815->831 832 7ff61770286f-7ff61770287e call 7ff617702c80 815->832 833 7ff617702914-7ff617702939 call 7ff617709a80 831->833 832->831 838 7ff617702884-7ff617702897 call 7ff617702b50 832->838 838->831 841 7ff617702899-7ff6177028ac call 7ff617702c00 838->841 841->831 844 7ff6177028ae-7ff6177028e2 call 7ff6177056f0 call 7ff617705c90 call 7ff617701a70 841->844 851 7ff6177028e4-7ff6177028f5 call 7ff617701a70 844->851 852 7ff61770293a-7ff61770294b 844->852 851->852 861 7ff6177028f7-7ff61770290a call 7ff617701c70 851->861 853 7ff617702960-7ff617702978 call 7ff6177068b0 852->853 854 7ff61770294d-7ff617702957 call 7ff617702740 852->854 865 7ff61770297a-7ff617702986 call 7ff617701c70 853->865 866 7ff617702988-7ff61770298f SetDllDirectoryW 853->866 863 7ff617702995-7ff6177029a2 call 7ff617704c10 854->863 864 7ff617702959 854->864 861->831 871 7ff6177029a4-7ff6177029b4 call 7ff6177048f0 863->871 872 7ff6177029f0-7ff6177029f5 call 7ff617704b90 863->872 864->853 865->831 866->863 871->872 879 7ff6177029b6-7ff6177029c5 call 7ff6177044a0 871->879 875 7ff6177029fa-7ff6177029fd 872->875 877 7ff617702a03-7ff617702a0d 875->877 878 7ff617702aa6-7ff617702ab5 call 7ff617702550 875->878 880 7ff617702a10-7ff617702a1a 877->880 878->831 891 7ff617702abb-7ff617702af2 call 7ff617705c20 call 7ff6177056f0 call 7ff617704290 878->891 889 7ff6177029c7-7ff6177029d3 call 7ff617704430 879->889 890 7ff6177029e6-7ff6177029eb call 7ff617704710 879->890 883 7ff617702a23-7ff617702a25 880->883 884 7ff617702a1c-7ff617702a21 880->884 887 7ff617702a71-7ff617702aa1 call 7ff6177026b0 call 7ff6177022e0 call 7ff6177026a0 call 7ff617704710 call 7ff617704b90 883->887 888 7ff617702a27-7ff617702a4a call 7ff6177027b0 883->888 884->880 884->883 887->833 888->831 902 7ff617702a50-7ff617702a5a 888->902 889->890 903 7ff6177029d5-7ff6177029e4 call 7ff617704aa0 889->903 890->872 891->831 914 7ff617702af8-7ff617702b0b call 7ff6177027a0 call 7ff617705cd0 891->914 907 7ff617702a60-7ff617702a6f 902->907 903->875 907->887 907->907 922 7ff617702b10-7ff617702b2d call 7ff617704710 call 7ff617704b90 914->922 927 7ff617702b2f-7ff617702b32 call 7ff617705990 922->927 928 7ff617702b37-7ff617702b41 call 7ff617701b20 922->928 927->928 928->833
                              APIs
                                • Part of subcall function 00007FF617702C80: GetModuleFileNameW.KERNEL32(?,00007FF61770287C), ref: 00007FF617702CB1
                              • SetDllDirectoryW.KERNEL32 ref: 00007FF61770298F
                                • Part of subcall function 00007FF6177056F0: GetEnvironmentVariableW.KERNEL32(00007FF6177028BA), ref: 00007FF61770572A
                                • Part of subcall function 00007FF6177056F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF617705747
                                • Part of subcall function 00007FF617705C90: SetEnvironmentVariableW.KERNEL32 ref: 00007FF617705CAF
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Environment$Variable$DirectoryExpandFileModuleNameStrings
                              • String ID: Cannot open self %s or archive %s$Failed to convert DLL search path!$_MEIPASS2
                              • API String ID: 2904469105-3660216322
                              • Opcode ID: 5ec9dc8acca9883462d7ecb466f4fd47ded13a127848d7d7e5c702cadd091884
                              • Instruction ID: bca175912447c4eb0379f50a5a9300faece6700eb01fbf8267ea0962db009619
                              • Opcode Fuzzy Hash: 5ec9dc8acca9883462d7ecb466f4fd47ded13a127848d7d7e5c702cadd091884
                              • Instruction Fuzzy Hash: 08918322B2CE8345EA64AB21D9512FE5250AF46FE4F444031EE4DD7A9BEF2DE60D8700
                              Function 00007FF617719F54 Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _get_daylight$_isindst
                              • String ID:
                              • API String ID: 4170891091-0
                              • Opcode ID: 531d6bddbdd27827443a2335a627a0853fc59666bad6fc11b374a8f1f3c3e76b
                              • Instruction ID: 6b79e512b21e4a83cbfa7f77eeb6b012c12d111861cde34c765a4859986e6268
                              • Opcode Fuzzy Hash: 531d6bddbdd27827443a2335a627a0853fc59666bad6fc11b374a8f1f3c3e76b
                              • Instruction Fuzzy Hash: 90510772F04A528AEB18EF6498A15BC27B5AB41B78F520135DE0D97AD6DF38A50AC700
                              Function 00007FF6177103CC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                              • String ID:
                              • API String ID: 2780335769-0
                              • Opcode ID: ed4e59855f9c1345819b8841dbfc419cfeced1fe29351baf4d702a7bfb3f8592
                              • Instruction ID: 2a39f8c70a434e482d36ac27b73b6619df8394db247eb557fd892952322975af
                              • Opcode Fuzzy Hash: ed4e59855f9c1345819b8841dbfc419cfeced1fe29351baf4d702a7bfb3f8592
                              • Instruction Fuzzy Hash: DE516C22F18A418AFB11CF7194A03BD27B1AB48BA8F248535DE0D9768ADF38D589C740
                              Function 00007FF617709B88 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                              • String ID:
                              • API String ID: 1321466686-0
                              • Opcode ID: 2ed6cf5169b368c3611025f7d2b094c9b764007fb7795d52a2a3703580a2a07d
                              • Instruction ID: 16f08a8e7b931267ecaf7ebca10cdaebdd191e6656fa9a73059243c3e27d4238
                              • Opcode Fuzzy Hash: 2ed6cf5169b368c3611025f7d2b094c9b764007fb7795d52a2a3703580a2a07d
                              • Instruction Fuzzy Hash: 25312A21E0CE4281FA14BB3594213BA53A1AF47FA4F445139EE4EC72D7DE6EE94C8B44
                              Function 00007FF617710280 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 2907017715-0
                              • Opcode ID: 0a85e5f9576feed2aefb9608ce630bb7ee2af0af3465b33b11d30c2b66741e26
                              • Instruction ID: ab56e04f136d8037f3a848d899ad0a00c7c19411ece90d7b3d5df43d1a55ad29
                              • Opcode Fuzzy Hash: 0a85e5f9576feed2aefb9608ce630bb7ee2af0af3465b33b11d30c2b66741e26
                              • Instruction Fuzzy Hash: 1531C332E18B4187E6619F2196202A97670FB95BB0F144335EEAC83AD3DF3CE1A5C740
                              Function 00007FF61770BC90 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 889cc9322f581c38ad6b9db600f9cba3dc4f8ffbb50c161ab23fdfe5835111ae
                              • Instruction ID: 9f3e595c08be44bdb54148eb96c19c48c1de0d277f50a38910b355c7bd86ac28
                              • Opcode Fuzzy Hash: 889cc9322f581c38ad6b9db600f9cba3dc4f8ffbb50c161ab23fdfe5835111ae
                              • Instruction Fuzzy Hash: 4B51C921B09E4186FB689F259C006766691BF45F74F184230DE6DD77E7CE3EE6198700
                              Function 00007FF617716AFC Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: FileHandleType
                              • String ID:
                              • API String ID: 3000768030-0
                              • Opcode ID: 93088dc9201fd4ec9b7a6c817eb1f42234b202b63e9155242b484ba0944a0012
                              • Instruction ID: be856dbef29662e28bd9c0184b9809581da6bba18d36ea64d9e194816060c144
                              • Opcode Fuzzy Hash: 93088dc9201fd4ec9b7a6c817eb1f42234b202b63e9155242b484ba0944a0012
                              • Instruction Fuzzy Hash: 61316E22A18E5691EB748B2885A01786660FB46FB4F741339DF6EC73E1CF38E469D340
                              Function 00007FF6177159C8 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF6177158FB,?,?,00000000,00007FF6177159A3,?,?,?,?,?,?,00007FF61770BBA2), ref: 00007FF617715A2E
                              • GetLastError.KERNEL32(?,?,?,00007FF6177158FB,?,?,00000000,00007FF6177159A3,?,?,?,?,?,?,00007FF61770BBA2), ref: 00007FF617715A38
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ChangeCloseErrorFindLastNotification
                              • String ID:
                              • API String ID: 1687624791-0
                              • Opcode ID: 07d8c9f2b0e1647c26b7e3b2ccbfc7d732bc2fe9fb903221b5e0224306040eef
                              • Instruction ID: edb0afdcfd017a4842047778df014a54472ae33e3ea3a615c2287ced42dd992a
                              • Opcode Fuzzy Hash: 07d8c9f2b0e1647c26b7e3b2ccbfc7d732bc2fe9fb903221b5e0224306040eef
                              • Instruction Fuzzy Hash: FD118E21F1CE8241EEA8577494A137D16A29F84FB4F2C4235DE2EC72D3DE6CA44C8301
                              Function 00007FF617710574 Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON
                              Download Yara Rule
                              APIs
                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF617710489), ref: 00007FF6177105A8
                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF617710489), ref: 00007FF6177105BC
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Time$System$FileLocalSpecific
                              • String ID:
                              • API String ID: 1707611234-0
                              • Opcode ID: ddb69876df6c6e26a964a5245505b3db865a71e1f969bcf6c017e27feb52df7c
                              • Instruction ID: 37755f5903d9685b10959e382661b48557d13abe6d7ce8d1619d123a58f26c8c
                              • Opcode Fuzzy Hash: ddb69876df6c6e26a964a5245505b3db865a71e1f969bcf6c017e27feb52df7c
                              • Instruction Fuzzy Hash: 2E11A062F28A1289FB508B7094614BE37B0AB08F79F501235EE6ED59D9EF3CD159C710
                              Function 00007FF617716960 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                              Download Yara Rule
                              APIs
                              • SetFilePointerEx.KERNELBASE(?,?,?,00007FF617717683,?,?,?,?,?,?,?,?,?,?,?,00007FF6177175AB), ref: 00007FF6177169A4
                              • GetLastError.KERNEL32(?,?,?,00007FF617717683,?,?,?,?,?,?,?,?,?,?,?,00007FF6177175AB), ref: 00007FF6177169AE
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ErrorFileLastPointer
                              • String ID:
                              • API String ID: 2976181284-0
                              • Opcode ID: a8443d482b103c5dee73638964ab3a185a31390b1b8763e98a83887ed08f662d
                              • Instruction ID: 67ad0fd450fcff32bb0ce7674be27d79c4b8e3ed1b703715c47bac48167b413c
                              • Opcode Fuzzy Hash: a8443d482b103c5dee73638964ab3a185a31390b1b8763e98a83887ed08f662d
                              • Instruction Fuzzy Hash: D601C461B18E8282EA109B25A8541796370AF40FF0F64537AEE7EC77D6DE3CD459C300
                              Function 00007FF61770C74C Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 8f0ca241ea8fbc3e9a192d8754ed37c90bd243578e9a64c69c5ded2b76afe080
                              • Instruction ID: 044919bf81b477cc29c2eacdac7690554c2feb461a4797107b21e09680fa53ab
                              • Opcode Fuzzy Hash: 8f0ca241ea8fbc3e9a192d8754ed37c90bd243578e9a64c69c5ded2b76afe080
                              • Instruction Fuzzy Hash: 9A411121B08B5146FA589F3695042B97291AF46FF4F084235EE2DC7BDADE3DE8498304
                              Function 00007FF617716704 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: fc329a9a24ecd669bec342c6afbdff7acdd897de4e2ba2c4c403ffb281143647
                              • Instruction ID: 0814936a79564b7e2a412fadf196d06f1bab85109eecdbf0f674e30074f5e004
                              • Opcode Fuzzy Hash: fc329a9a24ecd669bec342c6afbdff7acdd897de4e2ba2c4c403ffb281143647
                              • Instruction Fuzzy Hash: 7841AF32A18A4697EB189B18D66127937B0FB44FA4F140135DE9DC7B92CF3CE46AC780
                              Function 00007FF61770C21C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 3cd5ff71f2ac105d2478196dd55ef2634639a3161052731987f439309cf20abb
                              • Instruction ID: f5824c8116f470a298ddd0d2c2e91be2a301dedeaacc2b46a136788dde766654
                              • Opcode Fuzzy Hash: 3cd5ff71f2ac105d2478196dd55ef2634639a3161052731987f439309cf20abb
                              • Instruction Fuzzy Hash: 1631AC72A18F4682EB549B6585153F867A0AB42FF8F044131DE0EC7BD7DE7EE84A8301
                              Function 00007FF617716190 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: f2ba0e24f1a9295d07cba51f68b29b55a3cb7fd65f6348ed3e1a818d0c1551f7
                              • Instruction ID: b2eff9dc3792958b69c076c2da684e24c382f66225fbffc2498eeb4ab98f49e4
                              • Opcode Fuzzy Hash: f2ba0e24f1a9295d07cba51f68b29b55a3cb7fd65f6348ed3e1a818d0c1551f7
                              • Instruction Fuzzy Hash: 79318D22A18E02C5E7556B55886137D26B0AB90FB4FA50275EE2DC37D3CF7CE8498711
                              Function 00007FF617717500 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9086242882318e8d4087df26e7752a52d2a2956be4586559eb95a730b91ec64d
                              • Instruction ID: 48629579ed5710962b3d603ee596d9f8d1789f892b26b5caf73316d87f3676a9
                              • Opcode Fuzzy Hash: 9086242882318e8d4087df26e7752a52d2a2956be4586559eb95a730b91ec64d
                              • Instruction Fuzzy Hash: D121B372F18A428AE7456F21986137D6670AF40FB0FA54534ED2D877D3CE7CE84A8790
                              Function 00007FF617716870 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fce6cefe145cd9df8c4062fc5211fa274bb63977fec9557c6493047b904b3119
                              • Instruction ID: 2d6e5d4f80854d4ea9cc67dd0d8016db4970589b340113fb973250ad5aa886cc
                              • Opcode Fuzzy Hash: fce6cefe145cd9df8c4062fc5211fa274bb63977fec9557c6493047b904b3119
                              • Instruction Fuzzy Hash: DC21AE32E18A4686E7456F22986133D2670AB40FB0F654238ED3DC77C3CE7CE8498700
                              Function 00007FF617711028 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 4a6b645b92f04ce1a1fcad301fb0bede1831eb6bb6a63edb4fe8e919e8a15499
                              • Instruction ID: f54e2f82bd3981caf5079e20c6041f605ae0e7c374a96887d94fc2677aad5be8
                              • Opcode Fuzzy Hash: 4a6b645b92f04ce1a1fcad301fb0bede1831eb6bb6a63edb4fe8e919e8a15499
                              • Instruction Fuzzy Hash: 69119021B1CE4281EB619F51946227EA3B4BF85FA0F584431EE8C97A87DF3CE5098740
                              Function 00007FF6177207A4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: db9ef8fe2b0c6a1f95e3e2b145fc6361f5e759f1613ea0d0d1807a6612fa2224
                              • Instruction ID: abc301e53c154be53be86c772fc06575cdf1929801e850eb7d1cb846a4908e49
                              • Opcode Fuzzy Hash: db9ef8fe2b0c6a1f95e3e2b145fc6361f5e759f1613ea0d0d1807a6612fa2224
                              • Instruction Fuzzy Hash: BF216532A18E4286DB629F28D44077976B1EB84F64F644234EE6DC76DADF3CD405CB00
                              Function 00007FF61770BF10 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 4efc603eed66a26edff5f1acb1bcb3efdc522ee1c2151d56cb1099e846df4679
                              • Instruction ID: e1c06cff0e6efe1d0bb1c2b74cf558b00ef0fad52a386ac9eb88f67ca4f11936
                              • Opcode Fuzzy Hash: 4efc603eed66a26edff5f1acb1bcb3efdc522ee1c2151d56cb1099e846df4679
                              • Instruction Fuzzy Hash: EF01C421B08F4280EA049F529D01079A6A0BF8AFF0F088631EE6CD3BE7DE7DE2054700
                              Function 00007FF617711D24 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: ca864ce9f0a4b9e189798d71b944d981c49b697a0f59d03dc092c0709f6a3915
                              • Instruction ID: c6fd99924a18ab7f8324a40e9983d9a36e68a9f69d96b237b8b019cc9a135020
                              • Opcode Fuzzy Hash: ca864ce9f0a4b9e189798d71b944d981c49b697a0f59d03dc092c0709f6a3915
                              • Instruction Fuzzy Hash: 7C115221E1DE4280FA9597127920179A2B49F41FF0F584235ED9DCABD7DF6CE4698301
                              Function 00007FF617715924 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 45b29f4d04f0c33f589fdb967375a27d9f44e68c2c115f3af199d677e25d5d62
                              • Instruction ID: d304d03d5229d64ffc666ca96408bf7f95c6987d179c630fb4f7bad56afd24b5
                              • Opcode Fuzzy Hash: 45b29f4d04f0c33f589fdb967375a27d9f44e68c2c115f3af199d677e25d5d62
                              • Instruction Fuzzy Hash: 37116D72A18E42C5EB099F50D4602BD7770EB80B74FA84136EA4D82697CF7CE509CB11
                              Function 00007FF61770BB50 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 961090e8782531f76b7b038e77ebfb23c6dc55ac1ad21f589288126f0b4af4c9
                              • Instruction ID: ff3800785bdfdd68573bfa9cdd944369c3754c73b7c13bb2f3de16e8ff71320e
                              • Opcode Fuzzy Hash: 961090e8782531f76b7b038e77ebfb23c6dc55ac1ad21f589288126f0b4af4c9
                              • Instruction Fuzzy Hash: 6B014421E18D0242FA18AF75986277912A09F47F74F680730ED6DD72E7CE6DE4498345
                              Function 00007FF61770C8F8 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: cb93b5e7274e8f14a80416a622528a4e12226c97af243f681c0511b3108f19cd
                              • Instruction ID: 9a408f1c95011bda3dc8e355b96711ca3e7af31487ee672212e9b82a36fffcc9
                              • Opcode Fuzzy Hash: cb93b5e7274e8f14a80416a622528a4e12226c97af243f681c0511b3108f19cd
                              • Instruction Fuzzy Hash: 8001F372A10F1A98EB11DBA0E4414EC37B8AB65B68F540125DE4D9375AEF34D6A9C380
                              Function 00007FF617717C34 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF617718D11,?,?,00000000,00007FF617715859,?,?,?,?,00007FF617715895), ref: 00007FF617717C89
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 599fd970e0c8d7bab05c879df376281849fd6ae639183f3313601ac79d2a7223
                              • Instruction ID: f5e24495f3a6a3aeb24f8a8bd239b73f4f3ad6f95cd1c0bcc20c5f7e02ef2970
                              • Opcode Fuzzy Hash: 599fd970e0c8d7bab05c879df376281849fd6ae639183f3313601ac79d2a7223
                              • Instruction Fuzzy Hash: 29F0F954B09F0681FE545BA599613B592B95F94FB0F684830CD0EDA3C3ED2CA589C350
                              Function 00007FF61770BFB8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 29e877d47e1002154426ebc0c77a16510f030fa253fbaec9badfecf3432be3bf
                              • Instruction ID: 43fc33fa7e0e54c4613e5719e3abb5fe10c01b561783ef02abaec25ceec16f88
                              • Opcode Fuzzy Hash: 29e877d47e1002154426ebc0c77a16510f030fa253fbaec9badfecf3432be3bf
                              • Instruction Fuzzy Hash: BCF0F022A18A4280EA04AB66A81107D61609F86FF0F681430FE1CC3BD7CE6DE4454B00
                              Function 00007FF61770BBD4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 05426e44f8a0e38c3f73226795a2f828848f885c0cc82d344ed692c9cf43b754
                              • Instruction ID: 4abe45f0c1368062d23041a75976f2a2e3efd8602fc784507a89dc26d8b82e5b
                              • Opcode Fuzzy Hash: 05426e44f8a0e38c3f73226795a2f828848f885c0cc82d344ed692c9cf43b754
                              • Instruction Fuzzy Hash: AEF0E931D0CE0381E914BF69A8511BA22509F43FB0F680530FD1DC72D7CE2DE5454300
                              Function 00007FF617717CAC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              • RtlAllocateHeap.NTDLL(?,?,?,00007FF617717BA2,?,?,?,00007FF61770D70B), ref: 00007FF617717CEA
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 6a81c4dc68851b7fa54bdbc717a27048096dfeecd7cb792c2491c2591f5132bb
                              • Instruction ID: d874fdb5e42e1d29a2f1aaa8c2e9b73dc12d97f62827650689d34506e70fafa7
                              • Opcode Fuzzy Hash: 6a81c4dc68851b7fa54bdbc717a27048096dfeecd7cb792c2491c2591f5132bb
                              • Instruction Fuzzy Hash: 43F08C00F0CB4780FA246BB1983067592A45F88FB0F990630DC2EC63C3DE2CE448C3A0
                              Function 00007FF61770C1C8 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 2c20c51a75e7eece0a5613b29c4fdbf5554603ce0cfef3b067b944163c095ef1
                              • Instruction ID: 863fcff2e836a5f4ca1ccdf5ed35a9d90a45bfd7260017e307dab2f0828993ed
                              • Opcode Fuzzy Hash: 2c20c51a75e7eece0a5613b29c4fdbf5554603ce0cfef3b067b944163c095ef1
                              • Instruction Fuzzy Hash: AEE06D21A49B4280EA04BBA5A8511B921205F46FF0F581B30EE3DC77C3DE2DA0544700
                              Function 00007FF617712068 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 9f155d18d8e29214f7af1455dee2f8e4491d52822977c1ab5fd9f866b542db9a
                              • Instruction ID: 3102c6a053755d0f4185afeab6e8059db73cf6bdb9b8bdee5ce84ce6b987a11f
                              • Opcode Fuzzy Hash: 9f155d18d8e29214f7af1455dee2f8e4491d52822977c1ab5fd9f866b542db9a
                              • Instruction Fuzzy Hash: 59E0E2A4F1DA07C2FB693BB445A21BA52309F98B60FA84034DE1ECA383DD1C694D9721
                              Function 00007FF617715870 Relevance: 1.5, APIs: 1, Instructions: 14threadCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: LanguagesPreferredRestoreThread
                              • String ID:
                              • API String ID: 1765668137-0
                              • Opcode ID: 45b87303422990606e3e694cd1333757a7456b26fafb7eefbe630d57c053861b
                              • Instruction ID: 21fe0d2017977598ec058a1ebd670aac823fad31c853175e3f82dc80ac29a86a
                              • Opcode Fuzzy Hash: 45b87303422990606e3e694cd1333757a7456b26fafb7eefbe630d57c053861b
                              • Instruction Fuzzy Hash: A9D0C981E1DC0682FB2CABB2A86113502B15F94F60FAC4034DC1EC1593EE1C64995740

                              Non-executed Functions

                              Function 00007FF617704430 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AddressProc$LibraryLoad
                              • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                              • API String ID: 2238633743-1453502826
                              • Opcode ID: f6b77810bdb7ddc724735423a52fc90a29876a8370e2952968391677d1a5347b
                              • Instruction ID: 54b45e8d962f3a80fab6184c93c694fbf28e2f0379d84b8c8edcb7e8aeb62e13
                              • Opcode Fuzzy Hash: f6b77810bdb7ddc724735423a52fc90a29876a8370e2952968391677d1a5347b
                              • Instruction Fuzzy Hash: 2DE1F160A19F0391FA69CB24BC401B463A5AF06FB1F945434CE2EC63A6FF7DB55C9284
                              Function 00007FF6177060E0 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 91libraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AddressProc$ByteCharErrorFormatLastLibraryLoadMessageMultiWide
                              • String ID: 8$ActivateActCtx$CreateActCtxW$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$kernel32$win32_utils_from_utf8
                              • API String ID: 476984482-3632730297
                              • Opcode ID: a83cb522425185605c5bafd7556dde09f9a492232ba18427f441322db77bc375
                              • Instruction ID: cd835a961e6b46254492e0b85c384a7a4acb09f07b473650726d1734f4085e19
                              • Opcode Fuzzy Hash: a83cb522425185605c5bafd7556dde09f9a492232ba18427f441322db77bc375
                              • Instruction Fuzzy Hash: A8415C21A08F8281EB50CB35E95027962A1BF85BB0F644335EE6DC77D6EF7DD5498380
                              Function 00007FF61771E3EC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                              • API String ID: 808467561-2761157908
                              • Opcode ID: 985072cffd96337f94754c8aa668e0ee3fb6d4dd0fe0e69c1ff7fa9fb63fc59f
                              • Instruction ID: 93f8a038f60019eb6508f7adbf6e00412aae1a190706438e7d4898beda9c79c6
                              • Opcode Fuzzy Hash: 985072cffd96337f94754c8aa668e0ee3fb6d4dd0fe0e69c1ff7fa9fb63fc59f
                              • Instruction Fuzzy Hash: 05B21572A18A828BE7648F24D4507FC37B1FB58B69F401535DE0D97A86DF78EA08CB40
                              Function 00007FF617706270 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                              Download Yara Rule
                              APIs
                              • GetLastError.KERNEL32(WideCharToMultiByte,00007FF617701D04,?,?,00000000,00007FF617706503), ref: 00007FF617706297
                              • FormatMessageW.KERNEL32 ref: 00007FF6177062C6
                              • WideCharToMultiByte.KERNEL32 ref: 00007FF61770631C
                                • Part of subcall function 00007FF617701CD0: GetLastError.KERNEL32(?,?,00000000,00007FF617706503,?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF617701CF7
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                              • API String ID: 2383786077-2573406579
                              • Opcode ID: cb585456b380e6ff4054627f6644d0a4beaf786c57f2083237d3a24da6617dd6
                              • Instruction ID: 13dd0e747dcdd8a8652400b6b515c8b89e806230c9a55f875f29a695b8e2b7cd
                              • Opcode Fuzzy Hash: cb585456b380e6ff4054627f6644d0a4beaf786c57f2083237d3a24da6617dd6
                              • Instruction Fuzzy Hash: 9C218371A08E4281E7609B25EC5027AA361FF49B74F540135EE9EC26A6EF3CE14DC740
                              Function 00007FF6177076F8 Relevance: 12.0, Strings: 9, Instructions: 730COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                              • API String ID: 0-2665694366
                              • Opcode ID: d22517ae3951709758993f2a97666c570167ab1ad59fadbe6642ed5009b521f3
                              • Instruction ID: 88ef36825f562713e4e2b44088aa2cb8a22b6cee7a357667300b323d1af2152f
                              • Opcode Fuzzy Hash: d22517ae3951709758993f2a97666c570167ab1ad59fadbe6642ed5009b521f3
                              • Instruction Fuzzy Hash: F4520672A18AA687DB948F18D448A7E77ADFB85710F014139EA49C37C1DF3ED948CB40
                              Function 00007FF61770A31C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                              • String ID:
                              • API String ID: 3140674995-0
                              • Opcode ID: e2d47b77634bc9097b26f0c3b49f2d712addc1c86c9e096f99a2d7af8a03c2c9
                              • Instruction ID: a38f6d4526d46cdec4b3b94312d54af25054416b7ebc9e61b91506ce48330ea3
                              • Opcode Fuzzy Hash: e2d47b77634bc9097b26f0c3b49f2d712addc1c86c9e096f99a2d7af8a03c2c9
                              • Instruction Fuzzy Hash: ED314F72608E8186EB609F60E8407ED7364FB45B54F544439DE4E87B95EF3DD648C710
                              Function 00007FF61771BE1C Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: c7f573840805dbf2e5b604da7cd00a1c61dd298f219c8b236c20a7502d960091
                              • Instruction ID: efe02774e2a5f143f8f6012427ca2726045ddc0ba7213cfee450d008b7c393e6
                              • Opcode Fuzzy Hash: c7f573840805dbf2e5b604da7cd00a1c61dd298f219c8b236c20a7502d960091
                              • Instruction Fuzzy Hash: 30A1D562B18E8181EB20CB6698202BAA3B0FB44FF4F544535EE5E87BD6DF3CD5498700
                              Function 00007FF61771551C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                              • String ID:
                              • API String ID: 1239891234-0
                              • Opcode ID: fb90f30bc4a1a14b4961536987a7233ebdfecd38259ffea26a52eb47f34a4901
                              • Instruction ID: be19079a88b80ffeda1b543e70e64061a1369e95dfaefb673eef4bf0ba4307e0
                              • Opcode Fuzzy Hash: fb90f30bc4a1a14b4961536987a7233ebdfecd38259ffea26a52eb47f34a4901
                              • Instruction Fuzzy Hash: AC316132618F8186DB60CF25E8502AE73A4FB89B64F540135EE9D83B95EF3CC149CB40
                              Function 00007FF617716C84 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ErrorFileLastWrite$ConsoleOutput
                              • String ID:
                              • API String ID: 1443284424-0
                              • Opcode ID: 3588d93dcc6d8ef97f2c30288857a00e23a1998e378781d4b322faf199d4976a
                              • Instruction ID: fae507dfe5638129d9f59a575f9e533280e00a7608223439dad6afad6932b5ae
                              • Opcode Fuzzy Hash: 3588d93dcc6d8ef97f2c30288857a00e23a1998e378781d4b322faf199d4976a
                              • Instruction Fuzzy Hash: 43E10072B18B818AE701CF74D4501ADBBB1FB45BA8F108136DE4E97B9ADE38D51AC740
                              Function 00007FF61771FD7C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _get_daylight$_invalid_parameter_noinfo
                              • String ID: ?
