Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
8n3W4yKYeB.exe

Overview

General Information

Sample name:8n3W4yKYeB.exe
renamed because original name is a hash value
Original sample name:d434be38db7e05e636622e17661c027948d9eacbd58c9d0def9a6d1c4685553c.exe
Analysis ID:1512626
MD5:89185e2191d0ba5a994e606ce200308f
SHA1:5e471217b0c25915824346111bedbabb6bdf91f6
SHA256:d434be38db7e05e636622e17661c027948d9eacbd58c9d0def9a6d1c4685553c
Tags:96-9-226-111exe
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Allocates memory in foreign processes
Command shell drops VBS files
Contains functionality to register a low level keyboard hook
Hijacks the control flow in another process
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Writes to foreign memory regions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Sigma detected: Use Short Name Path in Command Line
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 8n3W4yKYeB.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\8n3W4yKYeB.exe" MD5: 89185E2191D0BA5A994E606CE200308F)
    • cmd.exe (PID: 7956 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\run.bat" /verysilent" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8012 cmdline: cmd /c "C:\Users\user\AppData\Roaming\windows\run.bat" min MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 8060 cmdline: C:\Windows\system32\cmd.exe /K b.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 8188 cmdline: C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • python.exe (PID: 2020 cmdline: python.exe na.py MD5: 3D44212BBA2D7A88D6C83CE8523BBA88)
              • notepad.exe (PID: 5480 cmdline: C:\Windows\System32\notepad.exe MD5: 27F71B12CB585541885A31BE22F61C83)
        • cmd.exe (PID: 8076 cmdline: C:\Windows\system32\cmd.exe /K startup.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cscript.exe (PID: 4100 cmdline: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs MD5: CB601B41D4C8074BE8A84AED564A94DC)
  • cmd.exe (PID: 6192 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\start.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1028 cmdline: C:\Windows\system32\cmd.exe /K b.bat MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 7612 cmdline: C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • python.exe (PID: 7512 cmdline: python.exe na.py MD5: 3D44212BBA2D7A88D6C83CE8523BBA88)
          • notepad.exe (PID: 1660 cmdline: C:\Windows\System32\notepad.exe MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0x4e8cf:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0x51337:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_5c38878dunknownunknown
  • 0x4f026:$a: 24 48 03 C2 48 89 44 24 28 41 8A 00 84 C0 74 14 33 D2 FF C1
00000018.00000002.2554701460.00000264C6FD0000.00000004.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0xa8af:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
  • 0xa8af:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
  • 0xd317:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmpWindows_Trojan_Donutloader_5c38878dunknownunknown
  • 0xb006:$a: 24 48 03 C2 48 89 44 24 28 41 8A 00 84 C0 74 14 33 D2 FF C1
Click to see the 10 entries

Sigma Signatures

System Summary

barindex
Sigma detected: Script Interpreter Execution From Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K startup.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8076, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, ProcessId: 4100, ProcessName: cscript.exe
Sigma detected: Suspicious Script Execution From Temp Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K startup.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8076, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, ProcessId: 4100, ProcessName: cscript.exe
Sigma detected: WScript or CScript Dropper
Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K startup.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8076, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, ProcessId: 4100, ProcessName: cscript.exe
Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\SysWOW64\cscript.exe, ProcessId: 4100, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows update.lnk
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K startup.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8076, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, ProcessId: 4100, ProcessName: cscript.exe
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Source: Process startedAuthor: Michael Haag: Data: Command: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, CommandLine|base64offset|contains: r+, Image: C:\Windows\SysWOW64\cscript.exe, NewProcessName: C:\Windows\SysWOW64\cscript.exe, OriginalFileName: C:\Windows\SysWOW64\cscript.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K startup.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8076, ParentProcessName: cmd.exe, ProcessCommandLine: cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs, ProcessId: 4100, ProcessName: cscript.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: 8n3W4yKYeB.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: 8n3W4yKYeB.exeReversingLabs: Detection: 65%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.4% probability
Source: 8n3W4yKYeB.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: Binary string: C:\Users\Vinay\Projects\simple_launcher\dist\t64.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: .pdbrc files from the filesystem.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <a class="reference internal" href="#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> class and calling the method of the same name. If you want to source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p id="index-2">If a file <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> exists in the user source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <span class="sig-name descname"><span class="pre">set_trace</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.set_trace" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dd><p><a class="reference internal" href="#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> is the debugger class.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <td><p>Install debugging symbols (<code class="docutils literal notranslate"><span class="pre">*.pdb</span></code>)</p></td> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <li><p>The <a class="reference internal" href="../library/pdb.html#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> class constructor now accepts a <em>nosigint</em> argument.</p></li> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: class _OutputRedirectingPdb(pdb.Pdb): source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - bpo-20523: ``pdb.Pdb`` supports ~/.pdbrc in Windows 7. Patch by Tim Hopper source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <span class="sig-name descname"><span class="pre">run</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">statement</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">globals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">locals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.run" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000004BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: <p>On Windows now <a class="reference internal" href="../library/pdb.html#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> supports <code class="docutils literal notranslate"><span class="pre">~/.pdbrc</span></code>. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - gh-issue-90095: Ignore empty lines and comments in ``.pdbrc`` source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <span class="sig-name descname"><span class="pre">runcall</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">function</span></span></em>, <em class="sig-param"><span class="o"><span class="pre">*</span></span><span class="n"><span class="pre">args</span></span></em>, <em class="sig-param"><span class="o"><span class="pre">**</span></span><span class="n"><span class="pre">kwds</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.runcall" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p>The <a class="reference internal" href="../library/pdb.html#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> class constructor has a new optional <em>readrc</em> argument source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - bpo-28528: Fix a bug in :mod:`pdb` where :meth:`~pdb.Pdb.checkline` raises source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb.set_trace(self, frame) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.runeval"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb(nosigint=True).run("exec(%r)" % src, globs, globs) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: <span class="sig-name descname"><span class="pre">runeval</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">expression</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">globals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">locals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.runeval" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: it is actually defined as the class <a class="reference internal" href="#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a>. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000005414000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb.__init__(self, stdout=out, nosigint=True) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000004C68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: return pdb.Pdb.trace_dispatch(self, *args) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.runcall"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p><span class="versionmodified changed">Changed in version 3.11: </span><code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> is now read with <code class="docutils literal notranslate"><span class="pre">'utf-8'</span></code> encoding. Previously, it was read source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <em class="property"><span class="pre">class</span><span class="w"> </span></em><span class="sig-prename descclassname"><span class="pre">pdb.</span></span><span class="sig-name descname"><span class="pre">Pdb</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">completekey</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">'tab'</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">stdin</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">stdout</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">skip</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">nosigint</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">readrc</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">True</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: in a <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> file; see <a class="reference internal" href="#debugger-commands"><span class="std std-ref">Debugger Commands</span></a>.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> file):</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb.set_continue(self) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000004C68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <li><p>The <a class="reference internal" href="../library/pdb.html#module-pdb" title="pdb: The Python debugger for interactive interpreters."><code class="xref py py-mod docutils literal notranslate"><span class="pre">pdb</span></code></a> module now reads the <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> configuration file with source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p class="audit-hook">Raises an <a class="reference internal" href="sys.html#auditing"><span class="std std-ref">auditing event</span></a> <code class="docutils literal notranslate"><span class="pre">pdb.Pdb</span></code> with no arguments.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <li><p>A <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> script file can contain <code class="docutils literal notranslate"><span class="pre">continue</span></code> and <code class="docutils literal notranslate"><span class="pre">next</span></code> commands source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: breakpoints in :class:`~pdb.Pdb` that raise :exc:`SyntaxError`. Patch by source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - bpo-41137: Use utf-8 encoding while reading .pdbrc files. Patch by source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: display in :class:`~pdb.Pdb` that raise :exc:`SyntaxError`. Patch by Tian source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.run"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :exc:`AttributeError` if it is called after :meth:`~pdb.Pdb.reset`. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - gh-issue-90095: Make .pdbrc and -c work with any valid pdb commands. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> script file.</p></li> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p><span class="versionmodified changed">Changed in version 3.2: </span><code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> can now contain commands that continue debugging, such as source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pythonw.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.set_trace"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: p = pdb.Pdb(nosigint=True) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: whether .pdbrc files should be read. Patch by Martin Matusiak and Sam source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: to control whether <code class="docutils literal notranslate"><span class="pre">.pdbrc</span></code> files should be read.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00409931 ??2@YAPAXI@Z,FindFirstFileW,FindClose,0_2_00409931
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00404402 FindFirstFileW,FindClose,SetLastError,CompareFileTime,0_2_00404402
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00403327 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_00403327
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00403442 FindFirstFileW,FindClose,SetFileAttributesW,DeleteFileW,0_2_00403442
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <span class="k">with</span> <span class="n">closing</span><span class="p">(</span><span class="n">urllib</span><span class="o">.</span><span class="n">urlopen</span><span class="p">(</span><span class="s1">&#39;http://www.yahoo.com&#39;</span><span class="p">))</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> equals www.yahoo.com (Yahoo)
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <span class="sd"> Video: https://www.youtube.com/watch?v=KuXjwB4LzSA</span> equals www.youtube.com (Youtube)
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s video <a class="reference external" href="https://www.youtube.com/watch?v=jG7vhMMXagQ">Pi is (still) equals www.youtube.com (Youtube)
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://catb.org/~esr/trove/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freshmeat.net/releases/52719/&#39;
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hdl.handle.net/1895.22/1013.&quot;
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://magic.io
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocert.org/advisories/ocert-2011-003.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://planet.python.org/rss10.xml&#39;
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python-requests.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://speleotrove.com/decimal/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timgolden.me.uk/python/win32_how_do_i.html
Source: 8n3W4yKYeB.exe, 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://usbtor.ru/viewtopic.php?t=798)R
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://worldtimeapi.org/api/timezone/etc/UTC.txt&#39;
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.atheos.cx/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.indowsway.com/floatingpoint.htm
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lahey.com/float.htm
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oreillynet.com/meerkat/xml-rpc/server.php&#39;
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phyast.pitt.edu/~micheles/mro.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org&#39;
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pythonlabs.com/logos.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yahoo.com&#39;
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zlib.net
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zlib.net/manual.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xmlrpc.scripting.com/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zooko.com/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://...
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://131002.net/siphash/siphash24.c)
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/nugetclidl
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aquamacs.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://beeware.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bpython-interpreter.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://briefcase.readthedocs.io
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242274
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.jython.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue26903.
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1001604
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1158
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1193128
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1221598
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1381
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1444529
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1473257
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1491866
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1507
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1537
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1591665
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1631171
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1635
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1638033
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1640
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1686487
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1700288
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1736190
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1739468
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1739906
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1817
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1819
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=1878
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=2138
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=2196
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=2235
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=2573
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=2719
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=2819
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=3008
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=3473
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=600362
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.redhat.com/show_bug.cgi?id=1866884
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.19.3910
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://code.activestate.com/recipes/langs/python/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://conservatory.scheme.org/schemers/Documents/Standards/R5RS/HTML/r5rs-Z-H-9.html#%_sec_6.2
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40217
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cwe.mitre.org/data/definitions/295.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cx-freeze.readthedocs.io/en/latest/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cygwin.com/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cygwin.com/packages/summary/python3.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc2104.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc2342.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc2487.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc2822.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc3548.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc4122.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc822.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer-old.gnome.org/glib/2.26/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/documentation/macos-release-notes/macos-12_3-release-notes#Python
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/library/archive/qa/qa1067/_index.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devguide.python.org/documenting/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://devguide.python.org/setup/#get-the-source-code
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.fedoraproject.org/en-US/package-maintainers/Packaging_Tutorial_GNU_Hello/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/2.2/lib/lib.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/2.2/ref/ref.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/_static/og-image.png
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/__future__.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/__main__.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/_thread.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/zoneinfo.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/license.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/py-modindex.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/compound_stmts.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/datamodel.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/executionmodel.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/expressions.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/grammar.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/import.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/index.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/introduction.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/lexical_analysis.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/simple_stmts.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/toplevel_components.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/search.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/appendix.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/appetite.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/classes.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/controlflow.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/datastructures.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/errors.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/floatingpoint.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/index.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/inputoutput.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/interactive.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/interpreter.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/introduction.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/modules.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/stdlib.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/stdlib2.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/venv.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/tutorial/whatnow.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/using/cmdline.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/using/configure.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/using/editors.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/using/index.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/using/mac.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/using/unix.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/using/windows.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/whatsnew/2.0.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/whatsnew/2.1.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/whatsnew/2.2.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/whatsnew/2.3.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/whatsnew/2.4.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/whatsnew/2.5.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/whatsnew/2.6.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/zh-cn/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docutils.sourceforge.io
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://en.cppreference.com/w/c/11
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://en.opensuse.org/Portal:Packaging
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fishshell.com/docs/current/cmds/source.html.
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/IronLanguages/ironpython3/issues/1667).
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/MagicStack/immutables/issues/84
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/MagicStack/uvloop/tree/v0.16.0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/bytecodealliance/wasmtime/issues/7830).
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/faster-cpython/ideas/blob/main/3.12/interpreter_definition.md
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/gvanrossum/old-demos
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/hacl-star/hacl-star
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/hacl-star/hacl-star/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/libexpat/libexpat/issues/115
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/llvm/llvm-project/tree/main/bolt
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/majek/csiphash/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/100
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/library/__future__.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/library/__main__.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/library/_thread.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/library/zlib.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/library/zoneinfo.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/license.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/compound_stmts.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/datamodel.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/executionmodel.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/expressions.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/grammar.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/import.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/index.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/introduction.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/lexical_analysis.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/simple_stmts.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/reference/toplevel_components.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/appendix.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/appetite.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/classes.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/controlflow.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/datastructures.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/errors.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/floatingpoint.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/index.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/inputoutput.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/interactive.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/interpreter.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/introduction.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/modules.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/stdlib.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/stdlib2.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/venv.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/tutorial/whatnow.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/using/cmdline.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/using/configure.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/using/editors.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/using/index.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/using/mac.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/using/unix.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/using/windows.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/whatsnew/2.0.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/whatsnew/2.1.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/whatsnew/2.2.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/whatsnew/2.3.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/whatsnew/2.4.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/whatsnew/2.5.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/main/Doc/whatsnew/2.6.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/65320
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/71542
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/tree/3.12/Grammar/python.gram
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/tree/3.12/Lib/__future__.py
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/tree/3.12/Lib/asyncio/base_events.py
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/tree/3.12/Lib/zoneinfo
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/tree/3.12/README.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/peps/pull/689
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/pyperformance
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/pythondotorg/issues/945)
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/typed_ast).
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/typing/issues/751
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/typing:
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tiran/cpython_autoconf
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/python-devs/importlib_metadata/-/milestones/20
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/python-devs/importlib_metadata/blob/0.21/importlib_metadata/docs/changelog.rst
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.com/warsaw/pynche
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.python.org/cpython/file/default/Objects/obmalloc.c
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://idlefork.sourceforge.net
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/history.html#v1-5-0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/history.html#v3-7-0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/history.html#v5-12-0
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/NEWS.html#index-t20170401).
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipython.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ironpython.net/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000008484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jvns.ca/blog/2023/01/13/examples-of-floating-point-problems/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://kivy.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://launchpad.net/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://macromates.com
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://macvim.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/archives/list/python-dev
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/archives/list/python-dev&#64;python.org/message/CLVXXPQ2T2LQ5MP2Y53VVQFCXYWQ
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/archives/list/python-dev&#64;python.org/message/VIZEBX5EYMSYIJNDBF6DMUMZOCWH
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/pipermail/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/pipermail/python-dev/2001-January/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/pipermail/python-dev/2002-December/031107.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/pipermail/python-dev/2002-October/029035.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://man7.org/linux/man-pages/man7/network_namespaces.7.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ogp.me/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opensource.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/tutorials/installing-packages/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/tutorials/packaging-projects/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0001/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0005/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0007/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0008/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0011/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0100/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0201/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0207/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0208/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0217/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0218/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0227/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0229/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0230/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0232/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0234/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0236/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0237/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0238/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0241/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0243/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0249/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0252/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0253/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0255/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0261/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0264/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0273/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0277/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0278/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0279/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0282/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0285/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0288/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0289/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0292/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0293/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0301/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0302/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0305/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0307/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0308/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0309/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0314/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0318/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0322/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0324/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0325/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0327/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0328/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0331/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0333/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0338/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0339/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0341/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0342/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0343/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0347/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0352/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0353/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0356/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0357/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0361/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0366/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0370/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0371/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0380/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0397/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0414/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0420/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0448/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0451/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0479/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0484/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0488/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0492/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0495/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0498/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0514/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0525/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0526/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0528/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0529/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0530/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0538/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0560/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0562/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0563/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0570/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0572/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0614/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0615/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0617/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0626/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0634/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0636/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0649/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0688/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0695/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3000/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3100/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3101/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3104/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3105/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3107/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3110/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3112/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3115/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3116/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3118/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3119/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3120/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3127/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3129/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3131/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3132/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3135/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3141/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-3147/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pip.pypa.io/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pybsddb.sourceforge.net
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyinstaller.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pylib.readthedocs.io/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/py2app/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/pyobjc/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/pywin32
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/sphinx-lint/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/tzdata/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://python.visualstudio.com/cpython
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pythonce.sourceforge.net/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pythonnet.github.io/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyunit.sourceforge.net/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyvideo.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pyxml.sourceforge.net/topics/howto/xml-howto.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qt.io
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.freebsd.org/D41751
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riverbankcomputing.com/software/pyqt/intro
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://roundup.sourceforge.io/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scan.coverity.com
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scipy.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://slackbook.org/html/package-management-making-packages.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/p/expat/bugs/537/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/python/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/sox/files/sox/12.17.7/sox-12.17.7.tar.gz
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://speleotrove.com/decimal/decarith.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sphinxext-opengraph.readthedocs.io/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.apple.com/en-gb/guide/deployment/depce7cefc4d/web
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.enthought.com/hc/en-us/articles/360038600051-Canopy-GUI-end-of-life-transition-to-th
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://svn.python.org/view/tracker/importer/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiswww.case.edu/php/chet/readline/rltop.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://toga.readthedocs.io
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://trac.edgewall.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unix.org/version2/whatsnew/lp64_wp.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://upfrontsoftware.co.za
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20060524042422/https://www.python.org/windows/pythonwin/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20090130140102/http://www.vex.net/parnassus/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20160321211320/http://www.sidhe.org/~dan/blog/archives/000178.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20160331090247/http://wsgi.readthedocs.org/en/latest/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20180309043602/https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20180410025338/http://starship.python.net/crew/theller/ctypes/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20201124024954/http://effbot.org/zone/element-index.htm
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20220517033456/http://www.netlib.org/fp/dtoa.c
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.python.org/moin/GuiProgramming
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.python.org/moin/IntegratedDevelopmentEnvironments
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.python.org/moin/MacPython
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.python.org/moin/PythonDecoratorLibrary
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.python.org/moin/PythonEditors
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winpython.github.io/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.activestate.com
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.activestate.com/products/python/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anaconda.com/download/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.atlassian.com/software/jira/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.barebones.com/products/bbedit/index.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.blake2.net/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.boddie.org.uk/python/COM.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cnri.reston.va.us/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cwi.nl/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cwi.nl/)
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.debian.org/doc/manuals/maint-guide/first.en.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.enthought.com/edm/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/software/guile/manual/html_node/Numerical-Tower.html#Numerical-Tower
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hashcollision.org/hkn/python/idle_intro/index.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.haskell.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.jcea.es/programacion/pybsddb.htm
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.jython.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.linuxjournal.com/article/7356
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/python
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/pythonx86
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html.
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/news/secadv/20230207.txt
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/source/openssl-VERSION.tar.gz
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pypy.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pysqlite.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005284000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005284000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/community/sigs/current/distutils-sig/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/community/sigs/current/pythonmac-sig/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/community/sigs/current/xml-sig
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0007/#documentation-strings
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/doc/essays/packages/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/downloads/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/downloads/macos/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/downloads/source/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/downloads/windows/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/donations/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000005414000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005284000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000005414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org:
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.qt.io/qt-for-python
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sphinx-doc.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sphinx-doc.org/en/master/examples.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tcl.tk
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/15.0.0/ucd/DerivedCoreProperties.txt
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/15.0.0/ucd/NameAliases.txt
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/15.0.0/ucd/PropList.txt
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wide.ad.jp/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.wxpython.org
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.zope.org/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.cs.arizona.edu/icon/
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.cs.arizona.edu/icon/docs/ipd266.htm
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xlinux.nist.gov/dads//HTML/priorityque.html
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://zipp.readthedocs.io/en/latest/history.html#v3-14-0

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00408D9C SetWindowsHookExW 00000002,Function_00008D6E,00000000,000000000_2_00408D9C