                              • API String ID: 1286766494-1684325040
                              • Opcode ID: 9f3d82c1a5939421d836b5f8922648ae6b197d5cb12f6c6714527f2e22f73ab6
                              • Instruction ID: 444393b3796d5de43eb00079a8cce05dfb526a5d3af3cbda98bb8ca8705c2ae6
                              • Opcode Fuzzy Hash: 9f3d82c1a5939421d836b5f8922648ae6b197d5cb12f6c6714527f2e22f73ab6
                              • Instruction Fuzzy Hash: D791F426E09A5246F7209F26D42027A66B1EB90FF4F548131EE9C87AD7DF3CD49AC740
                              Function 00007FF617706EC4 Relevance: 5.4, Strings: 4, Instructions: 399COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                              • API String ID: 0-4074041902
                              • Opcode ID: c27a4de59b921c2f8f1fe7749b50d57767c1fabc780de11f27355810c2f261f9
                              • Instruction ID: ca8ed5610c7d1540597a3ed859580644d0844dfa5668eddbf85a64060a37f678
                              • Opcode Fuzzy Hash: c27a4de59b921c2f8f1fe7749b50d57767c1fabc780de11f27355810c2f261f9
                              • Instruction Fuzzy Hash: 86F1C672618BC546EBA59F14C488A3A7BA9FF46B50F054538EE4DC7392DF39E448C780
                              Function 00007FF61771DFC0 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: memcpy_s
                              • String ID:
                              • API String ID: 1502251526-0
                              • Opcode ID: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                              • Instruction ID: bba1ff598db972fe20f58f52cba86e908f1487cd22b9785d78d97df7c8d4efd3
                              • Opcode Fuzzy Hash: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                              • Instruction Fuzzy Hash: 11C11672B18A8687EB24CF19E054A69B7A1F798B95F448538DF4E83785DE7CE844CB00
                              Function 00007FF617709480 Relevance: 4.1, Strings: 3, Instructions: 384COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                              • API String ID: 0-3255898291
                              • Opcode ID: 7ea048480650bd8db5587c303016d72ca6311f758262337d4fa8349e2da27876
                              • Instruction ID: 5b1c6a47ffb41716abc76a13b33b9e6615a5176a22561551de197bbe476cee93
                              • Opcode Fuzzy Hash: 7ea048480650bd8db5587c303016d72ca6311f758262337d4fa8349e2da27876
                              • Instruction Fuzzy Hash: 34D13373A189C18BD7598F29D45467D3BA1E796B60F048139EE9AC37C2CE3ED909CB00
                              Function 00007FF617706D2D Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: incorrect header check$invalid window size$unknown compression method
                              • API String ID: 0-1186847913
                              • Opcode ID: d01a50f2e7f5271bb9dad873564893e4cea26fc5f29874274ccd9aa5dd06f843
                              • Instruction ID: 02800ac917dcac2f388cb6ffe0a400e29179df73630f1a0fedc926bd142fea71
                              • Opcode Fuzzy Hash: d01a50f2e7f5271bb9dad873564893e4cea26fc5f29874274ccd9aa5dd06f843
                              • Instruction Fuzzy Hash: 7591B972A18B8687EBA48F14D458A3E76A9FB45760F114139DE49C77C2DF39E948CB00
                              Function 00007FF6177073EC Relevance: 3.9, Strings: 3, Instructions: 161COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: $ $invalid block type
                              • API String ID: 0-2056396358
                              • Opcode ID: f88ccc584fb7c3978c4c312eee8defbfc9ef268e629203a6667780da0747dd9b
                              • Instruction ID: e5d48721cf9a028c8fdad22baa9d7c24973c1903193dee0b7945a0c8223588b7
                              • Opcode Fuzzy Hash: f88ccc584fb7c3978c4c312eee8defbfc9ef268e629203a6667780da0747dd9b
                              • Instruction Fuzzy Hash: B161B7B3A04B8A8BE7618F19D88C63E7AACFB41760F514139DA58C23D1DF3AD549CB40
                              Function 00007FF617718E48 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: gfffffff
                              • API String ID: 3215553584-1523873471
                              • Opcode ID: a4f288973ee21456c71eb9a9623faefd0ae5c11f704f79535732d3db88b94360
                              • Instruction ID: a1bae32b5b5eed33ee0c03f2278b262027e6853ab413f7269e8a43dbe4f55b2a
                              • Opcode Fuzzy Hash: a4f288973ee21456c71eb9a9623faefd0ae5c11f704f79535732d3db88b94360
                              • Instruction Fuzzy Hash: 00914A63B08BC68AEB15CF2994207B96BA5EB51FE4F058031DE4D87782DE3DE54AC701
                              Function 00007FF617719854 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                              Download Yara Rule
                              APIs
                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF61771988A
                                • Part of subcall function 00007FF617715750: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF61771572D), ref: 00007FF617715759
                                • Part of subcall function 00007FF617715750: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF61771572D), ref: 00007FF61771577E
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                              • String ID: -
                              • API String ID: 4036615347-2547889144
                              • Opcode ID: e11c0108b116924d40e7866923cbe74504cfd02743520907bae187ba713b3f3c
                              • Instruction ID: 8320186f60843f18dfacf61ed96c9439a45269954d1b2196f070b3dd57027d09
                              • Opcode Fuzzy Hash: e11c0108b116924d40e7866923cbe74504cfd02743520907bae187ba713b3f3c
                              • Instruction Fuzzy Hash: 8A91E472A08BC585E674CB25942077AB6B1FB95FB0F544235DE9D83B9ACF3CE4098B00
                              Function 00007FF617723A68 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ExceptionRaise_clrfp
                              • String ID:
                              • API String ID: 15204871-0
                              • Opcode ID: ecb71f0bd0a90cb4264c8d672428f9ea071d920a1f7f769a657481fecdba3265
                              • Instruction ID: 73481097aa2938571e4218deb1c8b6a4ef56ed95627ec63ba64f085ce5f8a1bc
                              • Opcode Fuzzy Hash: ecb71f0bd0a90cb4264c8d672428f9ea071d920a1f7f769a657481fecdba3265
                              • Instruction Fuzzy Hash: 62B15A73604B848BEB19CF29C88636877A0F784F58F148922DE6D877A5CF39D855CB00
                              Function 00007FF617720868 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _get_daylight_invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 474895018-0
                              • Opcode ID: c04f5a5dcfe8acb36b5ac983c38ad0b44d1de7af7acc2502c7cb4e33e65dadee
                              • Instruction ID: 98002acd69d4f7d492d7e0b4c3e282ce5a21c3985a1c9f49171b78992b1379e1
                              • Opcode Fuzzy Hash: c04f5a5dcfe8acb36b5ac983c38ad0b44d1de7af7acc2502c7cb4e33e65dadee
                              • Instruction Fuzzy Hash: 87710A22F089824AF7664B79945073962A3BB40B70F684635DE7EC66D7DE7CE848C720
                              Function 00007FF61770EC78 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: 0
                              • API String ID: 3215553584-4108050209
                              • Opcode ID: 2fd88704e28993e8d0a4e9c16e1812755c3c3d0cd4eafb8ab26c394a15aa7be7
                              • Instruction ID: 1623079c059dd93d18017cdf641614aaeb8f5e45e4ec4dbda028d46b31ab9c74
                              • Opcode Fuzzy Hash: 2fd88704e28993e8d0a4e9c16e1812755c3c3d0cd4eafb8ab26c394a15aa7be7
                              • Instruction Fuzzy Hash: C671E815A18A0682F7A8BB1540002BD3690EF4AF64F885932DD4DC77DBDF6FE85B8705
                              Function 00007FF617712EFC Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: TMP
                              • API String ID: 3215553584-3125297090
                              • Opcode ID: 0ae16429a59e272bd2692c3b1800030936f98198d26ebe0bfde5e170a8e9ca6b
                              • Instruction ID: 0523ced863ddc4ba6dbb6adad9ae428d9eb2cc1bcc3c159b81050a2f50237a79
                              • Opcode Fuzzy Hash: 0ae16429a59e272bd2692c3b1800030936f98198d26ebe0bfde5e170a8e9ca6b
                              • Instruction Fuzzy Hash: E661B255B08F4241FA689B26593117A52B6AF44FE4F984435DE0DC7BE7EE3CE44E8300
                              Function 00007FF61770E78C Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: 0
                              • API String ID: 3215553584-4108050209
                              • Opcode ID: 18d1c917f538eac82fc345aeb97bef1326a6a10503a733889f279ea3d8d2abc3
                              • Instruction ID: fbb9a6f5d29e578568d5641a84cb06183a313baa0d072e18d77a556ec997ee30
                              • Opcode Fuzzy Hash: 18d1c917f538eac82fc345aeb97bef1326a6a10503a733889f279ea3d8d2abc3
                              • Instruction Fuzzy Hash: E371CA11E1CE8646FAA4AB1950003B957919F4BF64F442935DD89C73DBCEAFF84E8702
                              Function 00007FF61770EA10 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: 0
                              • API String ID: 3215553584-4108050209
                              • Opcode ID: 096f731945f285015a81b0e192b5871a34a799f3379927ea20ac3cbc092dbc6d
                              • Instruction ID: 21daf734103699bedc0f26f37afecf411598712611065194ca12f1d1adb50ba8
                              • Opcode Fuzzy Hash: 096f731945f285015a81b0e192b5871a34a799f3379927ea20ac3cbc092dbc6d
                              • Instruction Fuzzy Hash: AF61E611B0CA4246FA746B2950007BA5792AF4BF64F540A31DD8AD77DBCEAFE84E8701
                              Function 00007FF61771D928 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: HeapProcess
                              • String ID:
                              • API String ID: 54951025-0
                              • Opcode ID: f3cba5419088e29128deed004023cffd7e4510495aa6378d60a4432cfb55a8bd
                              • Instruction ID: 17db919d2299dd51ea2168be4df9482de5282dd1bedc5422267603b789577e60
                              • Opcode Fuzzy Hash: f3cba5419088e29128deed004023cffd7e4510495aa6378d60a4432cfb55a8bd
                              • Instruction Fuzzy Hash: 9CB09220E07E42C2EA082B216C8221463A8BF88B20FAA0178C81EC1321DF2C20A96700
                              Function 00007FF617708B80 Relevance: .2, Instructions: 197COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7bc8ad1a5f4beee6b464f5ab41cd13bf830f1a8019fc2a534105d4693d60921f
                              • Instruction ID: 4ddd664b8b175f980a05a43b8ee7c333731a8c86f4772a3593f6b279a8d1ee87
                              • Opcode Fuzzy Hash: 7bc8ad1a5f4beee6b464f5ab41cd13bf830f1a8019fc2a534105d4693d60921f
                              • Instruction Fuzzy Hash: E371AEB37301749BEB648B2E9514AA93390F32A749FC56115EB8487B81CE3EB921CF50
                              Function 00007FF617710AA0 Relevance: .1, Instructions: 138COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                              • Instruction ID: 587a163123029bff6821226dfe0dc518006f5a954f3da5b956430f60ba784cbb
                              • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                              • Instruction Fuzzy Hash: A1418352A59F4E44E9A78F2809207B426A09F53FB4D6852B4DD99D77C3DD0C698EC301
                              Function 00007FF617714450 Relevance: .1, Instructions: 126COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: LanguagesPreferredRestoreThread
                              • String ID:
                              • API String ID: 1765668137-0
                              • Opcode ID: 756c67abf6b0f174648c1e892eac34ee3f302b53319ae628d2a3c9cb8259cf4a
                              • Instruction ID: 13a3bd5c513616a9d234280bd2c0f6921e023c7f4789851c45683f852a866de8
                              • Opcode Fuzzy Hash: 756c67abf6b0f174648c1e892eac34ee3f302b53319ae628d2a3c9cb8259cf4a
                              • Instruction Fuzzy Hash: 2D41E336714E5482EF18CF2AD964169B3A1AB48FE4F099432EE0DD7B59EE3CD14A8340
                              Function 00007FF6177238B0 Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 47cf9d40be1c4c70bfa71bd1835b58c0a0f90664b364caaa43a487ee7aea628a
                              • Instruction ID: 41af0e0fef636da7a159ce85bf105b099bb9966afd80e781a906277fca8293b9
                              • Opcode Fuzzy Hash: 47cf9d40be1c4c70bfa71bd1835b58c0a0f90664b364caaa43a487ee7aea628a
                              • Instruction Fuzzy Hash: D7F096B2B186958BDBA4CF2DA80362977D0F7087D4F908079EE8DC3B04DA3C90699F44
                              Function 00007FF61770A4C4 Relevance: .0, Instructions: 2COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ca1f4fe7fb4cec7685ad5f45b2b68416c02149a0712cf0a828252dfbf173d57c
                              • Instruction ID: ec27cf6df611b6eb04a3a13b4808754a4fa89baf089b08bf4a4488798e671764
                              • Opcode Fuzzy Hash: ca1f4fe7fb4cec7685ad5f45b2b68416c02149a0712cf0a828252dfbf173d57c
                              • Instruction Fuzzy Hash: B2A00235E1CC02D1E6449B14E9550302334FB51B20F9259B1D82ED1067DF3DA608D300
                              Function 00007FF617702ED0 Relevance: 280.4, APIs: 53, Strings: 107, Instructions: 435libraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AddressProc
                              • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleString$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleString$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
                              • API String ID: 190572456-3406467896
                              • Opcode ID: 7643f05b4c31ac6bb12217935da573fae84c19b02fa42712f6d0f5de31a5d841
                              • Instruction ID: e4f0801222a396a1b70bef887fcd0300e83fe9ef173e688f6fd71122a8366fd6
                              • Opcode Fuzzy Hash: 7643f05b4c31ac6bb12217935da573fae84c19b02fa42712f6d0f5de31a5d841
                              • Instruction Fuzzy Hash: B832E164A0EF4390EA59CB24AC9417423A1AF0AF71FA45435CC6EC67A7FF7DB18C9244
                              Function 00007FF6177066F0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 113COMMON
                              Download Yara Rule
                              APIs
                              • MultiByteToWideChar.KERNEL32 ref: 00007FF61770672C
                                • Part of subcall function 00007FF617701CD0: GetLastError.KERNEL32(?,?,00000000,00007FF617706503,?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF617701CF7
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharErrorLastMultiWide
                              • String ID: Failed to decode wchar_t from UTF-8$Failed to encode filename as ANSI.$Failed to get ANSI buffer size.$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$WideCharToMultiByte$win32_utils_from_utf8$win32_wcs_to_mbs
                              • API String ID: 203985260-1562484376
                              • Opcode ID: 57fa5abea30758cf97dff19d1e92b299ee8fe28e2077fd4a4438aa06a2d26442
                              • Instruction ID: a919726773b43c1d344578b606ea576f4de8df7bf921cd05bd0dab7ccad2b90d
                              • Opcode Fuzzy Hash: 57fa5abea30758cf97dff19d1e92b299ee8fe28e2077fd4a4438aa06a2d26442
                              • Instruction Fuzzy Hash: C541A461A0CF4381E620DB26A96017AA291BF55FF0F544135EE5EC7AE7EF3DE1098340
                              Function 00007FF6177012A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                              • API String ID: 0-3659356012
                              • Opcode ID: 3c6f4b4d97dabcfaf643a2d5b3280bff6759a780d5bcaf1024c8fdc717cfd775
                              • Instruction ID: 1763f16561a5b549a070f9f2496710f9372cfa23db0cf7c98cf02a690dc7785c
                              • Opcode Fuzzy Hash: 3c6f4b4d97dabcfaf643a2d5b3280bff6759a780d5bcaf1024c8fdc717cfd775
                              • Instruction Fuzzy Hash: 91413E62A09E4282EA14DB15B4406BEA3A1FF46FA4F944431EE4DC7B57EE3EE549C700
                              Function 00007FF6177063C0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                              Download Yara Rule
                              APIs
                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF61770645F
                              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF6177064AF
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide
                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                              • API String ID: 626452242-27947307
                              • Opcode ID: f0c745221ad03dbc30abe68f6a242c9beb616180edc25e906c3f4901c9fa6505
                              • Instruction ID: dcf497446047ad1fbe85e935c388ff907ba76805839d1ad650fa2d5e5b1e9d31
                              • Opcode Fuzzy Hash: f0c745221ad03dbc30abe68f6a242c9beb616180edc25e906c3f4901c9fa6505
                              • Instruction Fuzzy Hash: 6041BF32A09F8282D620CF15B85017AB7A5FB85BA4F644135EE9DC7B96EF3DD059C700
                              Function 00007FF6177069C0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                              Download Yara Rule
                              APIs
                              • WideCharToMultiByte.KERNEL32(00000000,00007FF617702CE5,?,00007FF61770287C), ref: 00007FF617706A01
                                • Part of subcall function 00007FF617701CD0: GetLastError.KERNEL32(?,?,00000000,00007FF617706503,?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF617701CF7
                              • WideCharToMultiByte.KERNEL32(00000000,00007FF617702CE5,?,00007FF61770287C), ref: 00007FF617706A75
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide$ErrorLast
                              • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                              • API String ID: 1717984340-27947307
                              • Opcode ID: b2bcc4424ea53df03ac970a91856e8d264fe593aba19765c3a99f92b73d07749
                              • Instruction ID: 7710e3a2de3a7a286e5720b85a3f0ef5b752ba8384b6387a35db47acec8074a5
                              • Opcode Fuzzy Hash: b2bcc4424ea53df03ac970a91856e8d264fe593aba19765c3a99f92b73d07749
                              • Instruction Fuzzy Hash: E721DD60A08F4381EA10DF2AE850079B361EB95FA0F648139DE0DC3796EF3CE5188340
                              Function 00007FF617706AB0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide
                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                              • API String ID: 626452242-876015163
                              • Opcode ID: df3aee81cd74a8f9213ecd17c0884bac5341914daea4cba490e80c2fbf4132b0
                              • Instruction ID: 02f85747ed86386133925a2b05a4e78fb9a83e4a78d1cedce03c96538852233c
                              • Opcode Fuzzy Hash: df3aee81cd74a8f9213ecd17c0884bac5341914daea4cba490e80c2fbf4132b0
                              • Instruction Fuzzy Hash: 8041D672A19F4282E620DF15A45017AB6A5FB46FA0F704135DE9DC7BA6EF3DD019C700
                              Function 00007FF61770B730 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86libraryloaderCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF61770B9DE,?,?,?,00007FF61770B6DC,?,?,?,?,00007FF61770B405), ref: 00007FF61770B7B3
                              • GetLastError.KERNEL32(?,?,?,00007FF61770B9DE,?,?,?,00007FF61770B6DC,?,?,?,?,00007FF61770B405), ref: 00007FF61770B7C1
                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF61770B9DE,?,?,?,00007FF61770B6DC,?,?,?,?,00007FF61770B405), ref: 00007FF61770B7EB
                              • FreeLibrary.KERNEL32(?,?,?,00007FF61770B9DE,?,?,?,00007FF61770B6DC,?,?,?,?,00007FF61770B405), ref: 00007FF61770B831
                              • GetProcAddress.KERNEL32(?,?,?,00007FF61770B9DE,?,?,?,00007FF61770B6DC,?,?,?,?,00007FF61770B405), ref: 00007FF61770B83D
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Library$Load$AddressErrorFreeLastProc
                              • String ID: api-ms-
                              • API String ID: 2559590344-2084034818
                              • Opcode ID: 773d27264fc316c0e22383aa68d18aab2520e7bcf089166eae8109222f002c0e
                              • Instruction ID: 34bfd9315709e4c57b72183f4de283e06620c80e955cb73f93b46170edf3af8c
                              • Opcode Fuzzy Hash: 773d27264fc316c0e22383aa68d18aab2520e7bcf089166eae8109222f002c0e
                              • Instruction Fuzzy Hash: 4931C221A0AE4295EE219F16AC406752394BF46FB0F590539DD2EC73A2EF3DE54D8340
                              Function 00007FF617705210 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 81COMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF6177068B0: MultiByteToWideChar.KERNEL32(00007FF61770571C,00007FF6177028BA), ref: 00007FF6177068EA
                              • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF61770552F,00000000,00000000,?,TokenIntegrityLevel), ref: 00007FF617705272
                              Strings
                              • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF617705286
                              • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6177052B6
                              • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF617705246
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharEnvironmentExpandMultiStringsWide
                              • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                              • API String ID: 2001182103-3498232454
                              • Opcode ID: fdbcf38de7ca1d2333c4c0132f062b0230686568378744d6cdf867e8a37dea05
                              • Instruction ID: 5a3cc458a53f5de93f6e91459df9dc1a6610ceeec60d32d886b3c4d6d8c2517e
                              • Opcode Fuzzy Hash: fdbcf38de7ca1d2333c4c0132f062b0230686568378744d6cdf867e8a37dea05
                              • Instruction Fuzzy Hash: 30319551B18F8281FA24A735E9552BA9291AF8AFE0F544431DE4EC7797EE3DE10CC700
                              Function 00007FF6177068B0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                              Download Yara Rule
                              APIs
                              • MultiByteToWideChar.KERNEL32(00007FF61770571C,00007FF6177028BA), ref: 00007FF6177068EA
                                • Part of subcall function 00007FF617701CD0: GetLastError.KERNEL32(?,?,00000000,00007FF617706503,?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF617701CF7
                              • MultiByteToWideChar.KERNEL32(00007FF61770571C,00007FF6177028BA), ref: 00007FF617706970
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide$ErrorLast
                              • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                              • API String ID: 1717984340-876015163
                              • Opcode ID: f188b61670107c5bd38fdfc456ff7836a4f77c0383660a78b08f3c410ab0a1e2
                              • Instruction ID: 7ee69beca0ee45c8d5d6b64e92b8b868ee27f8b632557089f72a2f0183aed8a6
                              • Opcode Fuzzy Hash: f188b61670107c5bd38fdfc456ff7836a4f77c0383660a78b08f3c410ab0a1e2
                              • Instruction Fuzzy Hash: B121E721B18E8281EB10CB2AF85017AA361FF95BE4F584135DF5CC3B6AEF2DE5558700
                              Function 00007FF6177220D8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                              • String ID: CONOUT$
                              • API String ID: 3230265001-3130406586
                              • Opcode ID: 24a2aa747ba5cb100d6808e6a5235ba96f026038ecc326079eea53d6a0ed54e5
                              • Instruction ID: 714448711bc38e644540ca61c6bd4dd3c6d899fbae7f23a1e59ccf354511bce1
                              • Opcode Fuzzy Hash: 24a2aa747ba5cb100d6808e6a5235ba96f026038ecc326079eea53d6a0ed54e5
                              • Instruction Fuzzy Hash: B6119621B18F4186E3509B22E854725A2A0FB98FF4F104234DE6EC77A5DF7CD4488784
                              Function 00007FF6177141AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AddressFreeHandleLibraryModuleProc
                              • String ID: CorExitProcess$mscoree.dll
                              • API String ID: 4061214504-1276376045
                              • Opcode ID: f06b2dbf926d7d1cc335bcbf40348b323a231abe325d114f67b47fff06445f11
                              • Instruction ID: 66e0b268634534bd215e0f55eecc423bda49e9366d2ef353452542581e5bc37c
                              • Opcode Fuzzy Hash: f06b2dbf926d7d1cc335bcbf40348b323a231abe325d114f67b47fff06445f11
                              • Instruction Fuzzy Hash: A3F05E61B19E4281EB544B30E89437523A0AF88F70F541435DD1FC6662DF2CE48CC300
                              Function 00007FF6177236A4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _set_statfp
                              • String ID:
                              • API String ID: 1156100317-0
                              • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                              • Instruction ID: 5355933a3e2dc443a9b6a85dcf3365e8185584a77696eae7f49671584b7e0c27
                              • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                              • Instruction Fuzzy Hash: 071173A6F5CE5702FA942334E4863751050AF5AFB4F450636EF7E867D7CE2CA8494604
                              Function 00007FF61771A728 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                              • API String ID: 3215553584-1196891531
                              • Opcode ID: b05473b29f7e1c395d2101f3bbb5a6cb67f27d576149e135bbbee3e704ae89a9
                              • Instruction ID: 405a806e3a476f06f665eba840fb8e2a997631edd654f8bef7ea9e09d6173cfb
                              • Opcode Fuzzy Hash: b05473b29f7e1c395d2101f3bbb5a6cb67f27d576149e135bbbee3e704ae89a9
                              • Instruction Fuzzy Hash: A581A172E08A43C5F7666F29852027836F0AB21F64F578035CE0DD7697DE2DEB8A9341
                              Function 00007FF617702C80 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                              Download Yara Rule
                              APIs
                              • GetModuleFileNameW.KERNEL32(?,00007FF61770287C), ref: 00007FF617702CB1
                                • Part of subcall function 00007FF617701CD0: GetLastError.KERNEL32(?,?,00000000,00007FF617706503,?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF617701CF7
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ErrorFileLastModuleName
                              • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                              • API String ID: 2776309574-1977442011
                              • Opcode ID: 62e7a1e6b281a38a65d913b2bfe1d174dd8c56327c2d8b995267cb94b76eb260
                              • Instruction ID: e492bfdaa62c5eaba009f356eed535163f2e76020553f5d7d0bee4b34f69e68c
                              • Opcode Fuzzy Hash: 62e7a1e6b281a38a65d913b2bfe1d174dd8c56327c2d8b995267cb94b76eb260
                              • Instruction Fuzzy Hash: AA014F61B1DF4280FB609724E8563BA1251AF5AFA4F900435EC4EC6697EE1EE25CD700
                              Function 00007FF617720AFC Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo$_get_daylight
                              • String ID:
                              • API String ID: 72036449-0
                              • Opcode ID: 086faae598651ac349fbadbf34c22f7c8b5574a164d764a85d9cdcace565669b
                              • Instruction ID: c7bfcae9d4d842e51b4917ec6b166fe6e909c82bf26ff892af3988a696e32a9c
                              • Opcode Fuzzy Hash: 086faae598651ac349fbadbf34c22f7c8b5574a164d764a85d9cdcace565669b
                              • Instruction Fuzzy Hash: 1151B172D0CF0286F77A4B3898153B96592DB41F38F598435DE29C62E7CE3CA889C761
                              Function 00007FF61770DC74 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-3916222277
                              • Opcode ID: 7d84af16ef4812ab499d9b93df778ca3453518a57ee1099bb181d6cdb6a1140e
                              • Instruction ID: d6bd3e1a2b60c089d710d24ba46fac5bfa74569578a4d98d3336e02330ed1f48
                              • Opcode Fuzzy Hash: 7d84af16ef4812ab499d9b93df778ca3453518a57ee1099bb181d6cdb6a1140e
                              • Instruction Fuzzy Hash: 94515472918B028AE7689F28C05437D37A1FB17F68F541139CE0AC62DADF2AE4D9C741
                              Function 00007FF6177192B8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: e+000$gfff
                              • API String ID: 3215553584-3030954782
                              • Opcode ID: 3df9fd4375a382aaf607e45150977ba50fdf78ba20d3579bbf4896b5ca26ca4d
                              • Instruction ID: 978019c484a954e5d954b69991ba60e92e3b4daaba155be5287e636d6425d4c5
                              • Opcode Fuzzy Hash: 3df9fd4375a382aaf607e45150977ba50fdf78ba20d3579bbf4896b5ca26ca4d
                              • Instruction Fuzzy Hash: A6510A62B18BC586E7258F3598513696BA1E741FA0F489231CFACC7BD7CE2CD44ACB00
                              Function 00007FF617703B10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: mbstowcs
                              • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
                              • API String ID: 103190477-3625900369
                              • Opcode ID: 335cfb25f273bc0b71c533b1aa8b3b3cb43a2bc4e0eb167bb64440099b1f9d55
                              • Instruction ID: d93bc3573c6cbef2ea30f6c558c0d0e8e4ad47c630193ad1f25dbd01b4f487bb
                              • Opcode Fuzzy Hash: 335cfb25f273bc0b71c533b1aa8b3b3cb43a2bc4e0eb167bb64440099b1f9d55
                              • Instruction Fuzzy Hash: C6515925A08F4681FA14AB25E4553BA22A5AB86FB4F404135DE1DC73D3DE7EE8488780
                              Function 00007FF617713778 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: FileLanguagesModuleNamePreferredRestoreThread_invalid_parameter_noinfo
                              • String ID: C:\Users\user\Desktop\ultraddos.exe
                              • API String ID: 1726085181-4045286355
                              • Opcode ID: f152b16a96d2390fa59877e201a8fcb7eee90746e3ccdd1fc5de0e65d18c7348
                              • Instruction ID: 55a691983aa56156f64008beeefa695d40bcdf584842dc2510a6da7250848641
                              • Opcode Fuzzy Hash: f152b16a96d2390fa59877e201a8fcb7eee90746e3ccdd1fc5de0e65d18c7348
                              • Instruction Fuzzy Hash: CB416F76A08F12C5EB19DF2198A11B927B4EB45FE4F544035EE0EC3B96DE3DE4898350
                              Function 00007FF617717390 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ErrorFileLastWrite
                              • String ID: U
                              • API String ID: 442123175-4171548499
                              • Opcode ID: 6a249f6fb6afda8de6bb4ebd99122ba667e2004ac0392e909517f8841dd9da37
                              • Instruction ID: 478169da57b5b2b982a695d2b64bf9a585c229419bce279505332da0ee2ce7eb
                              • Opcode Fuzzy Hash: 6a249f6fb6afda8de6bb4ebd99122ba667e2004ac0392e909517f8841dd9da37
                              • Instruction Fuzzy Hash: 4441C362B28E8182DB208F25E4543B9B7A0FB88BA4F404031EE4EC7799EF3CD549C740
                              Function 00007FF617719BBC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: CurrentDirectory
                              • String ID: :
                              • API String ID: 1611563598-336475711
                              • Opcode ID: 888c448677325314d0e8b158ef4957107b59426907a7b873861128c778de78f5
                              • Instruction ID: 66d055aad0b028f794bfc0c48ee65439bf869fc2d1ec9b6a15a6390bc4de77d2
                              • Opcode Fuzzy Hash: 888c448677325314d0e8b158ef4957107b59426907a7b873861128c778de78f5
                              • Instruction Fuzzy Hash: 3C21C362A08A8181EB209F21D45526EA3F5FBC4F64F554035DE8D83686DF7CD94ACF80
                              Function 00007FF617717F70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: CompareStringtry_get_function
                              • String ID: CompareStringEx
                              • API String ID: 3328479835-2590796910
                              • Opcode ID: d76b28ab040e76a8495a0240b858f30ead5559bc376ef6d28ab10a99d3583623
                              • Instruction ID: 7958f09e6e9fc28585d3779ebe2910fd2abdab7d28d2a011794090849d889dc1
                              • Opcode Fuzzy Hash: d76b28ab040e76a8495a0240b858f30ead5559bc376ef6d28ab10a99d3583623
                              • Instruction Fuzzy Hash: 7D110E35608B8186D760CB56F4402AAB7A4FBC9FE4F544135EE9D83B5ACF3CD5548B40
                              Function 00007FF6177181DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Stringtry_get_function
                              • String ID: LCMapStringEx
                              • API String ID: 2588686239-3893581201
                              • Opcode ID: ad609579a2fc27d39f8bfc7257738c94498c7fca09e6a3d12734f24b2cb64782
                              • Instruction ID: 81a579984e8a62e51cd76cbf4a5ffea227618322cc36df6b4755a2ed696bf275
                              • Opcode Fuzzy Hash: ad609579a2fc27d39f8bfc7257738c94498c7fca09e6a3d12734f24b2cb64782
                              • Instruction Fuzzy Hash: 96113E35608F8186D760CB56B4402AAB7A5FBD9BE0F544135EE8D83B1ACF3CD4448B40
                              Function 00007FF61771A5D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: :
                              • API String ID: 3215553584-336475711
                              • Opcode ID: 2d0be562cff69a82d341c68878eccc65519fa8104f290c135f3bce331d813b3d
                              • Instruction ID: bdfcd0e8a552eaa9ac81e9102e0f26a87e12f5a232941aab62a0e5c166e40b9d
                              • Opcode Fuzzy Hash: 2d0be562cff69a82d341c68878eccc65519fa8104f290c135f3bce331d813b3d
                              • Instruction Fuzzy Hash: 3701A262918A02C1F724AB60946217E63B0EF84B28F940435DD5EC6693DF2CD20D8B14
                              Function 00007FF617718178 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              • try_get_function.LIBVCRUNTIME ref: 00007FF6177181A9
                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0000014EECA9E1F8,00007FF617715BB2,?,?,?,00007FF617715AAA,?,?,?,00007FF617710FD2,?,?,00000000,00007FF617702DE9), ref: 00007FF6177181C3
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                              • String ID: InitializeCriticalSectionEx
                              • API String ID: 539475747-3084827643
                              • Opcode ID: c62dd487950a3ae7d1371d2e6e16fa6d6d44bd3f5b61311f03784a4988b6bfc7
                              • Instruction ID: 4df9947d32712386eeaf4701ecabfa85445a95a93fbf61f38757763b6ee83362
                              • Opcode Fuzzy Hash: c62dd487950a3ae7d1371d2e6e16fa6d6d44bd3f5b61311f03784a4988b6bfc7
                              • Instruction Fuzzy Hash: ACF05E22B18F4191E7149B62F4404B56261AF88FB0F585479DD6E83B56CF3CE599C780
                              Function 00007FF617718124 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              • try_get_function.LIBVCRUNTIME ref: 00007FF61771814D
                              • TlsSetValue.KERNEL32(?,?,00000000,00007FF617718CFE,?,?,00000000,00007FF617715859,?,?,?,?,00007FF617715895), ref: 00007FF617718164
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2930910110.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000000.00000002.2930892385.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930942936.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2930964964.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2931007207.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Valuetry_get_function
                              • String ID: FlsSetValue
                              • API String ID: 738293619-3750699315
                              • Opcode ID: e4e9a86bb10935233505778a688921acbf1faa484dbeb5e37547878c037e32fa
                              • Instruction ID: 738222ca2d0cbb7c4eda59076998b13a9b0bfe512736eb925163b42167fad77e
                              • Opcode Fuzzy Hash: e4e9a86bb10935233505778a688921acbf1faa484dbeb5e37547878c037e32fa
                              • Instruction Fuzzy Hash: 77E06D62B08E0691EB095B61F8400B56272AF8CFB0FA85476DD6E86257CE3CE95CC380

                              Executed Functions

                              Function 00007FFDFB16395D Relevance: 121.0, APIs: 10, Strings: 58, Instructions: 2030stringthreadCOMMON
                              Download Yara Rule
                              APIs
                              • LeaveCriticalSection.KERNEL32 ref: 00007FFDFB1639F0
                                • Part of subcall function 00007FFDFB256220: TlsAlloc.KERNEL32 ref: 00007FFDFB25622D
                                • Part of subcall function 00007FFDFB256220: TlsGetValue.KERNEL32 ref: 00007FFDFB25625B
                                • Part of subcall function 00007FFDFB256220: GetLastError.KERNEL32 ref: 00007FFDFB256269
                                • Part of subcall function 00007FFDFB256220: LeaveCriticalSection.KERNEL32 ref: 00007FFDFB2562FB
                                • Part of subcall function 00007FFDFB256220: GetProcessHeap.KERNEL32 ref: 00007FFDFB25630B
                                • Part of subcall function 00007FFDFB256220: RtlAllocateHeap.NTDLL ref: 00007FFDFB25631C
                                • Part of subcall function 00007FFDFB255BB0: TlsAlloc.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255DC1
                                • Part of subcall function 00007FFDFB255BB0: TlsGetValue.KERNEL32 ref: 00007FFDFB255DEF
                                • Part of subcall function 00007FFDFB255BB0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255DFD
                                • Part of subcall function 00007FFDFB255BB0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255E3B
                                • Part of subcall function 00007FFDFB255BB0: RtlAllocateHeap.NTDLL ref: 00007FFDFB255E49
                              • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00007FFDFB163FA0
                                • Part of subcall function 00007FFDFB232CC0: TlsAlloc.KERNEL32(?,?,?,?,00007FFDFB170D9F), ref: 00007FFDFB232CCD
                                • Part of subcall function 00007FFDFB232CC0: TlsGetValue.KERNEL32 ref: 00007FFDFB232CFB
                                • Part of subcall function 00007FFDFB232CC0: GetLastError.KERNEL32(?,?,?,?,00007FFDFB170D9F), ref: 00007FFDFB232D09
                                • Part of subcall function 00007FFDFB232CC0: LeaveCriticalSection.KERNEL32(?,?,?,?,00007FFDFB170D9F), ref: 00007FFDFB232D9B
                                • Part of subcall function 00007FFDFB232CC0: GetProcessHeap.KERNEL32(?,?,?,?,00007FFDFB170D9F), ref: 00007FFDFB232DAB
                                • Part of subcall function 00007FFDFB232CC0: HeapAlloc.KERNEL32(?,?,?,?,00007FFDFB170D9F), ref: 00007FFDFB232DBC
                              • GetCurrentThreadId.KERNEL32 ref: 00007FFDFB164060
                              • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00007FFDFB164076
                              • LeaveCriticalSection.KERNEL32 ref: 00007FFDFB16424B
                                • Part of subcall function 00007FFDFB295250: TlsAlloc.KERNEL32(?,?,?,?,00007FFDFB255CEE,?,?,?,00007FFDFB25641E), ref: 00007FFDFB29525D
                                • Part of subcall function 00007FFDFB295250: TlsGetValue.KERNEL32 ref: 00007FFDFB295287
                                • Part of subcall function 00007FFDFB295250: GetLastError.KERNEL32(?,?,?,?,00007FFDFB255CEE,?,?,?,00007FFDFB25641E), ref: 00007FFDFB295295
                              • TlsGetValue.KERNEL32 ref: 00007FFDFB16432D
                              • strstr.VCRUNTIME140 ref: 00007FFDFB1646CD
                              • strstr.VCRUNTIME140 ref: 00007FFDFB1648DE
                              • strstr.VCRUNTIME140 ref: 00007FFDFB164A6A
                                • Part of subcall function 00007FFDFB233420: TlsGetValue.KERNEL32 ref: 00007FFDFB23347D
                                • Part of subcall function 00007FFDFB233420: TlsGetValue.KERNEL32 ref: 00007FFDFB233559
                                • Part of subcall function 00007FFDFB240F60: isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB240FC7
                                • Part of subcall function 00007FFDFB240F60: isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB240FF6
                              • strstr.VCRUNTIME140 ref: 00007FFDFB165875
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: Value$Heap$Alloc$CriticalErrorLastLeaveSectionstrstr$Process$Allocategetenvisdigit$CurrentThread
                              • String ID: 1.1.0$1.2.11$2.0.1$8.6.9$::tcl$::tcl::Bgerror$::tcl::mathfunc$::tcl::mathop$::tcl::prefix$::tcl::unsupported::assemble$::tcl::unsupported::disassemble$::tcl::unsupported::getbytecode$::tcl::unsupported::inject$::tcl::unsupported::representation$Can't create math function namespace$INNER$PACKAGE$TCL$TCL_INTERP_DEBUG_FRAME$TCL_PKG_PREFER_LATEST$Tcl$TclOO$Tcl_CreateInterp: can't create global namespace$UpdateStringProc for type '%s' failed to create a valid string rep$UpdateStringProc should not be invoked for type %s$VERSIONCONFLICT$array$athop::$binary$binary decode$binary encode$builtin command with NULL object command proc and a NULL compile proc$can't create math operator namespace$clock$conflicting versions provided for package "%s": %s, then %s$cp1252$dian$dict$encoding$engine$failed to create math operator %s$file$form$hLevel$info$iso8859-1$lock::$namespace$namespace eval ::tcl::zlib {variable cmdcounter 0}$package ifneeded TclOO 1.1.0 {# Already present, OK?};namespace eval ::oo { variable version 1.1.0 };namespace eval ::oo { variable patchlevel 1.1.0 };$prefix$string$tcl$tcl::tommath$tcl_precision$unable to alloc %u bytes$zlib$zlibVersion
                              • API String ID: 4062838726-3994091164
                              • Opcode ID: de7beb5590d634878dcbc4cafc6102a81fc1c5abcba5a38210155984f0e6e199
                              • Instruction ID: 99d08dd3fc9d3a48fbb78fbb61be1cb1168366f1a61940b21dc782587476a9ba
                              • Opcode Fuzzy Hash: de7beb5590d634878dcbc4cafc6102a81fc1c5abcba5a38210155984f0e6e199
                              • Instruction Fuzzy Hash: 62236976B0AB8389EB049F11E460AA937A5FB44B88F548036CA6D877F9DF3CE554C740
                              Function 00007FFDFAFFD750 Relevance: 61.7, APIs: 31, Strings: 4, Instructions: 443windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 763 7ffdfaffd750-7ffdfaffd7c6 765 7ffdfaffd7c8-7ffdfaffd7d0 call 7ffdfb0a8230 763->765 766 7ffdfaffd7d4-7ffdfaffd7f7 GetFocus 763->766 765->766 768 7ffdfaffd7f9-7ffdfaffd802 GetForegroundWindow 766->768 769 7ffdfaffd804 766->769 768->769 771 7ffdfaffd80c-7ffdfaffd816 768->771 769->771 772 7ffdfaffd818-7ffdfaffd826 771->772 773 7ffdfaffd861-7ffdfaffd868 771->773 776 7ffdfaffd828-7ffdfaffd839 772->776 777 7ffdfaffd83d-7ffdfaffd845 IsWindow 772->777 774 7ffdfaffd86a-7ffdfaffd8ab GetDesktopWindow 773->774 775 7ffdfaffd8ad-7ffdfaffd8b7 773->775 778 7ffdfaffd912-7ffdfaffd93e 774->778 779 7ffdfaffd8b9-7ffdfaffd8c4 775->779 780 7ffdfaffd8c6-7ffdfaffd8cd 775->780 776->777 781 7ffdfaffd84b-7ffdfaffd85c 777->781 782 7ffdfaffdb92-7ffdfaffdbb8 SetWindowLongPtrW 777->782 785 7ffdfaffd940-7ffdfaffd947 778->785 786 7ffdfaffd94e-7ffdfaffd98c call 7ffdfb002d90 778->786 779->778 783 7ffdfaffd90a-7ffdfaffd90d 780->783 784 7ffdfaffd8cf-7ffdfaffd908 780->784 781->782 787 7ffdfaffdbba-7ffdfaffdbc9 SetWindowLongPtrW 782->787 788 7ffdfaffdbcf-7ffdfaffdbdf SetParent 782->788 783->778 784->778 785->786 801 7ffdfaffd9af-7ffdfaffd9b6 786->801 802 7ffdfaffd98e-7ffdfaffd9ad 786->802 787->788 792 7ffdfaffdbe5-7ffdfaffdc1d SendMessageW * 2 788->792 793 7ffdfaffdcbf-7ffdfaffdcd0 788->793 792->793 797 7ffdfaffdc23-7ffdfaffdc2c GetDesktopWindow 792->797 794 7ffdfaffdd44-7ffdfaffdd50 793->794 795 7ffdfaffdcd2-7ffdfaffdcea SendMessageW 793->795 798 7ffdfaffdd75-7ffdfaffdd8a call 7ffdfaffe000 794->798 799 7ffdfaffdd52-7ffdfaffdd6f SetWindowPos 794->799 795->794 800 7ffdfaffdcec-7ffdfaffdd3e SendMessageW call 7ffdfb068c70 SendMessageW 795->800 797->793 803 7ffdfaffdc32-7ffdfaffdc4a SetWindowLongPtrW 797->803 816 7ffdfaffdd8c-7ffdfaffdd9b SendMessageW 798->816 817 7ffdfaffdda1-7ffdfaffddac 798->817 799->798 800->794 808 7ffdfaffd9b8-7ffdfaffd9ba 801->808 809 7ffdfaffd9c6-7ffdfaffd9c9 801->809 807 7ffdfaffd9cd-7ffdfaffd9dd 802->807 804 7ffdfaffdc4c-7ffdfaffdc6e 803->804 805 7ffdfaffdcab-7ffdfaffdcb9 SetMenu DestroyWindow 803->805 804->805 819 7ffdfaffdc70 804->819 805->793 811 7ffdfaffd9e3-7ffdfaffda04 807->811 812 7ffdfaffd9df 807->812 808->809 810 7ffdfaffd9bc-7ffdfaffd9c4 808->810 809->807 810->807 825 7ffdfaffda06-7ffdfaffda0e GetModuleHandleW 811->825 826 7ffdfaffda15-7ffdfaffdaa8 CreateWindowExW SetWindowLongPtrW 811->826 812->811 816->817 821 7ffdfaffddc4-7ffdfaffddce 817->821 822 7ffdfaffddae-7ffdfaffddbe SendMessageW 817->822 824 7ffdfaffdc73-7ffdfaffdc77 819->824 827 7ffdfaffde3c-7ffdfaffde46 821->827 828 7ffdfaffddd0-7ffdfaffddee SendMessageW 821->828 822->821 831 7ffdfaffdc79-7ffdfaffdc80 824->831 832 7ffdfaffdc9f-7ffdfaffdca9 824->832 825->826 846 7ffdfaffdaaa-7ffdfaffdae5 SetLayeredWindowAttributes 826->846 847 7ffdfaffdae7-7ffdfaffdafb 826->847 829 7ffdfaffde48-7ffdfaffde59 SetMenu 827->829 830 7ffdfaffde60-7ffdfaffde63 827->830 833 7ffdfaffde30-7ffdfaffde37 call 7ffdfaffbdf0 828->833 834 7ffdfaffddf0-7ffdfaffddff 828->834 829->830 835 7ffdfaffde65-7ffdfaffde6b 830->835 836 7ffdfaffdebf-7ffdfaffdec7 830->836 831->832 837 7ffdfaffdc82-7ffdfaffdc99 SetParent 831->837 832->805 832->824 833->827 839 7ffdfaffde0a-7ffdfaffde22 ShowWindow 834->839 840 7ffdfaffde01-7ffdfaffde08 834->840 844 7ffdfaffdeb2-7ffdfaffdeb9 835->844 845 7ffdfaffde6d-7ffdfaffde7b 835->845 842 7ffdfaffdec9-7ffdfaffded6 SetActiveWindow 836->842 843 7ffdfaffded8-7ffdfaffdee3 836->843 837->832 848 7ffdfaffde29 839->848 840->848 849 7ffdfaffdeee-7ffdfaffdf1e call 7ffdfb0d0850 842->849 843->849 850 7ffdfaffdee5-7ffdfaffdee8 SetFocus 843->850 844->836 845->844 851 7ffdfaffde7d 845->851 852 7ffdfaffdb1d-7ffdfaffdb5b GetWindowPlacement 846->852 847->852 853 7ffdfaffdafd-7ffdfaffdb07 847->853 848->833 850->849 857 7ffdfaffde80-7ffdfaffde84 851->857 854 7ffdfaffdb65-7ffdfaffdb68 852->854 855 7ffdfaffdb5d-7ffdfaffdb60 call 7ffdfb043df0 852->855 858 7ffdfaffdb09 853->858 859 7ffdfaffdb16 853->859 861 7ffdfaffdb8c 854->861 862 7ffdfaffdb6a-7ffdfaffdb6e 854->862 855->854 864 7ffdfaffdea6-7ffdfaffdeb0 857->864 865 7ffdfaffde86-7ffdfaffde8d 857->865 858->859 859->852 868 7ffdfaffdb8f 861->868 862->861 866 7ffdfaffdb70-7ffdfaffdb77 862->866 864->844 864->857 865->864 867 7ffdfaffde8f-7ffdfaffdea2 call 7ffdfaffd750 call 7ffdfaffe000 865->867 866->861 869 7ffdfaffdb79-7ffdfaffdb8a GetWindow 866->869 867->864 868->782 869->868
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Window$MessageSend$Long$DesktopFocusMenuParent$ActiveAttributesCreateDestroyForegroundHandleLayeredModulePlacementShow
                              • String ID: ,$TkTopLevel$UpdateWrapper: Cannot find container window$UpdateWrapper: Container was destroyed
                              • API String ID: 199526843-342685736
                              • Opcode ID: 032e0a55e5b7d4ba9835c904c4440711087268625d63ec9689d6bf6daea99df3
                              • Instruction ID: e42fc9487ae42b696a119b9ad585a5d8a634e4b3ac2060af97815b13b253e524
                              • Opcode Fuzzy Hash: 032e0a55e5b7d4ba9835c904c4440711087268625d63ec9689d6bf6daea99df3
                              • Instruction Fuzzy Hash: 82225032709A8287EB689F21E564BA973A0FF88B94F044235DB6D077A8DF3CE455D740
                              Function 00007FFDFB0BA520 Relevance: 56.4, APIs: 9, Strings: 23, Instructions: 376windowregistryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Window$Load$Icon$ClassCreateCursorHandleLongModuleRegisterShowUpdate
                              • String ID: 8.6$8.6.9$::ttk$::ttk::style$Button.border$P$Ttk$arrow$classic$default$downarrow$from$highlight$hsash$image$label$leftarrow$rightarrow$style$text$ttk::theme::classic$uparrow$vsash
                              • API String ID: 3723784198-1236492955
                              • Opcode ID: 1539c2ea35e91892888d5bbee677d84f644227ea374f78cf9275d53219e29466
                              • Instruction ID: 6080a677dd17eb6d95516fcc576cac6ac5067116d28436d2f571e804e66fb4d0
                              • Opcode Fuzzy Hash: 1539c2ea35e91892888d5bbee677d84f644227ea374f78cf9275d53219e29466
                              • Instruction Fuzzy Hash: 41125B76B0AB43A1EB409F21E864AA973A5FB49B88F405136DA6D07BB8DF3CD155C340
                              Function 00007FFDFB21E7F0 Relevance: 50.6, APIs: 10, Strings: 23, Instructions: 1052stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: strstr$HeapValuememmove$AllocAllocateErrorLastProcessmemset
                              • String ID: ::oo$::oo::Helpers$::oo::Helpers::next$::oo::Helpers::nextto$::oo::Helpers::self$::oo::UnknownDefinition$::oo::copy$::oo::define$::oo::define ::oo::Slot { method Get {} {error unimplemented} method Set list {error unimplemented} method -set args { uplevel 1 [list [namespace which my] Set $args] } method -append args { uplevel 1 [list [namespace which $::oo::objdefine$<cloned>$UpdateStringProc for type '%s' failed to create a valid string rep$UpdateStringProc should not be invoked for type %s$[a-z]*$class$ctor>$fine::$foreach p [info procs [info object namespace $originObject]::*] { set args [info args $p]; set idx -1; foreach a $args { lset args [incr idx] [if {[info default $p $a d]} {list $a $d} {list $a}] }; set b [info body $p]; set$ject$object$tor>$unable to alloc %u bytes$unknown
                              • API String ID: 360327414-2837539154
                              • Opcode ID: 928e6ff6f167b4b372da0b11bdf3d87737ef0eea0c8e386fb771ffbebcc28649
                              • Instruction ID: d47b52245e51f1fd86607da9fbd4613d422a5d059be115b935fab0bcd07eb800
                              • Opcode Fuzzy Hash: 928e6ff6f167b4b372da0b11bdf3d87737ef0eea0c8e386fb771ffbebcc28649
                              • Instruction Fuzzy Hash: 41B2BF72B0AB8286EB10DF15E460AA937A4FB48B84F449536DE6D877B9DF3CE145C700
                              Function 00007FFDFB289800 Relevance: 35.8, APIs: 6, Strings: 14, Instructions: 786libraryloaderCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1433 7ffdfb289800-7ffdfb289851 call 7ffdfb263220 call 7ffdfb256220 call 7ffdfb255db0 1440 7ffdfb28a3f5-7ffdfb28a406 call 7ffdfb237370 1433->1440 1441 7ffdfb289857-7ffdfb2898a7 call 7ffdfb264f80 1433->1441 1446 7ffdfb28a407-7ffdfb28a418 call 7ffdfb237370 1440->1446 1447 7ffdfb2898a9-7ffdfb2898ac call 7ffdfb233420 1441->1447 1448 7ffdfb2898b1-7ffdfb2898b8 1441->1448 1457 7ffdfb28a419-7ffdfb28a427 call 7ffdfb237370 1446->1457 1447->1448 1449 7ffdfb28990a-7ffdfb289930 GetSystemInfo call 7ffdfb256220 call 7ffdfb255db0 1448->1449 1450 7ffdfb2898ba-7ffdfb2898e4 GetModuleHandleW GetProcAddress 1448->1450 1449->1446 1466 7ffdfb289936-7ffdfb289992 call 7ffdfb256220 call 7ffdfb255db0 1449->1466 1453 7ffdfb2898e6-7ffdfb2898f1 1450->1453 1454 7ffdfb2898f3-7ffdfb2898fa GetVersionExW 1450->1454 1453->1454 1458 7ffdfb289900 1453->1458 1454->1458 1465 7ffdfb28a428-7ffdfb28a439 call 7ffdfb237370 1457->1465 1458->1449 1471 7ffdfb28a43a-7ffdfb28a44b call 7ffdfb237370 1465->1471 1475 7ffdfb289998-7ffdfb289a02 call 7ffdfb24bbf0 call 7ffdfb264f80 1466->1475 1476 7ffdfb28a3e3-7ffdfb28a3f4 call 7ffdfb237370 1466->1476 1484 7ffdfb289a0c-7ffdfb289a16 1475->1484 1485 7ffdfb289a04-7ffdfb289a07 call 7ffdfb233420 1475->1485 1476->1440 1487 7ffdfb289a18-7ffdfb289a1b call 7ffdfb233420 1484->1487 1488 7ffdfb289a20-7ffdfb289a23 1484->1488 1485->1484 1487->1488 1490 7ffdfb289a25-7ffdfb289a29 1488->1490 1491 7ffdfb289a33-7ffdfb289a43 1488->1491 1490->1491 1494 7ffdfb289a2b-7ffdfb289a2e call 7ffdfb233710 1490->1494 1492 7ffdfb289b17-7ffdfb289b49 wsprintfA 1491->1492 1493 7ffdfb289a49-7ffdfb289a76 call 7ffdfb24bbf0 call 7ffdfb256220 call 7ffdfb255db0 1491->1493 1496 7ffdfb289b50-7ffdfb289b57 1492->1496 1493->1476 1511 7ffdfb289a7c-7ffdfb289ae6 call 7ffdfb24bbf0 call 7ffdfb264f80 1493->1511 1494->1491 1496->1496 1499 7ffdfb289b59-7ffdfb289b66 call 7ffdfb256220 1496->1499 1505 7ffdfb289b78-7ffdfb289b85 call 7ffdfb255db0 1499->1505 1506 7ffdfb289b68-7ffdfb289b76 1499->1506 1515 7ffdfb289b87-7ffdfb289b89 1505->1515 1516 7ffdfb289b8f-7ffdfb289bad memmove 1505->1516 1508 7ffdfb289bb1-7ffdfb289bd0 call 7ffdfb256220 call 7ffdfb255db0 1506->1508 1508->1476 1521 7ffdfb289bd6-7ffdfb289c40 call 7ffdfb24bbf0 call 7ffdfb264f80 1508->1521 1524 7ffdfb289ae8-7ffdfb289aeb call 7ffdfb233420 1511->1524 1525 7ffdfb289af0-7ffdfb289afa 1511->1525 1515->1457 1515->1516 1516->1508 1536 7ffdfb289c4a-7ffdfb289c54 1521->1536 1537 7ffdfb289c42-7ffdfb289c45 call 7ffdfb233420 1521->1537 1524->1525 1528 7ffdfb289afc-7ffdfb289aff call 7ffdfb233420 1525->1528 1529 7ffdfb289b04-7ffdfb289b07 1525->1529 1528->1529 1529->1492 1531 7ffdfb289b09-7ffdfb289b0d 1529->1531 1531->1492 1533 7ffdfb289b0f-7ffdfb289b12 call 7ffdfb233710 1531->1533 1533->1492 1539 7ffdfb289c56-7ffdfb289c59 call 7ffdfb233420 1536->1539 1540 7ffdfb289c5e-7ffdfb289c61 1536->1540 1537->1536 1539->1540 1541 7ffdfb289c71-7ffdfb289c7a 1540->1541 1542 7ffdfb289c63-7ffdfb289c67 1540->1542 1545 7ffdfb289c80-7ffdfb289cb0 call 7ffdfb24bbf0 call 7ffdfb256220 call 7ffdfb255db0 1541->1545 1546 7ffdfb289d51-7ffdfb289d85 call 7ffdfb256220 call 7ffdfb255db0 1541->1546 1542->1541 1544 7ffdfb289c69-7ffdfb289c6c call 7ffdfb233710 1542->1544 1544->1541 1545->1476 1561 7ffdfb289cb6-7ffdfb289d20 call 7ffdfb24bbf0 call 7ffdfb264f80 1545->1561 1546->1471 1557 7ffdfb289d8b-7ffdfb289ded call 7ffdfb24bbf0 call 7ffdfb264ac0 1546->1557 1566 7ffdfb289df7-7ffdfb289e01 1557->1566 1567 7ffdfb289def-7ffdfb289df2 call 7ffdfb233420 1557->1567 1573 7ffdfb289d2a-7ffdfb289d34 1561->1573 1574 7ffdfb289d22-7ffdfb289d25 call 7ffdfb233420 1561->1574 1570 7ffdfb289e0b-7ffdfb289e0e 1566->1570 1571 7ffdfb289e03-7ffdfb289e06 call 7ffdfb233420 1566->1571 1567->1566 1576 7ffdfb289e2e-7ffdfb289e46 call 7ffdfb256220 call 7ffdfb255db0 1570->1576 1577 7ffdfb289e10-7ffdfb289e17 1570->1577 1571->1570 1579 7ffdfb289d36-7ffdfb289d39 call 7ffdfb233420 1573->1579 1580 7ffdfb289d3e-7ffdfb289d41 1573->1580 1574->1573 1576->1471 1596 7ffdfb289e4c-7ffdfb289eae call 7ffdfb24bbf0 call 7ffdfb264ac0 1576->1596 1581 7ffdfb289e1d-7ffdfb289e28 call 7ffdfb233710 1577->1581 1582 7ffdfb28a1a4-7ffdfb28a1e1 call 7ffdfb289710 call 7ffdfb24bbf0 call 7ffdfb256220 call 7ffdfb255db0 1577->1582 1579->1580 1580->1546 1585 7ffdfb289d43-7ffdfb289d47 1580->1585 1581->1576 1581->1582 1582->1476 1606 7ffdfb28a1e7-7ffdfb28a251 call 7ffdfb24bbf0 call 7ffdfb264f80 1582->1606 1585->1546 1590 7ffdfb289d49-7ffdfb289d4c call 7ffdfb233710 1585->1590 1590->1546 1607 7ffdfb289eb8-7ffdfb289ec2 1596->1607 1608 7ffdfb289eb0-7ffdfb289eb3 call 7ffdfb233420 1596->1608 1626 7ffdfb28a25b-7ffdfb28a265 1606->1626 1627 7ffdfb28a253-7ffdfb28a256 call 7ffdfb233420 1606->1627 1611 7ffdfb289ecc-7ffdfb289ecf 1607->1611 1612 7ffdfb289ec4-7ffdfb289ec7 call 7ffdfb233420 1607->1612 1608->1607 1615 7ffdfb289efa-7ffdfb289f12 call 7ffdfb256220 call 7ffdfb255db0 1611->1615 1616 7ffdfb289ed1-7ffdfb289ed8 1611->1616 1612->1611 1615->1471 1633 7ffdfb289f18-7ffdfb289f7a call 7ffdfb24bbf0 call 7ffdfb264ac0 1615->1633 1619 7ffdfb289ee7-7ffdfb289ef5 call 7ffdfb261b00 1616->1619 1620 7ffdfb289eda-7ffdfb289ee5 call 7ffdfb233710 1616->1620 1619->1615 1620->1615 1620->1619 1631 7ffdfb28a267-7ffdfb28a26a call 7ffdfb233420 1626->1631 1632 7ffdfb28a26f-7ffdfb28a272 1626->1632 1627->1626 1631->1632 1635 7ffdfb28a282-7ffdfb28a28f 1632->1635 1636 7ffdfb28a274-7ffdfb28a278 1632->1636 1650 7ffdfb289f7c-7ffdfb289f7f call 7ffdfb233420 1633->1650 1651 7ffdfb289f84-7ffdfb289f8e 1633->1651 1639 7ffdfb28a296-7ffdfb28a2cd call 7ffdfb256220 call 7ffdfb255db0 1635->1639 1640 7ffdfb28a291 call 7ffdfb255f00 1635->1640 1636->1635 1638 7ffdfb28a27a-7ffdfb28a27d call 7ffdfb233710 1636->1638 1638->1635 1639->1465 1654 7ffdfb28a2d3-7ffdfb28a30b call 7ffdfb256220 call 7ffdfb255db0 1639->1654 1640->1639 1650->1651 1652 7ffdfb289f98-7ffdfb289f9b 1651->1652 1653 7ffdfb289f90-7ffdfb289f93 call 7ffdfb233420 1651->1653 1657 7ffdfb289fc6-7ffdfb289fcb 1652->1657 1658 7ffdfb289f9d-7ffdfb289fa4 1652->1658 1653->1652 1654->1476 1675 7ffdfb28a311-7ffdfb28a37e call 7ffdfb24bbf0 call 7ffdfb264f80 1654->1675 1663 7ffdfb289fd1-7ffdfb289ffb call 7ffdfb24bbf0 call 7ffdfb256220 call 7ffdfb255db0 1657->1663 1664 7ffdfb28a0a3-7ffdfb28a0bb call 7ffdfb256220 call 7ffdfb255db0 1657->1664 1660 7ffdfb289fa6-7ffdfb289fb1 call 7ffdfb233710 1658->1660 1661 7ffdfb289fb3-7ffdfb289fc1 call 7ffdfb261b00 1658->1661 1660->1657 1660->1661 1661->1657 1663->1471 1686 7ffdfb28a001-7ffdfb28a06a call 7ffdfb24bbf0 call 7ffdfb264f80 1663->1686 1664->1471 1680 7ffdfb28a0c1-7ffdfb28a104 call 7ffdfb256220 call 7ffdfb255db0 1664->1680 1689 7ffdfb28a388-7ffdfb28a392 1675->1689 1690 7ffdfb28a380-7ffdfb28a383 call 7ffdfb233420 1675->1690 1680->1471 1702 7ffdfb28a10a-7ffdfb28a173 call 7ffdfb24bbf0 call 7ffdfb264f80 1680->1702 1707 7ffdfb28a06c-7ffdfb28a06f call 7ffdfb233420 1686->1707 1708 7ffdfb28a074-7ffdfb28a07e 1686->1708 1694 7ffdfb28a39c-7ffdfb28a39f 1689->1694 1695 7ffdfb28a394-7ffdfb28a397 call 7ffdfb233420 1689->1695 1690->1689 1700 7ffdfb28a3af-7ffdfb28a3e2 call 7ffdfb296240 1694->1700 1701 7ffdfb28a3a1-7ffdfb28a3a5 1694->1701 1695->1694 1701->1700 1704 7ffdfb28a3a7-7ffdfb28a3aa call 7ffdfb233710 1701->1704 1720 7ffdfb28a175-7ffdfb28a178 call 7ffdfb233420 1702->1720 1721 7ffdfb28a17d-7ffdfb28a187 1702->1721 1704->1700 1707->1708 1713 7ffdfb28a088-7ffdfb28a08b 1708->1713 1714 7ffdfb28a080-7ffdfb28a083 call 7ffdfb233420 1708->1714 1713->1582 1717 7ffdfb28a091-7ffdfb28a095 1713->1717 1714->1713 1717->1582 1719 7ffdfb28a09b-7ffdfb28a09e 1717->1719 1724 7ffdfb28a19f call 7ffdfb233710 1719->1724 1720->1721 1722 7ffdfb28a189-7ffdfb28a18c call 7ffdfb233420 1721->1722 1723 7ffdfb28a191-7ffdfb28a194 1721->1723 1722->1723 1723->1582 1727 7ffdfb28a196-7ffdfb28a19a 1723->1727 1724->1582 1727->1582 1729 7ffdfb28a19c 1727->1729 1729->1724
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: HeapValue$AllocAllocateErrorLastProcessmemmove$AddressCriticalHandleInfoLeaveModuleProcSectionSystemVersionwsprintf
                              • String ID: %d.%d$HOME$HOMEDRIVE$HOMEPATH$NTDLL$RtlGetVersion$form$machine$osVersion$pathSeparator$platform$unable to alloc %u bytes$user$windows
                              • API String ID: 4124719303-2769234389
                              • Opcode ID: f759e7b6e9bfb5dc2dc8fc655934a1cc33b60ce92f4e4637ba8bbfc919a503c6
                              • Instruction ID: 378d2ba533ed1cf28ee917a5fd206f0283ccbc5a083db488bb494a7e29115dc5
                              • Opcode Fuzzy Hash: f759e7b6e9bfb5dc2dc8fc655934a1cc33b60ce92f4e4637ba8bbfc919a503c6
                              • Instruction Fuzzy Hash: 5E726B32B0BA838AEB059F21D460A6D77A0EB45B54F488135DA6D8B7EEDF3CE541C740
                              Function 00007FFDFB1B5050 Relevance: 35.6, APIs: 6, Strings: 17, Instructions: 1111COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: Heap$AllocAllocateErrorLastProcessValue
                              • String ID: (parsing expression "%.*s%s")$in expression "%s%.*s%.*s%s%s%.*s%s"$%s called with shared object$...$EXPR$MISSING$NOMEM$PARSE$TCL$Tcl_AppendLimitedToObj$\$_@_$max # of tokens for a Tcl parse (%d) exceeded$missing operator at %s$ssion$unable to alloc %u bytes$unable to realloc %u bytes
                              • API String ID: 3727939657-3106115557
                              • Opcode ID: 94557a7e5a7340f3c34306ebcd863b3baec2a889f91978107ef17cccbe313314
                              • Instruction ID: 6ffca83f372f4b5187f4d36cd88f5cc61ac9d41e49ffbf2b02b530cbbb3e754c
                              • Opcode Fuzzy Hash: 94557a7e5a7340f3c34306ebcd863b3baec2a889f91978107ef17cccbe313314
                              • Instruction Fuzzy Hash: E9A2D372B0A68386EB24DF15E464AAA77A0FB58788F108135DB6D477E9DF3CE544CB00
                              Function 00007FFDFB0A96FC Relevance: 35.4, APIs: 1, Strings: 19, Instructions: 417COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2038 7ffdfb0a96fc-7ffdfb0a9707 2040 7ffdfb0a9709 2038->2040 2041 7ffdfb0a9740-7ffdfb0a9755 2038->2041 2042 7ffdfb0a9710-7ffdfb0a9726 2040->2042 2044 7ffdfb0a9757-7ffdfb0a975e 2041->2044 2045 7ffdfb0a9768-7ffdfb0a97ea 2041->2045 2047 7ffdfb0a972c-7ffdfb0a973e 2042->2047 2048 7ffdfb0a982d-7ffdfb0a9881 2042->2048 2044->2045 2063 7ffdfb0a97fc-7ffdfb0a9815 2045->2063 2064 7ffdfb0a97ec-7ffdfb0a97f3 2045->2064 2047->2041 2047->2042 2056 7ffdfb0a9e7a-7ffdfb0a9eb6 call 7ffdfb0d0850 2048->2056 2066 7ffdfb0a9e77 2063->2066 2067 7ffdfb0a981b-7ffdfb0a98a2 2063->2067 2064->2063 2066->2056 2070 7ffdfb0a98a8-7ffdfb0a98f5 2067->2070 2071 7ffdfb0a9a09-7ffdfb0a9a11 2067->2071 2086 7ffdfb0a99c7-7ffdfb0a99de 2070->2086 2087 7ffdfb0a98fb-7ffdfb0a9919 2070->2087 2072 7ffdfb0a9a5f-7ffdfb0a9b35 2071->2072 2073 7ffdfb0a9a13-7ffdfb0a9a5a call 7ffdfaff57e0 2071->2073 2110 7ffdfb0a9b37-7ffdfb0a9b54 2072->2110 2111 7ffdfb0a9b62-7ffdfb0a9b73 2072->2111 2073->2072 2093 7ffdfb0a99e4-7ffdfb0a99ee 2086->2093 2087->2086 2092 7ffdfb0a991f-7ffdfb0a9949 2087->2092 2092->2086 2099 7ffdfb0a994b-7ffdfb0a99c5 2092->2099 2094 7ffdfb0a9a00-7ffdfb0a9a03 2093->2094 2095 7ffdfb0a99f0-7ffdfb0a99f7 2093->2095 2094->2071 2098 7ffdfb0a9e52-7ffdfb0a9e55 2094->2098 2095->2094 2098->2066 2100 7ffdfb0a9e57-7ffdfb0a9e65 2098->2100 2099->2093 2100->2066 2102 7ffdfb0a9e67-7ffdfb0a9e6e 2100->2102 2102->2066 2110->2111 2114 7ffdfb0a9bb8-7ffdfb0a9bbe 2111->2114 2115 7ffdfb0a9b75-7ffdfb0a9bb3 2111->2115 2117 7ffdfb0a9bc0-7ffdfb0a9bfe 2114->2117 2118 7ffdfb0a9c03-7ffdfb0a9c09 2114->2118 2115->2114 2117->2118 2119 7ffdfb0a9c0b-7ffdfb0a9c49 2118->2119 2120 7ffdfb0a9c4e-7ffdfb0a9cc2 2118->2120 2119->2120 2132 7ffdfb0a9cd4-7ffdfb0a9cd7 2120->2132 2133 7ffdfb0a9cc4-7ffdfb0a9ccb 2120->2133 2132->2098 2134 7ffdfb0a9cdd-7ffdfb0a9cf2 2132->2134 2133->2132 2137 7ffdfb0a9d05-7ffdfb0a9d0d 2134->2137 2138 7ffdfb0a9cf4-7ffdfb0a9cff call 7ffdfb0a8ee0 2134->2138 2140 7ffdfb0a9daf-7ffdfb0a9dd6 2137->2140 2141 7ffdfb0a9d13-7ffdfb0a9d8f 2137->2141 2138->2137 2140->2098 2145 7ffdfb0a9dd8-7ffdfb0a9df9 call 7ffdfb0ba520 2140->2145 2155 7ffdfb0a9da1-7ffdfb0a9da9 2141->2155 2156 7ffdfb0a9d91-7ffdfb0a9d98 2141->2156 2145->2098 2151 7ffdfb0a9dfb-7ffdfb0a9e05 2145->2151 2153 7ffdfb0a9e07-7ffdfb0a9e0f GetModuleHandleW 2151->2153 2154 7ffdfb0a9e16-7ffdfb0a9e41 call 7ffdfb005370 call 7ffdfb16a9b0 2151->2154 2153->2154 2154->2098 2160 7ffdfb0a9e43-7ffdfb0a9e4d call 7ffdfb03b130 2154->2160 2155->2098 2155->2140 2156->2155 2160->2098
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: (processing arguments in argv variable)$-colormap$-screen$-use$-visual$8.6.9$::safe::TkInit$DISPLAY$NO_MASTER$SAFE$Tcl_GetInterpPath broken!$argc$argv$env$geometry$if {[namespace which -command tkInit] eq ""} { proc tkInit {} { global tk_library tk_version tk_patchLevel rename tkInit {} tcl_findLibrary tk $tk_version $tk_patchLevel tk.tcl TK_LIBRARY tk_library }}tkInit$no controlling master interpreter$toplevel . -class$wm geometry .