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Source: 00000018.00000002.2554701460.00000264C6FD0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Source: 00000017.00000002.2558712756.000001F77B44C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000017.00000002.2558712756.000001F77B44C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Source: 0000000E.00000002.2559039165.0000023FB0410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000000E.00000002.2559039165.0000023FB0410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Source: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Source: 0000000E.00000003.1575854995.0000023FAEBCD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 0000000E.00000003.1575854995.0000023FAEBCD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Source: 00000017.00000003.1721088072.000001F77B3DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000017.00000003.1721088072.000001F77B3DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d Author: unknown
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_004060240_2_00406024
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041A8360_2_0041A836
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_004171F60_2_004171F6
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041C8730_2_0041C873
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040B1400_2_0040B140
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040B9A00_2_0040B9A0
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040AAA00_2_0040AAA0
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040B3500_2_0040B350
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040A3F00_2_0040A3F0
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041543A0_2_0041543A
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040C4E00_2_0040C4E0
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041C5010_2_0041C501
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041BD000_2_0041BD00
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041C5DB0_2_0041C5DB
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040A5B00_2_0040A5B0
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_004107400_2_00410740
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_004057290_2_00405729
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0040FFD80_2_0040FFD8
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE3F5014_2_00007FFB23AE3F50
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE1F5014_2_00007FFB23AE1F50
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE2ED014_2_00007FFB23AE2ED0
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE27A014_2_00007FFB23AE27A0
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE39F014_2_00007FFB23AE39F0
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE32E014_2_00007FFB23AE32E0
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AF530C14_2_00007FFB23AF530C
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AF328014_2_00007FFB23AF3280
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23B17CA014_2_00007FFB23B17CA0
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_0000023FAEC1B92314_2_0000023FAEC1B923
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_0000023FAEC1C17B14_2_0000023FAEC1C17B
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_0000023FAEC1BD4314_2_0000023FAEC1BD43
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_0000023FAEC1ACFB14_2_0000023FAEC1ACFB
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_0000023FAEC1C60314_2_0000023FAEC1C603
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_0000023FB08618B014_2_0000023FB08618B0
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 23_2_000001F77B42E18B23_2_000001F77B42E18B
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 23_2_000001F77B42D93323_2_000001F77B42D933
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 23_2_000001F77B42DD5323_2_000001F77B42DD53
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 23_2_000001F77B42CD0B23_2_000001F77B42CD0B
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 23_2_000001F77B42E61323_2_000001F77B42E613
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 23_2_000001F77CCF18B023_2_000001F77CCF18B0
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: String function: 00404F59 appears 41 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythonw.exe. vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamet64.exe@ vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7ZSfxMod_x86.exeN vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000004D08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamet64.exe@ vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythonw.exe. vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamet64.exe@ vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs 8n3W4yKYeB.exe
Source: 8n3W4yKYeB.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: 00000018.00000002.2554701460.00000264C6FD0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: 00000017.00000002.2558712756.000001F77B44C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000017.00000002.2558712756.000001F77B44C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: 0000000E.00000002.2559039165.0000023FB0410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000000E.00000002.2559039165.0000023FB0410000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: 0000000E.00000003.1575854995.0000023FAEBCD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 0000000E.00000003.1575854995.0000023FAEBCD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: 00000017.00000003.1721088072.000001F77B3DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000017.00000003.1721088072.000001F77B3DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_5c38878d os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 3b55ec6c37891880b53633b936d10f94d2b806db1723875e4ac95f8a34d97150, id = 5c38878d-ca94-4fd9-a36e-1ae5fe713ca2, last_modified = 2021-01-13
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000008484000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .SLN``r
Source: classification engineClassification label: mal100.spyw.evad.winEXE@35/1029@0/0
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00409684 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,0_2_00409684
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_004023DF GetDiskFreeSpaceExW,SendMessageW,0_2_004023DF
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00409332 GetDlgItem,GetDlgItem,SendMessageW,GetDlgItem,GetDlgItem,GetWindowLongW,GetDlgItem,SetWindowLongW,GetSystemMenu,EnableMenuItem,GetDlgItem,SetFocus,SetTimer,CoCreateInstance,GetDlgItem,IsWindow,GetDlgItem,EnableWindow,GetDlgItem,ShowWindow,0_2_00409332
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00403908 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,GetProcAddress,GetProcAddress,wsprintfW,GetProcAddress,0_2_00403908
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeFile created: C:\Users\user\AppData\Roaming\windowsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7964:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8020:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7268:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8068:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2032:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8092:120:WilError_03
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbsJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\run.bat" /verysilent"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs
Source: 8n3W4yKYeB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 8n3W4yKYeB.exeReversingLabs: Detection: 65%
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeFile read: C:\Users\user\Desktop\8n3W4yKYeB.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\8n3W4yKYeB.exe "C:\Users\user\Desktop\8n3W4yKYeB.exe"
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\run.bat" /verysilent"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Roaming\windows\run.bat" min
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K b.bat
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K startup.bat
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\windows\python.exe python.exe na.py
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs
Source: C:\Users\user\AppData\Roaming\windows\python.exeProcess created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exe
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\start.bat" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K b.bat
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\windows\python.exe python.exe na.py
Source: C:\Users\user\AppData\Roaming\windows\python.exeProcess created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exe
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\run.bat" /verysilent"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Roaming\windows\run.bat" min Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K b.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K startup.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbsJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\windows\python.exe python.exe na.pyJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeProcess created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K b.bat
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\windows\python.exe python.exe na.py
Source: C:\Users\user\AppData\Roaming\windows\python.exeProcess created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exe
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: python312.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: scrobj.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: scrrun.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: python312.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: libffi-8.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\windows\python.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
Source: windows update.lnk.15.drLNK file: ..\..\..\..\..\windows\start.bat
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 8n3W4yKYeB.exeStatic file information: File size 18997115 > 1048576
Source: Binary string: C:\Users\Vinay\Projects\simple_launcher\dist\t64.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: .pdbrc files from the filesystem.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <a class="reference internal" href="#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> class and calling the method of the same name. If you want to source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p id="index-2">If a file <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> exists in the user source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <span class="sig-name descname"><span class="pre">set_trace</span></span><span class="sig-paren">(</span><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.set_trace" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dd><p><a class="reference internal" href="#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> is the debugger class.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <td><p>Install debugging symbols (<code class="docutils literal notranslate"><span class="pre">*.pdb</span></code>)</p></td> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <li><p>The <a class="reference internal" href="../library/pdb.html#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> class constructor now accepts a <em>nosigint</em> argument.</p></li> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: class _OutputRedirectingPdb(pdb.Pdb): source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - bpo-20523: ``pdb.Pdb`` supports ~/.pdbrc in Windows 7. Patch by Tim Hopper source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <span class="sig-name descname"><span class="pre">run</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">statement</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">globals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">locals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.run" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000004BD0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: <p>On Windows now <a class="reference internal" href="../library/pdb.html#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> supports <code class="docutils literal notranslate"><span class="pre">~/.pdbrc</span></code>. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - gh-issue-90095: Ignore empty lines and comments in ``.pdbrc`` source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <span class="sig-name descname"><span class="pre">runcall</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">function</span></span></em>, <em class="sig-param"><span class="o"><span class="pre">*</span></span><span class="n"><span class="pre">args</span></span></em>, <em class="sig-param"><span class="o"><span class="pre">**</span></span><span class="n"><span class="pre">kwds</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.runcall" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p>The <a class="reference internal" href="../library/pdb.html#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a> class constructor has a new optional <em>readrc</em> argument source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - bpo-28528: Fix a bug in :mod:`pdb` where :meth:`~pdb.Pdb.checkline` raises source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb.set_trace(self, frame) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.runeval"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb(nosigint=True).run("exec(%r)" % src, globs, globs) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: <span class="sig-name descname"><span class="pre">runeval</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">expression</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">globals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">locals</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb.runeval" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: it is actually defined as the class <a class="reference internal" href="#pdb.Pdb" title="pdb.Pdb"><code class="xref py py-class docutils literal notranslate"><span class="pre">Pdb</span></code></a>. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000005414000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb.__init__(self, stdout=out, nosigint=True) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000004C68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: return pdb.Pdb.trace_dispatch(self, *args) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.runcall"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p><span class="versionmodified changed">Changed in version 3.11: </span><code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> is now read with <code class="docutils literal notranslate"><span class="pre">'utf-8'</span></code> encoding. Previously, it was read source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <em class="property"><span class="pre">class</span><span class="w"> </span></em><span class="sig-prename descclassname"><span class="pre">pdb.</span></span><span class="sig-name descname"><span class="pre">Pdb</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="n"><span class="pre">completekey</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">'tab'</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">stdin</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">stdout</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">skip</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">None</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">nosigint</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">False</span></span></em>, <em class="sig-param"><span class="n"><span class="pre">readrc</span></span><span class="o"><span class="pre">=</span></span><span class="default_value"><span class="pre">True</span></span></em><span class="sig-paren">)</span><a class="headerlink" href="#pdb.Pdb" title="Link to this definition"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: in a <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> file; see <a class="reference internal" href="#debugger-commands"><span class="std std-ref">Debugger Commands</span></a>.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> file):</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdb.set_continue(self) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561047809.0000000008C90000.00000004.00001000.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1561234487.0000000008E50000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.0000000004C68000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <li><p>The <a class="reference internal" href="../library/pdb.html#module-pdb" title="pdb: The Python debugger for interactive interpreters."><code class="xref py py-mod docutils literal notranslate"><span class="pre">pdb</span></code></a> module now reads the <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> configuration file with source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p class="audit-hook">Raises an <a class="reference internal" href="sys.html#auditing"><span class="std std-ref">auditing event</span></a> <code class="docutils literal notranslate"><span class="pre">pdb.Pdb</span></code> with no arguments.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <li><p>A <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> script file can contain <code class="docutils literal notranslate"><span class="pre">continue</span></code> and <code class="docutils literal notranslate"><span class="pre">next</span></code> commands source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: breakpoints in :class:`~pdb.Pdb` that raise :exc:`SyntaxError`. Patch by source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - bpo-41137: Use utf-8 encoding while reading .pdbrc files. Patch by source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: display in :class:`~pdb.Pdb` that raise :exc:`SyntaxError`. Patch by Tian source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.run"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: :exc:`AttributeError` if it is called after :meth:`~pdb.Pdb.reset`. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: - gh-issue-90095: Make .pdbrc and -c work with any valid pdb commands. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> script file.</p></li> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <p><span class="versionmodified changed">Changed in version 3.2: </span><code class="file docutils literal notranslate"><span class="pre">.pdbrc</span></code> can now contain commands that continue debugging, such as source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pythonw.pdb source: 8n3W4yKYeB.exe, 00000000.00000003.1561346258.00000000056A5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: <dt class="sig sig-object py" id="pdb.Pdb.set_trace"> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: p = pdb.Pdb(nosigint=True) source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: whether .pdbrc files should be read. Patch by Martin Matusiak and Sam source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: The standard debugger class (pdb.Pdb) is an example. source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: to control whether <code class="docutils literal notranslate"><span class="pre">.pdbrc</span></code> files should be read.</p> source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00407E2D LoadLibraryA,GetProcAddress,GetWindow,GetWindow,GetDlgItem,GetWindow,0_2_00407E2D
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041C1C0 push eax; ret 0_2_0041C1EE
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_0041BEF0 push ecx; mov dword ptr [esp], ecx0_2_0041BEF1

Persistence and Installation Behavior

barindex
Command shell drops VBS files
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbsJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeFile created: C:\Users\user\AppData\Roaming\windows\DLLs\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeFile created: C:\Users\user\AppData\Roaming\windows\DLLs\winsound.pydJump to dropped file
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeFile created: C:\Users\user\AppData\Roaming\windows\DLLs\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeFile created: C:\Users\user\AppData\Roaming\windows\DLLs\select.pydJump to dropped file
Source: C:\Windows\SysWOW64\cscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows update.lnkJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows update.lnkJump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\windows\DLLs\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\windows\DLLs\winsound.pydJump to dropped file
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\windows\DLLs\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\windows\DLLs\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\windows\python.exeAPI coverage: 2.3 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00409931 ??2@YAPAXI@Z,FindFirstFileW,FindClose,0_2_00409931
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00404402 FindFirstFileW,FindClose,SetLastError,CompareFileTime,0_2_00404402
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00403327 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_00403327
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00403442 FindFirstFileW,FindClose,SetFileAttributesW,DeleteFileW,0_2_00403442
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE2E00 Sleep,GetSystemInfo,abort,14_2_00007FFB23AE2E00
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\
Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: for better performance. On Windows Subsystem for Linux and QEMU User
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: on Windows Hyper-V hosts and guests.
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: - gh-issue-92658: Add support for connecting and binding to Hyper-V sockets
Source: 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: test_functools hanging on the Android armv7 qemu emulator.
Source: C:\Users\user\AppData\Roaming\windows\python.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FF7C11017A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF7C11017A8
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00407E2D LoadLibraryA,GetProcAddress,GetWindow,GetWindow,GetDlgItem,GetWindow,0_2_00407E2D
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FF7C11012B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FF7C11012B4
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FF7C11017A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FF7C11017A8
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FF7C1101950 SetUnhandledExceptionFilter,14_2_00007FF7C1101950
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE4D20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FFB23AE4D20
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AE52F0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FFB23AE52F0
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AF5F9C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FFB23AF5F9C
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23AF6530 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_00007FFB23AF6530
Source: C:\Users\user\AppData\Roaming\windows\python.exeCode function: 14_2_00007FFB23B20AA8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_00007FFB23B20AA8

HIPS / PFW / Operating System Protection Evasion

barindex
Allocates memory in foreign processes
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory allocated: C:\Windows\System32\notepad.exe base: 1BD34AF0000 protect: page read and writeJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory allocated: C:\Windows\System32\notepad.exe base: 264C6FD0000 protect: page read and write
Hijacks the control flow in another process
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: PID: 5480 base: 1BD34AF00B2 value: FFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: PID: 5480 base: 1BD34AF0165 value: E9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: PID: 1660 base: 264C6FD00B2 value: FF
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: PID: 1660 base: 264C6FD0165 value: E9
Writes to foreign memory regions
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0001Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0002Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0003Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0004Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0005Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0006Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0007Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0008Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0009Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF000AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF000BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF000CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF000DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF000EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF000FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0010Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0011Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0012Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0013Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0014Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0015Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0016Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0017Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0018Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0019Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF001AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF001BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF001CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF001DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF001EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF001FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0020Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0021Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0022Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0023Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0024Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0025Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0026Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0027Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0028Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0029Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF002AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF002BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF002CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF002DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF002EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF002FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0030Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0031Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0032Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0033Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0034Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0035Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0036Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0037Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0038Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0039Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF003AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF003BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF003CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF003DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF003EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF003FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0040Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0041Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0042Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0043Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0044Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0045Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0046Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0047Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0048Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0049Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF004AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF004BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF004CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF004DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF004EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF004FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0050Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0051Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0052Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0053Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0054Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0055Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0056Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0057Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0058Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0059Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF005AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF005BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF005CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF005DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF005EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF005FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0060Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0061Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0062Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0063Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0064Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0065Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0066Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0067Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0068Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0069Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF006AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF006BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF006CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF006DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF006EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF006FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0070Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0071Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0072Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0073Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0074Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0075Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0076Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0077Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0078Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0079Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF007AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF007BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF007CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF007DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF007EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF007FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0080Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0081Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0082Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0083Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0084Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0085Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0086Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0087Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0088Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0089Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF008AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF008BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF008CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF008DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF008EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF008FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0090Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0091Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0092Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0093Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0094Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0095Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0096Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0097Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0098Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0099Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF009AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF009BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF009CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF009DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF009EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF009FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00A9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00AAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00ABJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00ACJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00ADJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00AEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00AFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00B9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00BAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00BBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00BCJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00BDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00BEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00BFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00C9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00CAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00CBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00CCJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00CDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00CEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00CFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00D9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00DAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00DBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00DCJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00DDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00DEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00DFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00E9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00EAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00EBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00ECJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00EDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00EEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00EFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00F9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00FAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00FBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00FCJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00FDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00FEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF00FFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0100Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0101Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0102Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0103Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0104Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0105Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0106Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0107Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0108Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0109Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF010AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF010BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF010CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF010DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF010EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF010FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0110Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0111Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0112Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0113Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0114Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0115Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0116Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0117Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0118Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0119Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF011AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF011BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF011CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF011DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF011EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF011FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0120Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0121Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0122Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0123Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0124Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0125Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0126Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0127Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0128Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0129Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF012AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF012BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF012CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF012DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF012EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF012FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0130Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0131Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0132Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0133Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0134Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0135Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0136Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0137Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0138Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0139Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF013AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF013BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF013CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF013DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF013EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF013FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0140Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0141Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0142Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0143Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0144Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0145Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0146Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0147Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0148Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0149Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF014AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF014BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF014CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF014DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF014EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF014FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0150Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0151Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0152Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0153Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0154Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0155Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0156Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0157Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0158Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0159Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF015AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF015BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF015CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF015DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF015EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF015FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0160Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0161Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0162Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0163Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0164Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0165Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0166Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0167Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0168Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0169Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF016AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF016BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF016CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF016DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF016EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF016FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0170Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0171Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0172Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0173Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0174Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0175Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0176Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0177Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0178Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0179Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF017AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF017BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF017CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF017DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF017EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF017FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0180Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0181Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0182Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0183Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0184Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0185Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0186Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0187Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0188Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0189Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF018AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF018BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF018CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF018DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF018EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF018FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0190Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0191Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0192Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0193Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0194Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0195Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0196Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0197Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0198Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF0199Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF019AJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF019BJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF019CJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF019DJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF019EJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF019FJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01A9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01AAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01ABJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01ACJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01ADJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01AEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01AFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01B9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01BAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01BBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01BCJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01BDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01BEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01BFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01C9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01CAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01CBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01CCJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01CDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01CEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01CFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01D9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01DAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01DBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01DCJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01DDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01DEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01DFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E3Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E4Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E5Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E6Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E7Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E8Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01E9Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01EAJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01EBJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01ECJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01EDJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01EEJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01EFJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01F0Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01F1Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01F2Jump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeMemory written: C:\Windows\System32\notepad.exe base: 1BD34AF01F3Jump to behavior
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\run.bat" /verysilent"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Roaming\windows\run.bat" min Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K b.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K startup.batJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cscript.exe cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbsJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\windows\python.exe python.exe na.pyJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeProcess created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exeJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K b.bat
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\windows\python.exe python.exe na.py
Source: C:\Users\user\AppData\Roaming\windows\python.exeProcess created: C:\Windows\System32\notepad.exe C:\Windows\System32\notepad.exe
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00403F0A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00403F0A
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,0_2_00403CE0
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\aliases.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\aliases.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\aliases.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\aliases.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_8.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\utf_8.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\utf_8.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp1252.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\cp1252.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\cp1252.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\site-packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\site-packages VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\types.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\types.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\types.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\types.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\struct.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\struct.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\struct.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\_endian.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\_endian.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\base64.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\base64.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\base64.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\enum.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\enum.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\enum.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\enum.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\operator.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\operator.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\operator.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\functools.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\functools.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\functools.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\functools.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__pycache__\__init__.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\keyword.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\keyword.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\keyword.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\keyword.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\reprlib.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\reprlib.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\reprlib.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_compiler.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_compiler.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_compiler.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_compiler.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_parser.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_parser.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_parser.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_constants.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_constants.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_constants.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_casefix.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_casefix.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_casefix.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\copyreg.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\copyreg.py VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\copyreg.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\copyreg.cpython-312.pyc VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cscript.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\aliases.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\aliases.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\utf_8.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\utf_8.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\cp1252.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\cp1252.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\site-packages VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\na.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\types.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\types.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\types.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\types.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs\_ctypes.pyd VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\struct.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\struct.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\struct.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\struct.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\_endian.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\_endian.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\_endian.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\ctypes\__pycache__\_endian.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\base64.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\base64.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\base64.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\base64.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\enum.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\enum.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\enum.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\enum.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\operator.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\operator.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\operator.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\operator.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\functools.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\functools.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\functools.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\functools.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__init__.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\collections\__pycache__\__init__.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\keyword.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\keyword.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\keyword.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\keyword.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\reprlib.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\reprlib.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\reprlib.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_compiler.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_compiler.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_compiler.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_compiler.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_parser.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_parser.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_parser.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_parser.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_constants.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_constants.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_constants.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_constants.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\_casefix.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_casefix.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\re\__pycache__\_casefix.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\DLLs VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\copyreg.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\copyreg.py VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\copyreg.cpython-312.pyc VolumeInformation
Source: C:\Users\user\AppData\Roaming\windows\python.exeQueries volume information: C:\Users\user\AppData\Roaming\windows\Lib\__pycache__\copyreg.cpython-312.pyc VolumeInformation
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_004028F2 ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??3@YAXPAX@Z,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,0_2_004028F2
Source: C:\Users\user\Desktop\8n3W4yKYeB.exeCode function: 0_2_00406024 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z,KiUserCallbackDispatcher,GetVersionExW,GetCommandLineW,GetCommandLineW,GetCommandLineW,wsprintfW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,??3@YAXPAX@Z,lstrlenW,GetCommandLineW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,_wtol,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,0_2_00406024
Source: C:\Windows\SysWOW64\cscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information12
Scripting		Valid Accounts1
Native API		12
Scripting		311
Process Injection		1
Masquerading		11
Input Capture		1
System Time Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job2
Registry Run Keys / Startup Folder		2
Registry Run Keys / Startup Folder		311
Process Injection		LSASS Memory11
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets26
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1512626 Sample: 8n3W4yKYeB.exe Startdate: 17/09/2024 Architecture: WINDOWS Score: 100 73 Malicious sample detected (through community Yara rule) 2->73 75 Antivirus / Scanner detection for submitted sample 2->75 77 Multi AV Scanner detection for submitted file 2->77 79 4 other signatures 2->79 11 8n3W4yKYeB.exe 1002 2->11         started        15 cmd.exe 2->15         started        process3 file4 59 C:\Users\user\AppData\...\_zoneinfo.py, Python 11->59 dropped 61 C:\Users\user\AppData\Roaming\...\__init__.py, Python 11->61 dropped 63 C:\Users\user\AppData\...\zipimport.py, Python 11->63 dropped 65 421 other files (none is malicious) 11->65 dropped 87 Contains functionality to register a low level keyboard hook 11->87 17 cmd.exe 1 11->17         started        19 cmd.exe 15->19         started        21 conhost.exe 15->21         started        signatures5 process6 process7 23 cmd.exe 1 17->23         started        25 conhost.exe 17->25         started        27 cmd.exe 19->27         started        29 conhost.exe 19->29         started        process8 31 cmd.exe 1 23->31         started        33 cmd.exe 2 23->33         started        36 conhost.exe 23->36         started        38 python.exe 27->38         started        40 conhost.exe 27->40         started        signatures9 42 cmd.exe 1 31->42         started        44 conhost.exe 31->44         started        67 Command shell drops VBS files 33->67 46 cscript.exe 3 33->46         started        48 conhost.exe 33->48         started        69 Hijacks the control flow in another process 38->69 71 Allocates memory in foreign processes 38->71 50 notepad.exe 38->50         started        process10 process11 52 python.exe 1 42->52         started        55 conhost.exe 42->55         started        signatures12 81 Hijacks the control flow in another process 52->81 83 Writes to foreign memory regions 52->83 85 Allocates memory in foreign processes 52->85 57 notepad.exe 52->57         started        process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
8n3W4yKYeB.exe66%ReversingLabsWin32.Hacktool.PyCrypt
8n3W4yKYeB.exe100%AviraTR/PyFileCoder.vauvq

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\windows\DLLs\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\DLLs\select.pyd0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\DLLs\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\DLLs\winsound.pyd0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_aix_support.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_collections_abc.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_compression.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_markupbase.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_osx_support.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_py_abc.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_pydatetime.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_pyio.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\_pylong.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\__init__.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp737.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp775.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp850.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp852.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp855.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp856.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp857.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp858.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp860.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp861.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp862.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp863.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp864.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp865.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp866.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp869.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp874.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp875.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\hex_codec.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\hp_roman8.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\idna.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_1.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_10.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_11.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_13.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_14.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_15.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_16.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_2.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_3.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_4.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_5.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_6.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_7.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_8.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_9.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\koi8_r.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\koi8_t.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\koi8_u.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\kz1048.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\latin_1.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_croatian.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_cyrillic.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_greek.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_iceland.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_latin2.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_roman.py0%ReversingLabs
C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_romanian.py0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://peps.python.org/pep-0528/0%Avira URL Cloudsafe
https://scan.coverity.com0%Avira URL Cloudsafe
http://freshmeat.net/releases/52719/&#39;0%Avira URL Cloudsafe
https://datatracker.ietf.org/doc/html/rfc4122.html0%Avira URL Cloudsafe
https://packaging.python.org/0%Avira URL Cloudsafe
https://www.barebones.com/products/bbedit/index.html0%Avira URL Cloudsafe
https://packaging.python.org/en/latest/tutorials/packaging-projects/0%Avira URL Cloudsafe
https://github.com/python/typing/issues/7510%Avira URL Cloudsafe
https://www.cwi.nl/)0%Avira URL Cloudsafe
https://peps.python.org/pep-0649/0%Avira URL Cloudsafe
https://web.archive.org/web/20201124024954/http://effbot.org/zone/element-index.htm0%Avira URL Cloudsafe
https://peps.python.org/pep-3120/0%Avira URL Cloudsafe
https://macvim.org0%Avira URL Cloudsafe
http://hdl.handle.net/1895.22/1013.&quot;0%Avira URL Cloudsafe
https://www.nuget.org/packages/pythonx860%Avira URL Cloudsafe
https://peps.python.org/pep-3132/0%Avira URL Cloudsafe
https://invisible-island.net/ncurses/NEWS.html#index-t20170401).0%Avira URL Cloudsafe
https://docs.python.org/3/reference/grammar.html0%Avira URL Cloudsafe
https://docs.python.org/3/search.html0%Avira URL Cloudsafe
https://peps.python.org/pep-0626/0%Avira URL Cloudsafe
https://peps.python.org/pep-0614/0%Avira URL Cloudsafe
https://docs.python.org/3/library/__main__.html0%Avira URL Cloudsafe
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html0%Avira URL Cloudsafe
https://www.unicode.org/Public/15.0.0/ucd/NameAliases.txt0%Avira URL Cloudsafe
https://peps.python.org/pep-3131/0%Avira URL Cloudsafe
https://peps.python.org/pep-0529/0%Avira URL Cloudsafe
https://wiki.python.org/moin/IntegratedDevelopmentEnvironments0%Avira URL Cloudsafe
https://sphinxext-opengraph.readthedocs.io/0%Avira URL Cloudsafe
https://www.pypy.org/0%Avira URL Cloudsafe
https://peps.python.org/pep-0526/0%Avira URL Cloudsafe
https://docs.python.org/3/whatsnew/2.3.html0%Avira URL Cloudsafe
https://peps.python.org/pep-0514/0%Avira URL Cloudsafe
https://peps.python.org/pep-0308/0%Avira URL Cloudsafe
https://ogp.me/0%Avira URL Cloudsafe
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=17399060%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/whatsnew/2.6.rst0%Avira URL Cloudsafe
https://peps.python.org/pep-0538/0%Avira URL Cloudsafe
https://man7.org/linux/man-pages/man7/network_namespaces.7.html0%Avira URL Cloudsafe
https://www.openssl.org/news/secadv/20230207.txt0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/reference/lexical_analysis.rst0%Avira URL Cloudsafe
https://peps.python.org/pep-0634/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/tutorial/introduction.rst0%Avira URL Cloudsafe
https://pyinstaller.org/0%Avira URL Cloudsafe
https://docs.python.org/3/tutorial/interpreter.html0%Avira URL Cloudsafe
https://sourceforge.net/projects/sox/files/sox/12.17.7/sox-12.17.7.tar.gz0%Avira URL Cloudsafe
https://toga.readthedocs.io0%Avira URL Cloudsafe
https://docs.python.org/2.2/lib/lib.html0%Avira URL Cloudsafe
https://www.python.org/community/sigs/current/distutils-sig/0%Avira URL Cloudsafe
https://peps.python.org/pep-0636/0%Avira URL Cloudsafe
https://peps.python.org/pep-0309/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/library/zlib.rst0%Avira URL Cloudsafe
https://github.com/MagicStack/uvloop/tree/v0.16.00%Avira URL Cloudsafe
https://peps.python.org/pep-3141/0%Avira URL Cloudsafe
https://www.sphinx-doc.org/en/master/examples.html0%Avira URL Cloudsafe
http://www.yahoo.com&#39;0%Avira URL Cloudsafe
https://launchpad.net/0%Avira URL Cloudsafe
https://datatracker.ietf.org/doc/html/rfc2104.html0%Avira URL Cloudsafe
https://www.boddie.org.uk/python/COM.html0%Avira URL Cloudsafe
https://macromates.com0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/using/configure.rst0%Avira URL Cloudsafe
https://pypi.org/project/tzdata/0%Avira URL Cloudsafe
https://docs.python.org/3/tutorial/appetite.html0%Avira URL Cloudsafe
https://peps.python.org/pep-0318/0%Avira URL Cloudsafe
https://peps.python.org/pep-0414/0%Avira URL Cloudsafe
https://github.com/majek/csiphash/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/tutorial/classes.rst0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/tutorial/index.rst0%Avira URL Cloudsafe
https://www.zope.org/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/reference/simple_stmts.rst0%Avira URL Cloudsafe
https://peps.python.org/pep-0525/0%Avira URL Cloudsafe
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=16864870%Avira URL Cloudsafe
https://docs.python.org/3/reference/simple_stmts.html0%Avira URL Cloudsafe
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-402170%Avira URL Cloudsafe
https://www2.cs.arizona.edu/icon/docs/ipd266.htm0%Avira URL Cloudsafe
https://sourceforge.net/projects/python/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/tutorial/errors.rst0%Avira URL Cloudsafe
https://github.com/python/cpython/tree/3.12/Grammar/python.gram0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/license.rst0%Avira URL Cloudsafe
https://peps.python.org/pep-0307/0%Avira URL Cloudsafe
https://web.archive.org/web/20220517033456/http://www.netlib.org/fp/dtoa.c0%Avira URL Cloudsafe
http://planet.python.org/rss10.xml&#39;0%Avira URL Cloudsafe
http://www.oreillynet.com/meerkat/xml-rpc/server.php&#39;0%Avira URL Cloudsafe
https://www.tcl.tk0%Avira URL Cloudsafe
https://docs.python.org0%Avira URL Cloudsafe
https://peps.python.org/pep-0328/0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/tutorial/stdlib2.rst0%Avira URL Cloudsafe
https://idlefork.sourceforge.net0%Avira URL Cloudsafe
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=10016040%Avira URL Cloudsafe
http://www.lahey.com/float.htm0%Avira URL Cloudsafe
https://peps.python.org/pep-0207/0%Avira URL Cloudsafe
https://docs.python.org/3/using/configure.html0%Avira URL Cloudsafe
https://fishshell.com/docs/current/cmds/source.html.0%Avira URL Cloudsafe
https://docs.python.org/3/using/unix.html0%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/reference/executionmodel.rst0%Avira URL Cloudsafe
https://web.archive.org/web/20180309043602/https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min0%Avira URL Cloudsafe
https://pypi.org/project/sphinx-lint/0%Avira URL Cloudsafe
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=18190%Avira URL Cloudsafe
https://github.com/python/cpython/blob/main/Doc/using/windows.rst0%Avira URL Cloudsafe
https://peps.python.org/pep-0208/0%Avira URL Cloudsafe
https://peps.python.org/pep-0305/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.barebones.com/products/bbedit/index.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.cwi.nl/)8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/typing/issues/7518n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://scan.coverity.com8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://packaging.python.org/en/latest/tutorials/packaging-projects/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://freshmeat.net/releases/52719/&#39;8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0528/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0649/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://packaging.python.org/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://datatracker.ietf.org/doc/html/rfc4122.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.nuget.org/packages/pythonx868n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-3120/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-3132/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://macvim.org8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://invisible-island.net/ncurses/NEWS.html#index-t20170401).8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://web.archive.org/web/20201124024954/http://effbot.org/zone/element-index.htm8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/reference/grammar.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/search.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://hdl.handle.net/1895.22/1013.&quot;8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/library/__main__.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0614/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0626/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://wiki.python.org/moin/IntegratedDevelopmentEnvironments8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0529/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/whatsnew/2.3.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-3131/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.unicode.org/Public/15.0.0/ucd/NameAliases.txt8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://sphinxext-opengraph.readthedocs.io/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0514/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0526/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.pypy.org/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=17399068n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0308/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0538/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://ogp.me/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/whatsnew/2.6.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/reference/lexical_analysis.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://man7.org/linux/man-pages/man7/network_namespaces.7.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.openssl.org/news/secadv/20230207.txt8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0634/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/tutorial/introduction.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/tutorial/interpreter.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://pyinstaller.org/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/2.2/lib/lib.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://sourceforge.net/projects/sox/files/sox/12.17.7/sox-12.17.7.tar.gz8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://toga.readthedocs.io8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0636/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.python.org/community/sigs/current/distutils-sig/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0309/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/library/zlib.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/MagicStack/uvloop/tree/v0.16.08n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-3141/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.sphinx-doc.org/en/master/examples.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.yahoo.com&#39;8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://launchpad.net/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://datatracker.ietf.org/doc/html/rfc2104.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://macromates.com8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.boddie.org.uk/python/COM.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/tutorial/appetite.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://pypi.org/project/tzdata/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/using/configure.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0318/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/majek/csiphash/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0414/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/tutorial/index.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/tutorial/classes.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.zope.org/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/reference/simple_stmts.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=16864878n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/reference/simple_stmts.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0525/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-402178n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0307/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://sourceforge.net/projects/python/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www2.cs.arizona.edu/icon/docs/ipd266.htm8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/tree/3.12/Grammar/python.gram8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/license.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.tcl.tk8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/tutorial/errors.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://planet.python.org/rss10.xml&#39;8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.oreillynet.com/meerkat/xml-rpc/server.php&#39;8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://web.archive.org/web/20220517033456/http://www.netlib.org/fp/dtoa.c8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/using/configure.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/tutorial/stdlib2.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://idlefork.sourceforge.net8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0328/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007A84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://docs.python.org/3/using/unix.html8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0207/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.lahey.com/float.htm8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=10016048n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://fishshell.com/docs/current/cmds/source.html.8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/reference/executionmodel.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://pypi.org/project/sphinx-lint/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://web.archive.org/web/20180309043602/https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_min8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmp, 8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/main/Doc/using/windows.rst8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0208/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://peps.python.org/pep-0305/8n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://bugs.python.org/issue?&#64;action=redirect&amp;bpo=18198n3W4yKYeB.exe, 00000000.00000003.1540502391.0000000007084000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1512626
Start date and time:2024-09-17 17:25:53 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 8m 19s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:29
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:8n3W4yKYeB.exe
renamed because original name is a hash value
Original Sample Name:d434be38db7e05e636622e17661c027948d9eacbd58c9d0def9a6d1c4685553c.exe
Detection:MAL
Classification:mal100.spyw.evad.winEXE@35/1029@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.
  • VT rate limit hit for: 8n3W4yKYeB.exe

Simulations

Behavior and APIs

TimeTypeDescription
19:03:36AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows update.lnk

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
C:\Users\user\AppData\Roaming\windows\DLLs\select.pydfile.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      Chrome.exeGet hashmaliciousUnknownBrowse
        ultimateastra.exeGet hashmaliciousUnknownBrowse
          ultimateastra.exeGet hashmaliciousUnknownBrowse
            _%e0%b8%b0%e0%b8%99%e0%b8%b2%e0%b8%b3%e0%b8%b7.exeGet hashmaliciousAsyncRAT, XWormBrowse
              R.exeGet hashmaliciousAsyncRAT, XWormBrowse
                Cryptofarm.exeGet hashmaliciousUnknownBrowse
                  Bot.exeGet hashmaliciousUnknownBrowse
                    contract_review.exeGet hashmaliciousXWormBrowse
                      C:\Users\user\AppData\Roaming\windows\DLLs\pyexpat.pydChrome.exeGet hashmaliciousUnknownBrowse
                        ultimateastra.exeGet hashmaliciousUnknownBrowse
                          ultimateastra.exeGet hashmaliciousUnknownBrowse
                            _%e0%b8%b0%e0%b8%99%e0%b8%b2%e0%b8%b3%e0%b8%b7.exeGet hashmaliciousAsyncRAT, XWormBrowse
                              R.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                Cryptofarm.exeGet hashmaliciousUnknownBrowse
                                  Bot.exeGet hashmaliciousUnknownBrowse
                                    contract_review.exeGet hashmaliciousXWormBrowse
                                      XmS_Project.rarGet hashmaliciousUnknownBrowse
                                        https://dl.dropboxusercontent.com/scl/fi/4owe58ovn1ed21kp09mar/Rechnung-201528807699-vom-30.07.2024.zip?rlkey=jd0edpow40fhsvvb7o73yg1xi&st=x3gp2xzd&dl=0Get hashmaliciousUnknownBrowse

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Temp\CreateShortcut.vbs

                                          Download File
                                          Process:C:\Windows\SysWOW64\cmd.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:modified
                                          Size (bytes):295
                                          Entropy (8bit):4.9342965765868305
                                          Encrypted:false
                                          SSDEEP:6:j+q9NqAzqJNh3lcNwiaZ5SuH1MUmt2skPcNwiaZ5DpySj:KqaYqJ7VNHSuVM1t2s2NHD8W
                                          MD5:5613996E0555F449AC0CFCC5A3CBE1AF
                                          SHA1:1143D6413D89BFE44217B6B64217FF00CD824132
                                          SHA-256:71C0DA0246A6DA107CDDF04EEA9AE19DA378DAA2F298A9B42DEB73C6AF5A0A0F
                                          SHA-512:4F4BA42C68C47AD32DC795802D12250703F4470EE688C300BCCA96D8AA1C60B7EF8C6DE778B3B99EA39ED00203134C8AE4F67AFCD851C3EE9FEFD3586F07AAA3
                                          Malicious:false
                                          Preview:Set objShell = CreateObject("WScript.Shell") ..Set objShortcut = objShell.CreateShortcut("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows update.lnk") ..objShortcut.TargetPath = "C:\Users\user\AppData\Roaming\windows\start.bat" ..objShortcut.Save ..

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows update.lnk

                                          Download File
                                          Process:C:\Windows\SysWOW64\cscript.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Sep 17 16:03:28 2024, mtime=Tue Sep 17 16:03:28 2024, atime=Thu Aug 15 20:27:07 2024, length=132, window=hide
                                          Category:dropped
                                          Size (bytes):866
                                          Entropy (8bit):4.9800125855168575
                                          Encrypted:false
                                          SSDEEP:24:87g6cDks219Le+eseTGPt0hSHgVAGOigYquJmuJtm:87g6cos21A+3astDHVXi6uJmuJt
                                          MD5:9D0EF76A0350FA8A1946CA0006A1E8FE
                                          SHA1:3687F219B0E0DE6B10AA177821AF2C9DBF4A6269
                                          SHA-256:70A5A859538088A84DF920097A3BD4107DA6A13F47B62B2C097D4BF00B449E81
                                          SHA-512:4267DA2026DD818C9D2AA541FD39CBF087A877FA21275339C7A17CC3B998E812B444212DA6C16543A580295D1BBDEA67FC90ADE5C24908446FEDBBDF4A8B1DBB
                                          Malicious:false
                                          Preview:L..................F.... ...~...#...~...#....*6.Y.............................:..DG..Yr?.D..U..k0.&...&......Qg.*_...&.:.....-...#.......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=1Yp...........................3*N.A.p.p.D.a.t.a...B.V.1.....1Y\{..Roaming.@......EW.=1Yp...............................R.o.a.m.i.n.g.....V.1.....1Yp...windows.@......1Y\{1Yp............................w..w.i.n.d.o.w.s.....\.2......Yd. .start.bat.D......1Yo.1Yo.....9f.....................s..s.t.a.r.t...b.a.t.......c...............-.......b.............`Y.....C:\Users\user\AppData\Roaming\windows\start.bat.. .....\.....\.....\.....\.....\.w.i.n.d.o.w.s.\.s.t.a.r.t...b.a.t.`.......X.......302494...........hT..CrF.f4... ..../Tc...,......hT..CrF.f4... ..../Tc...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                          C:\Users\user\AppData\Roaming\windows\DLLs\py.ico

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                                          Category:dropped
                                          Size (bytes):75809
                                          Entropy (8bit):5.969322217946821
                                          Encrypted:false
                                          SSDEEP:1536:+sNNRmOha6UEm3BL61Z4tXSZ6HTk1FaA87Gl6L:+2No6UtB+1eJ9Z
                                          MD5:B35F68A3086562C4D5453FAAD5A3474E
                                          SHA1:673904FF9B305A6600E47AD715289122EC0B046A
                                          SHA-256:150C470F9943B806B44312EFDEC85755F22F8D7D52B31F93A9AF3C43E8627381
                                          SHA-512:6EC80921942B3BD3C85EF24A2DE5454A34A3AD11A1BC69B601AEA7B873E318073C0B2D78C26685999F78EC64A86282C08C53AB8D77E41C661AE968EA52C08176
                                          Malicious:false
                                          Preview:...............7......@@......(....8..00...........N.. ..........m]...............f..........h....l........ .t/..Er..@@.... .(B......00.... ..%...... .... ............... .....1......... .h....#...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..{.$.}....w........X..V.....F..]..T..P.H().........P)..<....Y..%%...[B2....2."..\......tOwO..9=.>}^=.5s.....==gz......;..;.T.x..0.3.x.....,.l..f.a..0......`..0.....a&.6..3...`......L0l..f.a..0......`..0.....a&.6..3........_.ro...Y:>.T...V...0c.......3v..X8..0c...56.....f,.t:..,.l....#......k8...l....G..1.u.6..n....5.......w.{...N..ND.\'P.......j...1.!.u+n..v|.._... ..>.....p.....}.v.y.h6...N...%`....[.l....F`.a.....og#....`..6.....f.`#.p..`..6.....fla#0...0c....q.m.9..{......3.\v.e....>}......."...p..w8E.l....`V..........H..l....e.]..~..Nm'....`V$.v..G?.Q...l...0+.6.v..0+.6.f..0+.6.z..0...].........q...O..`..L..w.v6......#....(...a..L.l....`&.6.)+~Y.........aY.{.r?..{.n.....{..F...o\QK.s..L47.p

                                          C:\Users\user\AppData\Roaming\windows\DLLs\pyc.ico

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                                          Category:dropped
                                          Size (bytes):78396
                                          Entropy (8bit):6.10453452748711
                                          Encrypted:false
                                          SSDEEP:768:WNXYu6xYBxqjlETx2UjHe20dH397tiKZoZa1ABtc8Yg2zR51ZV2vL2inK/fR1:sayx2lETxN+HTo8+bil1ZqdKX
                                          MD5:B1C9980131A3F20E344AA3AA2C8DEA49
                                          SHA1:0FE02F0ED5E56BBE7E4E98B1DCA061ED17FBF5C7
                                          SHA-256:FDA28A734788A3F175CB6AED4DAEB5F05F0E49F6A272CCD2051BA337F7B3B42F
                                          SHA-512:84CA107ACE44FA1964C6C1EA93FC767BDE88363339FC426A3D660DA53C84BADE14F1FAE99C494483BF2B5312938D84B0C1733C85E82592B8FFE8A28F76186A3A
                                          Malicious:false
                                          Preview:..............r?......@@......(...8@..00..........`V.. ...........e...............m..........h...xt........ ..1...y..@@.... .(B.....00.... ..%...... .... ............... .....L$........ .h....-...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y..W}..-.^....n.v.lK..@.../.,....`...s0g.@.0.d...8.@B&..9.'.@L....NX-..-.8v[.. ./-....zU..[..[.....w?...zU...[.-......=..#.h4..1./..h....4..F+......@..`...h:...4..F+......@..`...h:...4..F+......@..`...h:...4..F+.....O......x.9..:...t..lB{...B+..E+.M.....j%0Ah..i;,........m.....@.hO`.h..i{.'0v...=.ei%0F.. .C..M.+..<....w..d..~g&.j.*.y.uQ.T`Y..:....w.:.......y.t.BH.w.}.....v..#X.x1.....$0..F....8..<J.R.z8..Z.h....&...4m..'P.V3]..@6...........J ...4m.V...V...D+..A+.M.r.....j% F+.M[s.....Z...}.{Z.....=L.dI..9sF{....4......V.2.'....f.=....@3.h...t%...f.q...L^....Z.hf%.......3g:V.h....h%..V..Y.V.j....z.......#.J@.V...A+.$Z.h:...A,\.0.......t.........@3&fz..4.p..c....w.......\c.].g.....o...n....m.6.