                              • API String ID: 0-2161420275
                              • Opcode ID: 38e672879afa577683360f9ac9c9c1006eef6c544fb345e5ac35332c76b490d2
                              • Instruction ID: fbe1bd70d042c2fecdbe7f727b45b9ec0c65e2acd470fdb8fd62788cdd37d666
                              • Opcode Fuzzy Hash: 38e672879afa577683360f9ac9c9c1006eef6c544fb345e5ac35332c76b490d2
                              • Instruction Fuzzy Hash: FC222C36B0AA9392EB449F25D464AB967A5FB89F88F045136DE2E477B8DF3CD005C700
                              Function 00007FFDFB0AB3A0 Relevance: 28.2, APIs: 2, Strings: 14, Instructions: 153windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Create$BitmapBrushPattern
                              • String ID: 8.6$Button.border$Combobox.focus$Scrollbar.trough$Ttk$alt$border$client$field$focus$slider$thumb$ttk::theme::winnative$winnative
                              • API String ID: 3280665104-2094136981
                              • Opcode ID: 8ff5ef2f79d464f6b1cd937c61051bc74debb1fd3be77bd397f6782ccdc2ac60
                              • Instruction ID: 79643274ac6589e591a1a99c974f8d08f12305bd50959f12407d07b82227f6d5
                              • Opcode Fuzzy Hash: 8ff5ef2f79d464f6b1cd937c61051bc74debb1fd3be77bd397f6782ccdc2ac60
                              • Instruction Fuzzy Hash: AC714C76B0AB8791EB209F61E424AAA73A4FB49B84F445136DA6D07BF9CF3CD105D700
                              Function 00007FFDFB28B460 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 215windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2228 7ffdfb28b460-7ffdfb28b473 2229 7ffdfb28b475-7ffdfb28b479 2228->2229 2230 7ffdfb28b47d-7ffdfb28b4a0 TlsGetValue 2228->2230 2229->2230 2231 7ffdfb28b4b2-7ffdfb28b4b5 2230->2231 2232 7ffdfb28b4a2-7ffdfb28b4a4 2230->2232 2234 7ffdfb28b4b7-7ffdfb28b4c5 call 7ffdfb255db0 2231->2234 2235 7ffdfb28b4e8-7ffdfb28b4f3 2231->2235 2232->2231 2233 7ffdfb28b4a6-7ffdfb28b4a9 2232->2233 2233->2231 2238 7ffdfb28b4ab-7ffdfb28b4ae 2233->2238 2244 7ffdfb28b636-7ffdfb28b711 call 7ffdfb237370 SleepEx 2234->2244 2245 7ffdfb28b4cb-7ffdfb28b4e3 memset call 7ffdfb256bc0 2234->2245 2236 7ffdfb28b4f5-7ffdfb28b507 2235->2236 2237 7ffdfb28b546 2235->2237 2240 7ffdfb28b509-7ffdfb28b50b 2236->2240 2241 7ffdfb28b50d-7ffdfb28b523 2236->2241 2242 7ffdfb28b54b-7ffdfb28b56d PeekMessageW 2237->2242 2238->2231 2240->2241 2246 7ffdfb28b528-7ffdfb28b544 2240->2246 2241->2246 2247 7ffdfb28b5ae-7ffdfb28b5cb PeekMessageW 2242->2247 2248 7ffdfb28b56f-7ffdfb28b578 2242->2248 2265 7ffdfb28b786-7ffdfb28b790 2244->2265 2266 7ffdfb28b713-7ffdfb28b719 2244->2266 2245->2235 2246->2242 2253 7ffdfb28b5cd-7ffdfb28b5e2 GetMessageW 2247->2253 2254 7ffdfb28b612 2247->2254 2252 7ffdfb28b580-7ffdfb28b5a2 MsgWaitForMultipleObjectsEx 2248->2252 2252->2252 2259 7ffdfb28b5a4-7ffdfb28b5ac 2252->2259 2255 7ffdfb28b5f5-7ffdfb28b5f8 2253->2255 2256 7ffdfb28b5e4-7ffdfb28b5e8 PostQuitMessage 2253->2256 2257 7ffdfb28b614-7ffdfb28b635 ResetEvent 2254->2257 2260 7ffdfb28b5ee-7ffdfb28b5f3 2255->2260 2261 7ffdfb28b5fa-7ffdfb28b610 TranslateMessage DispatchMessageW 2255->2261 2256->2260 2259->2247 2259->2260 2260->2257 2261->2257 2267 7ffdfb28b71b-7ffdfb28b71d 2266->2267 2268 7ffdfb28b71f-7ffdfb28b784 SleepEx 2266->2268 2267->2265 2267->2268 2268->2265 2268->2266
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: Message$Peek$EventMultipleObjectsPostQuitResetValueWaitmemset
                              • String ID: unable to alloc %u bytes
                              • API String ID: 1171599283-2759121943
                              • Opcode ID: 7f45b520981c73a77f69a10098c6a94e6e0ae400c56af052a6404e8d04782c65
                              • Instruction ID: 4f354c81b2e3f33412ccceae2458e9546d540ef14b38977cd80a869f8613ebdb
                              • Opcode Fuzzy Hash: 7f45b520981c73a77f69a10098c6a94e6e0ae400c56af052a6404e8d04782c65
                              • Instruction Fuzzy Hash: 83918336B1A94387EB548B25E864A2D6361FF88744F449135DA6EC7BFCDE3CE9448B00
                              Function 00007FFDFB002D90 Relevance: 19.8, APIs: 13, Instructions: 255windowCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2348 7ffdfb002d90-7ffdfb002dbf 2349 7ffdfb002df1-7ffdfb002e68 AdjustWindowRectEx 2348->2349 2350 7ffdfb002dc1-7ffdfb002dc9 IsIconic 2348->2350 2353 7ffdfb002e6a-7ffdfb002e71 2349->2353 2354 7ffdfb002e73-7ffdfb002e7a 2349->2354 2351 7ffdfb0031b0-7ffdfb0031c4 call 7ffdfb0d0850 2350->2351 2352 7ffdfb002dcf-7ffdfb002ddb IsZoomed 2350->2352 2352->2351 2355 7ffdfb002de1-7ffdfb002deb 2352->2355 2358 7ffdfb002e90-7ffdfb002eb2 2353->2358 2357 7ffdfb002e7c-7ffdfb002e89 2354->2357 2354->2358 2355->2349 2355->2351 2357->2358 2360 7ffdfb002ee5-7ffdfb002ee7 2358->2360 2361 7ffdfb002eb4-7ffdfb002ed5 2358->2361 2364 7ffdfb002ee9-7ffdfb002eeb 2360->2364 2365 7ffdfb002eed-7ffdfb002eef 2360->2365 2362 7ffdfb002ed7-7ffdfb002ee1 2361->2362 2363 7ffdfb002ee3 2361->2363 2362->2360 2363->2360 2366 7ffdfb002ef6-7ffdfb002eff 2364->2366 2365->2366 2367 7ffdfb002ef1-7ffdfb002ef3 2365->2367 2368 7ffdfb002f0a-7ffdfb002f0d 2366->2368 2369 7ffdfb002f01-7ffdfb002f08 2366->2369 2367->2366 2370 7ffdfb002f23-7ffdfb002f38 2368->2370 2371 7ffdfb002f0f-7ffdfb002f1c 2368->2371 2369->2370 2372 7ffdfb002f3a-7ffdfb002f59 2370->2372 2373 7ffdfb002f68-7ffdfb002f6a 2370->2373 2371->2370 2374 7ffdfb002f5b-7ffdfb002f64 2372->2374 2375 7ffdfb002f66 2372->2375 2376 7ffdfb002f6c-7ffdfb002f6e 2373->2376 2377 7ffdfb002f70-7ffdfb002f72 2373->2377 2374->2373 2375->2373 2378 7ffdfb002f79-7ffdfb002f89 2376->2378 2377->2378 2379 7ffdfb002f74-7ffdfb002f76 2377->2379 2380 7ffdfb002f8b-7ffdfb002fb3 2378->2380 2381 7ffdfb002fb5 2378->2381 2379->2378 2382 7ffdfb002fbc-7ffdfb002fc0 2380->2382 2381->2382 2383 7ffdfb002fe5 2382->2383 2384 7ffdfb002fc2-7ffdfb002fe3 2382->2384 2385 7ffdfb002feb-7ffdfb002fee 2383->2385 2384->2385 2386 7ffdfb003004-7ffdfb003020 2385->2386 2387 7ffdfb002ff0-7ffdfb002ff6 2385->2387 2389 7ffdfb003037-7ffdfb00304d 2386->2389 2390 7ffdfb003022-7ffdfb003032 2386->2390 2387->2386 2388 7ffdfb002ff8-7ffdfb002ffe 2387->2388 2388->2386 2391 7ffdfb00318e-7ffdfb0031ab 2388->2391 2392 7ffdfb00304f-7ffdfb003079 SendMessageW * 2 2389->2392 2393 7ffdfb00307e-7ffdfb0030d8 GetSystemMetrics MoveWindow GetWindowRect 2389->2393 2390->2391 2391->2351 2394 7ffdfb003187 2392->2394 2395 7ffdfb00316f-7ffdfb00317b 2393->2395 2396 7ffdfb0030de 2393->2396 2394->2391 2395->2394 2397 7ffdfb00317d-7ffdfb003181 DrawMenuBar 2395->2397 2398 7ffdfb0030e0-7ffdfb0030f9 GetClientRect 2396->2398 2397->2394 2398->2395 2399 7ffdfb0030fb-7ffdfb003112 2398->2399 2400 7ffdfb003114-7ffdfb00314e MoveWindow GetWindowRect 2399->2400 2401 7ffdfb003152-7ffdfb003169 MoveWindow 2399->2401 2400->2398 2402 7ffdfb003150 2400->2402 2401->2395 2402->2395
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Window$Rect$MessageMoveSend$AdjustClientDrawIconicMenuMetricsSystemZoomed
                              • String ID:
                              • API String ID: 722483491-0
                              • Opcode ID: 3fdaa7c7a3c0b17253527552bf866b4c03d27616cbfb91c39aeae93c3d74d048
                              • Instruction ID: 380bd894f292192bb90fc753f445e6a62112506c4061be2072f4e7730a80fc86
                              • Opcode Fuzzy Hash: 3fdaa7c7a3c0b17253527552bf866b4c03d27616cbfb91c39aeae93c3d74d048
                              • Instruction Fuzzy Hash: EAC1CC727096838AE710DF28D454BAD77A0FB89B88F194035DE995B6ACCF38E840DB50
                              Function 00007FFDFAFF4460 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 273COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2450 7ffdfaff4460-7ffdfaff44d6 SelectObject 2451 7ffdfaff44d8-7ffdfaff44dd 2450->2451 2452 7ffdfaff44e0-7ffdfaff4511 GetFontData 2450->2452 2451->2452 2453 7ffdfaff4517-7ffdfaff451e 2452->2453 2454 7ffdfaff47f1-7ffdfaff47fc GetTextCharset 2452->2454 2455 7ffdfaff453b 2453->2455 2456 7ffdfaff4520-7ffdfaff4539 2453->2456 2457 7ffdfaff4831-7ffdfaff4874 SelectObject call 7ffdfb0d0850 2454->2457 2458 7ffdfaff47fe-7ffdfaff482c 2454->2458 2460 7ffdfaff4540-7ffdfaff4545 2455->2460 2456->2460 2458->2457 2460->2457 2462 7ffdfaff454b-7ffdfaff454f 2460->2462 2464 7ffdfaff4550-7ffdfaff4573 GetFontData 2462->2464 2466 7ffdfaff4575-7ffdfaff45ed 2464->2466 2467 7ffdfaff45ef-7ffdfaff45f9 2464->2467 2468 7ffdfaff45ff-7ffdfaff4604 2466->2468 2467->2468 2469 7ffdfaff460a-7ffdfaff460d 2468->2469 2470 7ffdfaff47e0-7ffdfaff47e9 2468->2470 2471 7ffdfaff461c-7ffdfaff4620 2469->2471 2472 7ffdfaff460f-7ffdfaff461a 2469->2472 2470->2464 2473 7ffdfaff47ef 2470->2473 2471->2470 2474 7ffdfaff4626-7ffdfaff4647 GetFontData 2471->2474 2472->2474 2473->2457 2475 7ffdfaff4649-7ffdfaff4666 2474->2475 2476 7ffdfaff4668 2474->2476 2477 7ffdfaff466d-7ffdfaff4671 2475->2477 2476->2477 2477->2470 2478 7ffdfaff4677-7ffdfaff467a 2477->2478 2479 7ffdfaff469b 2478->2479 2480 7ffdfaff467c-7ffdfaff4699 2478->2480 2481 7ffdfaff46a0-7ffdfaff470e GetFontData * 2 2479->2481 2480->2481 2484 7ffdfaff477c-7ffdfaff4784 2481->2484 2485 7ffdfaff4710-7ffdfaff4715 2481->2485 2484->2470 2486 7ffdfaff4786-7ffdfaff478b 2484->2486 2485->2484 2487 7ffdfaff4717-7ffdfaff472b 2485->2487 2486->2470 2489 7ffdfaff478d-7ffdfaff47aa 2486->2489 2488 7ffdfaff4730-7ffdfaff4773 2487->2488 2488->2488 2490 7ffdfaff4775-7ffdfaff477a 2488->2490 2491 7ffdfaff47b0-7ffdfaff47be 2489->2491 2490->2484 2492 7ffdfaff47d6-7ffdfaff47de 2491->2492 2493 7ffdfaff47c0-7ffdfaff47cc 2491->2493 2492->2470 2492->2491 2493->2492 2494 7ffdfaff47ce-7ffdfaff47d3 2493->2494 2494->2492
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: DataFont$ObjectSelect$CharsetText
                              • String ID: cmap$pamc
                              • API String ID: 447340330-4234804082
                              • Opcode ID: 1b065db3612fad4ff0faa31c0d5acf3722efc466d0a0d2ece25ce3bbfab9cf0c
                              • Instruction ID: 1342460cb4951b6e31a731bac6278501a9587c912f9bcc8636c15dd430c07b82
                              • Opcode Fuzzy Hash: 1b065db3612fad4ff0faa31c0d5acf3722efc466d0a0d2ece25ce3bbfab9cf0c
                              • Instruction Fuzzy Hash: BBB10237B182A286D7588F15E410A7AB7A1FB99B91F405235FE9A47BE8DF3CD444CB00
                              Function 00007FFDFB23A1A0 Relevance: 16.4, APIs: 1, Strings: 8, Instructions: 696COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: _errno
                              • String ID: PATH$TCL$UpdateStringProc for type '%s' failed to create a valid string rep$UpdateStringProc should not be invoked for type %s$VALUE$WTF$ntation$unable to alloc %u bytes
                              • API String ID: 2918714741-3483878451
                              • Opcode ID: 7644a217f49799ea2987173b87bb7879dcace2bf3e84a2592cbd3a9c517da6f5
                              • Instruction ID: 1fb6a2cd04b78793544d767923f023845ead17f160cc1008e369868446c77bbf
                              • Opcode Fuzzy Hash: 7644a217f49799ea2987173b87bb7879dcace2bf3e84a2592cbd3a9c517da6f5
                              • Instruction Fuzzy Hash: 2A52AE21F0A24345FB649B1591B4B7D67A1AF56B84F0C8535CA7D8BAEDDF2CE8C28700
                              Function 00007FFDFB1FA8C0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 405COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: memchrmemmove$_errno
                              • String ID: Reuse of ChannelBuffer! %p$unable to alloc %u bytes$unknown output translation requested
                              • API String ID: 180474557-3982423822
                              • Opcode ID: 1e8b0f27a43b3fd8708236fc55343e05a0af1cffdfd1e4defc61820fcd503fef
                              • Instruction ID: ad698c2d7bc53f0bd8b489b688b01976614ebaefc35c8e76ac9f9405397aea0b
                              • Opcode Fuzzy Hash: 1e8b0f27a43b3fd8708236fc55343e05a0af1cffdfd1e4defc61820fcd503fef
                              • Instruction Fuzzy Hash: D1029273B1978286E7648F15E460B6ABBA1FB44798F044135DA6D87BE9DF3CE444CB00
                              Function 00007FFDFB080890 Relevance: 12.3, APIs: 2, Strings: 6, Instructions: 346COMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FFDFB0A7970: strrchr.VCRUNTIME140(?,?,?,?,?,?,?,00000000,00007FFDFB00FD38), ref: 00007FFDFB0A79A2
                              • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFB080884), ref: 00007FFDFB080914
                              • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFB080884), ref: 00007FFDFB080980
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memset$strrchr
                              • String ID: NULL treePtr in TkBTreeAddClient$Text$current$flat$insert$sel
                              • API String ID: 2573819314-4120511963
                              • Opcode ID: 0b08c7d96099273f1e6960ef2f76b0f492050fe03cb9882e0d299789182b046f
                              • Instruction ID: 4853a9734d7e5f2ff5a0fd432d975679010097daec2c4c2b2dd1804c8f95c9d6
                              • Opcode Fuzzy Hash: 0b08c7d96099273f1e6960ef2f76b0f492050fe03cb9882e0d299789182b046f
                              • Instruction Fuzzy Hash: 2C02AD72706B9286D710CF12E8A4AA977B8FB89B88F068136DE5D477B8DF38D155C700
                              Function 00007FFDFB1BBE90 Relevance: 12.3, APIs: 3, Strings: 5, Instructions: 283COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: GetCmdLocEncodingSize: bad code length$GetCmdLocEncodingSize: bad code offset$GetCmdLocEncodingSize: bad source length$TclInitByteCodeObj() called on uninitialized CompileEnv$unable to alloc %u bytes
                              • API String ID: 2162964266-538860164
                              • Opcode ID: 842dd8b3b6196972768f4c3fa843cf08669e0f33fbc9ea37571f81d9fdc13e81
                              • Instruction ID: 8492a1fd6696928ad21a0cd1aa0a9f336ff9603998d5eabeaf24faa8f241a523
                              • Opcode Fuzzy Hash: 842dd8b3b6196972768f4c3fa843cf08669e0f33fbc9ea37571f81d9fdc13e81
                              • Instruction Fuzzy Hash: 82C1A072B05B8686DB64CF15E494BA973A4FB48798F054139DF6D87BA4DF38E4A0CB00
                              Function 00007FFDFB1BB0B0 Relevance: 11.2, APIs: 2, Strings: 5, Instructions: 674COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: $Unexpected token type in TclCompileTokens: %d; %.*s$bad stack depth computations: is %i, should be %i$unable to alloc %u bytes$unable to realloc %u bytes
                              • API String ID: 2162964266-2435792223
                              • Opcode ID: 0541a1c23d702763f63afa97d275fa865d35e3a3a0672025cde34076b622407d
                              • Instruction ID: df3140d849ddccf3dec5f5f297fcaa51d8d317e2ccd925bcaf79037927c11763
                              • Opcode Fuzzy Hash: 0541a1c23d702763f63afa97d275fa865d35e3a3a0672025cde34076b622407d
                              • Instruction Fuzzy Hash: 8E529137B1968286EB208F29D450A7E77A0F784B98F548136DA5E47BADDF3CD841CB40
                              Function 00007FFDFB23B170 Relevance: 11.0, APIs: 4, Strings: 3, Instructions: 521COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: %s called with shared object$/$Tcl_AppendLimitedToObj
                              • API String ID: 0-3320004338
                              • Opcode ID: 3bca31937ccc2b841f95dca5e0923ae4d3ec6d9a24d04a8864fd4eb6109f14bb
                              • Instruction ID: 77e10514569713df20a16a4b6d93226c198cbc2dd3741c69fcd34d14b1ff405e
                              • Opcode Fuzzy Hash: 3bca31937ccc2b841f95dca5e0923ae4d3ec6d9a24d04a8864fd4eb6109f14bb
                              • Instruction Fuzzy Hash: 4722B12AB0E68785EB659F159068B7D6390EF45B94F0C4435CAAE8B7EDDE3CE4C18700
                              Function 00007FFDFAFF1270 Relevance: 63.2, APIs: 27, Strings: 9, Instructions: 186COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Object$CreateDeleteFontIndirect$InfoParametersSystem$CapsDeviceReleaseStockmemset
                              • String ID: TkCaptionFont$TkDefaultFont$TkFixedFont$TkHeadingFont$TkIconFont$TkMenuFont$TkSmallCaptionFont$TkTextFont$TkTooltipFont
                              • API String ID: 3615235001-2508811397
                              • Opcode ID: 97c1589acfb19211d6a7384634f8a4d6cc160df272eef4f6cc3da4919954f117
                              • Instruction ID: b6da69b4e8abf7ad95a01abf192ae34b167b98e5262eedd43b9f694936e0e614
                              • Opcode Fuzzy Hash: 97c1589acfb19211d6a7384634f8a4d6cc160df272eef4f6cc3da4919954f117
                              • Instruction Fuzzy Hash: 20817031B06A4396EB14AB61EC64AE96364FF89B84F404236EA1E477F8DF3CD149D740
                              Function 00007FFDFB255BB0 Relevance: 50.9, APIs: 19, Strings: 10, Instructions: 184memorythreadCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 960 7ffdfb255bb0-7ffdfb255bc7 961 7ffdfb255bcd-7ffdfb255bd4 960->961 962 7ffdfb255ce9-7ffdfb255cf4 call 7ffdfb295250 960->962 964 7ffdfb255bed-7ffdfb255c01 call 7ffdfb294dc0 961->964 965 7ffdfb255bd6-7ffdfb255be3 InitializeCriticalSection 961->965 969 7ffdfb255d71-7ffdfb255d83 962->969 970 7ffdfb255cf6-7ffdfb255d13 GetProcessHeap HeapAlloc 962->970 971 7ffdfb255cdc-7ffdfb255ce3 LeaveCriticalSection 964->971 972 7ffdfb255c07-7ffdfb255c18 malloc 964->972 965->964 973 7ffdfb255d84-7ffdfb255d90 call 7ffdfb237370 970->973 974 7ffdfb255d15-7ffdfb255d6f memset call 7ffdfb294dc0 LeaveCriticalSection GetCurrentThreadId TlsSetValue 970->974 971->962 976 7ffdfb255d91-7ffdfb255d9d call 7ffdfb237370 972->976 977 7ffdfb255c1e-7ffdfb255c43 InitializeCriticalSection malloc 972->977 973->976 974->969 983 7ffdfb255d9e-7ffdfb255dda call 7ffdfb237370 TlsAlloc 974->983 976->983 977->976 980 7ffdfb255c49-7ffdfb255c66 InitializeCriticalSection 977->980 984 7ffdfb255c70-7ffdfb255c9a 980->984 993 7ffdfb255ee4-7ffdfb255ef0 call 7ffdfb237370 983->993 994 7ffdfb255de0-7ffdfb255dfb TlsGetValue 983->994 986 7ffdfb255c9c-7ffdfb255ca4 984->986 987 7ffdfb255ca6-7ffdfb255cba malloc 984->987 986->987 987->976 989 7ffdfb255cc0-7ffdfb255cda InitializeCriticalSection 987->989 989->971 989->984 1000 7ffdfb255ef1-7ffdfb255eff call 7ffdfb237370 993->1000 997 7ffdfb255dfd-7ffdfb255e05 GetLastError 994->997 998 7ffdfb255e0b-7ffdfb255e13 994->998 997->998 997->1000 1001 7ffdfb255e1d-7ffdfb255e55 GetProcessHeap RtlAllocateHeap 998->1001 1002 7ffdfb255e15-7ffdfb255e1a call 7ffdfb255bb0 998->1002 1008 7ffdfb255e9f-7ffdfb255ea1 1001->1008 1009 7ffdfb255e57-7ffdfb255ec6 1001->1009 1002->1001 1011 7ffdfb255eca-7ffdfb255ee3 1008->1011 1009->1011
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: CriticalSection$Initialize$malloc$AllocHeapLeaveValue$CurrentErrorLastProcessThreadmemset
                              • String ID: %lu %ld %ld %ld %ld %ld %ld$TlsGetValue failed from TclpGetAllocCache$TlsSetValue failed from TclpSetAllocCache$alloc: could not allocate %d new objects$alloc: could not allocate new cache$alloc: invalid block: %p: %x %x$could not allocate lock$could not allocate thread local storage$shared$thread%p
                              • API String ID: 2510295087-4207058055
                              • Opcode ID: a109229cddbb14779d23126aaa3ea1a9a957dbcdf13093fd54cb725fec987314
                              • Instruction ID: 072de28fd4d6d92899829d78aad2e565c75bdc43bc037bdb5329dc05256fb018
                              • Opcode Fuzzy Hash: a109229cddbb14779d23126aaa3ea1a9a957dbcdf13093fd54cb725fec987314
                              • Instruction Fuzzy Hash: 89813F25B0BB4386EB549B15E874B7922A0BF94B98F584135D96DC67F8EE3CE485C300
                              Function 00007FFDFB041EED Relevance: 36.3, APIs: 6, Strings: 18, Instructions: 335stringCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1316 7ffdfb041eed-7ffdfb041efb 1317 7ffdfb041f00-7ffdfb041f26 1316->1317 1319 7ffdfb042060-7ffdfb042068 1317->1319 1320 7ffdfb041f2c-7ffdfb041f30 1317->1320 1319->1317 1323 7ffdfb04206e-7ffdfb042076 1319->1323 1321 7ffdfb041f6f-7ffdfb041f73 1320->1321 1322 7ffdfb041f32-7ffdfb041f35 1320->1322 1327 7ffdfb041fb0-7ffdfb041fb4 1321->1327 1328 7ffdfb041f75-7ffdfb041f78 1321->1328 1322->1321 1324 7ffdfb041f37-7ffdfb041f4c strncmp 1322->1324 1325 7ffdfb042078-7ffdfb042086 1323->1325 1326 7ffdfb04208a-7ffdfb04213f call 7ffdfb0a8ee0 call 7ffdfb0a7970 1323->1326 1332 7ffdfb041f4e-7ffdfb041f63 1324->1332 1333 7ffdfb041f68 1324->1333 1325->1326 1358 7ffdfb0424a0 1326->1358 1359 7ffdfb042145-7ffdfb042152 1326->1359 1330 7ffdfb041fef-7ffdfb041ff3 1327->1330 1331 7ffdfb041fb6-7ffdfb041fba 1327->1331 1328->1327 1329 7ffdfb041f7a-7ffdfb041f8f strncmp 1328->1329 1335 7ffdfb041f91-7ffdfb041fa4 1329->1335 1336 7ffdfb041fa9 1329->1336 1338 7ffdfb04202e-7ffdfb042032 1330->1338 1339 7ffdfb041ff5-7ffdfb041ff9 1330->1339 1331->1330 1337 7ffdfb041fbc-7ffdfb041fd1 strncmp 1331->1337 1332->1319 1333->1321 1335->1319 1336->1327 1342 7ffdfb041fd3-7ffdfb041fe6 1337->1342 1343 7ffdfb041fe8 1337->1343 1338->1319 1341 7ffdfb042034-7ffdfb042049 strncmp 1338->1341 1339->1338 1345 7ffdfb041ffb-7ffdfb042010 strncmp 1339->1345 1341->1319 1348 7ffdfb04204b-7ffdfb04205b 1341->1348 1342->1319 1343->1330 1349 7ffdfb042012-7ffdfb042025 1345->1349 1350 7ffdfb042027 1345->1350 1348->1319 1349->1319 1350->1338 1362 7ffdfb0424a5-7ffdfb0424cb 1358->1362 1360 7ffdfb042154-7ffdfb042170 call 7ffdfb073300 1359->1360 1361 7ffdfb042186-7ffdfb04219d call 7ffdfb0456d0 call 7ffdfb073980 1359->1361 1360->1361 1367 7ffdfb042172-7ffdfb04217e 1360->1367 1370 7ffdfb04219f-7ffdfb0421b0 call 7ffdfb073300 1361->1370 1371 7ffdfb0421bd-7ffdfb0421c2 1361->1371 1367->1361 1375 7ffdfb0421b5-7ffdfb0421bb 1370->1375 1372 7ffdfb0421c4-7ffdfb0421d4 call 7ffdfaff06d0 1371->1372 1373 7ffdfb0421da-7ffdfb0421e2 1371->1373 1372->1373 1383 7ffdfb042498-7ffdfb04249b call 7ffdfb0a7b90 1372->1383 1377 7ffdfb0421fd-7ffdfb042200 1373->1377 1378 7ffdfb0421e4-7ffdfb0421fa call 7ffdfb073300 1373->1378 1375->1371 1375->1373 1381 7ffdfb042220-7ffdfb04222d 1377->1381 1382 7ffdfb042202-7ffdfb04221e call 7ffdfb073300 1377->1382 1378->1377 1386 7ffdfb042232-7ffdfb042235 1381->1386 1382->1381 1394 7ffdfb04222f 1382->1394 1383->1358 1387 7ffdfb04229f-7ffdfb0422a2 1386->1387 1388 7ffdfb042237-7ffdfb04225e call 7ffdfb0a6060 1386->1388 1392 7ffdfb0422a4-7ffdfb0422ba call 7ffdfb0a66c0 1387->1392 1393 7ffdfb0422cb-7ffdfb0422df 1387->1393 1388->1383 1398 7ffdfb042264-7ffdfb04226e 1388->1398 1392->1383 1405 7ffdfb0422c0-7ffdfb0422c6 call 7ffdfb0a8940 1392->1405 1400 7ffdfb0422ed-7ffdfb04230b 1393->1400 1401 7ffdfb0422e1-7ffdfb0422eb 1393->1401 1394->1386 1398->1387 1404 7ffdfb042270-7ffdfb042294 1398->1404 1402 7ffdfb04230d-7ffdfb042314 1400->1402 1403 7ffdfb042322-7ffdfb0423a6 memset 1400->1403 1401->1400 1401->1403 1402->1403 1406 7ffdfb042316-7ffdfb04231d 1402->1406 1411 7ffdfb0423a8-7ffdfb0423b2 1403->1411 1412 7ffdfb0423b9-7ffdfb042404 call 7ffdfb03a160 call 7ffdfb031b60 1403->1412 1404->1387 1407 7ffdfb042296-7ffdfb042299 1404->1407 1405->1393 1406->1403 1407->1387 1411->1412 1412->1383 1417 7ffdfb04240a-7ffdfb04242f call 7ffdfb042970 1412->1417 1417->1383 1420 7ffdfb042431-7ffdfb042437 1417->1420 1421 7ffdfb04243d-7ffdfb042445 1420->1421 1422 7ffdfb0424f8-7ffdfb0424fc 1420->1422 1425 7ffdfb0424f0-7ffdfb0424f3 call 7ffdfaff0b10 1421->1425 1426 7ffdfb04244b-7ffdfb04248f 1421->1426 1423 7ffdfb0424fe-7ffdfb04250c 1422->1423 1424 7ffdfb042515-7ffdfb042532 call 7ffdfb0717f0 1422->1424 1423->1424 1424->1362 1425->1422 1426->1383
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: -class$-colormap$-screen$-use$-visual$CONTAINMENT$Class$Colormap$FRAME$Use$Visual$class$colormap$use$v$visual$windows cannot have both the -use and the -container option set$B5
                              • API String ID: 1114863663-3665511832
                              • Opcode ID: c5cf4370d39668a17af6a34c6c06e88287e89b4dff580afb37b91846e4436f12
                              • Instruction ID: 43c6299b0241d8032cd46d43ec52c1784ebedd81f566f98c0c59655c7ac50a5c
                              • Opcode Fuzzy Hash: c5cf4370d39668a17af6a34c6c06e88287e89b4dff580afb37b91846e4436f12
                              • Instruction Fuzzy Hash: A9F15725B1AB8391EB54AF11E560BB967A1FB8AB84F044035DE2E077B9DF2DE514D300
                              Function 00007FF6177060E0 Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 91libraryloaderCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AddressProc$ByteCharErrorFormatLastLibraryLoadMessageMultiWide
                              • String ID: 8$ActivateActCtx$CreateActCtxW$Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$kernel32$win32_utils_from_utf8
                              • API String ID: 476984482-3632730297
                              • Opcode ID: 1d2938d5db947061d7b81669ed95ebf9e0ba583b77f32856e9add88fd11bbb56
                              • Instruction ID: cd835a961e6b46254492e0b85c384a7a4acb09f07b473650726d1734f4085e19
                              • Opcode Fuzzy Hash: 1d2938d5db947061d7b81669ed95ebf9e0ba583b77f32856e9add88fd11bbb56
                              • Instruction Fuzzy Hash: A8415C21A08F8281EB50CB35E95027962A1BF85BB0F644335EE6DC77D6EF7DD5498380
                              Function 00007FF617701790 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 198COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2271 7ff617701790-7ff6177017b1 2272 7ff6177017b3-7ff6177017be call 7ff617702d90 2271->2272 2273 7ff6177017d2-7ff6177017e8 call 7ff61770c998 2271->2273 2276 7ff6177017c3-7ff6177017cc 2272->2276 2279 7ff6177017ee-7ff6177017fe call 7ff61770c1c0 2273->2279 2280 7ff6177018b6-7ff6177018c1 call 7ff61770c984 2273->2280 2276->2273 2278 7ff6177018e8-7ff6177018ed 2276->2278 2281 7ff617701a54-7ff617701a6c 2278->2281 2279->2280 2286 7ff617701804-7ff617701813 call 7ff61770c698 2279->2286 2280->2278 2287 7ff6177018c3-7ff6177018d3 call 7ff61770c1c0 2280->2287 2286->2280 2294 7ff617701819 2286->2294 2292 7ff6177018d5-7ff6177018e3 call 7ff617701c30 2287->2292 2293 7ff6177018f2-7ff61770190b call 7ff61770bef0 2287->2293 2292->2278 2301 7ff61770190d 2293->2301 2302 7ff61770192a-7ff617701986 call 7ff61770c1c0 call 7ff61770c998 2293->2302 2297 7ff617701820-7ff617701839 2294->2297 2299 7ff61770189e-7ff6177018ab call 7ff61770c984 2297->2299 2300 7ff61770183b-7ff61770184b call 7ff61770c1c0 2297->2300 2299->2281 2300->2299 2311 7ff61770184d-7ff61770185b call 7ff61770bef0 2300->2311 2305 7ff617701914-7ff617701925 call 7ff617701c30 2301->2305 2317 7ff6177019a5-7ff6177019be call 7ff61770bef0 2302->2317 2318 7ff617701988-7ff6177019a0 call 7ff617701c30 2302->2318 2305->2281 2316 7ff617701860-7ff617701863 2311->2316 2316->2299 2319 7ff617701865-7ff61770186c 2316->2319 2329 7ff6177019c0-7ff6177019c7 2317->2329 2330 7ff6177019cc-7ff6177019e2 call 7ff61770bc64 2317->2330 2318->2281 2321 7ff617701895-7ff61770189c 2319->2321 2322 7ff61770186e-7ff61770187f 2319->2322 2321->2297 2321->2299 2325 7ff617701882-7ff617701885 2322->2325 2327 7ff61770188c-7ff617701893 2325->2327 2328 7ff617701887-7ff61770188a 2325->2328 2327->2321 2327->2325 2328->2327 2331 7ff6177018b0-7ff6177018b3 2328->2331 2329->2305 2334 7ff6177019e4-7ff6177019f5 call 7ff617701c70 2330->2334 2335 7ff6177019f7-7ff6177019ff 2330->2335 2331->2280 2334->2281 2337 7ff617701a42-7ff617701a48 2335->2337 2338 7ff617701a01-7ff617701a2c 2335->2338 2341 7ff617701a52 2337->2341 2342 7ff617701a4a call 7ff61770bbd4 2337->2342 2339 7ff617701a2e-7ff617701a32 2338->2339 2340 7ff617701a36-7ff617701a3d call 7ff617701c70 2338->2340 2339->2338 2344 7ff617701a34 2339->2344 2340->2337 2341->2281 2347 7ff617701a4f 2342->2347 2344->2337 2347->2341
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _fread_nolock
                              • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$fread$fseek$malloc
                              • API String ID: 840049012-1463511288
                              • Opcode ID: 218681b748c78af7b223b6c15f4271e2a118dc96e14a62f12ad14747491ecb4b
                              • Instruction ID: 6d54b1933403424449b2d75677661ab99d49da57e827241c6ec1fda86badb472
                              • Opcode Fuzzy Hash: 218681b748c78af7b223b6c15f4271e2a118dc96e14a62f12ad14747491ecb4b
                              • Instruction Fuzzy Hash: DC817B72B19A4296EA14DB25E5402BC63A1FF06FA0F548531EE1DC3BD3DF3AE5698700
                              Function 00007FFDFB1D14F0 Relevance: 16.9, APIs: 2, Strings: 9, Instructions: 391COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2495 7ffdfb1d14f0-7ffdfb1d15c6 call 7ffdfb261b00 * 3 2502 7ffdfb1d15ec-7ffdfb1d1618 call 7ffdfb261b00 call 7ffdfb25f1b0 2495->2502 2503 7ffdfb1d15c8-7ffdfb1d15cc 2495->2503 2512 7ffdfb1d161e-7ffdfb1d1629 2502->2512 2513 7ffdfb1d1a5f-7ffdfb1d1a6e call 7ffdfb237370 2502->2513 2503->2502 2504 7ffdfb1d15ce-7ffdfb1d15e7 call 7ffdfb261b00 2503->2504 2511 7ffdfb1d1733-7ffdfb1d177a call 7ffdfb21a830 2504->2511 2521 7ffdfb1d1a4e-7ffdfb1d1a5e call 7ffdfb237370 2511->2521 2522 7ffdfb1d1780-7ffdfb1d1783 2511->2522 2515 7ffdfb1d1729-7ffdfb1d172e 2512->2515 2516 7ffdfb1d162f-7ffdfb1d1638 2512->2516 2526 7ffdfb1d1a6f-7ffdfb1d1a7d call 7ffdfb237370 2513->2526 2515->2511 2519 7ffdfb1d1640-7ffdfb1d1653 2516->2519 2524 7ffdfb1d1659-7ffdfb1d1669 2519->2524 2525 7ffdfb1d16db 2519->2525 2521->2513 2527 7ffdfb1d1785-7ffdfb1d1789 2522->2527 2528 7ffdfb1d17a7-7ffdfb1d17c8 call 7ffdfb1d02e0 2522->2528 2532 7ffdfb1d166b-7ffdfb1d1678 call 7ffdfb255db0 2524->2532 2533 7ffdfb1d1698-7ffdfb1d16a0 2524->2533 2531 7ffdfb1d16df-7ffdfb1d171c call 7ffdfb261b00 2525->2531 2547 7ffdfb1d1a7e-7ffdfb1d1a8c call 7ffdfb237370 2526->2547 2535 7ffdfb1d178b-7ffdfb1d1796 2527->2535 2536 7ffdfb1d1798-7ffdfb1d17a3 2527->2536 2543 7ffdfb1d19ba-7ffdfb1d19c5 2528->2543 2544 7ffdfb1d17ce-7ffdfb1d180e call 7ffdfb261b00 call 7ffdfb256220 2528->2544 2531->2519 2553 7ffdfb1d1722-7ffdfb1d1727 2531->2553 2554 7ffdfb1d167a-7ffdfb1d167c 2532->2554 2555 7ffdfb1d1682-7ffdfb1d1696 memmove 2532->2555 2541 7ffdfb1d16a2-7ffdfb1d16ac 2533->2541 2542 7ffdfb1d16b4-7ffdfb1d16c1 call 7ffdfb256050 2533->2542 2535->2528 2536->2528 2541->2542 2548 7ffdfb1d16ae-7ffdfb1d16b1 2541->2548 2558 7ffdfb1d16cb-7ffdfb1d16d1 2542->2558 2559 7ffdfb1d16c3-7ffdfb1d16c5 2542->2559 2551 7ffdfb1d19cc-7ffdfb1d19f1 2543->2551 2552 7ffdfb1d19c7 call 7ffdfb255f00 2543->2552 2575 7ffdfb1d19ac-7ffdfb1d19b5 call 7ffdfb1d0710 2544->2575 2576 7ffdfb1d1814-7ffdfb1d181a 2544->2576 2570 7ffdfb1d1a8d-7ffdfb1d1aac call 7ffdfb247a00 call 7ffdfb233710 call 7ffdfb237370 2547->2570 2548->2542 2562 7ffdfb1d19f8-7ffdfb1d1a1a 2551->2562 2563 7ffdfb1d19f3 call 7ffdfb255f00 2551->2563 2552->2551 2553->2515 2554->2526 2554->2555 2555->2531 2558->2531 2565 7ffdfb1d16d3-7ffdfb1d16d9 2558->2565 2559->2547 2559->2558 2568 7ffdfb1d1a1c call 7ffdfb255f00 2562->2568 2569 7ffdfb1d1a21-7ffdfb1d1a4d call 7ffdfb296240 2562->2569 2563->2562 2565->2531 2568->2569 2588 7ffdfb1d1aad-7ffdfb1d1ae5 call 7ffdfb237370 call 7ffdfb16e0f0 2570->2588 2575->2543 2580 7ffdfb1d1820-7ffdfb1d183e call 7ffdfb24bbf0 call 7ffdfb256220 2576->2580 2591 7ffdfb1d1850-7ffdfb1d185c call 7ffdfb255db0 2580->2591 2592 7ffdfb1d1840-7ffdfb1d184e 2580->2592 2599 7ffdfb1d1866-7ffdfb1d188c memmove 2591->2599 2600 7ffdfb1d185e-7ffdfb1d1860 2591->2600 2595 7ffdfb1d188e-7ffdfb1d18c5 call 7ffdfb24c5f0 call 7ffdfb1c1c80 2592->2595 2605 7ffdfb1d18c7-7ffdfb1d18cb 2595->2605 2606 7ffdfb1d18d1-7ffdfb1d18d5 2595->2606 2599->2595 2600->2588 2600->2599 2605->2606 2607 7ffdfb1d198b-7ffdfb1d19a1 2605->2607 2608 7ffdfb1d18d7-7ffdfb1d18e1 call 7ffdfb1f4bf0 2606->2608 2609 7ffdfb1d1948-7ffdfb1d194f 2606->2609 2607->2580 2610 7ffdfb1d19a7 2607->2610 2608->2609 2619 7ffdfb1d18e3-7ffdfb1d1940 call 7ffdfb1674b0 call 7ffdfb261dc0 call 7ffdfb261b00 call 7ffdfb166c30 2608->2619 2611 7ffdfb1d1951-7ffdfb1d1959 call 7ffdfb233710 2609->2611 2612 7ffdfb1d195d-7ffdfb1d197f call 7ffdfb1674b0 2609->2612 2610->2575 2611->2612 2620 7ffdfb1d1983-7ffdfb1d1987 2612->2620 2619->2570 2629 7ffdfb1d1946 2619->2629 2620->2607 2629->2620
                              APIs