                                          C:\Users\user\AppData\Roaming\windows\DLLs\pyd.ico

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:MS Windows icon resource - 12 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 8 bits/pixel, 64x64, 8 bits/pixel
                                          Category:dropped
                                          Size (bytes):83351
                                          Entropy (8bit):6.269678824341842
                                          Encrypted:false
                                          SSDEEP:1536:fVLhV30CuzZO5Wf/DGsea4SNum23KXVDTEhr:f1hV3Uz447lea4muXG1TEhr
                                          MD5:1A8230030D821CF8EA57CE03AAEAD737
                                          SHA1:12656788B1FBE4D2375ECC2989A4D9DA69CAA0D6
                                          SHA-256:C4EC1845A5724B2A83500F3BD940355E2FE26EFC6B4FE6C208365359A6130DA1
                                          SHA-512:AF6356DC67249E724AE30F65DDEFB4E53C6F2703DA32FD5F135598BBD6189BEE70950242F52985478DE99979D1271EEC9F4E2981A29A9BC02C673E9B668FD0C1
                                          Malicious:false
                                          Preview:...............H......@@......(....I..00..........._.. ..........hn...............w..........h....}........ ..;..@...@@.... .(B../...00.... ..%..W... .... ......&........ ......7........ .h.../A...PNG........IHDR.............\r.f....pHYs..........o.d.. .IDATx..y...u.....u..l3..+Ar...)B..-.c...Y....X.$[....r..c.;>I..>..(...X.m%..G... ..H.....F,..f....~.T..W.^U...Yz.}.S....5.|....S^z.%H$...7 .H..i.$.e.4...2F...d.#..D....@"Y.H. .,c...H.1..H$..i.$.e.4...2F...d.#..D....@"Y.H. .,c...........B.d~H....G>.,.},%d. i......H. i9../.R..&!....0.C..&!...%.F.9H. iY...=..HZ.i.f.4...G...i.:.8....-..9.m..y>.G.\...x...~......O."......0".#F@..$c...B>.l&M=...........qm?>.K..?...azz:.Zi..#...E...../..t:.{...$C..IK0.n...._FGGG....#...e.\7......@...@.Rl...../J#.$.....[6..'_.9.f ...%..@s..@..H`.H. ii.l.......5.._..W.....@.......D....F.B...@....@.d.F 9..H.....$.....@...u3>.S...vzz..........@.$yx..~.g...w..Y.F@...E..x...,i...F...G..p...,...=.....f......@.lx..'..~H...b....,+.~.I|.#?.t

                                          C:\Users\user\AppData\Roaming\windows\DLLs\pyexpat.pyd

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):201496
                                          Entropy (8bit):6.366374012034735
                                          Encrypted:false
                                          SSDEEP:3072:Vxsz9EOW5PJ/arVxu15xINl7YNlYWarOaBnnOeqeRU5U5r9JhIjLhsuC:XydMhaRxU5xINl7ClYBBnOc5pJF
                                          MD5:5E911CA0010D5C9DCE50C58B703E0D80
                                          SHA1:89BE290BEBAB337417C41BAB06F43EFFB4799671
                                          SHA-256:4779E19EE0F4F0BE953805EFA1174E127F6E91AD023BD33AC7127FEF35E9087B
                                          SHA-512:E3F1DB80748333F08F79F735A457246E015C10B353E1A52ABE91ED9A69F7DE5EFA5F78A2ED209E97B16813CB74A87F8F0C63A5F44C8B59583851922F54A48CF5
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Joe Sandbox View:
                                          • Filename: Chrome.exe, Detection: malicious, Browse
                                          • Filename: ultimateastra.exe, Detection: malicious, Browse
                                          • Filename: ultimateastra.exe, Detection: malicious, Browse
                                          • Filename: _%e0%b8%b0%e0%b8%99%e0%b8%b2%e0%b8%b3%e0%b8%b7.exe, Detection: malicious, Browse
                                          • Filename: R.exe, Detection: malicious, Browse
                                          • Filename: Cryptofarm.exe, Detection: malicious, Browse
                                          • Filename: Bot.exe, Detection: malicious, Browse
                                          • Filename: contract_review.exe, Detection: malicious, Browse
                                          • Filename: XmS_Project.rar, Detection: malicious, Browse
                                          • Filename: , Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A~..A~..A~..H...M~..G...C~..G...L~..G...I~..G...B~......C~......B~..A~..5~......E~......@~....}.@~......@~..RichA~..........PE..d....K.f.........." ...&..................................................... ............`.............................................P...P...................T......../..........`4..T........................... 3..@............ ...............................text...O........................... ..`.rdata..$.... ......................@..@.data...l ..........................@....pdata..T...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\windows\DLLs\python_lib.cat

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):125220
                                          Entropy (8bit):6.927830329526241
                                          Encrypted:false
                                          SSDEEP:1536:j1I7/Nmemtjg6D1YMiRar3DC3HqZaWEghGwjUVV+kn7Sy/xQ:RIYZtrD1YgO3HqIghpjk+kn0
                                          MD5:7E0751762AE08566F876556CC2B92C7E
                                          SHA1:9FEC1FE8A03C2D5A8D911479EF6C3921189CB051
                                          SHA-256:1B7CB35EAD7ACE3D87970E01F4D98BE2219CD558E4CF63B1C3F15CEA709F6AB0
                                          SHA-512:72AF8FDB16EDD846EE67E1FF421E95C3335BE2DC2EC475DA586120B670E105EE9A43EB4666FE7837147C5A17B76C5DC55BC9B012A31C3D4991875B6C29B76CF2
                                          Malicious:false
                                          Preview:0......*.H...........0.......1.0...`.H.e......0...q..+.....7......a0...\0...+.....7........Y...N....".P...240409150154Z0...+.....7.....0....0... .....w.=...7o.............L.w1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .....w.=...7o.............L.w0*...0..{b..M..;@....C^.1.0...+.....7...1...0*....T..|../..IT....Q.1.0...+.....7...1...0*.....'......s..%R=5..1.0...+.....7...1...0*.....2m..3.......N..D1.0...+.....7...1...0... .......V.C.........>..wf...O...1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .......V.C.........>..wf...O...0*.....KG{6.8.o.<v.....1.0...+.....7...1...0... .k.r.....r...K=.w.&.....mY+..1i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .k.r.....r...K=.w.&.....mY+..0... .l..x....h......=....'&.ZZGe.7.31i0...+.....7...1...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .l..x....h......=....'&.ZZGe.7.30*....H..J.%....Q..Uhx{;1.0...+.....7...1...0*.........].3.=].[.

                                          C:\Users\user\AppData\Roaming\windows\DLLs\select.pyd

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):30488
                                          Entropy (8bit):6.576230704358061
                                          Encrypted:false
                                          SSDEEP:768:vNnMgHqxp1GPn5hIjQGl5YiSyv38aAMxkE7:vNnMgKxp1U5hIjQGr7Sy/8Yxn
                                          MD5:92B440CA45447EC33E884752E4C65B07
                                          SHA1:5477E21BB511CC33C988140521A4F8C11A427BCC
                                          SHA-256:680DF34FB908C49410AC5F68A8C05D92858ACD111E62D1194D15BDCE520BD6C3
                                          SHA-512:40E60E1D1445592C5E8EB352A4052DB28B1739A29E16B884B0BA15917B058E66196988214CE473BA158704837B101A13195D5E48CB1DC2F07262DFECFE8D8191
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Joe Sandbox View:
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: file.exe, Detection: malicious, Browse
                                          • Filename: Chrome.exe, Detection: malicious, Browse
                                          • Filename: ultimateastra.exe, Detection: malicious, Browse
                                          • Filename: ultimateastra.exe, Detection: malicious, Browse
                                          • Filename: _%e0%b8%b0%e0%b8%99%e0%b8%b2%e0%b8%b3%e0%b8%b7.exe, Detection: malicious, Browse
                                          • Filename: R.exe, Detection: malicious, Browse
                                          • Filename: Cryptofarm.exe, Detection: malicious, Browse
                                          • Filename: Bot.exe, Detection: malicious, Browse
                                          • Filename: contract_review.exe, Detection: malicious, Browse
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.tb..'b..'b..'k.V'`..'d(.&`..'d(.&n..'d(.&j..'d(.&f..'.(.&`..'b..' ..')..&g..'.(.&c..'.(.&c..'.(:'c..'.(.&c..'Richb..'........PE..d....K.f.........." ...&.....2............................................................`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...X....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\windows\DLLs\unicodedata.pyd

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):1137944
                                          Entropy (8bit):5.462087550450309
                                          Encrypted:false
                                          SSDEEP:12288:/rEHdcM6hb4CjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciQn:/rEXtCjfk7bPNfv42BN6yzUiQn
                                          MD5:16BE9A6F941F1A2CB6B5FCA766309B2C
                                          SHA1:17B23AE0E6A11D5B8159C748073E36A936F3316A
                                          SHA-256:10FFD5207EEFF5A836B330B237D766365D746C30E01ABF0FD01F78548D1F1B04
                                          SHA-512:64B7ECC58AE7CF128F03A0D5D5428AAA0D4AD4AE7E7D19BE0EA819BBBF99503836BFE4946DF8EE3AB8A92331FDD002AB9A9DE5146AF3E86FEF789CE46810796B
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aM...#...#...#..x....#.."...#..&...#..'...#.. ...#..."...#..x"...#..."...#.......#...#...#......#...!...#.Rich..#.................PE..d....K.f.........." ...&.>..........\*.......................................p.......Q....`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B........................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\windows\DLLs\winsound.pyd

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                          Category:dropped
                                          Size (bytes):30488
                                          Entropy (8bit):6.443672733968568
                                          Encrypted:false
                                          SSDEEP:768:cV3z1H3uX2AFIPUVIjO7GFq5YiSyvwUAMxkER2:UBXiIPUVIjO70o7SyHxt2
                                          MD5:F4EFDE2CA920A52135B00BF8F0545A87
                                          SHA1:352E5EA2419BA876FB80E0D0D1E5DD12272A33E4
                                          SHA-256:9885B3D18903A2EF27428C7C9760493111CC97330FF0AFCB57199964092E86BF
                                          SHA-512:F098AF2851BE213F83D19C0AA0CA82DED7BC41F51793502B9BED32D185B73B9CC8A9B29E25B3C5847B237AA466B14088E577F05B6BD03046AA65EDB25C087E8D
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N.J. TJ. TJ. TC.TH. TL.!UH. TL.%UA. TL.$UB. TL.#UI. T%.!UH. T..!UM. TJ.!Tp. T%.(UK. T%. UK. T%..TK. T%."UK. TRichJ. T........................PE..d....K.f.........." ...&.....4.......................................................!....`..........................................A..P....B.......p.......`..p....H.../......d....:..T............................9..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..d............F..............@..B................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\bdb.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1214), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):71060
                                          Entropy (8bit):4.835531068180123
                                          Encrypted:false
                                          SSDEEP:1536:aqy3MmX0pYulR8yYPyFiyFWRXx5ZLuyFLaoLcnCxThhrPyFjVWaTvT+ThTTDTTnb:QIJkHd2dtYqr6Yg
                                          MD5:D8D0263884AEBC4EF1E9BC9115D5D1E5
                                          SHA1:824372959580008E7CBC5E9D02AA184DD1FB68D1
                                          SHA-256:FC58A033E40FD8A405AB6A6BA14586A59544A42DCD22AE8998A756C92EC3A88F
                                          SHA-512:8798A699C653741716BDB72E5A8935AB42EAB30412BD8413A0C7BB890018AE645DECFE1F11A2DC8C1334F72740AEC7F5DC69FF85BA1E762E9664124E51DB5770
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="bdb . Debugger framework" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/bdb.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/bdb.py The bdb module handles basic debugger functions, like setting breakpoints or managing execution via the debugger. The following exception is defined: The bdb module also def..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/bdb.py The bdb module handles basic debug

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\binary.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):19238
                                          Entropy (8bit):4.865247276533485
                                          Encrypted:false
                                          SSDEEP:384:IS6jjHqklhnovjnXnTMdJmp/6JKcSZntv1nXDTMM76dqEC:IS6jDqyhnEjXTMdJmd6kLn51X3MM764N
                                          MD5:5474F3B09D4E8CD01BE258C9A6B16405
                                          SHA1:8398D0E0BA864B7885941417A3FB853CBDA22D1E
                                          SHA-256:AD7AC05E889CB11DF77BDDED0443252C4B5148BF05FF4FB51CC57238E4F1316A
                                          SHA-512:1F5742C6124DFA8AF455E1D046856E84A6772A4F81BA8ABA495F9EA427EAA0E12F54FADC995FC326069CE1A597ED5573348282CF74C783F7B0EB2DA9ABA43CC1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Binary Data Services" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/binary.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter provide some basic services operations for manipulation of binary data. Other operations on binary data, specifically in relation to file formats and network p..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter provide some basic serv

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\binascii.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (975), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):36845
                                          Entropy (8bit):4.905965311273338
                                          Encrypted:false
                                          SSDEEP:768:gvqyfdV3MrERtYdkw5yYBgt/wayYsL0kwfyTgYvOk+yYWKkbyYYyT+yYFzHkOaEo:gvqy1NMrERtYdkw5yYBgt/wayYM0kwfY
                                          MD5:8AD9EB18ECB7A46F16FA2658CF49F460
                                          SHA1:A17E33883FAF9E9F162681C7BCC02D06134C4ACE
                                          SHA-256:3A050CA7B44B816A57EF73EFF0273A66B762562C0B20D4A2897CBF2F2D937F67
                                          SHA-512:23864931E80B6F4FD1F1699D877495A69131C56C949854EB98FF1CAC3482B0D7ECB91413D753007E833847BE555760D9780EADA4C7560B37B43B825F5F5F9A5C
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="binascii . Convert between binary and ASCII" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/binascii.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The binascii module contains a number of methods to convert between binary and various ASCII-encoded binary representations. Normally, you will not use these functions directly but use wrapper modu..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The binascii module contains a num

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\bisect.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1119), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):47238
                                          Entropy (8bit):4.807704241365421
                                          Encrypted:false
                                          SSDEEP:768:VqylDwMKMBxfiyL4ykwMyFXpiyUYxfiyL4ykwMyFHJxfiyL4ykwMyFfixfiyL4y3:VqymMKMBxfiyL4ykwMyF5iyUYxfiyL4n
                                          MD5:97FD20131B6D6ECBD253D5596C8584A8
                                          SHA1:4609F15A61D4F7671EE63EC529275EF162A04B5D
                                          SHA-256:1F14CC22A43714EF52A0FD0D3AC4298EADE8E9ED6066B0196C2765A96C581896
                                          SHA-512:A8E08B5976D96ACFD0F0A37988FF14E8FAC70F50D38D1EE88F95F3B21A57C606EB9FD82C5281C3526506EDA0BA5D1948496CCB2E675B581CD6B113CBDBCB6CCE
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="bisect . Array bisection algorithm" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/bisect.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/bisect.py This module provides support for maintaining a list in sorted order without having to sort the list after each insertion. For long lists of items with expensive compariso..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/bisect.py This module provid

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\builtins.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (432), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):18129
                                          Entropy (8bit):4.860949788235933
                                          Encrypted:false
                                          SSDEEP:384:b0HqklxZJ+nyZTMo1DWvEBpPZUanyNTM/76dqEC:kqyfcGM0sEBP/0M/764N
                                          MD5:DECC03806E2162D47413A01026BA67C0
                                          SHA1:059D9BD3C66B055F38081EBEBD7CD9B5326AE04C
                                          SHA-256:6D90FDD8A0106A72422197F9AF76F0956F3A5AED54F6CC8E89C10CB640EB2D78
                                          SHA-512:DA21D9EB625CEE18BDBC0CD4CC34934CFB056ED9AC5BEEF261C61512D2CA40821480AF30BE46F2291474919A2D1A4EE8143D5B6E701C8FA146A79AE59C061E60
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="builtins . Built-in objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/builtins.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module provides direct access to all .built-in. identifiers of Python; for example, builtins.open is the full name for the built-in function open(). See Built-in Functions and Built-in Constan..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module provides direct access to all .b

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\bz2.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1357), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):57926
                                          Entropy (8bit):4.882204691399133
                                          Encrypted:false
                                          SSDEEP:1536:7qyZME7LVMy1Ry4WyF4yFfyFe3RDVMyVwRy4naTGwXSjhyZnsDonoMy4Ikizebt7:n3y7oYz4dncRg
                                          MD5:1ACA66268F1B1233458DE40CD47B3E7A
                                          SHA1:EF976702359D8EB3D1501724E0EBF7F75FE91597
                                          SHA-256:E9DA6C8350F2E374209824A42B7B3230F9659555C53861C4BD8099E5B9AD7789
                                          SHA-512:9A0D0B97E9885A27D0B98E3F0EEDF0C2B67313B23FE6CC1F6B007D862FB1DD413F25A649F96C997EE03CB6CE6EA170C8911477D9CA477114A9D73B9B18173CBB
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="bz2 . Support for bzip2 compression" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/bz2.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/bz2.py This module provides a comprehensive interface for compressing and decompressing data using the bzip2 compression algorithm. The bz2 module contains: The open() function and..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/bz2.py This module provides a

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\calendar.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1138), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):98151
                                          Entropy (8bit):4.839794138968399
                                          Encrypted:false
                                          SSDEEP:1536:ZqyBMkUkV4yLJ1B1hB1oB1IB1XB1tB1lB1oB1MBvyqnBvyqDBvyq2m4yLG8sSyLp:ZE2Nidn8g
                                          MD5:54FCB9995095A6D3E81F4849E7A0939E
                                          SHA1:49321F64338B6798CAAEE6E989988A08B44A7420
                                          SHA-256:2B02E0633F401A337AD4A840786B1D3EA22F9AB4586277A308F740840DC37FC9
                                          SHA-512:503225DD4C9C532A4CA0736496A8D2BF6602BE4986C284D23153C86A682DE84AA80FF24B5CC61F5413CCC6100C174AA1BFBB4C4A483A5F09E6FBAC9EDDF6A3D1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="calendar . General calendar-related functions" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/calendar.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/calendar.py This module allows you to output calendars like the Unix cal program, and provides additional useful functions related to the calendar. By default, these calendars have..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/calendar.py Thi

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\cgi.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1299), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):71880
                                          Entropy (8bit):4.862522472377268
                                          Encrypted:false
                                          SSDEEP:1536:VqyEM1W1U1VG0fjf/LrPOdbSyFVbbWvYCyF+y2syYVyYIy83LCLWyb4y3Iy82dyJ:QOJ/Gg
                                          MD5:727D4973BAE0A703E0277ADB742380B1
                                          SHA1:17DE41E1481FA87AE6A336996FA799E611BFFD26
                                          SHA-256:77CC428B9BDEEE2A2D56B6BC04366EE7BE83FEDAFBF59413DD297ED5FB71E546
                                          SHA-512:A8B1077952022C6EE22C32B68342E4FB88BD90619BF3C51A4FBCADA882AF5E36C48DDAD7BEFC39936763B5E63722C0B3C4477F5F0E57C15FDB30A55A7120F742
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="cgi . Common Gateway Interface support" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/cgi.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/cgi.py Support module for Common Gateway Interface (CGI) scripts. This module defines a number of utilities for use by CGI scripts written in Python. The global variable maxlen can..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/cgi.py Support module for C

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\cgitb.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1077), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):23367
                                          Entropy (8bit):4.865770970110955
                                          Encrypted:false
                                          SSDEEP:384:teNHqklZg1nFTMwsbKO/muKksyQiyFwykkyWjJfM0cMwyk8oSMwykoDrMyF+1bn7:YqyZcBM1bOuKksyQiyFwykkyWh7cMwy1
                                          MD5:BF1E1433FAA1B1EB80169249BFFA3390
                                          SHA1:26ABEEB64A3B59C1C8A91B9CFEAF67FEF3BCE62D
                                          SHA-256:9F37D5C218439E5016EE49ED1313D09E3225FE502DB9343164C8ADDAD1BF7669
                                          SHA-512:37CF254AFA57B958944DBD519AA60C6B91F4D719393F4A73F1C0B128A33EE9D69920E80B1253DF64136DF6540ACE20950000C74A2DDB09B4E15BA80FA8517A67
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="cgitb . Traceback manager for CGI scripts" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/cgitb.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/cgitb.py The cgitb module provides a special exception handler for Python scripts. (Its name is a bit misleading. It was originally designed to display extensive traceback informat..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/cgitb.py The cgitb mod

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\chunk.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1049), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25765
                                          Entropy (8bit):4.9097030243245285
                                          Encrypted:false
                                          SSDEEP:768:6qy109MXoctgaaWyT6yTuyYm8hpY6o7yLbehyZte37pMo764N:6qyYMXNgaaWyT6yTuyYLhpY6o7yLbehd
                                          MD5:A8DBECF8C05F8CFD8EC70A8BB2BA66EF
                                          SHA1:DF477CBCADF1C69ADAAFF123D1200B952DD5F918
                                          SHA-256:C27FE5DEDE4431A3D96DAAD7BD4397ED49A08D6D97AE1369ECA19E28674F0B1A
                                          SHA-512:CFF3EDF713F73F31E6119ED478AB88C41C99A44F5B69C07AA067BC3F3C2F06B792B59BF40694FA9A527773B2D9286C8D4109B7D661A0F999DCBC84FD45E3C2D3
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="chunk . Read IFF chunked data" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/chunk.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/chunk.py This module provides an interface for reading files that use EA IFF 85 chunks. 1 This format is used in at least the Audio Interchange File Format (AIFF/AIFF-C) and the Re..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/chunk.py This module provides an i

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\cmath.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (925), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):48255
                                          Entropy (8bit):4.8431227934680345
                                          Encrypted:false
                                          SSDEEP:768:Y+50wJqyTOmPY4M84K9fmzJYMHcOWqTLO9BcMzioOj5OpzNkO/5OqROI0OY1OzYk:/qyfM2mVYOcOWkLO9BcMzioOj5OpzNks
                                          MD5:3A589330916378980D21B5ED320358CA
                                          SHA1:28A7D7F250A68D9B4893AD260AD0193F112A54A9
                                          SHA-256:63941898A03DBCC0011F71B8BF9A44064180315AD89AAE564D6581A2AB911835
                                          SHA-512:99E78476F3B6D0B7FE2AD84F240944F5C8BD90561CD959A8B1AB0BC83B5ABB0061856AB88CAE7325AA3FF2C3BCF64D0706C3B1BC79170082BE3EA9E0D800D22D
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="cmath . Mathematical functions for complex numbers" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/cmath.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module provides access to mathematical functions for complex numbers. The functions in this module accept integers, floating-point numbers or complex numbers as arguments. They will also accep..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module provides access to

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\cmd.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (958), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):56462
                                          Entropy (8bit):4.831452703352486
                                          Encrypted:false
                                          SSDEEP:1536:8qkQqyxdNMvUZb4yyxyFYyFsZAyFxuWVTNAIciOlbTRa/ujAFynMEORFUR1c77wk:8qkQdB7IvRXwO6g
                                          MD5:2A8011925B6DFCEBC766A34E252FAF2C
                                          SHA1:CD5AE23376E23F72D78D99F7A298B60A5BD9249A
                                          SHA-256:73C01886FA5A12E5F36067E3D859AEBCA7230D1B16561AA9DB21C83A4F6D6248
                                          SHA-512:ACFC4ADE2B46E50A8574C962CEE07E43983EFF6BC63DE4D0A326171C3F679555AA2748974A4809412F6E71DF1E59B3F5BFC9791955102C457CBA33635CF31044
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="cmd . Support for line-oriented command interpreters" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/cmd.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/cmd.py The Cmd class provides a simple framework for writing line-oriented command interpreters. These are often useful for test harnesses, administrative tools, and prototypes tha..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/cmd.py The Cm

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\cmdline.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22434
                                          Entropy (8bit):4.858323401887799
                                          Encrypted:false
                                          SSDEEP:384:JXeHqklxxJnZTMz35Bt5/gwOHMXnNTM676dqEC:JXyqyxnNMNBHOH05M6764N
                                          MD5:A5A578B2951B3C0BB84C407EED072B98
                                          SHA1:E6B0393F41624C566677C716F88C662A340898D5
                                          SHA-256:E2EBA124600BAAFC0C2280300954ACDA0F57054BC556AD37DD76B0265F6FDF89
                                          SHA-512:37D836CAF933F904A164003DEC117FDA7B7209A08D82A9A1A9439A78C01FF3A4298D9C8255473AB5C4E2061A50809C66F7E8FF1A83B81A5F9A67212A65E008C1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Modules command-line interface (CLI)" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/cmdline.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The following modules have a command-line interface. ast, asyncio, base64, calendar, code, compileall, cProfile: see profile, difflib, dis, doctest, encodings.rot_13, ensurepip, filecmp, fileinput,..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The following modules have a command-line in

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\code.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1083), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):39394
                                          Entropy (8bit):4.822789063898084
                                          Encrypted:false
                                          SSDEEP:768:LqyBd5Mht8FYyFne+YyFCyt2FWyF9yFcyFSyFnoxItCyeDyg++KXtCyeDyg+347E:Lqy9Mht8FYyFe+YyFCyt2FWyF9yFcyFT
                                          MD5:96C166E26D5E51FBAE8D558E64CE8FA7
                                          SHA1:FE08111FC7BD6122278626600317D933B079AAB2
                                          SHA-256:DDE5B678C3C7983EF9D9A5D2D729D5C30ECCF8D9A3355CCA048A1B49F7952058
                                          SHA-512:156772F24309CC96A185E146F850B70F4A6B9ADFC1036CF4AD04CF0832982307458DA514AEAC742F64B74B0D38FFD3C96FB66444689F16264B07732A4136B038
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="code . Interpreter base classes" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/code.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/code.py The code module provides facilities to implement read-eval-print loops in Python. Two classes and convenience functions are included which can be used to build applications..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/code.py The code module provides

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\codecs.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1563), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):167038
                                          Entropy (8bit):4.891478625477485
                                          Encrypted:false
                                          SSDEEP:3072:vv5TeCfm8+JH/CQbZg+s028L21YzY8CxMW6dg:vvdeCfm8+JH/CQbZg+j2PjMW6dg
                                          MD5:B17062CB975D3CC67D6232A42B92ECDB
                                          SHA1:D32148135DC3CF7097BEEA1089F147A426549680
                                          SHA-256:DDE74346CFD720888B939E5E915D7271E3A6A9378FD2413FB086CC098147879E
                                          SHA-512:21733E7825F62F3A58C5054E09E5C50461D0ECE6408069D3942B43673AE03100151A13543A709FA0BA368043F39ECB0F54CF23986DE53F6F70C2AD57BB97522B
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="codecs . Codec registry and base classes" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/codecs.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/codecs.py This module defines base classes for standard Python codecs (encoders and decoders) and provides access to the internal Python codec registry, which manages the codec and..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/codecs.py This module

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\codeop.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (807), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21811
                                          Entropy (8bit):4.86412944443363
                                          Encrypted:false
                                          SSDEEP:384:kaMHqkl/PhnLTMxNKbe1O4UgbQyItCyeDyg+uN/ikhNage4XvqKfnHTMQL76dqEC:Cqy/JvM6LGItCyeDyg+uNqYwge4XSqzN
                                          MD5:0CF5C61717D7D8991D2C490BE6790C69
                                          SHA1:4421AF1FF9614A1AFB18C0ED1464986F086B4E0A
                                          SHA-256:B9096A3C43FDB4A712CEAE7F691D850956AFDB76DB078A1EB59D9673F2751ACE
                                          SHA-512:C742C0DE292DD73B79174E11FF4E5EF77F48EEB1DF91B47800CA69F64387EBDBE0660102C111E6C74E5F2C3BA31FBED8261159D23AF4E50DDCB7D2C250BCD931
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="codeop . Compile Python code" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/codeop.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/codeop.py The codeop module provides utilities upon which the Python read-eval-print loop can be emulated, as is done in the code module. As a result, you probably don.t want to us..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/codeop.py The codeop module prov

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\collections.abc.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (660), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):92297
                                          Entropy (8bit):4.79320654470516
                                          Encrypted:false
                                          SSDEEP:1536:mqyQMZdAF5yeIWZ/XHiEB8TB8Iy87QUmb1wcL6dBBTb5o28nyZgZe80gkGFzIlG4:WAFPZPiEB8TB85STASgN2GELOySMhEyh
                                          MD5:3480926C99E458E6E3D24B55030516F5
                                          SHA1:9A05984C788B2E32A2E343BD40DA64D94B3DED24
                                          SHA-256:F3B2C7CF65A238241DE157D5F7BD4C91F35242D7D378D7C0AD6BA6E911C16D6D
                                          SHA-512:262978F64BA8C5A1F30CF46755FFE9B81F2F3800745B3CB2A62F429DE712349B73290197A842104B770A77F083A0A9EAB001F72B956BE6834D1E6C25A4CFC3AE
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="collections.abc . Abstract Base Classes for Containers" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/collections.abc.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/_collections_abc.py This module provides abstract base classes that can be used to test whether a class provides a particular interface; for example, whether it is hashable or whet..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\collections.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (636), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):198528
                                          Entropy (8bit):4.771103341784293
                                          Encrypted:false
                                          SSDEEP:1536:z/bqyDM9s6+myNBRH1yFo10SqOPwDFN0jyVXnJjPVjoZWB3i9WL3TnL/iAyAG4qg:8w62O/jQg
                                          MD5:674F3ED9C1938E2162FB4B4051D54E1D
                                          SHA1:F236D4CD3B0D91DBF1FA1D061C9DD433E3E900E6
                                          SHA-256:370872630059106239A2B7B5C8FEC80E08F6320B8403793E37CFB9CD8278180C
                                          SHA-512:224931754811ED568A9BF3FA2904A88ACF7B8CE456D1335192E29D9F9A10A54679D92C4C89CA5A50CAEC3E9B057F4929ABDB0901CAADB8467342194C69F9B8A5
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="collections . Container datatypes" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/collections.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/collections/__init__.py This module implements specialized container datatypes providing alternatives to Python.s general purpose built-in containers, dict, list, set, and tuple.,,..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/collections/__init__.p

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\colorsys.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (543), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):20609
                                          Entropy (8bit):4.886676659675043
                                          Encrypted:false
                                          SSDEEP:384:qoXHqklatQn3TMnbdK3EcChJ0ZUsJ0cChpoe7mtccChF8em9WXoAnTTMQ76dqEC:NqyaWjMnpEEcChJ0ZUsJ0cChpoe7mtc1
                                          MD5:655E2EBF50F5C01245E18C8FEA5EB497
                                          SHA1:A4B200D72E23A56A1A01D2FF5C30FEF5EE95ADB6
                                          SHA-256:BBCB0784122F91EB60CC4B1177F040CCF99C1AEAFB8755C4E0A4D53B22F4DB8D
                                          SHA-512:4A560644073FDD670F6C2B07EA19EBE8C0324E4AF66E74CA3BCDEC02CD7CD42ADE4F514C5508E2455E31BF123E543C551EFD2BB862EE23446AF33B5FE37B8914
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="colorsys . Conversions between color systems" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/colorsys.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/colorsys.py The colorsys module defines bidirectional conversions of color values between colors expressed in the RGB (Red Green Blue) color space used in computer monitors and thr..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/colorsys.py The

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\compileall.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3065), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):55567
                                          Entropy (8bit):4.80255479486973
                                          Encrypted:false
                                          SSDEEP:1536:hqyXM/3YeYPrWZpOLZhmhVPAN/ZwgnNi8AhB2TFmBOyU8yFMyYZyFHyL8yYt+yZL:ACQqYrbbntg
                                          MD5:BD6CEBBD0C3C57B7D8B7CEEC767BA588
                                          SHA1:3F05924276D9C6EE953545631DB6C1B8974C7E66
                                          SHA-256:E4719624DDA94DBFBFD6E66B7517095A534CC99F64949FDA1C43E437E49BA856
                                          SHA-512:4A31F977A5C36B44DF4E20F980D8B2BBE62E3547913C9837EC0AB91686C1E03A358E101451F3FF7EC470C0B67D495DA62BCDBB2280FE11D156A2823AB4A40214
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="compileall . Byte-compile Python libraries" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/compileall.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/compileall.py This module provides some utility functions to support installing Python libraries. These functions compile Python source files in a directory tree. This module can b..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/compileall.py Th

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\concurrency.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (443), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):28019
                                          Entropy (8bit):4.871784993341623
                                          Encrypted:false
                                          SSDEEP:384:bNwUHqklkxEKlnxTMVLtwAelM1SaC90GIWZxpKrnFTMsB76dqEC:Fqy8t1MbylM108BMm764N
                                          MD5:20A439487AE14F5DCEAB7655864FC8CB
                                          SHA1:C4F05C86AAE6B954A671C78FB788D75D2ECD60F9
                                          SHA-256:464BDA321B89AF7750A27724B547A4AFA3D0118CFD2165A105A9A521CE5F9103
                                          SHA-512:C5B94F294ED40360F1D8212390260C93780098D07CCF843F60B325F77342B28B6317318AD55331C1E746004FC22A687791757004BC1189B9DB89082C7D76B620
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Concurrent Execution" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/concurrency.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter provide support for concurrent execution of code. The appropriate choice of tool will depend on the task to be executed (CPU bound vs IO bound) and preferred s..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter provide support fo

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\concurrent.futures.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1434), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):90456
                                          Entropy (8bit):4.820344359861788
                                          Encrypted:false
                                          SSDEEP:1536:HqyAM0zWfwk/wHo1sCkwP4yFvyQhdyTwKyYBIPe0syFkylvyFoykzsskGtsyFOy3:NFKYBkMuPXg
                                          MD5:82F66F3987791DBDC63EE1F9186AE0B1
                                          SHA1:9453468DD370819326C1F3618A12C919783BE759
                                          SHA-256:01E7938D2D82567B38D6ADDBA849303FF2BEF1A5F877F505F4780614828057B2
                                          SHA-512:55D1FD0EBCD1491DEC8B3EBE5FC1CB296C2FA1A41B843B84156E524D4E7373F3035C8D84235EFECA5880AA9AC35F2E58D0A010375AFCEDF86D4F6638D57CC3FA
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="concurrent.futures . Launching parallel tasks" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/concurrent.futures.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/concurrent/futures/thread.py and Lib/concurrent/futures/process.py The concurrent.futures module provides a high-level interface for asynchronously executing callables. The asynchr..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/concu

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\concurrent.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14481
                                          Entropy (8bit):4.826211851866605
                                          Encrypted:false
                                          SSDEEP:384:k2PcHqkltLAaPnATMZt0LVapnWTMi276dqEC:k2PAqytL7POMb0Lgp8MD764N
                                          MD5:84D45660AC1FEDED9FAB02557A78FFC5
                                          SHA1:BE83953B4CD6BD48F60DE27833522F94D5F77645
                                          SHA-256:FB59A044154050788306E51C30BA6C8CCF4AA79F6F8D2DA9E18A1B0FCAC34BD9
                                          SHA-512:ED04C37EFCCC1835E303BFACE44F4BBA7A989D457011398B7700C95E518DF59674CECFDCDC5C8CCD459427F8491B346BEEDA1A1356DF2562DB188AEA78A32F08
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="The concurrent package" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/concurrent.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Currently, there is only one module in this package: concurrent.futures . Launching parallel tasks." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Currently, there is only one module in this package: concurrent.futures . Launching parallel tasks." />..<meta property="og:image:width" content="200" /

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\configparser.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (497), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):166896
                                          Entropy (8bit):4.850204821974308
                                          Encrypted:false
                                          SSDEEP:1536:ZyyQeqysMsd8IB/zcPbH6hPXOBP+B63LfK9wBVQcT/2Js1oqyh/QiCI9T6f+myFg:+Atgczw6uDN5jYYGm4E2WKYKqfd2Eg
                                          MD5:07DF471F192DF5D3EEBCE3F9B83D6459
                                          SHA1:A3C5784ACCCD5D164EAD48D394364E016EA6411D
                                          SHA-256:E2083DC394D851B90B98F9DEC8144D00D13C17963C9E92DE2070023580D9EBD1
                                          SHA-512:C7680B2DC1FE03F3A5DC7F032CA1650CA5F7D2ABB5D8E9E5AB378A06184BD1E12EE18DED93350D385F259863443BC7FC4F2E6E761669B313218BB8C86EF2C67E
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="configparser . Configuration file parser" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/configparser.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/configparser.py This module provides the ConfigParser class which implements a basic configuration language which provides a structure similar to what.s found in Microsoft Windows ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/configparser.p

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\constants.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (838), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26682
                                          Entropy (8bit):4.858447860264611
                                          Encrypted:false
                                          SSDEEP:768:zqywIsMmXG1oABOfNVO5yFE5yFgSz75aMo764N:zqysMmXG1oN1VO5yFE5yFgSzoMo764N
                                          MD5:7D8AB8A71EE6886AE650BFA1A6A366A4
                                          SHA1:071A4C99256EE94254A912D875D2A5CDA73B2C80
                                          SHA-256:0C576F32CA38335521E8FF2095527EB7DFA8C7FFD754335DC8E29435D46AF3C0
                                          SHA-512:0952A7002BDF147FCC19F72FEBBF0A9ACD0BD3310D9008D8EE4627F46D8B17E6C4E75F37821D998E071888B4AAA5EA8DB7F69682EB4D7EA522FFABBE12955273
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Built-in Constants" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/constants.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="A small number of constants live in the built-in namespace. They are: Constants added by the site module: The site module (which is imported automatically during startup, except if the-S command-li..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="A small number of constants live in the built-in namespace.

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\contextlib.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (565), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):130687
                                          Entropy (8bit):4.767192242444821
                                          Encrypted:false
                                          SSDEEP:1536:bqyvMQVbLz3nDM1NfahB3MBUL138pcOT8OkxOfyJr2yFV3xR7eINgOPTVaQsbfSs:J7CmBjL1mYFnbnTQgg
                                          MD5:F5819A7D8247E1D1367FC800E81044E2
                                          SHA1:D248A12A0514E9E3372D7F3758DD43A250A70211
                                          SHA-256:E89F760B09DD4DC66B35C07A931467CC90E6AFCB68F376C87AF544951AA16004
                                          SHA-512:9202CAFBBD4D5916EDA040FA31BA88F24D153D5B710FA5BC9749996710BAE51FE29B86F56D37BACD9676FB9A3C55442ED56DA8953A64B62D2CE8F25485282D14
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="contextlib . Utilities for with-statement contexts" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/contextlib.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/contextlib.py This module provides utilities for common tasks involving the with statement. For more information see also Context Manager Types and With Statement Context Managers...." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/contextl

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\contextvars.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (700), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):42421
                                          Entropy (8bit):4.879904865389666
                                          Encrypted:false
                                          SSDEEP:768:Lqyn+8McX63bwSbk/K4bPp3oqqWuNYC2WPfAZGowHo1Imo+yL/vzA1SK4JrXLqMs:LqyPMt3bwSbk/K4bPp3oqqWuaC2WPfA1
                                          MD5:6F2B5F451CB5E99AD4A267B1372ED133
                                          SHA1:5DC13ED56A895814ED32E33A85F542365A435707
                                          SHA-256:C6BEDCD3FB13A2FA81963982E642A27BC18D6F5002663C644C9B90BF3208930A
                                          SHA-512:28932809CCBAB1B2B486C562024D75B94EFB3A4FACA76C34B8D10403ADF055ECF4B34BB1609D87715611B412A47905B17463EF4675416186A987B67EBBEC10AF
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="contextvars . Context Variables" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/contextvars.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module provides APIs to manage, store, and access context-local state. The ContextVar class is used to declare and work with Context Variables. The copy_context() function and the Context clas..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module provides APIs to manage, store,

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\copy.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (518), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21265
                                          Entropy (8bit):4.839434880070611
                                          Encrypted:false
                                          SSDEEP:384:GMWHMWYHqklKs2nhTMabyn+NjiOAQOWR1JR3H6hkOpRNhin1TMO76dqEC:pqyKblMa/NiOAQOWR1JhqIxMO764N
                                          MD5:4A527D87F83C1042B16FF1E88052B1B1
                                          SHA1:61F59D0D8F27F4A55FB6D22CF26811A7372B1142
                                          SHA-256:9CCC87CE2A05931C9874285F445676BFC95D132638023C47C3F132C981A06134
                                          SHA-512:4160D17BA507A31DEFDD47EF03551F23AA462A1A9BCE42423A7F5B9300E8747D3D22714E50C09BC9E3CB41EE75E2D889D960A1548D5C18C3F8F8CF074A153F1E
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="copy . Shallow and deep copy operations" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/copy.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/copy.py Assignment statements in Python do not copy objects, they create bindings between a target and an object. For collections that are mutable or contain mutable items, a copy ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/copy.py Assignment statem

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\copyreg.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (669), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22031
                                          Entropy (8bit):4.855111040764174
                                          Encrypted:false
                                          SSDEEP:384:taNapZHqklSeInasTMLwbuir/z4J8n3yFv55fBL7CM7bonaCTML76dqEC:3qySTFM8Lr/z4J8n3yFv5n7CM7URML75
                                          MD5:489575A670D6A9BF6D20A78F851A314A
                                          SHA1:6B5CB9B1A6F4F75AF510DE98FA5FB60F85BB07D9
                                          SHA-256:DECF830706EBB192966D1FD7B97DF5311B14EDC8657DF7ACCC4062008A1083B5
                                          SHA-512:6A64CC8A62197968A469639978845CA2C499C34EFF270EFFCEA61DB4FD161D6D42BB92D1A604199AA26A4BFA56B441CD1371393A25DB2F453A0003A6C304F19B
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="copyreg . Register pickle support functions" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/copyreg.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/copyreg.py The copyreg module offers a way to define functions used while pickling specific objects. The pickle and copy modules use those functions when pickling/copying those obj..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/copyreg.py The cop

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\crypt.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (765), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):32791
                                          Entropy (8bit):4.916955964600961
                                          Encrypted:false
                                          SSDEEP:768:AiqqyghXMgCZRf9KgfkFdVL1070C+yFZ/VyFwmyF62AQUNQ7Mx764N:AiqqysMgeRf9KgfkFdVL1070vyFZ/VyF
                                          MD5:7334FBD87961C3EF70721D490E52EA0D
                                          SHA1:33C5B44E2D7BA2448C29EE2627CB198423682197
                                          SHA-256:A0A666AF0F63EDB0C87E29BEE30E02D24B9F91296B970F565E6D6854FB353E72
                                          SHA-512:C92257C6EE0B1A7E7C6A729E32370DBE402C3DCD29B6210EDBD24569A2F6B1E31C6E50B3415E9BEB016B0F0DC6ED0450DD09C39BA30C27397A9DF675392372C8
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="crypt . Function to check Unix passwords" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/crypt.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/crypt.py This module implements an interface to the crypt(3) routine, which is a one-way hash function based upon a modified DES algorithm; see the Unix man page for further detail..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/crypt.py This module im

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\crypto.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17659
                                          Entropy (8bit):4.844087730451609
                                          Encrypted:false
                                          SSDEEP:384:9gHqklgY08nJkTM2XtwV1e5yYZ0nJaTMo76dqEC:9UqygYZJqM2XtwV1e5yYqJ4Mo764N
                                          MD5:8C3AF5EB13B420FDAE19ABE1635E215B
                                          SHA1:030F641EE14977821100FCF470531348EFB8E84A
                                          SHA-256:520D8A0F57315F1350D910174E990BA21295FD7BED4B8DDB16D7AD0DE754E61E
                                          SHA-512:67B359660F11F16BB96E0AA48DA2CD123FE2B8BC73A6737F9D95AC2E6EF1CB40B8420857A5D179E92522400D6FE358BA72293585861394EEF2E77D0C22DB1A0E
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Cryptographic Services" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/crypto.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter implement various algorithms of a cryptographic nature. They are available at the discretion of the installation. On Unix systems, the crypt module may also be..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter implement various alg

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\csv.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1512), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):92509
                                          Entropy (8bit):4.826005484692949
                                          Encrypted:false
                                          SSDEEP:1536:fNBqy3PsXMs0ZUy4yvTmwoNymodEo4goNymodyNTXbIf3UbhLWbkxcLHys4TyFCi:nqFHIu8YrSjcg
                                          MD5:DDC7E7BE158046B7CBB8FDC5C94A531A
                                          SHA1:EB3DB416482C7ED3873288883DA40340D1135442
                                          SHA-256:4970DF26B3AE25A71EC710F4A090E9DDCF4EC77C9BEC5DBDC1D17788DD57F156
                                          SHA-512:E930D9D7494431A293DABDD8372606DF1329E10870EA4C234D66DC2A27AEEDBDCCE9CB68A6202185F7D2B6F0E345912F1F0F482ED69AE3F371816CC3D41088DB
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="csv . CSV File Reading and Writing" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/csv.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/csv.py The so-called CSV (Comma Separated Values) format is the most common import and export format for spreadsheets and databases. CSV format was used for many years prior to att..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/csv.py The so-called CSV (Comma

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\ctypes.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (574), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):317522
                                          Entropy (8bit):4.792373097169189
                                          Encrypted:false
                                          SSDEEP:1536:Jqy7MSTG1VvxjTotiF7cAEsXVsgD6R03kZoFdT5i/qwNNaOeJWwmBGvONz70hmFf:lqPU/mMZ5Wvl/8rIBZE3EQiKvBoLENgg
                                          MD5:090290634256810C5B98EAE1A59AE9E9
                                          SHA1:AFF6F978B8A327D98E2FA1045089FF2A75283F1A
                                          SHA-256:E418AA0167D5FD96F491B9E1231901DF53413A4F20F149FB8902119120791283
                                          SHA-512:CF67EC8784755D39F0386EE0E66438794EF351570EF32FEEF9E4FD910B79BB9F280FD85C6B65DD1BF35B9B7BD813EDAB29736CEFAD937C9BF2A965B37AF8854B
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="ctypes . A foreign function library for Python" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/ctypes.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/ctypes ctypes is a foreign function library for Python. It provides C compatible data types, and allows calling functions in DLLs or shared libraries. It can be used to wrap these ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/ctypes ctypes is