                                • Part of subcall function 00007FFDFB261B00: memmove.VCRUNTIME140(?,?,?,?,FFFFFFFF,?,?,?,?,?,?,?,?,?,?,00007FFDFB256530), ref: 00007FFDFB261B79
                                • Part of subcall function 00007FFDFB261B00: memmove.VCRUNTIME140(?,?,?,00007FFDFB256530), ref: 00007FFDFB261BC2
                              • memmove.VCRUNTIME140 ref: 00007FFDFB1D168D
                                • Part of subcall function 00007FFDFB255BB0: TlsAlloc.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255DC1
                                • Part of subcall function 00007FFDFB255BB0: TlsGetValue.KERNEL32 ref: 00007FFDFB255DEF
                                • Part of subcall function 00007FFDFB255BB0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255DFD
                                • Part of subcall function 00007FFDFB255BB0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255E3B
                                • Part of subcall function 00007FFDFB255BB0: RtlAllocateHeap.NTDLL ref: 00007FFDFB255E49
                              • memmove.VCRUNTIME140 ref: 00007FFDFB1D1875
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: memmove$Heap$AllocAllocateErrorLastProcessValue
                              • String ID: :$:$::tcl$___tmp$invalid ensemble name '%s'$tcl:$unable to alloc %u bytes$unable to find or create %s namespace!$unable to realloc %u bytes
                              • API String ID: 326071783-2600637362
                              • Opcode ID: 0615786ab257f1f5df4c1c2dc7181fb4064d47c7432992a836b601e7de6e63c8
                              • Instruction ID: 8c25a830c99e6c4f39019b72be394a96438b10bac8441c6417e7f5e9973e8d08
                              • Opcode Fuzzy Hash: 0615786ab257f1f5df4c1c2dc7181fb4064d47c7432992a836b601e7de6e63c8
                              • Instruction Fuzzy Hash: D7026D32F0AA438AEB109F65D460AAD27A1FB48788F544135DE6D97BADEF38E411C740
                              Function 00007FFDFAFF2D70 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 142COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: CharObjectSelectTextWidth$FaceMetricsRelease
                              • String ID: unicode
                              • API String ID: 1149465119-3551638624
                              • Opcode ID: 80d415c8a31dde43c7f8235ea580f9feee869a46969c5c487de01ae2e29a6a01
                              • Instruction ID: 245c4263e16381155e23d5ee9882b66e2ff379738bb14f070a0a1ee203c2414b
                              • Opcode Fuzzy Hash: 80d415c8a31dde43c7f8235ea580f9feee869a46969c5c487de01ae2e29a6a01
                              • Instruction Fuzzy Hash: A1616233B09A8696DB21DF26E450BA977A4FB49B94F044236EE5D477A8DF3CD045CB00
                              Function 00007FF617706270 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                              Download Yara Rule
                              APIs
                              • GetLastError.KERNEL32(WideCharToMultiByte,00007FF617701D04,?,?,00000000,00007FF617706503), ref: 00007FF617706297
                              • FormatMessageW.KERNEL32 ref: 00007FF6177062C6
                              • WideCharToMultiByte.KERNEL32 ref: 00007FF61770631C
                                • Part of subcall function 00007FF617701CD0: GetLastError.KERNEL32(?,?,00000000,00007FF617706503,?,?,?,?,?,?,?,?,?,?,?,00007FF617701023), ref: 00007FF617701CF7
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ErrorLast$ByteCharFormatMessageMultiWide
                              • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                              • API String ID: 2383786077-2573406579
                              • Opcode ID: cb585456b380e6ff4054627f6644d0a4beaf786c57f2083237d3a24da6617dd6
                              • Instruction ID: 13dd0e747dcdd8a8652400b6b515c8b89e806230c9a55f875f29a695b8e2b7cd
                              • Opcode Fuzzy Hash: cb585456b380e6ff4054627f6644d0a4beaf786c57f2083237d3a24da6617dd6
                              • Instruction Fuzzy Hash: 9C218371A08E4281E7609B25EC5027AA361FF49B74F540135EE9EC26A6EF3CE14DC740
                              Function 00007FF6177012A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                              • API String ID: 0-3659356012
                              • Opcode ID: 3c33e3a5a64f1a8eda91f0132aa81a71cccfc2e01b7638ec49fd4d7e2eb50540
                              • Instruction ID: 1763f16561a5b549a070f9f2496710f9372cfa23db0cf7c98cf02a690dc7785c
                              • Opcode Fuzzy Hash: 3c33e3a5a64f1a8eda91f0132aa81a71cccfc2e01b7638ec49fd4d7e2eb50540
                              • Instruction Fuzzy Hash: 91413E62A09E4282EA14DB15B4406BEA3A1FF46FA4F944431EE4DC7B57EE3EE549C700
                              Function 00007FF617720DCC Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                              • String ID:
                              • API String ID: 1330151763-0
                              • Opcode ID: eccfba207a59d3cee0f3233f3982c820af0bdd3ec00bb8bdfca65c5d96ff0363
                              • Instruction ID: 613a0ff6670f39444eea4e0370520c7c390d0790562a92b0c9a6487c9a867a1e
                              • Opcode Fuzzy Hash: eccfba207a59d3cee0f3233f3982c820af0bdd3ec00bb8bdfca65c5d96ff0363
                              • Instruction Fuzzy Hash: F0C19D36B28E4686EB14DF75D4902AC3771FB48BA8F104229DE2E97796DF38D55AC300
                              Function 00007FFDFB004720 Relevance: 13.7, APIs: 9, Instructions: 223windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ProcWindow$CompositionContextMessageString$CountPostReleaseSendTick
                              • String ID:
                              • API String ID: 26215887-0
                              • Opcode ID: bda77b4f305770b32edf71130beda9049990572cee32fa97529de351f0f0c5b7
                              • Instruction ID: 85f4706fa856b037aa42b6ba239918016af807c863d16510fa527a3b6cfea101
                              • Opcode Fuzzy Hash: bda77b4f305770b32edf71130beda9049990572cee32fa97529de351f0f0c5b7
                              • Instruction Fuzzy Hash: 39919231B0A74386E7649B26E494A7963A1FB8ABC0F184136EEAD477F9DE3CD4419700
                              Function 00007FFDFB213530 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 441COMMON
                              Download Yara Rule
                              APIs
                              • memmove.VCRUNTIME140(?,?,?,?,00000000,00000000,?,00000000,00000000,?,?,?,00007FFDFB24E689), ref: 00007FFDFB2137B8
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: LIST$UpdateStringProc for type '%s' failed to create a valid string rep$UpdateStringProc should not be invoked for type %s$concurrent dictionary modification and search$list$max size for a Tcl value (%d bytes) exceeded$unable to alloc %u bytes
                              • API String ID: 2162964266-1961554774
                              • Opcode ID: 30fa48febe392d548504ad8d32e4468128648f190389d0d74817609504d09d19
                              • Instruction ID: 7aefbd775247f4c8bb2e3623ed105ac83d44d21413e296bf2e0d1bf5066968a1
                              • Opcode Fuzzy Hash: 30fa48febe392d548504ad8d32e4468128648f190389d0d74817609504d09d19
                              • Instruction Fuzzy Hash: 8C02AE62B0AA87A5EB548F15D4A0BA973A2FB84B84F149435CE6D837ECDF3CE445C700
                              Function 00007FF617701040 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                              • API String ID: 0-1060636955
                              • Opcode ID: 185fc5cbd02ce857c6a9d239765a13fbbf2047d58f89daf95d51080d8e8f8efb
                              • Instruction ID: c61838448648bf07468aacff922cd43bae202fc22468be7a1a157aa792bb16d9
                              • Opcode Fuzzy Hash: 185fc5cbd02ce857c6a9d239765a13fbbf2047d58f89daf95d51080d8e8f8efb
                              • Instruction Fuzzy Hash: 9851BE22B09E8285EA609B21E4403BE6291FF86FA4F544135EE5EC7797EE3DE54DC700
                              Function 00007FFDFAFFC4E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 113registrywindowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: HandleLoadModule$ClassCursorIconRegister
                              • String ID: TkTopLevel$Unable to register TkTopLevel class
                              • API String ID: 1220223050-2494010311
                              • Opcode ID: e1fce1ed7374b891fa4308eb97f994d45a6076192f2013fd772c70913d915a48
                              • Instruction ID: 01663cdfdad90d4173f56ba96582672a80d691faea2ed7f3c2b6ca5fb8dbf3d3
                              • Opcode Fuzzy Hash: e1fce1ed7374b891fa4308eb97f994d45a6076192f2013fd772c70913d915a48
                              • Instruction Fuzzy Hash: 90518D32B09B9392EB148B10F46066933A4FF88794F145276EA6D077E8DF3CE446C740
                              Function 00007FFDFB256220 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107memoryCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: AllocErrorHeapLastValue$AllocateCriticalLeaveProcessSection
                              • String ID: alloc: could not allocate %d new objects
                              • API String ID: 1166013580-1866737643
                              • Opcode ID: 79a350fa242608ae43b42acc12eb3bd2d368d26d401a213c63e72471bb118405
                              • Instruction ID: 1ae4575868d4c5b0db2e7c2e3b5c616c81a5ae72f6b8f8755ba7e8b7453abc50
                              • Opcode Fuzzy Hash: 79a350fa242608ae43b42acc12eb3bd2d368d26d401a213c63e72471bb118405
                              • Instruction Fuzzy Hash: 32412C75B0AB0786EB558F26D860A7933A0FB98F48F144135DA6DC73A8DF38E561C740
                              Function 00007FF6177162AC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 088e63ca55a10b91f61684d782b33e841d3aa9981af1eb6cba00e19d71500c1d
                              • Instruction ID: 49c8e951397e4407204776fd855987702fbfe8131bc96cdcc246cf932268651f
                              • Opcode Fuzzy Hash: 088e63ca55a10b91f61684d782b33e841d3aa9981af1eb6cba00e19d71500c1d
                              • Instruction Fuzzy Hash: 3EC1C022A0CF8681E7619B2590602BE6BB0EB80FA4F594135DE4EC7797CE7CE85DC740
                              Function 00007FFDFB003DC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Window$ClientLongMovePlacementRectVisible
                              • String ID: ,
                              • API String ID: 2284278383-3772416878
                              • Opcode ID: 46164d7bbfc0e34bd0665da01aa26adc5bfe06126c8e6cc5e4278c1e00a46ac5
                              • Instruction ID: 2d119659ac07c03ea2772d0dbc5f2a013990510364a81083695dc99f5a2d742d
                              • Opcode Fuzzy Hash: 46164d7bbfc0e34bd0665da01aa26adc5bfe06126c8e6cc5e4278c1e00a46ac5
                              • Instruction Fuzzy Hash: DDA13832B096828BE761CF29D154B6C37A0FB49B94F184235DB9D977A8CF38E850DB50
                              Function 00007FFDFAFE6810 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Window$CreateHandleLongModule
                              • String ID: BUTTON$STATIC
                              • API String ID: 4115577067-3385952364
                              • Opcode ID: 4f8638d8563ba6b1795b29c2f431fc437369376545b52b17be907f02028a1bcb
                              • Instruction ID: cd7884784e57a042aff68234a537dbc01e3b3bc7bf748f7857ee24d1974c5411
                              • Opcode Fuzzy Hash: 4f8638d8563ba6b1795b29c2f431fc437369376545b52b17be907f02028a1bcb
                              • Instruction Fuzzy Hash: D7311C32709B82CBD760CF15E450A5AB7E4FB48B94F144235EA9D53B68DF3CE5518B00
                              Function 00007FFDFB0A9C80 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 128COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              • 8.6.9, xrefs: 00007FFDFB0A9DBD
                              • if {[namespace which -command tkInit] eq ""} { proc tkInit {} { global tk_library tk_version tk_patchLevel rename tkInit {} tcl_findLibrary tk $tk_version $tk_patchLevel tk.tcl TK_LIBRARY tk_library }}tkInit, xrefs: 00007FFDFB0A9E25
                              • wm geometry ., xrefs: 00007FFDFB0A9D3C
                              • geometry, xrefs: 00007FFDFB0A9D1A
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: HandleModule
                              • String ID: 8.6.9$geometry$if {[namespace which -command tkInit] eq ""} { proc tkInit {} { global tk_library tk_version tk_patchLevel rename tkInit {} tcl_findLibrary tk $tk_version $tk_patchLevel tk.tcl TK_LIBRARY tk_library }}tkInit$wm geometry .
                              • API String ID: 4139908857-824492141
                              • Opcode ID: b625e55057be429e77ed50a114ebc79f3e07c180802b94b2cb880f162a83776b
                              • Instruction ID: aaed735d5468d4e3a682103943c4735eb20d76e67babd2d2c502f91838113a86
                              • Opcode Fuzzy Hash: b625e55057be429e77ed50a114ebc79f3e07c180802b94b2cb880f162a83776b
                              • Instruction Fuzzy Hash: DD515B36B0AA5392EB54DF11E464AB927A5FB89F88F015031DD6E477B9DE3DE041C700
                              Function 00007FFDFAFF31B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 118COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ObjectSelect$FaceTextmemset
                              • String ID: unicode
                              • API String ID: 920176757-3551638624
                              • Opcode ID: 8aaf0b32bfda873121129cac43128c3c376c551875a48f78daf0f7a9b22292fb
                              • Instruction ID: 3dd1ff8999446497dd0f776efbee0685bb4578a2b591b224c7738e62d1e17745
                              • Opcode Fuzzy Hash: 8aaf0b32bfda873121129cac43128c3c376c551875a48f78daf0f7a9b22292fb
                              • Instruction Fuzzy Hash: E0517136B06B4292EB54DF12E964BA973A4FB48B90F055235EE6D477A8DF3CE064C300
                              Function 00007FFDFB0AA000 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Window$ColorLongProc
                              • String ID: #%04X%04X%04X$Ttk
                              • API String ID: 3223664542-2938447076
                              • Opcode ID: 176ec7b19616db0b2cfab64f59e5a060be04e73a0b2277affb83c45ecbf4efbc
                              • Instruction ID: 13c38c5e7775fe1df230dedc3d858c4963bb291ae71ead35f5f980753087c54b
                              • Opcode Fuzzy Hash: 176ec7b19616db0b2cfab64f59e5a060be04e73a0b2277affb83c45ecbf4efbc
                              • Instruction Fuzzy Hash: 5C51CE36B0AA5682E7509F15E860B6977A4FB89B88F409436EE9D077F8DF3CD045CB40
                              Function 00007FFDFB263220 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 177COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: CriticalLeaveSection
                              • String ID: PGV Initializer did not initialize$unable to alloc %u bytes
                              • API String ID: 3988221542-3767161943
                              • Opcode ID: 9d777f1a186f9730c7270cc6558768bac1cdeeac47f46969deecf9873dd4aa1f
                              • Instruction ID: 81a05153478c8f0ad4f4415852e4eb2d93cf3d3071d00b3fc51277522a2c52d3
                              • Opcode Fuzzy Hash: 9d777f1a186f9730c7270cc6558768bac1cdeeac47f46969deecf9873dd4aa1f
                              • Instruction Fuzzy Hash: 6C618022B0AA4796EB14DF16E560AB96361FF44B84F444435DF2E87BEADF3CE4618340
                              Function 00007FFDFB0944A0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 277COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: CreateMessage$BitmapDeleteErrorFormatFreeLastLocalObjectReleaseSection
                              • String ID: GC already registered in Tk_GetGC$WidgetViewSync$called GCInit after GCCleanup
                              • API String ID: 1892380217-4226584754
                              • Opcode ID: 8825d14d55ab541b47d92ec7218fb888faee54ed839cbae1ad42c315cfde9696
                              • Instruction ID: 63427558a0e1d8f076148e971bb99a29e2b1910bd5332af2de89c20eb65d7ff3
                              • Opcode Fuzzy Hash: 8825d14d55ab541b47d92ec7218fb888faee54ed839cbae1ad42c315cfde9696
                              • Instruction Fuzzy Hash: 69E146B2B05B928AE714CF25D490BAD37A5F749B88F01413ADE5D47BA8DF38E4A4C740
                              Function 00007FFDFB010E50 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 274COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: DeleteObject
                              • String ID: GC already registered in Tk_GetGC$called GCInit after GCCleanup$gray50
                              • API String ID: 1531683806-823200916
                              • Opcode ID: 43f9789623b92208fb8c1327486bf677f20f087dc647471cdb5b985e23ee7e7b
                              • Instruction ID: bcda3b782eabac8c9d4be073d3e0a31a4c4fd7a6e9b7e89e2e5865f885285184
                              • Opcode Fuzzy Hash: 43f9789623b92208fb8c1327486bf677f20f087dc647471cdb5b985e23ee7e7b
                              • Instruction Fuzzy Hash: 9DE121B2B05B968AEB14CF65D450BAC33A5FB48B88F01813ADE5C57BA8DF38D495C740
                              Function 00007FF617701000 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215COMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF617702C80: GetModuleFileNameW.KERNEL32(?,00007FF61770287C), ref: 00007FF617702CB1
                              • SetDllDirectoryW.KERNEL32 ref: 00007FF61770298F
                                • Part of subcall function 00007FF6177056F0: GetEnvironmentVariableW.KERNEL32(00007FF6177028BA), ref: 00007FF61770572A
                                • Part of subcall function 00007FF6177056F0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF617705747
                                • Part of subcall function 00007FF617705C90: SetEnvironmentVariableW.KERNEL32 ref: 00007FF617705CAF
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: Environment$Variable$DirectoryExpandFileModuleNameStrings
                              • String ID: Cannot open self %s or archive %s$Failed to convert DLL search path!$_MEIPASS2
                              • API String ID: 2904469105-3660216322
                              • Opcode ID: 5ec9dc8acca9883462d7ecb466f4fd47ded13a127848d7d7e5c702cadd091884
                              • Instruction ID: bca175912447c4eb0379f50a5a9300faece6700eb01fbf8267ea0962db009619
                              • Opcode Fuzzy Hash: 5ec9dc8acca9883462d7ecb466f4fd47ded13a127848d7d7e5c702cadd091884
                              • Instruction Fuzzy Hash: 08918322B2CE8345EA64AB21D9512FE5250AF46FE4F444031EE4DD7A9BEF2DE60D8700
                              Function 00007FFDFAFFBC50 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Window$CreateHandleModule
                              • String ID: TkChild
                              • API String ID: 1084761317-227893619
                              • Opcode ID: 91a3a1718e0b26f6f301d8fa73e670af34484c888fe2a9f64622199cf5070a47
                              • Instruction ID: 5486524965c14f37e206504581b0f858c712b75604be6b2b9500f325b7f9f1e5
                              • Opcode Fuzzy Hash: 91a3a1718e0b26f6f301d8fa73e670af34484c888fe2a9f64622199cf5070a47
                              • Instruction Fuzzy Hash: 0E21F876A197828BE764CF25E450A1AB7A0FB48BD4F545239EA9947B68DF3CE4408B00
                              Function 00007FFDFB072F60 Relevance: 6.4, APIs: 4, Instructions: 437stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: isupperstrchrstrncpy
                              • String ID:
                              • API String ID: 58760582-0
                              • Opcode ID: 21e1bf1965574f06b2a4a81a7260f470d33bf90bac630da32421bc88084c98d6
                              • Instruction ID: 7923b61efcca88238c7f47fbdfc3bef697c6be23ca4d7bf5677ecab81d404d01
                              • Opcode Fuzzy Hash: 21e1bf1965574f06b2a4a81a7260f470d33bf90bac630da32421bc88084c98d6
                              • Instruction Fuzzy Hash: 3F12B172B0AB8786EB54CF19E460B69B7A0FB85B88F648135DB5D037A9DF38D446C700
                              Function 00007FFDFB083F70 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 403COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: Selection$TkBTreeLinesTo couldn't find line$TkBTreeLinesTo couldn't find node
                              • API String ID: 2221118986-1902325206
                              • Opcode ID: 9f90cdc68ef76d7e511054050b627ed8dcb602eed87241732194ae287079e535
                              • Instruction ID: 5d8e21f734eb1aee0d3d30e4f946c0105041c661398d8febe11e1c3f14853224
                              • Opcode Fuzzy Hash: 9f90cdc68ef76d7e511054050b627ed8dcb602eed87241732194ae287079e535
                              • Instruction Fuzzy Hash: 4D025B32B0AA4286EB508F16D460B7D77A0FB5AB88F488131DE6D47BE9DF38E540D700
                              Function 00007FFDFB15C7D0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 296COMMON
                              Download Yara Rule
                              APIs
                              • TlsGetValue.KERNEL32 ref: 00007FFDFB15C818
                              • memset.VCRUNTIME140 ref: 00007FFDFB15C864
                              • memmove.VCRUNTIME140 ref: 00007FFDFB15CB75
                                • Part of subcall function 00007FFDFB255BB0: TlsAlloc.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255DC1
                                • Part of subcall function 00007FFDFB255BB0: TlsGetValue.KERNEL32 ref: 00007FFDFB255DEF
                                • Part of subcall function 00007FFDFB255BB0: GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255DFD
                                • Part of subcall function 00007FFDFB255BB0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,00007FFDFB25641E), ref: 00007FFDFB255E3B
                                • Part of subcall function 00007FFDFB255BB0: RtlAllocateHeap.NTDLL ref: 00007FFDFB255E49
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: HeapValue$AllocAllocateErrorLastProcessmemmovememset
                              • String ID: unable to alloc %u bytes
                              • API String ID: 3442921490-2759121943
                              • Opcode ID: e22473d7dd563999c98dd3f84271fabe73a01a83ccb4a112927023916b69c71b
                              • Instruction ID: a8e08bd1725582f12593e7955b5d98ee355d16b1ea436cf41799f135435ef61a
                              • Opcode Fuzzy Hash: e22473d7dd563999c98dd3f84271fabe73a01a83ccb4a112927023916b69c71b
                              • Instruction Fuzzy Hash: 41C16C63B1AA4785EB64DF15D460AB963A0FB84B98F544135DA6E47BECEF38E480C340
                              Function 00007FF617709B88 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                              • String ID:
                              • API String ID: 1321466686-0
                              • Opcode ID: 2ed6cf5169b368c3611025f7d2b094c9b764007fb7795d52a2a3703580a2a07d
                              • Instruction ID: 16f08a8e7b931267ecaf7ebca10cdaebdd191e6656fa9a73059243c3e27d4238
                              • Opcode Fuzzy Hash: 2ed6cf5169b368c3611025f7d2b094c9b764007fb7795d52a2a3703580a2a07d
                              • Instruction Fuzzy Hash: 25312A21E0CE4281FA14BB3594213BA53A1AF47FA4F445139EE4EC72D7DE6EE94C8B44
                              Function 00007FFDFB282B10 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: CommConsoleErrorFileLastModeStateType
                              • String ID:
                              • API String ID: 3984557487-0
                              • Opcode ID: 05380490b17c4b79fbd573c98fbb523210e80e337488ba6d70ab4851e6a93b12
                              • Instruction ID: 41b9afc4fffdeb8474b3f3a67c5620783f0f58feca3249e3e88b789b77f608f1
                              • Opcode Fuzzy Hash: 05380490b17c4b79fbd573c98fbb523210e80e337488ba6d70ab4851e6a93b12
                              • Instruction Fuzzy Hash: 7B01752070EA0381F7105F15A86573A62E1EF48BD4F444439DA6DC66FCDF3CD5449600
                              Function 00007FFDFB2071C0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 269COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: _errno
                              • String ID: ctory$unable to alloc %u bytes
                              • API String ID: 2918714741-474272330
                              • Opcode ID: 512797125f732deb6578baa99f204223f9fe1f9167900d11dbf62612a421486a
                              • Instruction ID: 1d271c94010c48f1b30fe58afb4b6164ad97e7f91782047ea9470efb15d0c653
                              • Opcode Fuzzy Hash: 512797125f732deb6578baa99f204223f9fe1f9167900d11dbf62612a421486a
                              • Instruction Fuzzy Hash: 0FB19E22B0A64386EB559B16A4A0B797BA0FB44BC4F084535DEAD877F9DF3CE481C740
                              Function 00007FFDFAFF2FF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: DeleteObject
                              • String ID: unicode
                              • API String ID: 1531683806-3551638624
                              • Opcode ID: 94e979336e50744a340111d1f4bed21b08b6c40a097523cf20d41880ac402280
                              • Instruction ID: 11d4ba5badc8bc4f74091e933b0315a47be3b67507b5ed14b9ff33393b1da471
                              • Opcode Fuzzy Hash: 94e979336e50744a340111d1f4bed21b08b6c40a097523cf20d41880ac402280
                              • Instruction Fuzzy Hash: E5413736B06B8692EF449F06D964A3977A4FB88F94F455276CA2D0B7B8DF38E450C300
                              Function 00007FFDFB2895F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: wsprintf
                              • String ID: cp%d
                              • API String ID: 2111968516-4262107655
                              • Opcode ID: 6cc3930b147f8eff0c61a20dc728995a34f828be1bcd2cf6517a72a999ef8715
                              • Instruction ID: 95f917efc3e2df74e83250aa65e09bcaf55fa797e9068216aa7e527791c90e4c
                              • Opcode Fuzzy Hash: 6cc3930b147f8eff0c61a20dc728995a34f828be1bcd2cf6517a72a999ef8715
                              • Instruction Fuzzy Hash: 88117371B1EA8685EB609B10E4617AA7790FB88798F405335E6AD877EDCF3CD1048B00
                              Function 00007FFDFB1B8CB0 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 205stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: ::tcl$::tcl::
                              • API String ID: 1114863663-1364682314
                              • Opcode ID: e4e82c731a38cd07513b3fd96ea5960582021c7ab83df745d618549903f5f2b8
                              • Instruction ID: a8f712907b811923cc96514109c35afbd638a74af9b12a6e0635de7de38f4560
                              • Opcode Fuzzy Hash: e4e82c731a38cd07513b3fd96ea5960582021c7ab83df745d618549903f5f2b8
                              • Instruction Fuzzy Hash: 5C916133B09B8286DB54CF25E450AA977A0FB85F88F544436DE5D47BA8DF38D941CB10
                              Function 00007FFDFB0047E0 Relevance: 4.6, APIs: 3, Instructions: 124COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: e402d48bcf882f4acc4aa2599c45d7098d87686847cee7d3cb59015dbc9ce15d
                              • Instruction ID: 67ff2725cd4cbed407c270817debe999342fea27330b1d7a0d587682d5d0950d
                              • Opcode Fuzzy Hash: e402d48bcf882f4acc4aa2599c45d7098d87686847cee7d3cb59015dbc9ce15d
                              • Instruction Fuzzy Hash: 0C518926B0A64396E7508B06E464A7D27A8EF8ABD4F184032DDAD037FDCE3CE440E604
                              Function 00007FF617710280 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 2907017715-0
                              • Opcode ID: 1946c9cb1e30dbc9b6dab0ddcd9a8f130755da60a083853e2f2f389240b64926
                              • Instruction ID: ab56e04f136d8037f3a848d899ad0a00c7c19411ece90d7b3d5df43d1a55ad29
                              • Opcode Fuzzy Hash: 1946c9cb1e30dbc9b6dab0ddcd9a8f130755da60a083853e2f2f389240b64926
                              • Instruction Fuzzy Hash: 1531C332E18B4187E6619F2196202A97670FB95BB0F144335EEAC83AD3DF3CE1A5C740
                              Function 00007FFDFB21DEF0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 89COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: Valuememset
                              • String ID: unable to alloc %u bytes
                              • API String ID: 2002874474-2759121943
                              • Opcode ID: c6951ab8a54264493179f1136758ca9f8c909afa9897eb64de0a721bf0ccbd2e
                              • Instruction ID: 52ec07b218dbed45d91d6d4784ec6885b43a4c665397abec09eca013f4ed4151
                              • Opcode Fuzzy Hash: c6951ab8a54264493179f1136758ca9f8c909afa9897eb64de0a721bf0ccbd2e
                              • Instruction Fuzzy Hash: B4315C22B0BA4392EB159B12D560AB963A0FB54BD0F184431EA2C87BFDDF3CE9518340
                              Function 00007FFDFB004B4A Relevance: 4.6, APIs: 3, Instructions: 85windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: FocusMessageProcSendWindow
                              • String ID:
                              • API String ID: 1049918876-0
                              • Opcode ID: 5141b74351d1825b168ebd3fdf868f6fe7514631ab2e4d093018cc7ee251d711
                              • Instruction ID: 305a99110c5bf70fc959b2440710feaeac47863bda75197eaa1376146682e3e9
                              • Opcode Fuzzy Hash: 5141b74351d1825b168ebd3fdf868f6fe7514631ab2e4d093018cc7ee251d711
                              • Instruction Fuzzy Hash: B4311022B0A68781EFA59B41D060FBD63A4EF95BD4F084035D99D476E8DF3CE885E704
                              Function 00007FFDFB0887C0 Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 41COMMON
                              Download Yara Rule
                              APIs
                              • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FFDFB08511F), ref: 00007FFDFB088808
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: #$Modified
                              • API String ID: 2221118986-1539494553
                              • Opcode ID: 4ee8ca938d3dc21902cc9bbcbd5b2dfa3063986d54de5fc77b638dd132b352c6
                              • Instruction ID: 886a069a5d752fc9f5eb67a779ea6042645b6227601859e8ff9e8dfc175979cd
                              • Opcode Fuzzy Hash: 4ee8ca938d3dc21902cc9bbcbd5b2dfa3063986d54de5fc77b638dd132b352c6
                              • Instruction Fuzzy Hash: 52114F32B15A8286DB20CF15E0507A977B4F789B88F084132EB9D477A9DF38D555CB40
                              Function 00007FFDFB1CB900 Relevance: 3.8, APIs: 3, Instructions: 40COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: CriticalLeaveSection
                              • String ID:
                              • API String ID: 3988221542-0
                              • Opcode ID: 989d881189fd1461a8ee1ecdafb325d6020b977e6c84d3a5c675026cea46c341
                              • Instruction ID: b760a7b636f95688973bbe078db5d9fe3e7028798d51d3fae2d2ee6ba8cac220
                              • Opcode Fuzzy Hash: 989d881189fd1461a8ee1ecdafb325d6020b977e6c84d3a5c675026cea46c341
                              • Instruction Fuzzy Hash: 87112EA5F0BA4781FF119B50E8B19B52360AF48759F484031D93ECA2FEDE2CE6818344
                              Function 00007FFDFB00FC70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 194COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemMetrics.USER32 ref: 00007FFDFB00FCAA
                                • Part of subcall function 00007FFDFAFE67B0: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFDFAFE67FB
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: MetricsSystem__stdio_common_vsprintf
                              • String ID: pathName ?-option value ...?
                              • API String ID: 2968932569-1831586811
                              • Opcode ID: 55ac3c9697138863c85f3cfb32ff9191548f223fe0f1571049c7f98a2991656c
                              • Instruction ID: d96ae6d592e88fb6e851527c260e7902e36c0668dbdb6d986d59a3a33c938285
                              • Opcode Fuzzy Hash: 55ac3c9697138863c85f3cfb32ff9191548f223fe0f1571049c7f98a2991656c
                              • Instruction Fuzzy Hash: AAA1167A605B8285D740DF21F954BEA33A8F745B8CF584139DE990B3A8DF38D0A9E314
                              Function 00007FFDFB178750 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: name
                              • API String ID: 0-1579384326
                              • Opcode ID: 107dab7ac5afc8338260ca54b63181e6624bf041be0a44dae800fb488ef62b49
                              • Instruction ID: 1b3059a5a99dc4bb1d093e58eff60de9b94fb592a077be103d9f2f978aa7193e
                              • Opcode Fuzzy Hash: 107dab7ac5afc8338260ca54b63181e6624bf041be0a44dae800fb488ef62b49
                              • Instruction Fuzzy Hash: 9F110672F1A25381EB549B26A825A7A1291DF5ABC0F684035ED3DC77EADE2CD4818740
                              Function 00007FFDFAFE8240 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: ButtonProc called on an invalid HWND
                              • API String ID: 0-237202145
                              • Opcode ID: 5742ff0edd8f7571e454c5a1ea2c3d0a8caa3410a38dd553ca1cd2da660c1dc8
                              • Instruction ID: ad880550ecf87a48a39964e15cb559c1f6bff204c198c3794f601774c6b257f8
                              • Opcode Fuzzy Hash: 5742ff0edd8f7571e454c5a1ea2c3d0a8caa3410a38dd553ca1cd2da660c1dc8
                              • Instruction Fuzzy Hash: AA11EB12B0964646EB149712E8B0BB96351FF99BD4F444131ED5D077EDDE3CE5468700
                              Function 00007FF61770BC90 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 9f476f21d388f8c05f4d106a0ac737f91d29886da880dac98e9e6e610c41d673
                              • Instruction ID: 9f3e595c08be44bdb54148eb96c19c48c1de0d277f50a38910b355c7bd86ac28
                              • Opcode Fuzzy Hash: 9f476f21d388f8c05f4d106a0ac737f91d29886da880dac98e9e6e610c41d673
                              • Instruction Fuzzy Hash: 4B51C921B09E4186FB689F259C006766691BF45F74F184230DE6DD77E7CE3EE6198700
                              Function 00007FFDFB24CB70 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 82COMMON
                              Download Yara Rule
                              APIs
                              • memmove.VCRUNTIME140(00000000,00000000,00000000,00007FFDFB24C99C,?,?,00000000,00007FFDFB1B9BD6,?,?,?,?,?,00007FFDFB1BC6E3), ref: 00007FFDFB24CC2D
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: max size for a Tcl value (%d bytes) exceeded
                              • API String ID: 2162964266-746697796
                              • Opcode ID: 0fe6079047c90cf1938af51effab2a481bf0d566bcaadaf13830c0a36ded145a
                              • Instruction ID: a381379db700e282eba81a70ade4226cbe57c9466b355e64c43cac518decbd21
                              • Opcode Fuzzy Hash: 0fe6079047c90cf1938af51effab2a481bf0d566bcaadaf13830c0a36ded145a
                              • Instruction Fuzzy Hash: BB21F232B1A75282EB148F599554A3AA721FB42BE0F148232DF6C87FEDDF78D5418740
                              Function 00007FF617716AFC Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: FileHandleType
                              • String ID:
                              • API String ID: 3000768030-0
                              • Opcode ID: 93088dc9201fd4ec9b7a6c817eb1f42234b202b63e9155242b484ba0944a0012
                              • Instruction ID: be856dbef29662e28bd9c0184b9809581da6bba18d36ea64d9e194816060c144
                              • Opcode Fuzzy Hash: 93088dc9201fd4ec9b7a6c817eb1f42234b202b63e9155242b484ba0944a0012
                              • Instruction Fuzzy Hash: 61316E22A18E5691EB748B2885A01786660FB46FB4F741339DF6EC73E1CF38E469D340
                              Function 00007FFDFB24BBF0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 63COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: memmove
                              • String ID: unable to alloc %u bytes
                              • API String ID: 2162964266-2759121943
                              • Opcode ID: c43d8dd8e8ddcabc16e7f6d4f385af151fcde4e0a85cfed15af51cc782201413
                              • Instruction ID: a8d170f8dee07a42c8473809894da707e4c6aa16781e35cbbcff3f9f4931caf1
                              • Opcode Fuzzy Hash: c43d8dd8e8ddcabc16e7f6d4f385af151fcde4e0a85cfed15af51cc782201413
                              • Instruction Fuzzy Hash: 5B11A125B0AB4789EB149F52E1A4B2E7290FB59790F144634DB7E87BEADF3CE1504700
                              Function 00007FF6177159C8 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNEL32(?,?,?,00007FF6177158FB,?,?,00000000,00007FF6177159A3,?,?,?,?,?,?,00007FF61770BBA2), ref: 00007FF617715A2E
                              • GetLastError.KERNEL32(?,?,?,00007FF6177158FB,?,?,00000000,00007FF6177159A3,?,?,?,?,?,?,00007FF61770BBA2), ref: 00007FF617715A38
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ChangeCloseErrorFindLastNotification
                              • String ID:
                              • API String ID: 1687624791-0
                              • Opcode ID: 07d8c9f2b0e1647c26b7e3b2ccbfc7d732bc2fe9fb903221b5e0224306040eef
                              • Instruction ID: edb0afdcfd017a4842047778df014a54472ae33e3ea3a615c2287ced42dd992a
                              • Opcode Fuzzy Hash: 07d8c9f2b0e1647c26b7e3b2ccbfc7d732bc2fe9fb903221b5e0224306040eef
                              • Instruction Fuzzy Hash: FD118E21F1CE8241EEA8577494A137D16A29F84FB4F2C4235DE2EC72D3DE6CA44C8301
                              Function 00007FF617716960 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                              Download Yara Rule
                              APIs
                              • SetFilePointerEx.KERNEL32(?,?,?,00007FF617717683,?,?,?,?,?,?,?,?,?,?,?,00007FF6177175AB), ref: 00007FF6177169A4
                              • GetLastError.KERNEL32(?,?,?,00007FF617717683,?,?,?,?,?,?,?,?,?,?,?,00007FF6177175AB), ref: 00007FF6177169AE
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ErrorFileLastPointer
                              • String ID:
                              • API String ID: 2976181284-0
                              • Opcode ID: a8443d482b103c5dee73638964ab3a185a31390b1b8763e98a83887ed08f662d
                              • Instruction ID: 67ad0fd450fcff32bb0ce7674be27d79c4b8e3ed1b703715c47bac48167b413c
                              • Opcode Fuzzy Hash: a8443d482b103c5dee73638964ab3a185a31390b1b8763e98a83887ed08f662d
                              • Instruction Fuzzy Hash: D601C461B18E8282EA109B25A8541796370AF40FF0F64537AEE7EC77D6DE3CD459C300
                              Function 00007FFDFAFE831B Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Paint$Begin
                              • String ID:
                              • API String ID: 3787552996-0
                              • Opcode ID: 132dac79bb437d0d0a16ced948599818b14cb5bd11182c49fb685217f9d1e42a
                              • Instruction ID: e70fd70d04a6080542f76732a454419ef362f6787da4fea4403b9ee715cd2af2
                              • Opcode Fuzzy Hash: 132dac79bb437d0d0a16ced948599818b14cb5bd11182c49fb685217f9d1e42a
                              • Instruction Fuzzy Hash: 39F03056B0A64792EB15AB21F8B577D1360FF8ABA5F401071ED5E0B2E9DE3CD846C700
                              Function 00007FFDFB073300 Relevance: 2.7, APIs: 2, Instructions: 207stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strchrstrncpy
                              • String ID:
                              • API String ID: 3824778938-0
                              • Opcode ID: 8f92815633b237700f1f1e39bff24f5833313404e3e71ec235fb1892ce7bce77
                              • Instruction ID: 69880c43f5cbfcd20cb75a02ccfd710fcdee2421e4939223c33f3168d80a186f
                              • Opcode Fuzzy Hash: 8f92815633b237700f1f1e39bff24f5833313404e3e71ec235fb1892ce7bce77
                              • Instruction Fuzzy Hash: 25919536B06A4687EB64CF19E460A7977A1FB85F84F648431DE1E077A9DF38E842C700
                              Function 00007FF617716704 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: fc329a9a24ecd669bec342c6afbdff7acdd897de4e2ba2c4c403ffb281143647
                              • Instruction ID: 0814936a79564b7e2a412fadf196d06f1bab85109eecdbf0f674e30074f5e004
                              • Opcode Fuzzy Hash: fc329a9a24ecd669bec342c6afbdff7acdd897de4e2ba2c4c403ffb281143647
                              • Instruction Fuzzy Hash: 7841AF32A18A4697EB189B18D66127937B0FB44FA4F140135DE9DC7B92CF3CE46AC780
                              Function 00007FF61770C21C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 3cd5ff71f2ac105d2478196dd55ef2634639a3161052731987f439309cf20abb
                              • Instruction ID: f5824c8116f470a298ddd0d2c2e91be2a301dedeaacc2b46a136788dde766654
                              • Opcode Fuzzy Hash: 3cd5ff71f2ac105d2478196dd55ef2634639a3161052731987f439309cf20abb
                              • Instruction Fuzzy Hash: 1631AC72A18F4682EB549B6585153F867A0AB42FF8F044131DE0EC7BD7DE7EE84A8301
                              Function 00007FFDFAFFBDF0 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ShowWindow
                              • String ID:
                              • API String ID: 1268545403-0
                              • Opcode ID: 327e3651be30418583a47eda270837271e1932e92ad60924e843d14db3534557
                              • Instruction ID: 0f57847ef48bb7a152252787307cde03126e10ac6dc3953508900c1658f56e7a
                              • Opcode Fuzzy Hash: 327e3651be30418583a47eda270837271e1932e92ad60924e843d14db3534557
                              • Instruction Fuzzy Hash: F63141327196858AEB64CF15E05476AB7A0FB88B58F484235EB9D4B7ADDF3CD444CB00
                              Function 00007FF617716190 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: d4f3d36678b54e585848e262c4aab3f0aa59cd0ab034e1aa5a09a0418ca7a316
                              • Instruction ID: b2eff9dc3792958b69c076c2da684e24c382f66225fbffc2498eeb4ab98f49e4
                              • Opcode Fuzzy Hash: d4f3d36678b54e585848e262c4aab3f0aa59cd0ab034e1aa5a09a0418ca7a316
                              • Instruction Fuzzy Hash: 79318D22A18E02C5E7556B55886137D26B0AB90FB4FA50275EE2DC37D3CF7CE8498711
                              Function 00007FF617716870 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fce6cefe145cd9df8c4062fc5211fa274bb63977fec9557c6493047b904b3119
                              • Instruction ID: 2d6e5d4f80854d4ea9cc67dd0d8016db4970589b340113fb973250ad5aa886cc
                              • Opcode Fuzzy Hash: fce6cefe145cd9df8c4062fc5211fa274bb63977fec9557c6493047b904b3119
                              • Instruction Fuzzy Hash: DC21AE32E18A4686E7456F22986133D2670AB40FB0F654238ED3DC77C3CE7CE8498700
                              Function 00007FF617711028 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 4a6b645b92f04ce1a1fcad301fb0bede1831eb6bb6a63edb4fe8e919e8a15499
                              • Instruction ID: f54e2f82bd3981caf5079e20c6041f605ae0e7c374a96887d94fc2677aad5be8
                              • Opcode Fuzzy Hash: 4a6b645b92f04ce1a1fcad301fb0bede1831eb6bb6a63edb4fe8e919e8a15499
                              • Instruction Fuzzy Hash: 69119021B1CE4281EB619F51946227EA3B4BF85FA0F584431EE8C97A87DF3CE5098740
                              Function 00007FF6177207A4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: db9ef8fe2b0c6a1f95e3e2b145fc6361f5e759f1613ea0d0d1807a6612fa2224
                              • Instruction ID: abc301e53c154be53be86c772fc06575cdf1929801e850eb7d1cb846a4908e49
                              • Opcode Fuzzy Hash: db9ef8fe2b0c6a1f95e3e2b145fc6361f5e759f1613ea0d0d1807a6612fa2224
                              • Instruction Fuzzy Hash: BF216532A18E4286DB629F28D44077976B1EB84F64F644234EE6DC76DADF3CD405CB00
                              Function 00007FFDFB0741D0 Relevance: 1.6, APIs: 1, Instructions: 301COMMON
                              Download Yara Rule
                              APIs
                              • memcpy.VCRUNTIME140(?,?,?,?,00000008,00000000,000000D0,?,00000000,00007FFDFB073351), ref: 00007FFDFB07450B
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID:
                              • API String ID: 3510742995-0
                              • Opcode ID: 36a9c827cd40ff3d0c3d2a32aabf43e9a9cab935eacf2c3d1cfc8266b38f5c84
                              • Instruction ID: 90f9cd32cf784980b4f583022a873d8e218ac06adf9ee4cfc6198bc098f83671
                              • Opcode Fuzzy Hash: 36a9c827cd40ff3d0c3d2a32aabf43e9a9cab935eacf2c3d1cfc8266b38f5c84
                              • Instruction Fuzzy Hash: F2F11BB7602F45DACB60CF09E4905ADB7B4F788B84B65822ACB5E43764DF38D596C700
                              Function 00007FF61770BF10 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 4efc603eed66a26edff5f1acb1bcb3efdc522ee1c2151d56cb1099e846df4679
                              • Instruction ID: e1c06cff0e6efe1d0bb1c2b74cf558b00ef0fad52a386ac9eb88f67ca4f11936
                              • Opcode Fuzzy Hash: 4efc603eed66a26edff5f1acb1bcb3efdc522ee1c2151d56cb1099e846df4679
                              • Instruction Fuzzy Hash: EF01C421B08F4280EA049F529D01079A6A0BF8AFF0F088631EE6CD3BE7DE7DE2054700
                              Function 00007FF617715924 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 45b29f4d04f0c33f589fdb967375a27d9f44e68c2c115f3af199d677e25d5d62
                              • Instruction ID: d304d03d5229d64ffc666ca96408bf7f95c6987d179c630fb4f7bad56afd24b5
                              • Opcode Fuzzy Hash: 45b29f4d04f0c33f589fdb967375a27d9f44e68c2c115f3af199d677e25d5d62
                              • Instruction Fuzzy Hash: 37116D72A18E42C5EB099F50D4602BD7770EB80B74FA84136EA4D82697CF7CE509CB11
                              Function 00007FF61770BB50 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: f30de51dcd9e61ed4d6fc84eafeac41e304ac2e45d248bc3da58b750db4e688a
                              • Instruction ID: ff3800785bdfdd68573bfa9cdd944369c3754c73b7c13bb2f3de16e8ff71320e
                              • Opcode Fuzzy Hash: f30de51dcd9e61ed4d6fc84eafeac41e304ac2e45d248bc3da58b750db4e688a
                              • Instruction Fuzzy Hash: 6B014421E18D0242FA18AF75986277912A09F47F74F680730ED6DD72E7CE6DE4498345
                              Function 00007FF617717C34 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF617718D11,?,?,00000000,00007FF617715859,?,?,?,?,00007FF617715895), ref: 00007FF617717C89
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 599fd970e0c8d7bab05c879df376281849fd6ae639183f3313601ac79d2a7223
                              • Instruction ID: f5e24495f3a6a3aeb24f8a8bd239b73f4f3ad6f95cd1c0bcc20c5f7e02ef2970
                              • Opcode Fuzzy Hash: 599fd970e0c8d7bab05c879df376281849fd6ae639183f3313601ac79d2a7223
                              • Instruction Fuzzy Hash: 29F0F954B09F0681FE545BA599613B592B95F94FB0F684830CD0EDA3C3ED2CA589C350
                              Function 00007FFDFAFFE000 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ShowWindow
                              • String ID:
                              • API String ID: 1268545403-0
                              • Opcode ID: 1fb68468bc4cf30b838fd73f032fbe4e7c115ae83ed3e03b9f91b76e7464e0b5
                              • Instruction ID: e1243a915e225971ebac3e4ea3e599875fe539a409e542b25d14e4aebbd7fe6e
                              • Opcode Fuzzy Hash: 1fb68468bc4cf30b838fd73f032fbe4e7c115ae83ed3e03b9f91b76e7464e0b5
                              • Instruction Fuzzy Hash: CAF06271F0468282EB694B15C4A4BB91361DFD4B25F284371E62A4E3CCDE3AECC68201
                              Function 00007FF61770BFB8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 29e877d47e1002154426ebc0c77a16510f030fa253fbaec9badfecf3432be3bf
                              • Instruction ID: 43fc33fa7e0e54c4613e5719e3abb5fe10c01b561783ef02abaec25ceec16f88
                              • Opcode Fuzzy Hash: 29e877d47e1002154426ebc0c77a16510f030fa253fbaec9badfecf3432be3bf
                              • Instruction Fuzzy Hash: BCF0F022A18A4280EA04AB66A81107D61609F86FF0F681430FE1CC3BD7CE6DE4454B00
                              Function 00007FF61770BBD4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 05426e44f8a0e38c3f73226795a2f828848f885c0cc82d344ed692c9cf43b754
                              • Instruction ID: 4abe45f0c1368062d23041a75976f2a2e3efd8602fc784507a89dc26d8b82e5b
                              • Opcode Fuzzy Hash: 05426e44f8a0e38c3f73226795a2f828848f885c0cc82d344ed692c9cf43b754
                              • Instruction Fuzzy Hash: AEF0E931D0CE0381E914BF69A8511BA22509F43FB0F680530FD1DC72D7CE2DE5454300
                              Function 00007FF617717CAC Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              • RtlAllocateHeap.NTDLL(?,?,?,00007FF617717BA2,?,?,?,00007FF61770D70B), ref: 00007FF617717CEA
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: AllocateHeap
                              • String ID:
                              • API String ID: 1279760036-0
                              • Opcode ID: 6a81c4dc68851b7fa54bdbc717a27048096dfeecd7cb792c2491c2591f5132bb
                              • Instruction ID: d874fdb5e42e1d29a2f1aaa8c2e9b73dc12d97f62827650689d34506e70fafa7
                              • Opcode Fuzzy Hash: 6a81c4dc68851b7fa54bdbc717a27048096dfeecd7cb792c2491c2591f5132bb
                              • Instruction Fuzzy Hash: 43F08C00F0CB4780FA246BB1983067592A45F88FB0F990630DC2EC63C3DE2CE448C3A0
                              Function 00007FFDFB0A8630 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: MoveWindow
                              • String ID:
                              • API String ID: 2234453006-0
                              • Opcode ID: 32c1e374e42d33a7d7a57b1b66b9465afef3a6729ed27240f60861496b8edcb2
                              • Instruction ID: ceedbbf6b902350bb35ff229703ddaf716e0f4718beba293099517e280c650f0
                              • Opcode Fuzzy Hash: 32c1e374e42d33a7d7a57b1b66b9465afef3a6729ed27240f60861496b8edcb2
                              • Instruction Fuzzy Hash: 24F049B6A09341CADB148F29D055A287BA0F748F48F284435CE1D0A374CB39D1A79F10
                              Function 00007FF61770C1C8 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 2c20c51a75e7eece0a5613b29c4fdbf5554603ce0cfef3b067b944163c095ef1
                              • Instruction ID: 863fcff2e836a5f4ca1ccdf5ed35a9d90a45bfd7260017e307dab2f0828993ed
                              • Opcode Fuzzy Hash: 2c20c51a75e7eece0a5613b29c4fdbf5554603ce0cfef3b067b944163c095ef1
                              • Instruction Fuzzy Hash: AEE06D21A49B4280EA04BBA5A8511B921205F46FF0F581B30EE3DC77C3DE2DA0544700
                              Function 00007FF617705EB0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 00007FF6177068B0: MultiByteToWideChar.KERNEL32(00007FF61770571C,00007FF6177028BA), ref: 00007FF6177068EA
                              • LoadLibraryW.KERNEL32 ref: 00007FF617705ED3
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933838721.00007FF617701000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF617700000, based on PE: true
                              • Associated: 00000002.00000002.2933820609.00007FF617700000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933863877.00007FF617725000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617737000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF61773A000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617744000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933885557.00007FF617746000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000002.00000002.2933954834.00007FF617748000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ff617700000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharLibraryLoadMultiWide
                              • String ID:
                              • API String ID: 2592636585-0
                              • Opcode ID: d0392e4adb2cac32a59f9134da2f6eeae1b14d177fca16dd471afd79b86565e5
                              • Instruction ID: 4781cf236cc2e0aad4902c16dacd4eadd8dad4591ec19f86016d56a1e18ca65e
                              • Opcode Fuzzy Hash: d0392e4adb2cac32a59f9134da2f6eeae1b14d177fca16dd471afd79b86565e5
                              • Instruction Fuzzy Hash: BFE0CD11B1458142EE189777F91547AE151EF48FD0F589035DF0DC7757ED3DD4948A00

                              Non-executed Functions

                              Function 00007FFDFAFF1F50 Relevance: 80.8, APIs: 44, Strings: 2, Instructions: 302windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Text$ObjectSelect$Delete$ColorCreateMode$CompatiblePalette$AlignMetrics$BitmapBrushExtentPointRealize$ClipPatternRelease
                              • String ID: b$unexpected drawable type in stipple
                              • API String ID: 3943515398-268975484
                              • Opcode ID: b223f55d905955cc412d967d724f7c2776ec3a5697df84703f3f6bae3b4e6ace
                              • Instruction ID: f59e2749fef6bb83e7038631869288d4cf67e8688972591873970aced2cf9731
                              • Opcode Fuzzy Hash: b223f55d905955cc412d967d724f7c2776ec3a5697df84703f3f6bae3b4e6ace
                              • Instruction Fuzzy Hash: FEE13E3AB0964387D714DF62E45496AB7A1FB8EB94F008631EE5957BACCF3CE4449B00
                              Function 00007FFDFB099EE0 Relevance: 44.2, APIs: 14, Strings: 11, Instructions: 405stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp$strtol$isspace$isdigitstrrchr
                              • String ID: BAD_INDEX$Bad index created$LOOKUP$TEXT$TEXT_INDEX$bad text index "%s"$end$first$last$sel$text doesn't contain any characters tagged with "%s"
                              • API String ID: 2214672894-2934542875
                              • Opcode ID: 0e36c42b9edf2faf4498d9f32efca58dea5c572865922e339acab1be169ac64a
                              • Instruction ID: dce58b19788a36c6064fbac994b1c4879189877af0a819c084b5911827f80f9e
                              • Opcode Fuzzy Hash: 0e36c42b9edf2faf4498d9f32efca58dea5c572865922e339acab1be169ac64a
                              • Instruction Fuzzy Hash: 31028022B0AA9781EB109B25D864BBA77A5FB46BC8F444031EE6D477F8DE3CD545D300
                              Function 00007FFDFB04DC20 Relevance: 42.4, APIs: 5, Strings: 19, Instructions: 370stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strtol
                              • String ID: -encoding$-translation$BITMAP$BITMAP_FILE$FORMAT$IMAGE$OBSOLETE$SAFE$_height$_width$_x_hot$_y_hot$binary$can't get bitmap data from a file in a safe interpreter$char$couldn't read bitmap file "%s": %s$format error in bitmap data$format error in bitmap data; looks like it's an obsolete X10 bitmap file${
                              • API String ID: 76114499-2400064599
                              • Opcode ID: 5d4e960c12acad37b924d436c431250fb3d7e009c640452d6b855c82eff1f13d
                              • Instruction ID: 525462efbb96f0220529fdd4968233f9eafb61c4e48227852b2b7238a15e5c69
                              • Opcode Fuzzy Hash: 5d4e960c12acad37b924d436c431250fb3d7e009c640452d6b855c82eff1f13d
                              • Instruction Fuzzy Hash: 4E028432B0EA47D1EB649B25E460AB967A1FB46B84F441132DA6E036FCDF3CE645D700
                              Function 00007FFDFB063F10 Relevance: 40.6, APIs: 8, Strings: 15, Instructions: 367stringlibraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Modulestrcmp$AddressFileHandleLibraryLoadNameProcabortstrncmp
                              • String ID: -display$-encoding$-file$8.1$8.6$DISPLAY$Error in startup script$Tk_MainEx$application-specific initialization failed$argc$argv$argv0$env$errorInfo$tcl_interactive
                              • API String ID: 1130958833-3198950010
                              • Opcode ID: c4186f4b864366a521af206848d6fc48943a1a80663a1957465c6bc70acf9c2f
                              • Instruction ID: 5638117bcfaa5b678d8d4d919b976dfced91dd9f9545e35631bc353b18c13863
                              • Opcode Fuzzy Hash: c4186f4b864366a521af206848d6fc48943a1a80663a1957465c6bc70acf9c2f
                              • Instruction Fuzzy Hash: D8025A22B0AA8395EB549F15D865BB923A2FB8AB84F455135DE2E073F8DF3CE444D340
                              Function 00007FFDFAFEF8F0 Relevance: 22.7, APIs: 15, Instructions: 236windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: PaletteSelect$ModeObject$DeleteRealize$CreateRelease
                              • String ID:
                              • API String ID: 1245364486-0
                              • Opcode ID: 964962bbe5a19cf9987447e04ac4d5d6f12b61b6aa00309def13a8358e03b07a
                              • Instruction ID: d2ba99eb735cca788a019320d229cdfcd90bd8ac2e6d97794579381c48ccaae4
                              • Opcode Fuzzy Hash: 964962bbe5a19cf9987447e04ac4d5d6f12b61b6aa00309def13a8358e03b07a
                              • Instruction Fuzzy Hash: 77B1D736A18FC585D3129B35E4517AAB364FF9E7D1F048322FA8A62769DF3C9485CB00
                              Function 00007FFDFAFE7BF0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 410COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              • abcdefghijklmnopqurstuvwzyABCDEFGHIJKLMNOPQURSTUVWZY, xrefs: 00007FFDFAFE7EBD
                              • Tk_SizeOfBitmap received unknown bitmap argument, xrefs: 00007FFDFAFE7DEF
                              • buttons, xrefs: 00007FFDFAFE7CA8
                              • FindResource() failed for buttons bitmap resource, resources in tk_base.rc must be linked into Tk dll or static executable, xrefs: 00007FFDFAFE7CC7
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Resource$FindHandleLoadLockModulememcpy
                              • String ID: FindResource() failed for buttons bitmap resource, resources in tk_base.rc must be linked into Tk dll or static executable$Tk_SizeOfBitmap received unknown bitmap argument$abcdefghijklmnopqurstuvwzyABCDEFGHIJKLMNOPQURSTUVWZY$buttons
                              • API String ID: 770267298-1287311523
                              • Opcode ID: a9380f7adf565a284f62db8128703270008a36f3097379e964ff6ed947c2b6bc
                              • Instruction ID: 4099bc4f62344dd82a37dec38e9c3357ec35a4722736f2458e729b407f2e7aa6
                              • Opcode Fuzzy Hash: a9380f7adf565a284f62db8128703270008a36f3097379e964ff6ed947c2b6bc
                              • Instruction Fuzzy Hash: 0A02D532B19B4286D7299F25E4A0A7977A1FF84B94F048235DB6E477A8DF38F841C740
                              Function 00007FFDFABA12C0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 343COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Mem_$Malloc$DeallocErr_FreeMemory
                              • String ID: 0
                              • API String ID: 1635361834-4108050209
                              • Opcode ID: 5a26e20e75cb925fbbc9c56ae8020c188d100fa82e418ab62db65b67776e16e2
                              • Instruction ID: a2314bc0c0c5e285da975c47b3b711c3448b65d09313bd140ebc519cec1ec43f
                              • Opcode Fuzzy Hash: 5a26e20e75cb925fbbc9c56ae8020c188d100fa82e418ab62db65b67776e16e2
                              • Instruction Fuzzy Hash: 5DE1AF76B0C55285EBA88B15E438A7D37A5FF54780F9445B1EE6E8A6C8DF3CE841C700
                              Function 00007FFDFABA3310 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                              • String ID:
                              • API String ID: 313767242-0
                              • Opcode ID: d9e6df729bf43983b28923cb177ae3541e73e5dfa40f51ce2d15500382af1989
                              • Instruction ID: 233baa44e85cb66202421931820391db9c1ad95eb843b94ecdb9706924e2dc4f
                              • Opcode Fuzzy Hash: d9e6df729bf43983b28923cb177ae3541e73e5dfa40f51ce2d15500382af1989