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\curses.ascii.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (435), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):44451
                                          Entropy (8bit):4.855642588410878
                                          Encrypted:false
                                          SSDEEP:768:nqyQ0LMPuwJV0K/UA/RxtyTcrc80kfS1OxJIJXfsvG9Vy/AAq3A2ZbBOIHfNrxFi:nqyzMPuwJV0K/UA/RxtyTcrc80kfS1Oh
                                          MD5:C5317ECF826F49EE6A6191C9F25E9E2E
                                          SHA1:DF00F206586B3E95A224FFE65C0AD392EF9B2B2B
                                          SHA-256:0D4A186E2B4EEA7DBC169095E92A1D264BB02F4959932CFECFC6CF2E04030C8B
                                          SHA-512:A37037C302F34CAC60CA338F504ECCBD7882A04294319964E64251EA1624CFCF0DB8AF9F6FC3F97DF83D3792A58EF1E6CD3175368D3FEDF4B036E799FF8D1AAC
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="curses.ascii . Utilities for ASCII characters" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/curses.ascii.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/curses/ascii.py The curses.ascii module supplies name constants for ASCII characters and functions to test membership in various ASCII character classes. The constants supplied are..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/curses/asci

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\curses.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (677), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):280383
                                          Entropy (8bit):4.864268776940332
                                          Encrypted:false
                                          SSDEEP:3072:c2WV7Tl7WA0742GU6P8HRv7Wi7WAiCFTFQg:cxNT3TP8HR/Qg
                                          MD5:12CA4EBA57256548965B836FFB3DF944
                                          SHA1:EEDDBEC50FFDD30725F8CD416996980F47B74382
                                          SHA-256:4852F85235F5C02D882D76355044BB96E08D13A2112B6508E140964A6E4BCE20
                                          SHA-512:48526799C4A3F294AE9C29B9C65A3618CB269046A1A7CEAF71931FA21D73359661EA36034FC7E80AFAFD7C7DCA9B172EA7E9264ADE6044C03F700F33DB094C07
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="curses . Terminal handling for character-cell displays" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/curses.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/curses The curses module provides an interface to the curses library, the de-facto standard for portable advanced terminal handling. While curses is most widely used in the Unix en..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/curses T

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\curses.panel.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (460), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25651
                                          Entropy (8bit):4.85579752337272
                                          Encrypted:false
                                          SSDEEP:768:HqylWaMllprcgYcd3uPI2IyGk6LlzEyZfj/gToe3qKX4UJe9vytoMK764N:Hqy7MjprcgYcd3uw2IyGk6LlzEyZfj/j
                                          MD5:A4ACDE292554A036E348B76FDA68738D
                                          SHA1:1035827400FF581A1E51A97667B7429176D2AC18
                                          SHA-256:8BEE677EEBFCAA39133721020EA8E281EBE39712BA03E2BB3BB7541E3492772C
                                          SHA-512:E0F7D76257ABD7CEC2581F48A304CA9113398A5E3F104E39B2894B930D8DDC646D49FA944DB4CD7230A52ECC571A503E240D2082E444D39C5B6CCD3D6B9DC46E
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="curses.panel . A panel stack extension for curses" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/curses.panel.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Panels are windows with the added feature of depth, so they can be stacked on top of each other, and only the visible portions of each window will be displayed. Panels can be added, moved up or dow..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Panels are windows with

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\custominterp.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (495), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14993
                                          Entropy (8bit):4.818550370073686
                                          Encrypted:false
                                          SSDEEP:192:WCnKCCyrteqKHqkX1vCMIvMgNn7TMbPZ8FDtsdMIr6Dn3TMb4ZA76dqEC:VivHqklLYNn7TMb4KmdDn3TMsW76dqEC
                                          MD5:124AF1F7A1067EA9E964121178214BC1
                                          SHA1:75B7BD82AC3AC877408858CE15837B97898C24BA
                                          SHA-256:B0879274A8BD8E18816B8F2FB004A06EB318453666AA21B7A88F839043FE3E2B
                                          SHA-512:0E8B20D9EEE9FCE18C72C1122819F8A39E7DE3969FF34BE460FD86F9053D81739893EE43F4A2773317BA95E0024BCDA115BA4606AB99B194CFD2D61EE27E0F9F
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Custom Python Interpreters" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/custominterp.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter allow writing interfaces similar to Python.s interactive interpreter. If you want a Python interpreter that supports some special feature in addition to the Py..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter allow wri

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\dataclasses.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2440), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):125492
                                          Entropy (8bit):4.721959681474977
                                          Encrypted:false
                                          SSDEEP:1536:aqyc6MpkBSdcjNJyTQyTdyTryYQyYRyYsyTuyYyyYhyYzZZeafJEh0vTtnNSyjPT:qsZZe0mhcJ5cqcg
                                          MD5:E07B4360FDBA7CFD56C2AFBF8B20AC6B
                                          SHA1:BFF9BCF2ECD8A1286C9F57FDBE71C4D93612D994
                                          SHA-256:E21AA0F8AC0C66AADEF1D78CC199E1AA2D7F23E9DD69EF95C8CCDD35D045381C
                                          SHA-512:FC095E77A6F982ACC69DCEDA14C7531C046EBEE54F3175F821BEAF8866F914D8953AFAB947F03C82EAA50398BB54DB8928A6CFC7D6AE3E077252F2ADB850A0E6
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="dataclasses . Data Classes" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/dataclasses.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/dataclasses.py This module provides a decorator and functions for automatically adding generated special method s such as__init__() and__repr__() to user-defined classes. It was or..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/dataclasses.py This module prov

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\datatypes.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (702), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):30993
                                          Entropy (8bit):4.831817357479499
                                          Encrypted:false
                                          SSDEEP:384:7GDHqklx+bnVTMMmgnruGkTWq6JB4hLYkvClzc7ARS79nZTMk76dqEC:UqyxMRMWc6ghNMk764N
                                          MD5:F271AD6574A7AC51A0DA1C1AA07BFEE4
                                          SHA1:5549C6A9DF700CA6F7C9EF48EF049C7D1FBB8488
                                          SHA-256:A2E1390C7E17152E5DCE034F808D2A57ACF9844DF1A6A815E5D48E0F4864D795
                                          SHA-512:848487E4682303328248D62ACD82A3F04BDE6F55C06018DA1A8E39BA202CD156F758F885DE1A4656670C22A0AD6A4C25E9C053DD785B9C63187429CD6D7B01F1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Data Types" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/datatypes.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter provide a variety of specialized data types such as dates and times, fixed-type arrays, heap queues, double-ended queues, and enumerations. Python also provide..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter provide a variety of specializ

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\datetime.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1748), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):396497
                                          Entropy (8bit):4.767656465254369
                                          Encrypted:false
                                          SSDEEP:3072:fBU7zqvWz3sG41ex9Gx4RpV8rWAqrTryEg:fy7l34kx9U4RgrWAlEg
                                          MD5:6A1A25BC07C797993F45CCECC2D4C92C
                                          SHA1:8181DFAC097D32952F52BA52B8B6261A509AC8BC
                                          SHA-256:C9217203EA36F55B347621996FFD2CD9FD87381D5AE0DD34558F7ADBFAB28347
                                          SHA-512:9908F9CA7B06C12C8E82308DF6251BDC2555A648C275C1B023CF3419C5CAEB7E38A35FBEDC53EC293E9D4289AD8718906D5F90CB158F959CEAA9192A1096B064
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="datetime . Basic date and time types" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/datetime.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/datetime.py The datetime module supplies classes for manipulating dates and times. While date and time arithmetic is supported, the focus of the implementation is on efficient attr..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/datetime.py The datetime

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\dbm.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (848), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):58877
                                          Entropy (8bit):4.892837029432566
                                          Encrypted:false
                                          SSDEEP:1536:RqycMsyyFVVpkVwOwZELadyVMyWxdqO7x4D7VRLVdyVMyW/vM+aniJqfH5sT7JMX:qZOWrdqBFM+LO0MaQLZtRRbAVng
                                          MD5:69099204E4E66CCAFD712F424A3DC368
                                          SHA1:DBDE1F8F12A95F058BA4CBFB771CBDFF5FB28C70
                                          SHA-256:DEBAE4DDEE9C0538CC27B023CBCC933BF8D29B24A3692BCC0466726678F73438
                                          SHA-512:B8A3F411B628389C6F0D56E9669C7CEF4FA73F656C57B2680B1EB65C4B1E0B4075ADD0405D48524A7D46E61033FC2FDCAA368461067C2458BA7F77F7A1A09EC7
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="dbm . Interfaces to Unix .databases." />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/dbm.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/dbm/__init__.py dbm is a generic interface to variants of the DBM database . dbm.gnu or dbm.ndbm. If none of these modules is installed, the slow-but-simple implementation in modul..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/dbm/__init__.py dbm is

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\debug.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):20311
                                          Entropy (8bit):4.849846514731141
                                          Encrypted:false
                                          SSDEEP:384:Ir5r7Hqklt89njTMWttE4xTn/TMi76dqEC:4qytEXMWte4t7Mi764N
                                          MD5:EAAF6A4F2DCA9D4EBFA25F8BC1DDB19B
                                          SHA1:C6C2754EB639BB446D3CFC285FF041364368535C
                                          SHA-256:54802823A85013BB6584E2A8217F5468F5CD4ECD5A4FDF84DDCFB8E801FE8955
                                          SHA-512:D8CEC4104EA36963CDD10047EAC56878702DFBF13DB621337E84C78D731E3BE6B2A663CF4EE3F5D4764B7CF2312BE654A15A121D12776A3712122F6861559931
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Debugging and Profiling" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/debug.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These libraries help you with Python development: the debugger enables you to step through code, analyze stack frames and set breakpoints etc., and the profilers run code and give you a detailed br..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These libraries help you with Python development: the debug

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\decimal.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (772), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):286380
                                          Entropy (8bit):4.836408427042888
                                          Encrypted:false
                                          SSDEEP:1536:sqyxMuXHR5XFmtukoh5tqsPyDwyFTPcRaM9S/xxfbI20wyFBXJ0wyF60wyFghh07:gyhswO8Sa6RS5nIWS5g
                                          MD5:285AF8C5452805252E9D82597F3ABF34
                                          SHA1:FC7ED1F961C961ECA27C0E260900EDDD7E634EE1
                                          SHA-256:A50CCF21C3166BC55CAAACDFE59636C5521AE8677F2AAA294E004EFCCC8DF891
                                          SHA-512:58B880539F2CEE07837F571F0A86CCB492DF2E90911A039AEED660DC572A25C0F1DC5B44E2CA19855A32E83EECDEE6451A6776B72245574DC67FEE2090897AB5
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="decimal . Decimal fixed point and floating point arithmetic" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/decimal.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/decimal.py The decimal module provides support for fast correctly rounded decimal floating point arithmetic. It offers several advantages over the float datatype: Decimal .is based..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\development.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (490), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):37323
                                          Entropy (8bit):4.862643187594611
                                          Encrypted:false
                                          SSDEEP:384:EHqkldWgnKTMz5EZge8T0OiJTs3Bjx+thNH82tjwnoTML76dqEC:IqydxoMtEZ+T0LJTs3j+xHpcGML764N
                                          MD5:07E95C0CAE89EC859C65A72C3E4B471B
                                          SHA1:A34E01A48FF19E582866E1D8FD43D9CCC5DC6AA7
                                          SHA-256:3B38732D2A9EE10CE75FECD1B588601B177681FF5D85D45FCEF94C6F39DCA4DA
                                          SHA-512:9D998AB6CE26BE8842FF02D4F64AD54E0704BFE48D901FAADAD637791FB489DBD774A2EB3D01CCB72D22A04E669E6DB5230209FBC9AAA170890EBAB8842CF5D8
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Development Tools" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/development.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter help you write software. For example, the pydoc module takes a module and generates documentation based on the module.s contents. The doctest and unittest modu..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter help you write soft

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\devmode.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (457), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):36490
                                          Entropy (8bit):4.927052333447295
                                          Encrypted:false
                                          SSDEEP:768:iZs7sVBqy3KSn7MFVhz9C1wzlK48t8tm3ngoS2DFqr23a7KSa/MO7764N:iZAEBqy3KmMFVhE1wzRNm3nO2DFqr23j
                                          MD5:0C75D96B624202D7E95245F965FE29F4
                                          SHA1:FCAF6290131D16E2B982A29FFAC080F5A0DEE8A5
                                          SHA-256:EB99D0D6E7A04BBD3F9A17316FD6B22A58CBAD396F76C0E23EE40E6C7FE6C11D
                                          SHA-512:4BC0EE5FD5FBE2291BE1E61EAB45D518341BE988B9DA736BF5E918665632D3F6165C4BF9643D3D50142B60C1437FAB766F97937DC4FCFC0E8A1054EFEC5FEBE1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Python Development Mode" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/devmode.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The Python Development Mode introduces additional runtime checks that are too expensive to be enabled by default. It should not be more verbose than the default if the code is correct; new warnings..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The Python Development Mode introduces additional runtime

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\dialog.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1023), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):47003
                                          Entropy (8bit):4.832966498373117
                                          Encrypted:false
                                          SSDEEP:768:LVkqyjB1MIt9uAxogDyAxogA7AxogRjUlyF6647zwWA/yVoa4b/yVoaeh/yMoac5:LVkqyLMIt9uAxogDyAxogA7AxogRjUlD
                                          MD5:9A9659080AA915233A3BC38B8D269405
                                          SHA1:57EE70BDCA631A6CC8187B34A76FD0F9039828DE
                                          SHA-256:8B514EE23523FE41F32EE335CB5EE578FEF6C4324C8969C091C6B2D3B800189D
                                          SHA-512:B7F711DA3EF2F22FAD2EF4F3CAFB6A962F777FEE39E74AD8604C9A1FD449B6685DB96EF1D519F98B65B7668EF44045FE803BB928A051D6E401879E739AD96A6B
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Tkinter Dialogs" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/dialog.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="tkinter.simpledialog . Standard Tkinter input dialogs: Source code: Lib/tkinter/simpledialog.py The tkinter.simpledialog module contains convenience classes and functions for creating simple modal ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="tkinter.simpledialog . Standard Tkinter input dialogs: Source

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\difflib.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1724), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):131511
                                          Entropy (8bit):4.804767506115637
                                          Encrypted:false
                                          SSDEEP:1536:/qyIMYRtu6mZRL1ruzolYcyz9yFTyFlyYnBTqylzylwyYEykw/ybzIBTqylzylwy:HJ5K1h4k1PfgjZ+AVeg
                                          MD5:8721DE2FDC4EA9DC8BB6C1716F05A6A6
                                          SHA1:182E1249206D9A2B8825F33F973B0203CE1EC0C7
                                          SHA-256:B13AEC1A18AD7FEC5A9D4A80CDD450BAE7DD0B6619691E60132CA071DEA0B7C5
                                          SHA-512:0D668246020F55344F776B6D038A892FE3D94A8C4934F3533E0F5131522211DF951D269373A1F10315D9A1A46709FAE1F5908BA74F1612420EA6391E7E52A8BA
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="difflib . Helpers for computing deltas" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/difflib.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/difflib.py This module provides classes and functions for comparing sequences. It can be used for example, for comparing files, and can produce information about file differences i..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/difflib.py This module

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\dis.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1344), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):195623
                                          Entropy (8bit):4.916831096714084
                                          Encrypted:false
                                          SSDEEP:1536:aqynMUBQlgS27NQAOwayFSyF2yYNyYWKw2yYR5KBSuDdOaQOwlyF+3OyFwlyFeyg:KKV7zTVfBd7LIQbU1hgt73qiof818IJg
                                          MD5:935A925D4E2262E25E382E8078947B1E
                                          SHA1:539DCDC486965CDE46D21402992EDD5E190AC982
                                          SHA-256:DE59D625DD57D0B4FDC42EC45F1070F9CFC58F7521B786D4618E00CEAF41C0FB
                                          SHA-512:E52C940634BA2CF98559D4EA40ED115AB10D54AD85526B220ADBDAE6EDDAA660D8DE578D20557B49E4B750B29B2593FC0F4FC6BB773BD1496F8E6EFF2CBA03AF
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="dis . Disassembler for Python bytecode" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/dis.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/dis.py The dis module supports the analysis of CPython bytecode by disassembling it. The CPython bytecode which this module takes as an input is defined in the file Include/opcode...." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/dis.py The dis module suppo

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\distribution.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):16633
                                          Entropy (8bit):4.845892169460792
                                          Encrypted:false
                                          SSDEEP:192:WhrtjKHqkX1vJlMrMgYntTMbmva3RhaKXlM36YnRTMbZvA76dqEC:3HqklBuPYntTM7hh/XuKYnRTMu76dqEC
                                          MD5:33E00917A458E39EEF34EE792183C282
                                          SHA1:AA45FF30310AB24208DEAE599B01B0A243B05403
                                          SHA-256:3781CF6240A2AF531CF0AA604C248C07C3E7DFA6471440CE956483CCEED253E9
                                          SHA-512:655B37F66428E823C17CC7CC44AEE631B1ABE0D9BC702C1F0A033974F33177A3D304B54900A6EA49530A87368D538899D4826852FC37B542B0431C5873EE0C88
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Software Packaging and Distribution" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/distribution.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="These libraries help you with publishing and installing Python software. While these modules are designed to work in conjunction with the Python Package Index, they can also be used with a local in..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="These libraries help you with publishing

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\doctest.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (478), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):211041
                                          Entropy (8bit):4.843095475504818
                                          Encrypted:false
                                          SSDEEP:3072:Frx6moMzyq43Hj+qJZxa5ejCW87wWsRyg:in+qJZxa5ejCWW9g
                                          MD5:90A5EBDA6C23AC623C4AD18C8B605337
                                          SHA1:CB840DF20092C3E239A1D2DAEA3BC95D5E052620
                                          SHA-256:A0458DA6304EA6A2E20035416677E1B2D94EC9CF768673A8C7AA95BCC9D91864
                                          SHA-512:88F5F15B7DE4EA299D8CB9114CC8C0BEF63FEC8924ABC4C73D64748188AF294BF3763A2716658527EA415982D7B32008E4523CDA4C1D854E1C8D4C1DE7ACF527
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="doctest . Test interactive Python examples" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/doctest.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/doctest.py The doctest module searches for pieces of text that look like interactive Python sessions, and then executes those sessions to verify that they work exactly as shown. Th..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/doctest.py The doct

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.charset.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1007), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35550
                                          Entropy (8bit):4.8317347803377775
                                          Encrypted:false
                                          SSDEEP:768:Pqy096MJPP9yhOae8Ui0xtTp1Vvf5twtk0te00n04fiVyFwyFxyFH0f2VLliiBDv:Pqy5MJPP9yhfDUJxtT3Nf5twtk0te00c
                                          MD5:BD7552F9C3C202B38EC40B1A7816B8C1
                                          SHA1:68709374176D127BDD0084F0EC10F66CE01AC606
                                          SHA-256:021B617984F1BA480DBC2981020B4F0623A7629CECD4E8623F83A2EA2D43470C
                                          SHA-512:347D67049944FD3F9F76E8C416BB86164311167368F83FFEB4FBA5AC4FEDFC8FD7B2BB39EF6A421BCDBA57C0F02DD4BCFA8FC071FC3BE96031622FE247C09CF1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.charset: Representing character sets" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.charset.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/charset.py This module is part of the legacy ( Compat32) email API. In the new API only the aliases table is used. The remaining text in this section is the original document..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/charset.p

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.compat32-message.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (833), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):103492
                                          Entropy (8bit):4.801237005937147
                                          Encrypted:false
                                          SSDEEP:1536:UqyWMEis8OyEm2yYJyLFyFtNq2yYFyF79Gom21i+ExzpyFlyY5wE/yFwiHenbl2w:Ri3dAwE5mUD3g
                                          MD5:489056F9024BF30E120A91611A60F18D
                                          SHA1:1100F119E295017FF5DD1095B96BA729EACC571F
                                          SHA-256:86C4971686A5F77FAEFD4997B5B8A6B53ACF2D64B1162682ECD8AF3500AB6DF4
                                          SHA-512:597B52100C1F2BF61A4B492B7D8033C3F76E5F2D8661F3A33AEC56ABB465CB72FE4DDA94F24ADC03414A7F27E4B1A7FC9723E4B67373C37DB6946E7ADE6E8F8C
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.message.Message: Representing an email message using the compat32 API" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.compat32-message.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The Message class is very similar to the EmailMessage class, without the methods added by that class, and with the default behavior of certain other methods being slightly different. We also docume..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description"

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.contentmanager.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1229), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):41020
                                          Entropy (8bit):4.81388807311094
                                          Encrypted:false
                                          SSDEEP:768:EqyueiM55n7wXwHog8XiwHogNzV57Qx7qEsh1X4y3zxXl70S83ti8kYxXx2pp3t8:EqyKM5B7wXwHog8XiwHogVV57Qx7Psh0
                                          MD5:A5963A3269C01580F1F09401187065C9
                                          SHA1:D24284FF4EFEB650433FB01AB1B27CCA24018F98
                                          SHA-256:25F0088B52BA44B77AC89C5ADC846C8792EBC47F512BEA3FFCC53C186D74CBEA
                                          SHA-512:0216C518843B79095CEE9BB71CE85EF318465758AC7420E08CD17DE8EB59A7208EC90D525BDC22E52933857174E29CF262DA8AE35F3F8553AB9C04985F6C02C8
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.contentmanager: Managing MIME Content" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.contentmanager.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/contentmanager.py Content Manager Instances: Currently the email package provides only one concrete content manager, raw_data_manager, although more may be added in the futur..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/c

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.encoders.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (445), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22118
                                          Entropy (8bit):4.852052832444795
                                          Encrypted:false
                                          SSDEEP:384:J+W+3Hqkl/i4nQTMHblhUXwJ7XIFXSdgXwIvHMv4nmTMu76dqEC:Iqy/xeMHDUXm7XIFX4gXlsAMMu764N
                                          MD5:FEF9C35BE1C24CC015AFB7822FA51131
                                          SHA1:C3F07AE05AAD467BB1636783BD955FB8C675C62F
                                          SHA-256:05869D0E15B3D2A540759960C32153344D322C18935F398AA6C6967A1A12F49A
                                          SHA-512:E415F9B89785F2EF7FF1F227F44952635B99B44F2C8D06FC3D074DD1F6E01732BFC55B7F525994F57CEEB09B8BA3D966B797493E18D77DC36CCF08BFEA126DFC
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.encoders: Encoders" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.encoders.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/encoders.py This module is part of the legacy ( Compat32) email API. In the new API the functionality is provided by the cte parameter of the set_content() method. This modul..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/encoders.py This module is