                              • Instruction Fuzzy Hash: 87313C76709B8196EB648F60E8A07EE7360FB84744F84443ADA5E4BA98DF38D588C700
                              Function 00007FFDFABA1890 Relevance: 10.9, APIs: 7, Instructions: 428COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Mem_$Free$DataErr_FromKindMallocMemoryReallocUnicode_
                              • String ID:
                              • API String ID: 857045822-0
                              • Opcode ID: 132545a872591c33b0f38a43d07c0a6304a613e13b36cdfa53bc8be909f7a12d
                              • Instruction ID: d6484a9a280c444fd6effbe0c1a0e2e5555a77338d6346e37cc98fc351728cab
                              • Opcode Fuzzy Hash: 132545a872591c33b0f38a43d07c0a6304a613e13b36cdfa53bc8be909f7a12d
                              • Instruction Fuzzy Hash: 1F02D372B0859282EBBC8B14E434E796AA1EF45744F9441B1DEAE4F7D8EE3DE845D300
                              Function 00007FFDFB1D9390 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 399COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID: _isnan
                              • String ID: (reading increment)$%s called with shared object$TclIncrObj$unable to alloc %u bytes
                              • API String ID: 890761564-3546573178
                              • Opcode ID: 0b7d16a4d8139f97b069831ff2622841678a136fc2eafa551a487accb8697485
                              • Instruction ID: b6f8134622144cd548fa61d6e8e62bff78f6f17494cffc4fe8b52892b59a9890
                              • Opcode Fuzzy Hash: 0b7d16a4d8139f97b069831ff2622841678a136fc2eafa551a487accb8697485
                              • Instruction Fuzzy Hash: 37026073F0AA4396EB64CF51D4609A92365FB48BC8F844436DA6E87AE9DF3CE444C740
                              Function 00007FFDFB021930 Relevance: 9.3, APIs: 6, Instructions: 281COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: floor
                              • String ID:
                              • API String ID: 3192247854-0
                              • Opcode ID: b83b176226fe19f0792f193f0f94b46350d7c3987432c92b06ede0556cf06151
                              • Instruction ID: 9e357ab8255d3e8278a83f3b140bc8ffc29d33efba9bca7247fa9c72baa86345
                              • Opcode Fuzzy Hash: b83b176226fe19f0792f193f0f94b46350d7c3987432c92b06ede0556cf06151
                              • Instruction Fuzzy Hash: F7D1C522E14F858AE3138F3884115AAA368FF6B3D5F149327EE5DB6565EF34E4D28700
                              Function 00007FFDFAFEA020 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 515comCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              • Internal error: GetFileNameVista: IFileDialog API not available, xrefs: 00007FFDFAFEA092
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: CreateInstance
                              • String ID: Internal error: GetFileNameVista: IFileDialog API not available
                              • API String ID: 542301482-2221198392
                              • Opcode ID: f80c8e0a9cf7ac9ef62509b3e7f81d35c584a0d55d3bae0203553010dc871d41
                              • Instruction ID: 14a3d6abcfd27cab8a1096ea4c69e415228256b3ee04fdaf2db0e27d8cbe66f7
                              • Opcode Fuzzy Hash: f80c8e0a9cf7ac9ef62509b3e7f81d35c584a0d55d3bae0203553010dc871d41
                              • Instruction Fuzzy Hash: 04329B36B19B4282DB04DF25E4A0AAD37A1FF88B95F154132EE6E477A8DF39D844C700
                              Function 00007FFDFAFF1950 Relevance: 7.9, APIs: 5, Instructions: 372COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ObjectSelect$Release
                              • String ID:
                              • API String ID: 3581861777-0
                              • Opcode ID: 05c4467f48586219b1df7ed98a974a58e60742e56f755a4bb52e0aa24fdc96bf
                              • Instruction ID: 5feccf94f1ea59f7de8fb487d0954a8243db38193294b363458102a418de251d
                              • Opcode Fuzzy Hash: 05c4467f48586219b1df7ed98a974a58e60742e56f755a4bb52e0aa24fdc96bf
                              • Instruction Fuzzy Hash: 36F17132B0869286EB148F65E490AAD77A1FB48B98F044236EF5E57BACDF3CD445C704
                              Function 00007FFDFB005FD0 Relevance: 7.6, APIs: 5, Instructions: 119clipboardwindowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Clipboard$Message$CloseOpenOwnerPostSend
                              • String ID:
                              • API String ID: 3488582236-0
                              • Opcode ID: 223da2ca4eda3d012fa8581d3eeffe749196b6334ffadd1d9cce9388c3118d61
                              • Instruction ID: 215cc63996a316370e19d66dcf184dae8c0b0d57b5fad85479ed47620f75d5fb
                              • Opcode Fuzzy Hash: 223da2ca4eda3d012fa8581d3eeffe749196b6334ffadd1d9cce9388c3118d61
                              • Instruction Fuzzy Hash: 83412620F0A64341FB645B149974ABD2293AF86BC0F1C4431F6EE466FECE2DE890A241
                              Function 00007FFDFB03DFB0 Relevance: 79.1, APIs: 20, Strings: 25, Instructions: 320stringCOMMON
                              Download Yara Rule
                              APIs
                              • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03DFE8
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E000
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E028
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E040
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E058
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E070
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E088
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E0A0
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E0C0
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E0E3
                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E138
                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E157
                              • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E2CD
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E353
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E36F
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E3B9
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E466
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E4BA
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00007FFDFB01F3A3), ref: 00007FFDFB03E4CD
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: _stricmp$strcmp$isspace$_strnicmp
                              • String ID: -Roman$Arial$AvantGarde$Bold$Book$Bookman$Courier$Courier New$Demi$Geneva$Helvetica$Italic$Light$Medium$Monaco$New York$NewCenturySchlbk$NewCenturySchoolbook$Oblique$Palatino$Times$Times New Roman$ZapfChancery$ZapfDingbats$itc
                              • API String ID: 2126113721-1508206677
                              • Opcode ID: 82f7f45c40f7fb6ca53e3772d87be10afc293be684ea06a47f32f756d7dcb451
                              • Instruction ID: 05451df9fd85448ce3351c9edb2fefab625e79a30c02c0eb8d245c09aede2cfc
                              • Opcode Fuzzy Hash: 82f7f45c40f7fb6ca53e3772d87be10afc293be684ea06a47f32f756d7dcb451
                              • Instruction Fuzzy Hash: 68E18D25B0E68391EB609B169868A7867A1BF47BD0F484231DD6D433FCDF2CE485E310
                              Function 00007FFDFB075C20 Relevance: 44.0, APIs: 6, Strings: 23, Instructions: 492stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: BAD_PARAMETER$GEOMETRY$HIERARCHY$OLDPACK$TCL$WRONGARGS$bad option "%s": should be top, bottom, left, right, expand, fill, fillx, filly, padx, pady, or frame$bottom$can't pack %s inside %s$expand$fill$fillx$filly$frame$left$pack$padx$pady$right$top$wrong # args: "%s" option must be followed by screen distance$wrong # args: "frame" option must be followed by anchor point$wrong # args: window "%s" should be followed by options
                              • API String ID: 1114863663-2739730379
                              • Opcode ID: 9f574bde8c021cd37f8ea4a29d56b3257056358e7257a03c82aa4e7c36a87ebe
                              • Instruction ID: 87ae1560bb9bb78f812e79e5f971f01f0aa3baaff88af85db107e1f7337ae019
                              • Opcode Fuzzy Hash: 9f574bde8c021cd37f8ea4a29d56b3257056358e7257a03c82aa4e7c36a87ebe
                              • Instruction Fuzzy Hash: 6E325032B0AB8786EB609B11E464BB9B7A0FB4AB84F544035DE5E477A9DF3CE045D700
                              Function 00007FFDFAFEBA70 Relevance: 42.3, APIs: 13, Strings: 11, Instructions: 337stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: CurrentDirectorymemset$Path$BrowseEnableFolderFromFullListMallocNameWindowstrcmpwcsncpy
                              • String ID: -xpstyle$::tk::winChooseDirFlags$DIRDIALOG$FILEDIALOG$PSEUDO$Please choose a directory, then select OK.$VALUE$error: not a file system folder$option$value for "%s" missing$value for "-xpstyle" missing
                              • API String ID: 1517725768-2564141266
                              • Opcode ID: ccf9897eb244be3c7cca070779ed3911e840a18dfc80e1ddab41cc701577da56
                              • Instruction ID: e440007d6beedfa87077d0d2bc89c02f1e172352941f5c48f5e6670743dfa2f4
                              • Opcode Fuzzy Hash: ccf9897eb244be3c7cca070779ed3911e840a18dfc80e1ddab41cc701577da56
                              • Instruction Fuzzy Hash: 7F027D32B09B8395EB249F25D8A46E923A1FB49B99F444232DE2D4B7E8DF3CD545C700
                              Function 00007FFDFB057AB3 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 375COMMON
                              Download Yara Rule
                              APIs
                              • memset.VCRUNTIME140 ref: 00007FFDFB057AC6
                                • Part of subcall function 00007FFDFB058B90: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB058C73
                                • Part of subcall function 00007FFDFB05A410: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,00000000,00000000,00007FFDFB059831,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDFB05A4AD
                                • Part of subcall function 00007FFDFB05A410: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB05A52D
                              • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB057D37
                              • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB057D49
                              • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB057D5B
                              • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB057DBF
                              • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB057DCD
                              • isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFB057DDB
                                • Part of subcall function 00007FFDFAFF05E0: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFDFAFF0624
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: isxdigit$_strnicmp$__stdio_common_vsscanfmemsetstrncmp
                              • String ID: %1x%1x%1x$%2x%2x%2x$COLOR$IMAGE$NON_RECTANGULAR$OVERFLOW$PHOTO$UUUU$VALUE$all elements of color list must have the same number of elements$can't parse color "%s"$data ?-option value ...?$photo image dimensions exceed Tcl memory limits
                              • API String ID: 1785155319-2558137384
                              • Opcode ID: 2b467ffb2518d77dd49d61fce66feee3232f602b82ae76e232e22ec70ad21679
                              • Instruction ID: 886ad6d62392897d69c44090a28d1f865abb7bd4b38848052f3b855278381a69
                              • Opcode Fuzzy Hash: 2b467ffb2518d77dd49d61fce66feee3232f602b82ae76e232e22ec70ad21679
                              • Instruction Fuzzy Hash: ED026E72B097838AE7148F25D8609AD7BA5FB49B88F144136DE5D43BA8DF3CE544EB00
                              Function 00007FFDFAFF7B10 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 142windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ModePalette$DeleteObjectSelect$ColorRealize$BitmapCompatibleCreateLoadReleaseText
                              • String ID:
                              • API String ID: 1475033899-3916222277
                              • Opcode ID: 5421d300069c24f394f0785ef8da9d14830ef8aa5fc802dd57011fe9b2823f70
                              • Instruction ID: e6b8484e3ceb79550c773803ef61d2d10773c49ae009ffd6cc5a3663b8763bea
                              • Opcode Fuzzy Hash: 5421d300069c24f394f0785ef8da9d14830ef8aa5fc802dd57011fe9b2823f70
                              • Instruction Fuzzy Hash: B551613970968387E7649F25E464B6EB761FB89B90F048134EE5A47BA8CF3CE545CB00
                              Function 00007FFDFAFEFE70 Relevance: 31.8, APIs: 21, Instructions: 251COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b970cdee352c678d4b5183a449778544f92d48b50108681732dca2dba0ebb221
                              • Instruction ID: 59e9cd95db9619b7b2d130b1c1a6a392d505dfddcb585cdee62d1c866473f5de
                              • Opcode Fuzzy Hash: b970cdee352c678d4b5183a449778544f92d48b50108681732dca2dba0ebb221
                              • Instruction Fuzzy Hash: 3EC1DA31A19AC28AD3269F35E451AAAB365FFD97D4F148332FA8653769DF3CD0418B00
                              Function 00007FFDFB09BB20 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 413stringCOMMON
                              Download Yara Rule
                              APIs
                              • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BB4D
                              • isalnum.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BB67
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BBA5
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BBD6
                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BC06
                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BC17
                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BC33
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BC7F
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BCF6
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BD47
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,00007FFDFB09A2E4), ref: 00007FFDFB09BF36
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp$isspace$isalnum
                              • String ID: any$display$lineend$linestart$wordend$wordstart
                              • API String ID: 270981566-2289065215
                              • Opcode ID: 3dd1ecaae24f8779d8bbb248172055baecc6c4e70cf1069c0d038b441eabe778
                              • Instruction ID: 1cd51663ae1e723745a09f7303af66a5b4f67af746d38c3408d83bfa1ca8be04
                              • Opcode Fuzzy Hash: 3dd1ecaae24f8779d8bbb248172055baecc6c4e70cf1069c0d038b441eabe778
                              • Instruction Fuzzy Hash: EC02F566B0A28796EB248F15D460B7977A1FB46BD8F448031DA6E43BE8DF3CE441A700
                              Function 00007FFDFB037940 Relevance: 27.2, APIs: 5, Strings: 13, Instructions: 165COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: BAD_INDEX$ENTRY$NO_SELECTION$SPINBOX$anchor$bad %s index "%s"$end$entry$insert$sel.first$sel.last$selection isn't in widget %s$spinbox
                              • API String ID: 0-3569778872
                              • Opcode ID: 24d91ad074fa49ad4e86a8e276d10e44c69e3d1ee987d00b98a91f8c2e2e4e02
                              • Instruction ID: 1be4b708b74cdc497aca599244867bd606791f48f6e7c446793db482bfebaac4
                              • Opcode Fuzzy Hash: 24d91ad074fa49ad4e86a8e276d10e44c69e3d1ee987d00b98a91f8c2e2e4e02
                              • Instruction Fuzzy Hash: C171E031B0A64796EB248F25D468EB837A1FB06B84F484032DA2D472F8DF3CE595E700
                              Function 00007FFDFB046050 Relevance: 24.7, APIs: 2, Strings: 12, Instructions: 190COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: CaptureCursorRelease
                              • String ID: BAD_TIME$FROZEN$GRAB$GRABBED$UNKNOWN$UNVIEWABLE$grab failed for unknown reason (code %d)$grab failed: another application has grab$grab failed: invalid time$grab failed: keyboard or pointer frozen$grab failed: window not viewable$option
                              • API String ID: 1375868664-404007824
                              • Opcode ID: d0bb5c3877c9ff1ba8c12a03e2067a13e726d2ef50291bf86a48363b5bb03a49
                              • Instruction ID: b8bf6a8c0d7fbe073e52d448e1a98a81b7cf9550fd52c98edff638a428ce3148
                              • Opcode Fuzzy Hash: d0bb5c3877c9ff1ba8c12a03e2067a13e726d2ef50291bf86a48363b5bb03a49
                              • Instruction Fuzzy Hash: 68911A32B0AA43D6EB509F11E864AA937A1FB86B88F444131EE5E477B8DF3DE545D300
                              Function 00007FFDFABA1130 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 184COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Unicode_$Equal$Arg_Ready$ArgumentCheckMallocMem_Positional
                              • String ID: argument 1$argument 2$invalid normalization form$normalize$str
                              • API String ID: 3725739812-4140678229
                              • Opcode ID: 1c6cbfcfd4cd2358b50a021e9244641eb4da41a43d551a250888ca091a8ef727
                              • Instruction ID: 0ef8cb3b8c4d36a04941afc631a1b9115480b26df44f6c490ce0f4b3771e50c9
                              • Opcode Fuzzy Hash: 1c6cbfcfd4cd2358b50a021e9244641eb4da41a43d551a250888ca091a8ef727
                              • Instruction Fuzzy Hash: 12718B25B0C78281EBA88B15A974A7967A1AF45BC4FC841B1DD7E8F6DDDF2CE9019300
                              Function 00007FFDFB007A10 Relevance: 24.1, APIs: 6, Strings: 10, Instructions: 95stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: RELIEF$VALUE$bad relief "%.50s": must be %s$flat$flat, groove, raised, ridge, solid, or sunken$groove$raised$ridge$solid$sunken
                              • API String ID: 1114863663-2868686326
                              • Opcode ID: 1531f5374be2fdba3a73d2b43ef8c53f3d2a2c70aeb10428e0024b0ddfe24d92
                              • Instruction ID: 9f4c4b5536fdaef25fa1b526b841f0837bec43fafcc2b454583aefe05876c8d4
                              • Opcode Fuzzy Hash: 1531f5374be2fdba3a73d2b43ef8c53f3d2a2c70aeb10428e0024b0ddfe24d92
                              • Instruction Fuzzy Hash: AD413E65B0A64385FB104F15E960BB96391AB47BD4F188132DAAD472F9EF3CE241E301
                              Function 00007FFDFAFEDFA0 Relevance: 21.1, APIs: 14, Instructions: 106windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Palette$Select$ClipModeRealize$DeleteRelease$Offset
                              • String ID:
                              • API String ID: 1721436951-0
                              • Opcode ID: f9337905b34d61cc9d400d275c978c60d9898283797e37c40147e75039eeff4a
                              • Instruction ID: 4807ff195451d672eeb0eccdf4a4a2aee4d128f9d9cedaee56c06fa01d95cd50
                              • Opcode Fuzzy Hash: f9337905b34d61cc9d400d275c978c60d9898283797e37c40147e75039eeff4a
                              • Instruction Fuzzy Hash: 72413F3570968396D724DF12E4A496AB361FB8ABD0F154131EE6A47BA8CF3DE8458B00
                              Function 00007FFDFB073B40 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 84stringCOMMON
                              Download Yara Rule
                              APIs
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFDFB073856), ref: 00007FFDFB073B80
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFDFB073856), ref: 00007FFDFB073BA7
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFDFB073856), ref: 00007FFDFB073BCE
                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00007FFDFB073856), ref: 00007FFDFB073BF5
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: PRIORITY$VALUE$bad priority level "%s": must be widgetDefault, startupFile, userDefault, interactive, or a number between 0 and 100$interactive$startupFile$userDefault$widgetDefault
                              • API String ID: 1114863663-4134701681
                              • Opcode ID: ec169c119373ab859ae7b0dbcf43c4c1fe435f2922528013ab1ba6fd53201d62
                              • Instruction ID: fc57efa4a0c0fb84abd5047064a0ef9c69cb7b4582916d673d5f77e460b14089
                              • Opcode Fuzzy Hash: ec169c119373ab859ae7b0dbcf43c4c1fe435f2922528013ab1ba6fd53201d62
                              • Instruction Fuzzy Hash: 70319F65F0EA8781FB10AF15E824BB8A751FF06BE4F244131DA6D472F8DE2CE645A700
                              Function 00007FFDFABA2410 Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 41COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Module_$Object$Capsule_ConstantCreate2Object_String
                              • String ID: 13.0.0$UCD$ucd_3_2_0$ucnhash_CAPI$unicodedata.ucnhash_CAPI$unidata_version
                              • API String ID: 3760240918-3451515483
                              • Opcode ID: 9404a3e0a00de817f514e66c0451751c0b59d428688e7b36f43c78fa1897eb59
                              • Instruction ID: fa850137f47698e3661c20f327de0e64776a4b4f528428247210dd69d4eed9d1
                              • Opcode Fuzzy Hash: 9404a3e0a00de817f514e66c0451751c0b59d428688e7b36f43c78fa1897eb59
                              • Instruction Fuzzy Hash: 4C11B6A8B09B4791EF0D9B19E8709B527A0BF05B41BC424B6CD3D0E3E9EE3CA549D350
                              Function 00007FFDFB089910 Relevance: 18.2, APIs: 7, Strings: 5, Instructions: 161stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp$atoi$strrchr
                              • String ID: %s %d$backbytes$byteindex$forwbytes$insert
                              • API String ID: 834745059-3026567289
                              • Opcode ID: 456d9638dbd2dbeb907a53968c4f064aebed1dcb001db3953a43560cca4665bd
                              • Instruction ID: dfa93566943e485724c336585c302206959655077e7c267edd0850324dc3e087
                              • Opcode Fuzzy Hash: 456d9638dbd2dbeb907a53968c4f064aebed1dcb001db3953a43560cca4665bd
                              • Instruction Fuzzy Hash: 62711E26B1AB8391DB10EB12E864AB93760FB89B89F045031DE6E477B9DF3CE544D700
                              Function 00007FFDFB0A7970 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 140stringCOMMON
                              Download Yara Rule
                              APIs
                              • strrchr.VCRUNTIME140(?,?,?,?,?,?,?,00000000,00007FFDFB00FD38), ref: 00007FFDFB0A79A2
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strrchr
                              • String ID: CONTAINER$CREATE$DEAD_PARENT$VALUE$WINDOW_PATH$bad window path name "%s"$can't create window: its parent has -container = yes$can't create window: parent has been destroyed
                              • API String ID: 3418686817-526915013
                              • Opcode ID: 0f4af2248bab40ab3c0db1ce4cb5c167ddc12390b25b98acd467436e4e6b1f9f
                              • Instruction ID: 80ac4bb606199be025c4c643e881bf18e255339ea8ed5c3eaa31095123906d90
                              • Opcode Fuzzy Hash: 0f4af2248bab40ab3c0db1ce4cb5c167ddc12390b25b98acd467436e4e6b1f9f
                              • Instruction Fuzzy Hash: 4A517162B1A68791EB009F11D824AB96365FB8AFD4F448931DD2E0B7F8DE3CE545E300
                              Function 00007FFDFABA2610 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                              • String ID:
                              • API String ID: 349153199-0
                              • Opcode ID: b8c1a2c7ebbee062cdffbadaee7b374dce9ca1f85f88613488d49a9c17cf69b8
                              • Instruction ID: 649011b615a99985694050f69a9c8674871f92a7d0a9d89baeae6e02407e2398
                              • Opcode Fuzzy Hash: b8c1a2c7ebbee062cdffbadaee7b374dce9ca1f85f88613488d49a9c17cf69b8
                              • Instruction Fuzzy Hash: 8681DE65F0C24346FB5C9B269471AB96290AF85B80F8480B5ED2D4F7EEDF3CE945A700
                              Function 00007FFDFB01D910 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 143stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strtod$_hypotstrncmp
                              • String ID: CANVAS$ITEM_INDEX$POLY$bad index "%s"$end
                              • API String ID: 2305060144-259481206
                              • Opcode ID: 8c6d08ac8caa7cad673ede0d806b0a2c094461703aeba9939b9bf4233331e4f1
                              • Instruction ID: a2f99cf98323b8d136158ba934b649cf13b0f785df306f279e17a8f1acc4e3b1
                              • Opcode Fuzzy Hash: 8c6d08ac8caa7cad673ede0d806b0a2c094461703aeba9939b9bf4233331e4f1
                              • Instruction Fuzzy Hash: 66517032B0AB8796D7258F25D4906A973A0FF4AB84F449231DA6E033A8DF3CE551D700
                              Function 00007FFDFABA5208 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 96COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Unicode_$Equal$CompareDeallocErr_ReadyString
                              • String ID: invalid normalization form
                              • API String ID: 3010910608-2281882113
                              • Opcode ID: ba4c5c826613feff4fda7b3b67ec7b853ca24e194141179678075e2ef9f1e7e6
                              • Instruction ID: 1cefa517dba144c3b3f99b5e995c53f0382f4ad054bf3df8cd8dc72dbd8a7e3e
                              • Opcode Fuzzy Hash: ba4c5c826613feff4fda7b3b67ec7b853ca24e194141179678075e2ef9f1e7e6
                              • Instruction Fuzzy Hash: 92414A65B0CB0285EB588B11A874A3963A4BF89B85FC442B5DD6F4A6E8DF7CE5049310
                              Function 00007FFDFABA511C Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 58COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_$ArgumentReadyUnicode_$CheckPositional
                              • String ID: argument 1$argument 2$is_normalized$str
                              • API String ID: 396090033-184702317
                              • Opcode ID: 1ceb60c17f919a84d936433f20651ef05fa25a644f322f0f14d79f4650f0d4b9
                              • Instruction ID: f040bd12e9b022ec40966f884bef2a1f5a8859a54a576503dc7cb4463b8da72e
                              • Opcode Fuzzy Hash: 1ceb60c17f919a84d936433f20651ef05fa25a644f322f0f14d79f4650f0d4b9
                              • Instruction Fuzzy Hash: 86218561B0C64695E7188B25E864AB82365FF45F94FC44275DD7E4B2ECCF2CD646D300
                              Function 00007FFDFB013AF0 Relevance: 15.3, APIs: 10, Instructions: 293COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: atan2$_hypot
                              • String ID:
                              • API String ID: 1930852395-0
                              • Opcode ID: 4977db30c077ca33e7a8b4f5e68b8180bf3a9b96faee923d8845ef3fccdbefe2
                              • Instruction ID: 0ee23a54840c4527129ccfd4c182de5a6c2e014027c3a5751dda3e6b8e30929a
                              • Opcode Fuzzy Hash: 4977db30c077ca33e7a8b4f5e68b8180bf3a9b96faee923d8845ef3fccdbefe2
                              • Instruction Fuzzy Hash: BFF16232915FC589E363CF3494516EAB368FF6B3D5F059322EB9A26565DF38E1828300
                              Function 00007FFDFAFE9AB0 Relevance: 13.7, APIs: 3, Strings: 6, Instructions: 156stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memset$strcmp
                              • String ID: -xpstyle$FILEDIALOG$VALUE$option$value for "%s" missing$value for "-xpstyle" missing
                              • API String ID: 4285334728-3137637625
                              • Opcode ID: e80b120de827e86f6ef3f2fe652ccd95535fa01e94397330b5d450c1065cc2b9
                              • Instruction ID: 4560edcb769a58914196d26393845b165fb2b80f15abf4f1e4463825b7e6dbdb
                              • Opcode Fuzzy Hash: e80b120de827e86f6ef3f2fe652ccd95535fa01e94397330b5d450c1065cc2b9
                              • Instruction Fuzzy Hash: 4B717076B09A4391EB14DF11E8A0AE96365FF89B98F055132EE6D473A8DF3CE544C700
                              Function 00007FFDFB0018B0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 149COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: %s is already an icon for %s$ICON$ICONWINDOW$INNER$can't use %s as icon window: not at top level$window ?pathName?
                              • API String ID: 0-2484564324
                              • Opcode ID: aeb4c44075cbee7d6ba59fc1d079308a7a96bf026135495a60a47d595b11cb98
                              • Instruction ID: 8c8d093457798f33fafb82fd2c69dc24d29519ba7533653b1fc5c32da6b17956
                              • Opcode Fuzzy Hash: aeb4c44075cbee7d6ba59fc1d079308a7a96bf026135495a60a47d595b11cb98
                              • Instruction Fuzzy Hash: F1717D32B0AA8295EB50CF15D464AA977A4FB4AFD4F180136DE9E477B8CF38E446D340
                              Function 00007FFDFABA48E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                              • String ID: a unicode character$argument$combining
                              • API String ID: 3097524968-4202047184
                              • Opcode ID: 040ff01286cd89f9207c8d4dc0413359af9d4ccceb9767f52fbc5cbeecb10de6
                              • Instruction ID: 3921bd7e67244139165db5e5d3ee84a5457eef60bd413081e4de9460747a8fef
                              • Opcode Fuzzy Hash: 040ff01286cd89f9207c8d4dc0413359af9d4ccceb9767f52fbc5cbeecb10de6
                              • Instruction Fuzzy Hash: BD318F61B087068AFB6C8B15D471B792291AF84B94FD4C5B5CE6E8B3DDDE2CEC658300
                              Function 00007FFDFABA5390 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_ArgumentErr_FromLongLong_OccurredReadyUnicode_
                              • String ID: a unicode character$argument$mirrored
                              • API String ID: 3097524968-4001128513
                              • Opcode ID: cc8873de0662b6ffed095e7c18e5ff872730077e0c60c401c61e73b6b5138996
                              • Instruction ID: 51adbfea5d5a851910d31ac180b5a3ce87902b93482cd1d12913c19f1e2c94ae
                              • Opcode Fuzzy Hash: cc8873de0662b6ffed095e7c18e5ff872730077e0c60c401c61e73b6b5138996
                              • Instruction Fuzzy Hash: 2331B161B4C70682FB5C4B15D4B1B7D1299AF86B95F844675CE2E8F3CDDE2CEA458300
                              Function 00007FFDFAFE9F10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64comlibraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: CreateInstance$AddressHandleInitializeModuleProc
                              • String ID: SHCreateItemFromParsingName$shell32.dll
                              • API String ID: 1434079189-2320870614
                              • Opcode ID: 85a71e5791c32a979ef710fd9674e6384f50606f420b35d65fd0881192b43417
                              • Instruction ID: 02a4eb1d28df3bfeb5a356e081a6f2888b882ea24b15087bd51f30e9d0cf0843
                              • Opcode Fuzzy Hash: 85a71e5791c32a979ef710fd9674e6384f50606f420b35d65fd0881192b43417
                              • Instruction Fuzzy Hash: 70318C32B0AB4392EB14DF25E8A096973A4FF89B48B040235EA2D476F8DF3DE455D700
                              Function 00007FFDFB0CF900 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 285COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: (processing "%.40s" option)$-class$VALUE_MISSING$pathName ?-option value ...?$value for "%s" missing$widget has been destroyed
                              • API String ID: 2221118986-332812946
                              • Opcode ID: 6c44d73e17e8ab4e7bafa90176bc5e643cc0fa97876efaf830948709e2a473eb
                              • Instruction ID: c02c0b52b798ba861defb5895b3096f6a67f40f00622c32be38b0c28d21ed284
                              • Opcode Fuzzy Hash: 6c44d73e17e8ab4e7bafa90176bc5e643cc0fa97876efaf830948709e2a473eb
                              • Instruction Fuzzy Hash: A3D14D72B0AB8392DB109B11E864ABA63A5FB8AB84F454135DE6E477F9DF3CD045D300
                              Function 00007FFDFB050050 Relevance: 10.8, APIs: 2, Strings: 5, Instructions: 270COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: GIF$IMAGE$MALFORMED$error reading GIF image: %s$malformed image
                              • API String ID: 0-4136127321
                              • Opcode ID: e565385fabbd8d2037670966b961a85c2ad080d71d00d490cbb87c61eefcdb81
                              • Instruction ID: 63abb0d465bad501cc6b414b0fc56fb8f7e58f4a89a933d9089c8f7bcfcadf50
                              • Opcode Fuzzy Hash: e565385fabbd8d2037670966b961a85c2ad080d71d00d490cbb87c61eefcdb81
                              • Instruction Fuzzy Hash: E0C1C672B0EAC286D7108B15E460BAEB7A1F789784F145135EA9D83BA8EF3CD445DF00
                              Function 00007FFDFB039B60 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 235COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: fabs$memcmp
                              • String ID: (in command executed by spinbox)$%lf$down
                              • API String ID: 1615362767-1224525252
                              • Opcode ID: b4ce76542ccdd5ed2302fd963c494153259883fa39dd58f7efe8dafc132c74f7
                              • Instruction ID: 10f1e6f2d329c22223e63c8fcc322d8616d430ac35491ed83a8591a63f4bfe44
                              • Opcode Fuzzy Hash: b4ce76542ccdd5ed2302fd963c494153259883fa39dd58f7efe8dafc132c74f7
                              • Instruction Fuzzy Hash: 03C1B132B1AA8785E7619F25D464AEA7364FB86B84F084232DE1E076BCDF3DD481D700
                              Function 00007FFDFB045990 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 128stringCOMMON
                              Download Yara Rule
                              APIs
                              • strtod.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,00000000,00007FFDFB045943), ref: 00007FFDFB0459BD
                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000,00007FFDFB045943), ref: 00007FFDFB0459E3
                              • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000,00007FFDFB045943), ref: 00007FFDFB045AF8
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: isspace$strtod
                              • String ID: FRACTIONAL_PIXELS$VALUE$bad screen distance "%s"
                              • API String ID: 442120894-2501306681
                              • Opcode ID: a8e0da019c2bce36dce991ad9adc416758fc2609381c568d79bf9b726392ebd6
                              • Instruction ID: 53355fce3b9ff4dd157ebec828e9825d61f930a4e40153f0c1725ed256a0f10b
                              • Opcode Fuzzy Hash: a8e0da019c2bce36dce991ad9adc416758fc2609381c568d79bf9b726392ebd6
                              • Instruction Fuzzy Hash: 4F518D32B09B86C9DB518F21D4A167973A0FF56BC4F058232EA9D173A9DF2CE15AD700
                              Function 00007FFDFABA16F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Unicode_$Arg_ArgumentFromReadyString
                              • String ID: a unicode character$argument$category
                              • API String ID: 3000140846-2068800536
                              • Opcode ID: dc329cd0b349a5156d45ffc822039426403db6e7cf94f6154f9773864250ea74
                              • Instruction ID: 2f9170105df992bc2f4b230373d1abcecc9d0223b95b4894fa1ebe3b7cdbe8a2
                              • Opcode Fuzzy Hash: dc329cd0b349a5156d45ffc822039426403db6e7cf94f6154f9773864250ea74
                              • Instruction Fuzzy Hash: E451D361B18A8292EB9C8709E570A7966A2FF44B84F844175DE6E8F7D8DF3CE851C300
                              Function 00007FFDFB023FC0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 106stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: LOOKUP$SMOOTH$ambiguous smooth method "%s"$bezier$smoothMethod
                              • API String ID: 1114863663-1216440562
                              • Opcode ID: 432d4afbec1bc802c7d09d941c997b3e1c59a2d7f0d16ded94dfc376236e684e
                              • Instruction ID: 219fce9fc3638392cd9fd81d24dd332f26e0ca8a14cdd323ad2809f6b197f347
                              • Opcode Fuzzy Hash: 432d4afbec1bc802c7d09d941c997b3e1c59a2d7f0d16ded94dfc376236e684e
                              • Instruction Fuzzy Hash: E1415336B0AB8791EB508F11E860AA977A4FB46B95F484131DE6D477F8DE3CE089D700
                              Function 00007FFDFABA1000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Unicode_$Arg_ArgumentFromReadyString
                              • String ID: a unicode character$argument$bidirectional
                              • API String ID: 3000140846-2110215792
                              • Opcode ID: bad425cea1d7568a281c698dde09b65bd26a674b94cb33084f69e9e63b3e16da
                              • Instruction ID: e74626f6bb5072a9de835a0c8ea8cf62cab2e61f412f5946a09dba19c3c5fc0f
                              • Opcode Fuzzy Hash: bad425cea1d7568a281c698dde09b65bd26a674b94cb33084f69e9e63b3e16da
                              • Instruction Fuzzy Hash: 8341B562B0864282FBAC8B15E470B7D22A2EF44B44FD44575DE6E8B3D8DF2DE844D300
                              Function 00007FFDFABA56B4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: EqualUnicode_
                              • String ID: invalid normalization form
                              • API String ID: 3822945493-2281882113
                              • Opcode ID: 27a683614d972d0201c07423aad88ca84f1c66f1d627d019b31ed67477571f71
                              • Instruction ID: 3fb952ff2cd42b014a433b98f2228fdf7f6d7ecba20f404773fbf39188dc5e3e
                              • Opcode Fuzzy Hash: 27a683614d972d0201c07423aad88ca84f1c66f1d627d019b31ed67477571f71
                              • Instruction Fuzzy Hash: 71318D64B0C24281FB589B269A34F7A5695AF46FC4F9481B1DD2E8EACEDF2DE1018710
                              Function 00007FFDFB01FAC0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: isspace$strtod
                              • String ID: CANVAS$POINTS$bad distance "%s"
                              • API String ID: 442120894-3072977745
                              • Opcode ID: ca1f7fc83f2217ef3e3404945a39a99711b48ae93d846b8b87359ed6ea33addb
                              • Instruction ID: 93b143e21de80a9cd325a6879561658c0a7f2c6cfe1eb15983ca052c8584e4f9
                              • Opcode Fuzzy Hash: ca1f7fc83f2217ef3e3404945a39a99711b48ae93d846b8b87359ed6ea33addb
                              • Instruction Fuzzy Hash: D041B221F0AA8795E7558B11E4B0B7AA7A0EF56B85F089131E9AD037FCDE2CE445E700
                              Function 00007FFDFABA4A2C Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                              • String ID: a unicode character$argument 1$decimal
                              • API String ID: 3545102714-2474051849
                              • Opcode ID: 6148670ff22cfff4f57f765d01a439acecbd48a7cdda27bf6212a87e4f51669a
                              • Instruction ID: e2a72f9791e4cb7f2d08c81ec0cdeef486119e41361b83588ba7276cef824052
                              • Opcode Fuzzy Hash: 6148670ff22cfff4f57f765d01a439acecbd48a7cdda27bf6212a87e4f51669a
                              • Instruction Fuzzy Hash: A9318072B1868685EB588B16D460B796361EB84B84FD48471CE2D4BBDCDF3EE896C304
                              Function 00007FFDFABA5820 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                              • String ID: a unicode character$argument 1$numeric
                              • API String ID: 3545102714-2385192657
                              • Opcode ID: e02bf42f7d6cc4674662f1c342c49790be18b097b45bc76ca3e085806a2d45f4
                              • Instruction ID: 8eeb63f06520e817f265010809af1a325e303b4fa80d08feca500cd646b5ffad
                              • Opcode Fuzzy Hash: e02bf42f7d6cc4674662f1c342c49790be18b097b45bc76ca3e085806a2d45f4
                              • Instruction Fuzzy Hash: 48319C21B0C64681EB688B06D460A7D2769EB85B94FD48675DE2D4F7D8DF3DEA42C300
                              Function 00007FFDFABA54E8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 91COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                              • String ID: a unicode character$argument 1$name
                              • API String ID: 3545102714-4190364640
                              • Opcode ID: 2889dff69f16467bf2546dccefc95cd9c8283f77c3c46e0aefef3cbf9eaea809
                              • Instruction ID: 03975c62008964983a9326f9b9923ede82255a275b95b36d894523d59740ee9e
                              • Opcode Fuzzy Hash: 2889dff69f16467bf2546dccefc95cd9c8283f77c3c46e0aefef3cbf9eaea809
                              • Instruction Fuzzy Hash: 21316071B0CA4681EB588B15D460B7D2366EB85B94FD48171CE2D4B7D8DF3EEA46C700
                              Function 00007FFDFABA4E48 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 87COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_$ArgumentCheckPositionalReadyUnicode_
                              • String ID: a unicode character$argument 1$digit
                              • API String ID: 3545102714-197099943
                              • Opcode ID: 9c3a7cdbbd5f6f68c82a9698fa29ba1bd4bc28e2880e536517da584446855a33
                              • Instruction ID: b4c35a2e39f77c44e395a953241553967fb340cd850c4fa59058fc3f1560bc9b
                              • Opcode Fuzzy Hash: 9c3a7cdbbd5f6f68c82a9698fa29ba1bd4bc28e2880e536517da584446855a33
                              • Instruction Fuzzy Hash: 12318B22B0864682FB588B15D460A7D2361EB80B84FD590B1DE2D8B7DCDF3EE842C300
                              Function 00007FFDFABA4CE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: FromStringUnicode_$S_snprintfSizememcpy
                              • String ID: $%04X
                              • API String ID: 3253253298-4013080060
                              • Opcode ID: c3a2a8da7bde3bdd51f521f075308b579941d469fdabcac4b68d73b7a8c3a2c4
                              • Instruction ID: fb9e437270946beaab309c91f21ea877f8b7f5bf4f21939994f04a93d4d530ad
                              • Opcode Fuzzy Hash: c3a2a8da7bde3bdd51f521f075308b579941d469fdabcac4b68d73b7a8c3a2c4
                              • Instruction Fuzzy Hash: F631C372B18A8141EB298B14E4247B967A0FB49B54F840275CEBD0B7D8CF3CE955C300
                              Function 00007FFDFB07BB60 Relevance: 9.2, APIs: 3, Strings: 2, Instructions: 480COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: DeleteObject$CreateMessage$BitmapErrorFormatFreeLastLocalReleaseSection
                              • String ID: GC already registered in Tk_GetGC$called GCInit after GCCleanup
                              • API String ID: 450180425-2292843906
                              • Opcode ID: 800f2ec44de798afa9dc270c2a266ebc2336688eb867d3c91ed18259b897ffcd
                              • Instruction ID: 9990dd8cc2bb488ad846b1248a5009768d09e072e880b7cb175b584c43159c83
                              • Opcode Fuzzy Hash: 800f2ec44de798afa9dc270c2a266ebc2336688eb867d3c91ed18259b897ffcd
                              • Instruction Fuzzy Hash: D74279B2A05B92CAE760CF15E894BAD77B4F748B88F11412ADB5D47BA8DF38D494C700
                              Function 00007FFDFB0279A8 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 159stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: CANVAS_ITEM_TYPE$LOOKUP$coords ?arg ...?$type coords ?arg ...?$unknown or ambiguous item type "%s"
                              • API String ID: 1114863663-1447066070
                              • Opcode ID: 3642dbdf8fc2cc71b191ac96de9ded4f19ea6b878c72bbfc9a7939bd19fb5150
                              • Instruction ID: 1eb5216f73ea683182b7f20ab85257d3e2bb8333c06515b417d3eb474682b1a7
                              • Opcode Fuzzy Hash: 3642dbdf8fc2cc71b191ac96de9ded4f19ea6b878c72bbfc9a7939bd19fb5150
                              • Instruction Fuzzy Hash: FF817D36B0AB8796EB409F11E464BAD37A9FB49B59F010072CE6D177A8CF38E459D300
                              Function 00007FFDFB17DB60 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 354COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934960987.00007FFDFB151000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FFDFB150000, based on PE: true
                              • Associated: 00000002.00000002.2934943057.00007FFDFB150000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935049368.00007FFDFB298000.00000002.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935082100.00007FFDFB2DF000.00000004.00000001.01000000.00000011.sdmpDownload File
                              • Associated: 00000002.00000002.2935100388.00007FFDFB2E2000.00000002.00000001.01000000.00000011.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfb150000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: *[?\$?pattern?$hLevel$unable to alloc %u bytes
                              • API String ID: 0-1474734969
                              • Opcode ID: 108217c73f595554bbbeb22a3de49f21c99a6e96002abc1df213db86af0cb81d
                              • Instruction ID: 4ed9050ee57a4bcff8d5cc76630035e6c2e7d8262448ffbf61a72858c63bbcdf
                              • Opcode Fuzzy Hash: 108217c73f595554bbbeb22a3de49f21c99a6e96002abc1df213db86af0cb81d
                              • Instruction Fuzzy Hash: FEE1D663B0AB8B85EB609B11A460B7A63A0FB95B98F544135DE6D877EDDF3CE441C300
                              Function 00007FFDFB04FAA0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 90stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: GIF87a$GIF89a
                              • API String ID: 1114863663-2918331024
                              • Opcode ID: f04e450fe9f56001041c1e06baa1f528c388f55eddcc8fd592e2a9ced36b42b9
                              • Instruction ID: 2f8a5fe3d2174aaa8aa03e5aaf6f7c932bd776bcff4cef1d4a8242a990556229
                              • Opcode Fuzzy Hash: f04e450fe9f56001041c1e06baa1f528c388f55eddcc8fd592e2a9ced36b42b9
                              • Instruction Fuzzy Hash: C731D232B0A64782EB20CF11E86057AA7A0FB96784F404135EA9D876ECDF3DD645DB40
                              Function 00007FFDFB051AC0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: IMAGE$PNG$ZLIB_INIT$zlib initialization failed
                              • API String ID: 2221118986-4061978001
                              • Opcode ID: 78855bade67ccc3c1443183c2cd6ca3cc8625443a3eef1f87f0826ec03e60b3f
                              • Instruction ID: a44ae8abd9d85af0feeac2229a2eb9fc6fb172c48f32e38fe7a897ec429ee48d
                              • Opcode Fuzzy Hash: 78855bade67ccc3c1443183c2cd6ca3cc8625443a3eef1f87f0826ec03e60b3f
                              • Instruction Fuzzy Hash: 35317C32B09A8396EB249F15E4506AAB7A5FB49B84F044132DF9D03BB8EF3CE145C740
                              Function 00007FFDFAFEDC30 Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: Palette$ModeRealizeSelect
                              • String ID:
                              • API String ID: 3073415821-0
                              • Opcode ID: a7366c674e2b9bc6ddcd2404eb95cd6b89087e2c473af97d5f9d469c2058f636
                              • Instruction ID: c11d91509d5ee8a084fd8639d7601c02264ab6ff266f80c036ce1391ad919a0e
                              • Opcode Fuzzy Hash: a7366c674e2b9bc6ddcd2404eb95cd6b89087e2c473af97d5f9d469c2058f636
                              • Instruction Fuzzy Hash: 0C312926B09B92C2DB58DF16E89466DA360FB59FD0F189432EE5D07BA8DF38D491C700
                              Function 00007FFDFB03BE60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 164COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: Defocussed implicit Async$Focussed implicitly on %s
                              • API String ID: 0-3552124771
                              • Opcode ID: 9942ac1d0da53a1e3fb829a37dc2be867936d87bf68df08845438d47284f76a2
                              • Instruction ID: 17d759031fa2565ad18e04f2265e8436a9f933ad9969d8706df689d77f65dce4
                              • Opcode Fuzzy Hash: 9942ac1d0da53a1e3fb829a37dc2be867936d87bf68df08845438d47284f76a2
                              • Instruction Fuzzy Hash: EB718072B0A78395EB74CB10D158A7D73A4FB45B88F184435DA6D87AE8DF38E4D1A340
                              Function 00007FFDFABA4BF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_ArgumentReadyUnicode_
                              • String ID: a unicode character$argument$decomposition
                              • API String ID: 1875788646-2471543666
                              • Opcode ID: 63e69f591bf25623d91a004d72da0bf58b7633661e36e47e4c1c4dacea57b1e4
                              • Instruction ID: 3968dfe4174ccda1e39d4a17c13b0cf22660935b91b687cb329033f9c082d423
                              • Opcode Fuzzy Hash: 63e69f591bf25623d91a004d72da0bf58b7633661e36e47e4c1c4dacea57b1e4
                              • Instruction Fuzzy Hash: 63218E61B0860682FB6C8B25D571B7A1291AF84B94F944575CE2E8B3C8FF2DE8559340
                              Function 00007FFDFABA4FD0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Arg_ArgumentReadyUnicode_
                              • String ID: a unicode character$argument$east_asian_width
                              • API String ID: 1875788646-3913127203
                              • Opcode ID: 0a574c7d29df8a0884454a480448d1751a1cf8b132a9c62a5e1c51ac57f2c992
                              • Instruction ID: a48525808a02844aec4265d26a3088e809f902c9525e88db9a92e607997cb5f6
                              • Opcode Fuzzy Hash: 0a574c7d29df8a0884454a480448d1751a1cf8b132a9c62a5e1c51ac57f2c992
                              • Instruction Fuzzy Hash: 7921AE61B0C60686FB6C8B15C471B792295AF86B84F844675DF6E8B3C8DE2DEA458380
                              Function 00007FFDFAFF5AB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: FormatFreeLocalMessagewcsrchrwsprintf
                              • String ID: Error Code: %08lX
                              • API String ID: 538048751-205266100
                              • Opcode ID: eb292ea14b5d2f136287cb71962a0d9183b3fb2cb9ef65e78014e025dfc2b764
                              • Instruction ID: 97f8d61fe8529c076f3dcea7df69b28342a8fe9bd81a48bd17769e43f3795e55
                              • Opcode Fuzzy Hash: eb292ea14b5d2f136287cb71962a0d9183b3fb2cb9ef65e78014e025dfc2b764
                              • Instruction Fuzzy Hash: 3F311C32709B8292DB259F11F4606AAB3B4FB89B90F404236EA6D437A8DF7CD505CB00
                              Function 00007FFDFABA1EC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: Err_strncmp$DataFormatFromKindStringUnicode_
                              • String ID: name too long$undefined character name '%s'
                              • API String ID: 2291325159-4056717002
                              • Opcode ID: 01a1af1fdbd25cb6b478c06a93c0e5e2f1845a7dd84d00cb5a81f2ecc21acf56
                              • Instruction ID: 8fde40b4d56d9b0c80f9b240517609befad033029d07ce853e93f4462a75012c
                              • Opcode Fuzzy Hash: 01a1af1fdbd25cb6b478c06a93c0e5e2f1845a7dd84d00cb5a81f2ecc21acf56
                              • Instruction Fuzzy Hash: 811142B5B0864791EB088B14D4746B86364FB48B44FC00071CE2E4B2E9DF7DD149C740
                              Function 00007FFDFAFF9F00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: HandleModule$ClassUnregister
                              • String ID: EmbeddedMenuWindowClass$MenuWindowClass
                              • API String ID: 1524335295-2955247522
                              • Opcode ID: a77f02efab42afdfe2973f991fd00632652960922d1e093aa47b0a3874374ce2
                              • Instruction ID: 7e441e2b2540855e202a4f35aa6c9b4d3a156b73dd4ddfa2068d9e2cda5a6e50
                              • Opcode Fuzzy Hash: a77f02efab42afdfe2973f991fd00632652960922d1e093aa47b0a3874374ce2
                              • Instruction Fuzzy Hash: A4F0D420F1BA0390EB59AB11E8B4A3523A4BF1D744B10067DE82D463FCEE3CA040D300
                              Function 00007FFDFB0A3A00 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 241COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %.15g %.15g %.15g %.15g %.15g %.15g curveto$%.15g %.15g lineto$%.15g %.15g moveto
                              • API String ID: 3510742995-459612671
                              • Opcode ID: 83b3224178a2e315a07884debd5db0ce44c46d57e724add459805d5b451b02da
                              • Instruction ID: 29d523dac69f15855602526a4bfd0052b2bc6cf3e5aa8d20b0d0b577011e7511
                              • Opcode Fuzzy Hash: 83b3224178a2e315a07884debd5db0ce44c46d57e724add459805d5b451b02da
                              • Instruction Fuzzy Hash: 99B18F32B29F9696D751DF25E4609A96768FB9ABC0F008332DE6E177A8DF38D045C700
                              Function 00007FFDFAFF6050 Relevance: 7.7, APIs: 5, Instructions: 187keyboardCOMMON
                              Download Yara Rule
                              APIs
                              • MapVirtualKeyW.USER32(00000000,00000003,?,00000000,00000000,00007FFDFAFF5FFE,?,?,00000000,00007FFDFB00A36F), ref: 00007FFDFAFF60BB
                              • GetKeyState.USER32 ref: 00007FFDFAFF60D5
                              • MapVirtualKeyW.USER32(00000000,00000003,?,00000000,00000000,00007FFDFAFF5FFE,?,?,00000000,00007FFDFB00A36F), ref: 00007FFDFAFF614F
                              • GetKeyState.USER32 ref: 00007FFDFAFF6169
                              • memcpy.VCRUNTIME140(?,?,00000000,00007FFDFB00A36F), ref: 00007FFDFAFF6291
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: StateVirtual$memcpy
                              • String ID:
                              • API String ID: 1007767718-0
                              • Opcode ID: 55a3a3ddd82b76140876d28f1ea2c2ab753417754dfedcfacca47251badd8f1b
                              • Instruction ID: 7c53a570c520db1794f9f5bae0d1503a9735dd6839ebad662efd6a4b6b3b77ce
                              • Opcode Fuzzy Hash: 55a3a3ddd82b76140876d28f1ea2c2ab753417754dfedcfacca47251badd8f1b
                              • Instruction Fuzzy Hash: 2D818B32B096D286EB549F15D460AB97365FF89F98F044235DE2E4B3A9CF38E841C700
                              Function 00007FFDFAFF58C0 Relevance: 7.6, APIs: 5, Instructions: 107windowCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ByteCharMultiWide$DebugDebuggerMessageOutputPresentString
                              • String ID:
                              • API String ID: 2081025636-0
                              • Opcode ID: c22f15915b93efc3a92d9b2e37207e7c7ee469c0c683229add70c381bf1f02dd
                              • Instruction ID: b4b7599a6184132e442f587406d5ecb7393ef5a1eb06fb05d2d6a4f66243d088
                              • Opcode Fuzzy Hash: c22f15915b93efc3a92d9b2e37207e7c7ee469c0c683229add70c381bf1f02dd
                              • Instruction Fuzzy Hash: B341A122B19B8286E7249F11E464BA963A5FF89B94F045236DEAD07BECDF3CD144C740
                              Function 00007FFDFAFF9FD0 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 37stringCOMMON
                              Download Yara Rule
                              APIs
                              • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,Menu,00007FFDFAFE9322,?,?,?,?,00007FFDFB031C26), ref: 00007FFDFAFF9FF6
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strcmp
                              • String ID: Menu$activeBorderWidth$borderWidth$font
                              • API String ID: 1004003707-4132783353
                              • Opcode ID: b12863c0d814f5b374f7c7f1f9ae3226baee795b6d00b50ad19235a7b26286d2
                              • Instruction ID: cd0177797362b8537fdcafc7164d39f88d7667a7d8f1d1844661613b6e8f028e
                              • Opcode Fuzzy Hash: b12863c0d814f5b374f7c7f1f9ae3226baee795b6d00b50ad19235a7b26286d2
                              • Instruction Fuzzy Hash: 28017162F19A4790EB499B21E4B09B427E1EF49794F485571DD2E4B3F9CE2CA094C240
                              Function 00007FFDFB065970 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 246windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: MenuSystem
                              • String ID: -menu$Attempting to delete master menu when there are still clones
                              • API String ID: 2586368150-512049640
                              • Opcode ID: deb62d257498ea036ef92d89a4f7b9e215270dbaddc8a426b37c663594e031b7
                              • Instruction ID: 3af24cfbc4d033f5b7319cbb192fda68f681cfdfce092368835cf91354d53101
                              • Opcode Fuzzy Hash: deb62d257498ea036ef92d89a4f7b9e215270dbaddc8a426b37c663594e031b7
                              • Instruction Fuzzy Hash: E7C16F36B0AA8B89EB549F15D4616B963A2FB85F94F088132CE6D477ECDF38E441D340
                              Function 00007FFDFABA5964 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: DoubleErr_Float_FromNumericStringUnicode_
                              • String ID: not a numeric character
                              • API String ID: 727557307-2058156748
                              • Opcode ID: f532dc2bb96dbe2ff28e98c00670c108dedd1b2220a3908bee89f269223d6a55
                              • Instruction ID: 53bc265513a6721000fde6c463ef1ea2e0bc84b448716c6cf2622a7590663b0f
                              • Opcode Fuzzy Hash: f532dc2bb96dbe2ff28e98c00670c108dedd1b2220a3908bee89f269223d6a55
                              • Instruction Fuzzy Hash: A7118651B0C64681FF1D4B25D07093853A5AF96B54F95C2B1CE7E4E2D8DF2CE985C200
                              Function 00007FFDFABA4B70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: DecimalDigitErr_FromLongLong_StringUnicode_
                              • String ID: not a decimal
                              • API String ID: 2585962759-3590249192
                              • Opcode ID: 86c193ad73aa52166f1e39ea215d8d269c10652198cec90cd443d69cf9d17061
                              • Instruction ID: b78242089fca980359b264e3a7676566257bc73ed932c46773c3d2821d647309
                              • Opcode Fuzzy Hash: 86c193ad73aa52166f1e39ea215d8d269c10652198cec90cd443d69cf9d17061
                              • Instruction Fuzzy Hash: 16015E26F0CA4681EF1C8B25E474B7872A1EF84B44FD990B0CD2E4E2D8DE2DE8458300
                              Function 00007FFDFABA1F40 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                              • API String ID: 1114863663-87138338
                              • Opcode ID: 28284ee8d92930c45441912fa1ba1437306f5e879eb558367f422bc488895435
                              • Instruction ID: 5683437a5393be82b571366a215e66afd1501da9a20abd420409ff8da8bc7444
                              • Opcode Fuzzy Hash: 28284ee8d92930c45441912fa1ba1437306f5e879eb558367f422bc488895435
                              • Instruction Fuzzy Hash: C661F772B1864246E768CB19A420A7E7692FF80B90F944275EE7D4BADDEF3CD405D700
                              Function 00007FFDFB05BAD0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: memset$CreateDeleteIndirectObjectRect
                              • String ID:
                              • API String ID: 4288220209-0
                              • Opcode ID: 6905ebdbe175a9ee8719490690eb2b53f2b3efc3b9d481c98614f096e3e48d33
                              • Instruction ID: 4f0833f391d94de5fce752f5ee30346f0e08b797ed8dcda701f89a72ff5fe357
                              • Opcode Fuzzy Hash: 6905ebdbe175a9ee8719490690eb2b53f2b3efc3b9d481c98614f096e3e48d33
                              • Instruction Fuzzy Hash: 51318B76706B4686EB24CF21E49096977B4FB9CF80B094136DB9C43BA8DF38E551CB80
                              Function 00007FFDFB04FC10 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 57stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: strncmp
                              • String ID: GIF87a$GIF89a
                              • API String ID: 1114863663-2918331024
                              • Opcode ID: 6f0e60a0124aa59a6e515d735b6ba01009e1ba8a9277e6ae4b75f5bc59e2704b
                              • Instruction ID: 52a0e518e53421fe98aea04efb2db06a92bcfd6878a914ac7ce628e7b5b3d3af
                              • Opcode Fuzzy Hash: 6f0e60a0124aa59a6e515d735b6ba01009e1ba8a9277e6ae4b75f5bc59e2704b
                              • Instruction Fuzzy Hash: 3221F5767097828AD760CF15E440B5AB7A1F789B80F548135EA9C83BA8DF3CE544CF40
                              Function 00007FFDFB081A70 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID:
                              • String ID: index1 ?index2 ...?
                              • API String ID: 0-495126399
                              • Opcode ID: 35c161641239b038143297e810d88c23ed4f8603b2ce2a2e784ff595f2cbd0b1
                              • Instruction ID: 05b755c9eaca8f4cef8ae3499459beabad28e1179d65f0d09d477da84312b0f8
                              • Opcode Fuzzy Hash: 35c161641239b038143297e810d88c23ed4f8603b2ce2a2e784ff595f2cbd0b1
                              • Instruction Fuzzy Hash: F081D462F0AA5382EB149F169520AB92795FF5ABC4F019131CE2E577E9DF3CE580D300
                              Function 00007FFDFB06BC20 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 195COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: ClientScreen
                              • String ID: post$unpost
                              • API String ID: 3917795285-1772890072
                              • Opcode ID: a574c7bd0df232ed8174b8ed72815c4fc6ea071c26b00f26c6dd9359f1727280
                              • Instruction ID: daf2dd99dd7b6306fe5faa659c062843321e1436f6312a7a0e650e2e5df127f3
                              • Opcode Fuzzy Hash: a574c7bd0df232ed8174b8ed72815c4fc6ea071c26b00f26c6dd9359f1727280
                              • Instruction Fuzzy Hash: 39916B77B06A568AEB14DF25D862AAC37B1FB49B88F144136CE1E177A8DF38D441C740
                              Function 00007FFDFB04D9A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 161COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: DeleteObject$_stricmp_strnicmp
                              • String ID: (while configuring image "%s")
                              • API String ID: 3427489091-2813159774
                              • Opcode ID: 9d052b10a66808a33b393410a31caf3f35d5a90062598a2c9c80183009a28a30
                              • Instruction ID: 33acf43681302c8208c62d85d66e63fb7439948e7f29888acfe85ac9f33d5348
                              • Opcode Fuzzy Hash: 9d052b10a66808a33b393410a31caf3f35d5a90062598a2c9c80183009a28a30
                              • Instruction Fuzzy Hash: 318144B6706B42C6DB64CF16E4A4A6973A4FB89FC4B059136DE6D477A8CF38D841C340
                              Function 00007FFDFABA562C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: String$Err_FromUnicode_
                              • String ID: no such name
                              • API String ID: 3678473424-4211486178
                              • Opcode ID: 129cc7050721cfddfca13646680fbe7ee8828310f28690219670def48c3aef9d
                              • Instruction ID: 5e4e4015b3923320bf7e2e5a97b95d90b155be6bc97c09a059fa6e165f00afac
                              • Opcode Fuzzy Hash: 129cc7050721cfddfca13646680fbe7ee8828310f28690219670def48c3aef9d
                              • Instruction Fuzzy Hash: A30112B1B1CA4281FB649B15E830BB963A4FF98B44F840171DE6E4E7D8EF3CD5459600
                              Function 00007FFDFABA4F7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2933993677.00007FFDFABA1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFABA0000, based on PE: true
                              • Associated: 00000002.00000002.2933977173.00007FFDFABA0000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFABA6000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC02000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC4E000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFAC52000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934010402.00007FFDFACAB000.00000002.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934161493.00007FFDFACAF000.00000004.00000001.01000000.00000017.sdmpDownload File
                              • Associated: 00000002.00000002.2934178987.00007FFDFACB1000.00000002.00000001.01000000.00000017.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfaba0000_ultraddos.jbxd
                              Similarity
                              • API ID: DigitErr_StringUnicode_
                              • String ID: not a digit
                              • API String ID: 1987352478-3016634541
                              • Opcode ID: bb7bf96b6d4a3f745f7426781a2ce4b26ba1547d79430d48d0203ac7cead2193
                              • Instruction ID: 3e39c32fb081acc877c9f0903859efbf1a239cee224490cd1f020a87bde26576
                              • Opcode Fuzzy Hash: bb7bf96b6d4a3f745f7426781a2ce4b26ba1547d79430d48d0203ac7cead2193
                              • Instruction Fuzzy Hash: 13F0C091F0890791FF1C4B25947097952A0EF58F48F9864B1CD3E8E6D8DE5DA8958300
                              Function 00007FFDFAFEDB30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000002.00000002.2934720526.00007FFDFAFE1000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFDFAFE0000, based on PE: true
                              • Associated: 00000002.00000002.2934702872.00007FFDFAFE0000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934792958.00007FFDFB0D2000.00000002.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934827139.00007FFDFB116000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934845203.00007FFDFB117000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934864116.00007FFDFB11B000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934881650.00007FFDFB11C000.00000008.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934899243.00007FFDFB11F000.00000004.00000001.01000000.00000012.sdmpDownload File
                              • Associated: 00000002.00000002.2934916829.00007FFDFB120000.00000002.00000001.01000000.00000012.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_2_2_7ffdfafe0000_ultraddos.jbxd
                              Similarity
                              • API ID: DialogWindow
                              • String ID: ::tk::fontchooser
                              • API String ID: 2634769047-3115935596
                              • Opcode ID: 418e4a8e3385eaaf12c8888be82bc752384c0bc89f3eeed8848225989a55003e
                              • Instruction ID: fd65e2629768c6ccabe5049aee6bded7d8b8a64090d4293084b0f2d06bf606a2
                              • Opcode Fuzzy Hash: 418e4a8e3385eaaf12c8888be82bc752384c0bc89f3eeed8848225989a55003e
                              • Instruction Fuzzy Hash: ECE0ED95B1650382FB28AF62D8A4A7513A1EF8DB90B499170CD1D4B6B8DE2CD485D700