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.errors.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (425), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):28798
                                          Entropy (8bit):4.855813496055718
                                          Encrypted:false
                                          SSDEEP:768:8qynN0M1PgNn85ZaPZUJb8wBw7ssCM4764N:8qyWM1PgNn85sPZUJHBw70M4764N
                                          MD5:76AD9AB05E308E3A781BC7F5E7DD0ADE
                                          SHA1:AF05D2F0FA842501B4BB416EC3CCFAD560627F1A
                                          SHA-256:D9DB00F091F5F9FF1A4100202B165EB831965C69328B1D6F542BAC45DEE1669F
                                          SHA-512:BDC0C9A42DB0DE4E994218C0503668F483A86DB73B25DD2210D32DE1499F2160574CBFACDD007BDF044D971705C393D7BDB7873748D023F816A9F929A3D47E29
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.errors: Exception and Defect classes" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.errors.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/errors.py The following exception classes are defined in the email.errors module: Here is the list of the defects that the FeedParser can find while parsing messages. Note th..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/errors.py

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.examples.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (557), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):65102
                                          Entropy (8bit):4.683052251611606
                                          Encrypted:false
                                          SSDEEP:1536:vH1HuqyOMrhhwy4nfRYnAynwg6ORML764N:vH1HCh8RVMXg
                                          MD5:43B6AACDAE94676F49F75E41D9BF9635
                                          SHA1:79FB03591556BC397EF3784F0311B64AA65026E2
                                          SHA-256:D1D479A2A69B23291B4EBE51EA635EADB0BA1D0C5C106BB158F9A3B74B595E3F
                                          SHA-512:214CE6BADE0E4963EF5497F10175F12DD24D200EAAE5BC03266271EC97C42AB642C74F75EF76724AE791552B1D3B2580755B0FA26C047148A75DE8C63DD02CFF
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email: Examples" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.examples.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Here are a few examples of how to use the email package to read, write, and send simple email messages, as well as more complex MIME messages. First, let.s see how to create and send a simple text ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Here are a few examples of how to use the email package

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.generator.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1368), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):53525
                                          Entropy (8bit):4.815395727879856
                                          Encrypted:false
                                          SSDEEP:1536:AqyYMEbXI3yFJyFwFyFkxQNbXRyYtyFOqC5XuyI3yFJyFwFyFVVQNNXRyYtyFt/i:Digu2g
                                          MD5:D497CEE985F42D6EBEAFC2F591B2777F
                                          SHA1:DFC56E4D59358523E9AEBA0C2EA9B20CA116A4E1
                                          SHA-256:F72D125955557BBEECDA4689323F006D94755A6101AB29A860ECFA4DB3CE2E71
                                          SHA-512:34A1D6E5A2DDB5729C1AC1B13CBD7BFA359970A9DB5441C34B8CED88D35683E3E70C6951BF9C0F0BEEFF27EDC00ACFC2EF2140566A194F25057AB823F47680B4
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.generator: Generating MIME documents" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.generator.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/generator.py One of the most common tasks is to generate the flat (serialized) version of the email message represented by a message object structure. You will need to do thi..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/generat

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.header.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1607), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):41506
                                          Entropy (8bit):4.846746236232008
                                          Encrypted:false
                                          SSDEEP:768:HTWqyFzKMEJT7T/tI9Tg8+9uXyF/yFQyFqyFlyc4ym6Tp/1X/yF4ymAvNg07W1ye:Cqy4MENiIuXyF/yFQyFqyFlyc4ymeX/5
                                          MD5:237CB01560D6FA4432E312035F90BC79
                                          SHA1:B367A10BF56F832CF71DBF155A90E4F6B0388E36
                                          SHA-256:0BD2DA60360DB2B6BA60CD03E1B305210160532FA790303B8BE04F9668BC62A8
                                          SHA-512:02C5E00509A299F4398458266CDD1FFEAFB143587A526577C1C8328D545222FF6745FC31D1774A6AC558E81024139281CDE7974204432F62B43ED53AAF260767
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.header: Internationalized headers" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.header.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/header.py This module is part of the legacy ( Compat32) email API. In the current API encoding and decoding of headers is handled transparently by the dictionary-like API of ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/header.py Thi

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.headerregistry.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1196), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):71848
                                          Entropy (8bit):4.817927287041648
                                          Encrypted:false
                                          SSDEEP:1536:2qy3MZE3bOBCRZNF2mVJuVal12skG63qAJ8+YdWC9ZzizGKzKBjBONogqpNmyzJ5:bE+gLVmzkGhg
                                          MD5:18E35C829E87F1AD17C90AC78D0577C4
                                          SHA1:4E1689324D50E1267D74D8E1AD97CAB4C292FBFC
                                          SHA-256:5C839E8F10D72C37DA747CEFD9C10EA54FA6710E22DBC19948DC525BB97093F8
                                          SHA-512:C7B939FD4340A5A17F27D495D66EE6C9A32A3D36B53D55C845082099308029729EA2E1733DEE1606CDB44D01381E12BB61D20A76BBAFE1B75541EC331C4B365F
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.headerregistry: Custom Header Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.headerregistry.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/headerregistry.py Headers are represented by customized subclasses of str. The particular class used to represent a given header is determined by the header_factory of the po..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/h

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (741), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34158
                                          Entropy (8bit):4.836931259060756
                                          Encrypted:false
                                          SSDEEP:768:IAVqyEklMahoe3NEPeDtMNFiplYEutHnxMP764N:5qy/MawFpZtRMP764N
                                          MD5:1687123781621608931E2D4970231D89
                                          SHA1:0568FC78F12ECD911A540B4B85D3DBFE55069B19
                                          SHA-256:85988329AF8747B94DD54E110F630B6F98C90B2E72B26AFF3849CA5219985FC1
                                          SHA-512:97F66FF8EED04BFF4ACAE7F5926F84926DFA767170D3CB6EAF472082EE2A27ED83C975F41945897BF0112A99C5EE6DE368EC5944DB84E8CD96C5EC33D90699AB
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email . An email and MIME handling package" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/__init__.py The email package is a library for managing email messages. It is specifically not designed to do any sending of email messages to SMTP ( RFC 2821), NNTP, or othe..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/__init__.py The

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.iterators.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (993), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21562
                                          Entropy (8bit):4.83823050822189
                                          Encrypted:false
                                          SSDEEP:384:xGKHqklQCxnuTM6bQhXlyYKkX2yEpyFX9XVyFRyLRyYEnPPn8TMK76dqEC:3qyQEEM6khXlyYKkX2yEpyFX9XVyFRyr
                                          MD5:5A4B1AAF10D505B46B26B8086FF8A9B8
                                          SHA1:28F565E5E9807B0DCBCBF49FEC264054029A25F4
                                          SHA-256:9B68B85E2BC8DF4AAFB5EECA5ECEA70A658B08780FF001AEC0202BF7A17CCE70
                                          SHA-512:83CBC760C991693527AC0A3429481CCE0E89F8A168BF811657DBDD0BFA3836B297B06C3761EC13A85A27E2ECB5EFEE4B26D59991F2C20425FE0EDDA8E96B1F52
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.iterators: Iterators" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.iterators.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/iterators.py Iterating over a message object tree is fairly easy with the Message.walk method. The email.iterators module provides some useful higher level iterations over me..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/iterators.py Iterating

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.message.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1402), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):106066
                                          Entropy (8bit):4.79439618542009
                                          Encrypted:false
                                          SSDEEP:1536:jqyGMzkIAOyWe2yYJyFFyFi22yYFyFgRlm25iQXbPobLbU+sbQGovzbCyFebCyFh:gTxEtFSPDXsg
                                          MD5:C1F823CE07B055AF2D7D29576892FBB1
                                          SHA1:D20287AD4C94CEB55B4C1EDB74D2C80D83D4860C
                                          SHA-256:7C844C61CECD27ED18EB42D924BA05B292B8BA1AEF318B15DCC80CF6CEDC4382
                                          SHA-512:7A06FF44589DAD518B5515F958E81BD0779E83F30BAD5DB0654C18C099C1C641AA91DD88A22EDDA7F769708C1572E11624A69B2452FAE836AC45C03C5781FCE3
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.message: Representing an email message" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.message.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/message.py The central class in the email package is the EmailMessage class, imported from the email.message module. It is the base class for the email object model. EmailMes..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/message

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.mime.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1429), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):49597
                                          Entropy (8bit):4.838790797912579
                                          Encrypted:false
                                          SSDEEP:1536:LqynMx+ieWwFyEojIW+YvRyqpyFSyFwFyEojwiRrWyHAyOwFyEojsCNNWyFAyOwL:rg
                                          MD5:FA980734D61B9B9CCCD4C18B7DDFF57C
                                          SHA1:F5A0B3F99CE7ED4F5FD3949CB41F5958E684E59E
                                          SHA-256:8DB255EE335D9CD75D126F79E2928AF145EB6F38E551330701833A67662B102B
                                          SHA-512:91E201D0534F4CB29CC07E0E56D91FF81AC7EB2928AA9D6A68220112413A53DC4AB3B2627D684660B8EEABA356FFE951819ED5EBA76B48BE968B101AEAB06D7E
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.mime: Creating email and MIME objects from scratch" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.mime.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/mime/ This module is part of the legacy ( Compat32) email API. Its functionality is partially replaced by the contentmanager in the new API, but in certain applications these..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/emai

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.parser.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (892), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):62014
                                          Entropy (8bit):4.795466591047322
                                          Encrypted:false
                                          SSDEEP:1536:yqymME9K7ZvNyFwFyo3kIrHQNyFwFyoXPPryFwFyo2C7yYNJ7yY2Iv2ryFwFyo3I:TK7ZakIBlNCg
                                          MD5:8EE1F429A742CB6AED9E45A2E2AD8EFF
                                          SHA1:519010AAEDA5F7ADCFD411D38938309E0843C00F
                                          SHA-256:EE5E41D640229B33DE904849D15A4E6EBE4B85DA7E70B531A9B1DCB5483604D3
                                          SHA-512:3B29E62C76FD144CDE15A82E46F80946EC6E2A54DDCABEBAC40F14AF930BC3E4FED68975151A68222FF347C48E486D63111EAFA2877E82B53AB72B2CC90A32D1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.parser: Parsing email messages" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.parser.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/parser.py Message object structures can be created in one of two ways: they can be created from whole cloth by creating an EmailMessage object, adding headers using the dicti..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/parser.py Messag

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.policy.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (622), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):87903
                                          Entropy (8bit):4.820110644846478
                                          Encrypted:false
                                          SSDEEP:1536:lqy3MgLPdn6+VjgTq2HZobfjg43GU3GxbMK7bO2bOwbOIbOGhjgXkj9OKyb7GK+K:H2qN4pZg
                                          MD5:6E4FB55AC9C4592BC54431ED09BEADC7
                                          SHA1:F566C66940223EAD82D8ADA9C6078DA29B01F605
                                          SHA-256:EBB31557C5EC05E4D4F7873AC49DB1267262E62EA6D9ADA456149E24E9ADF317
                                          SHA-512:F4CAFC848EC8D18FFE47A0FC069C39A7994542F70352A29ACD14BE0EA3F182312A02CB86B54505B1072D4A2074A17602C6799C5031701534AFFF714679C57DD1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.policy: Policy Objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.policy.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/policy.py The email package.s prime focus is the handling of email messages as described by the various email and MIME RFCs. However, the general format of email messages (a ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/policy.py The email pa

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\email.utils.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (909), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):45383
                                          Entropy (8bit):4.824675400238119
                                          Encrypted:false
                                          SSDEEP:768:cqyN8JMPIhEyFC2FoyFXyFXTyfN8+NHzSZfw/ybLv/0MzlxMQM+ZpQTIQQgP4BZb:cqygMPIhEyFCioyFXyFjyfN8+NHzSZfV
                                          MD5:1311FC62E21A129801C073B730DCE89F
                                          SHA1:B41061255A5DC6CBC5BD2844609088E4A594EF9D
                                          SHA-256:CFCF6E92BE664BE6BD1FA1B18870800359304CA0B9283182A3048626FCA94A3A
                                          SHA-512:BBAD6D1F53F142F1B10A609C36D919E5D1B75F438DF4284534995F55288535E882FD506BD3B1B936BCCBFC4D728F6918EA24CB1C9AE07F955DC09C8FBC011A01
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="email.utils: Miscellaneous utilities" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/email.utils.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/email/utils.py There are a couple of useful utilities provided in the email.utils module: The remaining functions are part of the legacy ( Compat32) email API. There is no need to ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/email/utils.py There ar

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\ensurepip.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1495), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):27856
                                          Entropy (8bit):4.812272077004853
                                          Encrypted:false
                                          SSDEEP:768:Yqyo3QzMw7nJovMTthAt6g5wpQP/QJcyFLyYoyY1yYEyYGyL5a33XM7J764N:YqyPMiRTIQUPoJcyFLyYoyY1yYEyYGyF
                                          MD5:6C8E98A2777985DE9D8EBC15627192C5
                                          SHA1:2B94C489B5A90DD00EBEBC392693D6DB465A2A6B
                                          SHA-256:B410FBA418B895D3A799B174BABAC88270CCC4C60389BCC56BA7E2785923AC74
                                          SHA-512:7538D108E77058B127A3AA37B22EB371838EE340E369294479542DDCE83C778F69E09F81A32989A0A076BAA246748F6370F6C8817EF7808200DCF3A2CCA3685F
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="ensurepip . Bootstrapping the pip installer" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/ensurepip.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/ensurepip The ensurepip package provides support for bootstrapping the pip installer into an existing Python installation or virtual environment. This bootstrapping approach reflec..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/ensurepip The en

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\enum.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1642), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):134213
                                          Entropy (8bit):4.858690507682703
                                          Encrypted:false
                                          SSDEEP:1536:MqyjMEo8+ejdKOfyFwPyFDyFjyFLyQpyFMSSKdQQKd6KsJ/K7BKoy8KBvm+vamRc:sUSquSwCcg
                                          MD5:6B60A38752B58F29E8EB41C507B3F569
                                          SHA1:039BB3E8AC8C37959F5136006F629803BF9F99D2
                                          SHA-256:AF12D061C36DF6BFA11ECB4F09B04D54905CE833F8C4ACF5D3712F8AEA0DCA35
                                          SHA-512:8225714BB24D967E911AFA2EC0FAF2344CD47DF048830CDE820CBA54BC7203013B6FE45DFD3A345DB3CDB7E7F922B75DECF2E23398CA294B9859D86D7B31E691
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="enum . Support for enumerations" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/enum.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/enum.py Important: This page contains the API reference information. For tutorial information and discussion of more advanced topics, see Basic Tutorial, Advanced Tutorial, Enum Co..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/enum.py Important: This page cont

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\errno.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):67896
                                          Entropy (8bit):4.966046470016359
                                          Encrypted:false
                                          SSDEEP:1536:YqytMLkM+uK+m41Dkie8cj6a7KwoC8a+bVS6IexIAt5HBUVEmV2ozKKvGMUCLgvP:K3xSOg
                                          MD5:6B2C7080D3F614527CF0E970EC1FED4B
                                          SHA1:C64A8E814E0E7DB7AF3A14E0F8B73DE43399B08E
                                          SHA-256:848F3E68CB7BC176A8893ACA2A1EC23041B5DE31649FA2517C335C61338F2229
                                          SHA-512:21C6AB57E66EB210F40C8D13B0C2F93F14AD47714E26AE0C33C2643F05FF17A87D9F04E7648FF977E02448C2B548D5A8C1A49B42048C3981489BF22B835A689D
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="errno . Standard errno system symbols" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/errno.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module makes available standard errno system symbols. The value of each symbol is the corresponding integer value. The names and descriptions are borrowed from linux/include/errno.h, which sho..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module makes available standard errno

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\exceptions.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (831), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):138580
                                          Entropy (8bit):4.867264789857405
                                          Encrypted:false
                                          SSDEEP:1536:GqycM+c400wl9j2odK+O6sbNHWn5fjqkeMXcmjx3VNAOkRJLOlOq0ZwvuVuyorxr:g4mAKO/mDLd1FT03uuBPhZg
                                          MD5:79F9AE4AEF34509520DA6C3B16FA2BC8
                                          SHA1:D09B848CE23AB33941E6771F0FA1F4F542EB576C
                                          SHA-256:D4B4D30B5BA1F9B4984DC138586AA937E8165165D929964D51B98CD23C00E557
                                          SHA-512:530FCDE6E1FA5DDF5FB892DE74EF654585A524066BF9622854512E2DDA86E974B6D8E03FCF62045B5B35D29F5A7884031FD03AF1BA41E4992AD9AEE30063299A
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Built-in Exceptions" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/exceptions.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="In Python, all exceptions must be instances of a class that derives from BaseException. In a try statement with an except clause that mentions a particular class, that clause also handles any excep..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="In Python, all exceptions must be instances of a class tha

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\faulthandler.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1013), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35400
                                          Entropy (8bit):4.879439358392856
                                          Encrypted:false
                                          SSDEEP:768:b9qy8x6b3M4GfwgayeSyTskayeSyTf5bvRE5tAyYlyeLyYsS6y6O3lyeSyTiyYDD:RqybMLwgayeSyTskayeSyTRbvRE5tAy7
                                          MD5:18FAADA8E7563D702F7F0E433AEDE2EF
                                          SHA1:9ACFCDB845D37C381CFC84F3F5651F373EBEE05A
                                          SHA-256:504F32624D6C449059DC42E4FB015CACF483B41A976C96301DBF9EF3617618D3
                                          SHA-512:5D1B194980D10D88A5854CB3F115157E47595AE79FD2D9862DEBD40C01B95255487158D8D0CDB3B413C6C7DFC63E779F8BA1DAE554BD68803FDED0E6B13B354A
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="faulthandler . Dump the Python traceback" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/faulthandler.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module contains functions to dump Python tracebacks explicitly, on a fault, after a timeout, or on a user signal. Call faulthandler.enable() to install fault handlers for the SIGSEGV, SIGFPE, ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module contains functions to

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\fcntl.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1027), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):42878
                                          Entropy (8bit):4.871755029766351
                                          Encrypted:false
                                          SSDEEP:768:kqydI7MKvEmrTyLpp52mSTyLmyTqQ4WmKAkmrsyLLyL7yL4IWoJ2PfSspP/M276g:kqyeMKvEmrTyLh2mSTyLmyT14WmKAkms
                                          MD5:2C6C1C813CE817A92A63B3634ADEC98A
                                          SHA1:47569E3FC5F80BFC8B11649A1F9ADE61AD8B6B03
                                          SHA-256:9BD6C2F3F0C169527F42CE26E509C9A83D539594D5D8EBA761A1B223364A5480
                                          SHA-512:A59194896D5FAAE04DC644C5A449D6CD1DCAC77EB8F7733354E43A58D3896A55392D76E43A394AE43453BDD24A1197DADF59088D42DF2E54E0B6D737FE582D29
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="fcntl . The fcntl and ioctl system calls" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/fcntl.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module performs file and I/O control on file descriptors. It is an interface to the fcntl() and ioctl() Unix routines. See the fcntl(2) and ioctl(2) Unix manual pages for full details. Availab..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module performs file and I/O contro

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\filecmp.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (925), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35978
                                          Entropy (8bit):4.855969954926961
                                          Encrypted:false
                                          SSDEEP:768:/qyYZkMHNftrHyTakmE+HyTzXZuxh1yFDyFXlOIXFJViW6dSgGVZ+Wie0yMm764N:/qyLMHNftrHyTakmE+HyTzXZuxh1yFDk
                                          MD5:F880D197B4F7C2A455E6D862E196FD34
                                          SHA1:8B6ADAF716F750F660DAB4D28428BC137B76E49B
                                          SHA-256:8C30A35BE87C02FBD3B2EDEAD49B3FDB880A6B4928E470CDB3BE95080BC4867E
                                          SHA-512:EE6BED6FC6586A238A26F8AB05EADE391B87B5724A6D52AF99A4948921EC7FE35BA7877148CB22D3886E6359248AF6651BF91DAC39882570C12742A184F9AA47
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="filecmp . File and Directory Comparisons" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/filecmp.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/filecmp.py The filecmp module defines functions to compare files and directories, with various optional time/correctness trade-offs. For comparing files, see also the difflib modul..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/filecmp.py The filecm

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\fileformats.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17150
                                          Entropy (8bit):4.859808767931285
                                          Encrypted:false
                                          SSDEEP:384:cYXHX1PHqklUBf1nKTMJGMFXlucBabnoTMf76dqEC:cYXHX1PqyUBNoMJGMFXlucBUGMf764N
                                          MD5:7E08C069AAB4708BD53AD851DE343F79
                                          SHA1:44AF3B54996A0825281790070EBB186E18971B30
                                          SHA-256:8EC5ED18D72FA8AA3A3CF81887B906F9685D60CB0AD665D777DFEA67847DD34A
                                          SHA-512:E7D93178F11C06A0F40388A6E96113B65D38B719DF743EADDBAF9B9BC187B37E8C8DED9166163B743CBA8D6B955340DD50FE7A3E613221D4F5A579115466DAF1
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="File Formats" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/fileformats.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter parse various miscellaneous file formats that aren.t markup languages and are not related to e-mail. csv . CSV File Reading and Writing- Module Contents, Diale..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter parse various miscella

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\fileinput.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1839), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):44047
                                          Entropy (8bit):4.808418283601582
                                          Encrypted:false
                                          SSDEEP:768:ZDnDRqyAmvMnerYntyFFyYFylwMyVoyFWyF4yFgIlyJWdi2gYrV3mVNkzSfAo5tJ:ZDnDRqyhMnerYntyFFyYFylwMyVoyFWn
                                          MD5:BEC2CA2E0637B3449BFB38C6F30B26DB
                                          SHA1:4B02DA7F716BCD7A20BFEB0D29211F9513359917
                                          SHA-256:64E97BB80AB686CA9356A62B62D775180C981093E873D518B5A76CB4B9766E06
                                          SHA-512:A223A6BFE7802544644136F77C464255176A3909BD9E5DA28214B703520C87FE921EEA0648A5BFB38361FB5AAD50ECC8C604DB8F5B2BB7148B2B5577E2B409C8
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="fileinput . Iterate over lines from multiple input streams" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/fileinput.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/fileinput.py This module implements a helper class and functions to quickly write a loop over standard input or a list of files. If you just want to read or write one file see open..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/f

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\filesys.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):20088
                                          Entropy (8bit):4.837450611378838
                                          Encrypted:false
                                          SSDEEP:384:1R+HqklpoTndTMBK1ifmcI5QtFnBTMH76dqEC:6qypEJMk16hXFMH764N
                                          MD5:DC8F6309B4A918AEA9FA6CC43B38061D
                                          SHA1:EE72A996A29D1398D738F6D8C3446039C5669A9C
                                          SHA-256:C418BBBA9266EBCFAFB7C891619C721BCB1A143396943CF47A1D035230584A96
                                          SHA-512:607124AAD33A62F737D73E66FDCC09467E063DC3DCB42CBF9ED82F6643AA93B2443DE15CCB97E5B215D2D7D7BC7A767C7A9DDB02AB42A5474E408A5F19DD2E52
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="File and Directory Access" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/filesys.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter deal with disk files and directories. For example, there are modules for reading the properties of files, manipulating paths in a portable way, and creating te..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter deal with disk fi

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\fnmatch.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (482), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25074
                                          Entropy (8bit):4.852987366700852
                                          Encrypted:false
                                          SSDEEP:768:cqyZRcMjUfCb2/Qmb2Tte2a8/RX6IXmKMR764N:cqy8MjUfCb2/Qmb2Tte2a8/RX6IFMR75
                                          MD5:042EB394DE9A01CEBFBE37BAB489975F
                                          SHA1:502608DD88DC2AEA941D57103D0B43530671E9A6
                                          SHA-256:CEC46B608167CCFCB621B5FDBB8EE043BE8CF9D4FF3762B8A96C5E050A85F64F
                                          SHA-512:976E2D1D1FA8F8D7EBBFA471168FA7388A6B0FA094B9C5A48002CF7C8897AF31D1AE3F51D381BF8C2BE1CE5383D17FC06ED783E35BBF35F1432B1A0DAF4E8CC6
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="fnmatch . Unix filename pattern matching" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/fnmatch.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/fnmatch.py This module provides support for Unix shell-style wildcards, which are not the same as regular expressions (which are documented in the re module). The special character..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/fnmatch.py This modul

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\fractions.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (781), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):47127
                                          Entropy (8bit):4.854827344342425
                                          Encrypted:false
                                          SSDEEP:768:fqyGGyMnPpJyLbyQLpRHpMHphHptanZ8gm7V2PdEuAg/KwJPyId1Xj2t/qF1/vvv:fqyEMnPpJyLbyQLpRHpMHphHptaZ8gm2
                                          MD5:59A5EC67CC0C8AF8D5FF04EF018838B7
                                          SHA1:380CB7A5CA3D3787A95F5CADB1F93AC5CAD96E84
                                          SHA-256:BC00A4B09274F89275CCA195640142E132D7D7AB56B7300346555E650188E2CD
                                          SHA-512:87046E6CC6A83B7ACB75DBAE6DBBD459CFC5E32F82089F2D1F00D2CE0D924CFF16D5F2BD243D93FB8E6896503103CC17D06507537DCD070FFCD8C6D1B5B325E4
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="fractions . Rational numbers" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/fractions.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/fractions.py The fractions module provides support for rational number arithmetic. A Fraction instance can be constructed from a pair of integers, from another rational number, or ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/fractions.py The fractions modu

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\frameworks.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21021
                                          Entropy (8bit):4.844666260667148
                                          Encrypted:false
                                          SSDEEP:384:x5mSHqklxSUNTnUTM8qo4ovvzXgor16bw/wpRT2p6iGqgL+19G30WW1Nqbde41f0:x5mmqyxSeTaMq4ovvzXgor16bw/wpRT8
                                          MD5:EAA5A6521F4BFC30649CD07B011162FE
                                          SHA1:3968CE8E823FE064D5AD90106674BBAACB2861DB
                                          SHA-256:F05422DF22E78A4369D8266469F9904E9D711008D16A991CE6554D469DD092BB
                                          SHA-512:5D0D287CB19A735E60EA7309E3F66E2833A3370CBD11EECADE276438F1904FC9DC0563B673FB7C4240636CCC0F0A31D0D90394B8E9128FAA4080F6F47FE7B8A5
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Program Frameworks" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/frameworks.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter are frameworks that will largely dictate the structure of your program. Currently the modules described here are all oriented toward writing command-line inter..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter are frameworks that w

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\ftplib.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2026), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):84045
                                          Entropy (8bit):4.901624467105177
                                          Encrypted:false
                                          SSDEEP:1536:eoQqy3MYZki1ZOyloyl5ylcyl4yFByFwWyboklR98nOylQyL4yFByF3MHyvyE5yM:UbAMY54/pKix/mfb4Xg
                                          MD5:2CB6BE1222C85716E1D5BA023453AC27
                                          SHA1:AD160948B0A5A87E50D51F23C8EA12633AB52314
                                          SHA-256:C67966FD4EC915E225FB94A3D644F50A0B2739164C7729B2A8DF75C47E5CD9C7
                                          SHA-512:CDC82C4DBF0BC1B57CE1A118F5D242E4054E651952C40D0AC975BE8BC2B8F87D7811A9E0464307CBE61676DA0E01AC00104EF47EC6C3BBAE1F84F0E6FCBC9F5B
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="ftplib . FTP protocol client" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/ftplib.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/ftplib.py This module defines the class FTP and a few related items. The FTP class implements the client side of the FTP protocol. You can use this to write Python programs that pe..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/ftplib.py This module defines the

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\functional.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):15347
                                          Entropy (8bit):4.8135345958398315
                                          Encrypted:false
                                          SSDEEP:192:W9hSrt0KHqkX1vI8MEMgRnCTMbeBu1Kc8My6vnATMbTA76dqEC:lHqklEIRnCTM3NvnATMQ76dqEC
                                          MD5:D45C1B5A2012F92B4557F6C70FD3FDD5
                                          SHA1:F04F6A5FB4CB9F4A869AC83BF4AFAEA77A50A1F6
                                          SHA-256:AC778320E21EA6DBB1670F19985CB18B825020631DC3896D30B48CD7C791DBD2
                                          SHA-512:8186E44465CF39B023876C09A804E3A2BA34DF42C8792B9D878275FBDA6E1FE88DB44D8F6A015BF867453DB6AD5F7F0C02DEEBF403868076571064D5E8BEF8A6
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Functional Programming Modules" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/functional.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter provide functions and classes that support a functional programming style, and general operations on callables. The following modules are documented in this ch..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter provide f

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\functions.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1053), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):286586
                                          Entropy (8bit):4.78357008364324
                                          Encrypted:false
                                          SSDEEP:6144:oaSYI4EDbLEg82J4/TXBqOskfUv+0geZgzMex3GuAg:jFgg
                                          MD5:AAE9F3BBE01EE0BBA4615FA4758291B4
                                          SHA1:CBF79406F09CF2226BCC2F74EAFC610964595047
                                          SHA-256:6622285402EA97634E7BA0C86B69DE1ECF2F1DCA20AF1CDFCD289E0C7530F5C4
                                          SHA-512:A26239CDD172F7FBE9A8B10C4870D4AEB403AC03A2610679340FB5AFD67C59C4F596DF71EAD2F006D9D068E6363A2624853DEE2CD9E42991B1BB8BC40A41CA76
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Built-in Functions" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/functions.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The Python interpreter has a number of functions and types built into it that are always available. They are listed here in alphabetical order.,,,, Built-in Functions,,, A, abs(), aiter(), all(), a..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The Python interpreter has a number of functions and types b

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\functools.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (836), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):103994
                                          Entropy (8bit):4.750026363716834
                                          Encrypted:false
                                          SSDEEP:1536:qqyLMkCnxW7t/nVOGqrOMCLnjWHnjtySzyYlgWcXr/RiPqnQISGO/wHoaMLijO/L:J/Fir/qlFzTB4Dc2Bjfg
                                          MD5:B5705466606E99C426D019847D63EB56
                                          SHA1:8C046655FFB4F20CDB1CE4DF4D2D476594C07376
                                          SHA-256:7D3A314A05B7D53D74292EFBA56F7FAE533117B0FEDF227FC797693AF97923B5
                                          SHA-512:C0F3B88D9D4F1CA45BC0FBDFA697070246005833CE7EAFEACCC9E06E3A3DC17CC317AE39AD22FD99657F1FE20411B5389ABE9D8F1E3D9FB23CAC094D67350411
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="functools . Higher-order functions and operations on callable objects" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/functools.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/functools.py The functools module is for higher-order functions: functions that act on or return other functions. In general, any callable object can be treated as a function for t..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\gc.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (688), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):46073
                                          Entropy (8bit):4.8908009138961495
                                          Encrypted:false
                                          SSDEEP:768:kqy/8eMqTM0kgbRGw1+y1NHJGLvE+yFCfwIj9+/tDYvNkNEGxeNEx6e3jCMa3yqE:kqyPMqdkgbRGw1+y1NHJGLvE+yFCf5jy
                                          MD5:F6604DBFA0E5DCEC04B6AEA5485FF282
                                          SHA1:C585F531FF26DD92E3BEEC12387DA2BAC3AECB2D
                                          SHA-256:A41F02F1F421BF6C81D60F91ABC3E56231ED0557F434814B5A6F35A8E69D2150
                                          SHA-512:36AA78EAB284FEE6D23FB82096AC6D25186ADB5D25A49031FFCAE84EFA708E67B890216C35B87CF349849468B6159755008748320D7AEA03A8F6BC560AC4C655
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="gc . Garbage Collector interface" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/gc.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module provides an interface to the optional garbage collector. It provides the ability to disable the collector, tune the collection frequency, and set debugging options. It also provides acc..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module provides an interface to the optional g

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\getopt.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (668), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):33101
                                          Entropy (8bit):4.8746403640785365
                                          Encrypted:false
                                          SSDEEP:768:8Lluqy0h4d4MoPhnTVFqBzryHDTvBfBzryHkjk/a3VPFp4RroM1ehFdWMho764N:1qy4M+XqBzryHDNfBzryHra3VPFp47LN
                                          MD5:3E05B4F0E5B863031DC41E1CF61EC15B
                                          SHA1:2F86B49247AC2DCF8B696DA14CD720D5A5537EAC
                                          SHA-256:8C1C8606224A9F2AE64062F3900EB5EBD1E34E1218568969D582064C16C38A40
                                          SHA-512:8AFA5C60EC75EED83D5A9A1511A8FBC318AD7AB3A8A73A732BBFEC6ED08119022E4F52001F26483B48068327D9955AD68E58498ADCBCC7158518592BA4DDA5BD
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="getopt . C-style parser for command line options" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/getopt.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/getopt.py This module helps scripts to parse the command line arguments in sys.argv. It supports the same conventions as the Unix getopt() function (including the special meanings ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/getopt.py This

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\getpass.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (726), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):19840
                                          Entropy (8bit):4.864209036032106
                                          Encrypted:false
                                          SSDEEP:384:S75Q3HqklJcO2AneTMfbveyiy1LyF5QM9U5aC3gIIscL2QnsTMO76dqEC:SQqyey0Mfqyiy1LyF+M9U5hpEDCMO76g
                                          MD5:6D33B70CE34D073BB9206D8AD10D317C
                                          SHA1:24FB8A7A1E530BC366F1C107AC9186DA2701298B
                                          SHA-256:9F0A673A2E3DFF33845F18E1C9A0CA4C412BFDE3BCA5422C4D4DB0FA221FF1B2
                                          SHA-512:558E2364C746E1BC15D71304DEFD4F92A73A9F3B2F391663ED20A8F92533A6C8A678BA1E9741836CECEE4F57B7383F187442E31CE0F6CE94293C9EE66F79F89C
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="getpass . Portable password input" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/getpass.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/getpass.py Availability: not Emscripten, not WASI. This module does not work or is not available on WebAssembly platforms wasm32-emscripten and wasm32-wasi. See WebAssembly platfor..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/getpass.py Availability: not

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\gettext.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1185), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):90104
                                          Entropy (8bit):4.818547349990621
                                          Encrypted:false
                                          SSDEEP:1536:50Pqy4MkkAeXwOyFQneYwyFDegpSeQwM0eqNdlDe6w6dlUes5MLecwwMLeC56dlU:UvkAPlt2Qg
                                          MD5:62B1D43354C16369C689700E83B0E1EE
                                          SHA1:E1852AF5ADE3AF59894000CEE04C92D5D1A2EF03
                                          SHA-256:38124BEC8C9D3550451E1449452DA16CE8FE13E93D7A8C7B4A26A49C60AFA470
                                          SHA-512:CD4E552FDABF0B800DD1E52A92DF34D476EEFAF9B19E6BEAEDFBA63B6A77D079B6235A9F8CB2CDB8D14EE625D2AB2D73B889160E898441183E4A10B9CC049C46
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="gettext . Multilingual internationalization services" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/gettext.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/gettext.py The gettext module provides internationalization (I18N) and localization (L10N) services for your Python modules and applications. It supports both the GNU gettext messa..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/gettext.p

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\glob.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1253), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):31712
                                          Entropy (8bit):4.869134159123385
                                          Encrypted:false
                                          SSDEEP:768:tqyyIZMaMBUw7yF5yFnyYKyY4baUw7yF5yFnyYKyYMCIUUxalrVMU764N:tqyfMaMBUw7yF5yFnyYKyY4baUw7yF5X
                                          MD5:1ED141EF9C481119353295B23B418CCA
                                          SHA1:4326C92F9677D21CBB7B36C5381906F463CFCD1C
                                          SHA-256:61914825CECF034098F65C896DDCA11356081B34F61864CEC93E4D017EF6E49F
                                          SHA-512:910E5A88991EF654AE466CFEB5DEAA14B838C21DC6CF02881B57BB303F32502EDAC81BBCB2756C4B6B715E827FB55E9DD7A0D2886E54DA802CF626E5EC69735D
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="glob . Unix style pathname pattern expansion" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/glob.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/glob.py The glob module finds all the pathnames matching a specified pattern according to the rules used by the Unix shell, although results are returned in arbitrary order. No til..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/glob.py The glob mod

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\graphlib.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (705), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):38722
                                          Entropy (8bit):4.872058825751321
                                          Encrypted:false
                                          SSDEEP:768:0qySxaMXxf2yF9CKEsfyCQUw8wkXKybqbdNh4yG4xDrmUoMs764N:0qy/MXxf2yF9eZ58wkXKybqbdNh4yG4W
                                          MD5:F60B39D49E74DEC8E04D4CDBD990FCB6
                                          SHA1:9499DCBE0B012BC5467043D0CEEBC83551C7578E
                                          SHA-256:5AC62AB7211257B81D89CE3DBE439D32E38EE02FB486EBF06953B14B82683312
                                          SHA-512:5A51CC3F6E8FE7CC397DD5A69FC3BF43E9E607CB2408032ED9F5DAF02CA1F1B3F742305CC385A3240DC46F273D61A0899A95AEEDC1127A0B4833A6352FBB3D29
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="graphlib . Functionality to operate with graph-like structures" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/graphlib.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/graphlib.py Exceptions: The graphlib module defines the following exception classes:" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/graphlib.py Exceptions: The graphlib module defines the following exception classes:" />..<meta p

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\grp.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (379), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):19413
                                          Entropy (8bit):4.874461183200731
                                          Encrypted:false
                                          SSDEEP:384:NvDHqklMognLbTMm7xhsFbJ+YbXV/AtwnLXTM/76dqEC:VqyMRLMGsFbMYbXV/A6PM/764N
                                          MD5:E1C2DDA36F072143E2D50BC9319D51B1
                                          SHA1:9D008A871F295215A7A277AC6F4346C94E82A3A4
                                          SHA-256:96801D4111183829FFEE979E3C9046B0E1EDBE1E929E75E88F982CAD4C65D9C5
                                          SHA-512:CFE6C60F7E62544864BA108C7E7A42D8C1A2B40B638533AB7B6B8AAE12B38C9B0BBEC1F43AAF13BE5FDC75A03F8854BD3DC86FC8C2B64BE11554DF31919001C2
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="grp . The group database" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/grp.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="This module provides access to the Unix group database. It is available on all Unix versions. Availability: Unix, not Emscripten, not WASI. Group database entries are reported as a tuple-like objec..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="This module provides access to the Unix group database. It

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\gzip.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1361), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):52124
                                          Entropy (8bit):4.856058971067127
                                          Encrypted:false
                                          SSDEEP:1536:TIeqyZMDJ0N+LVMy1Ry4WyF4yFfyFXO02fhVyFMyFRy48yF9yFyJdQ/vU0swjkR7:TIN0VOaJV0s93zdKg
                                          MD5:5B90D4F478F1504F6CF6AE4434BBB4C2
                                          SHA1:7CB090CF90CB9DF7E135D445E6BEEC8D5E8EB909
                                          SHA-256:3D928FA141F317D6D4F9B20D7EC4CF5C7FEFA57150F17795A8F7B9EF6AC1A8EA
                                          SHA-512:FD2E93A1E322ABFEE7A569C72C1945D7B915236C4053CA71F48964F3E7A5C14039C2FEEFCC82CD04A46BE7F73A125EA99FA7A3569A8A632D50E70019224D7B4C
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="gzip . Support for gzip files" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/gzip.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/gzip.py This module provides a simple interface to compress and decompress files just like the GNU programs gzip and gunzip would. The data compression is provided by the zlib modu..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/gzip.py This module provides a simp

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\hashlib.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2929), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):118878
                                          Entropy (8bit):4.92483938635293
                                          Encrypted:false
                                          SSDEEP:1536:s0/qyICMTyHEF4yhV9bwC2w2rhC2JGhC2bJhC23AhC2Q4hC2pZhC2cnhC2HuhC2w:pEF4bhcMZF9y+Lg
                                          MD5:D7A76E1592ABB7C49D22D0D1881682DD
                                          SHA1:1650D55F3195A4E73B0A4D3B48980F3E410BEAF2
                                          SHA-256:043735B987BEEF16AA332A40C99090E1D1754A1AD468A23F2E3C9F2B38D09CD5
                                          SHA-512:7EDDBED38539F3A0F64AE2AC2ADB14FDBAF69AF03C9BD21507A1863533919C2F496AC232A6B0862F4BF5BBF713D2A609455C5B5752970E9CEE12B1D322CAC15A
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="hashlib . Secure hashes and message digests" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/hashlib.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/hashlib.py This module implements a common interface to many different secure hash and message digest algorithms. Included are the FIPS secure hash algorithms SHA1, SHA224, SHA256,..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/hashlib.py This mo

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\heapq.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (819), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):46795
                                          Entropy (8bit):4.823614692394706
                                          Encrypted:false
                                          SSDEEP:768:XN6qywhgMTCZyFmc7KmE+mcI7Ou5mcwerNPMyF9yYQqmpIoNQNMyFCRwQNMyFCrN:XN6qy7MTCZyFmc7KmE+mcI7Ou5mcwer7
                                          MD5:B4257C10CD94A210396EA3125065C377
                                          SHA1:B684CAF945B2255995BDA97E8DE44E6B3B75C5A8
                                          SHA-256:FF2E9C4190AC78102E9AC6E01D87FF08BBB00C5E27C3DD0C8B8F5610118E5B94
                                          SHA-512:A01E6F72DF8015B4157995D666EBB0C35A42C6D9FE673F39B53D2345F70FEB4272EF9CB84F3B11A750E2D49AC4C23B1BE9BAB217202B9210F397C2685287D180
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="heapq . Heap queue algorithm" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/heapq.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/heapq.py This module provides an implementation of the heap queue algorithm, also known as the priority queue algorithm. Heaps are binary trees for which every parent node has a va..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/heapq.py This module provides an im

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\hmac.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (538), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):27922
                                          Entropy (8bit):4.89335304965376
                                          Encrypted:false
                                          SSDEEP:768:Tt5Tqy9KIVgMBeC1951Xvez5aDNOX+zYx+YBifvtMucJjxhvfPK97eMJ764N:Tt1qymMBeM951XWz5aDNOX+zQ++ifvtZ
                                          MD5:96DBA7846B63A0BAFDF41E8355FEDD1D
                                          SHA1:F37F68D598C017AAC01302A03B9A03B09F583E00
                                          SHA-256:4DD2B94F2B9F3EF20BFB6A9F6CF5E81F48ED467C14EDD64137A592E1B04CD26C
                                          SHA-512:9E9A30BD3E33C9F7DEA9664232D609454752A81136ECBECF781D3FF5006F2E09A7575AE9AC61AB7F0E2CB035C92E0559B9CDD0335A138E486885689366F84D8E
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="hmac . Keyed-Hashing for Message Authentication" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/hmac.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/hmac.py This module implements the HMAC algorithm as described by RFC 2104. An HMAC object has the following methods: A hash object has the following attributes: This module also p..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/hmac.py This modu

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\html.entities.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (640), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):18355
                                          Entropy (8bit):4.877458045607415
                                          Encrypted:false
                                          SSDEEP:384:NesefHqklZ5AnGTMDb//yxQHEf/5dJIvIEQnUTM976dqEC:wqyZOsMDD/kKEf/5d8INaM9764N
                                          MD5:4C7776E9E7ACA3AC364C718823B2B73D
                                          SHA1:F9C207E5721E0A066F6ED2E81BF875AA7E5D02E7
                                          SHA-256:1FC23805044B6F5A1EF0F5F12CC3EEA580E08788A8E77E63A2EB203350D132FA
                                          SHA-512:B4C2CB882896312F4309A0A428D3AEE042105B7C21A8F2C688C25B3F7A0BEB58C0FFDA7EE00C5D1FAF4C75FF14D11F16FC67954296E33F46601F02BEA62A1666
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="html.entities . Definitions of HTML general entities" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/html.entities.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/html/entities.py This module defines four dictionaries, html5, name2codepoint, codepoint2name, and entitydefs. Footnotes 1, See https://html.spec.whatwg.org/multipage/named-charact..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/htm

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\html.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (566), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):18049
                                          Entropy (8bit):4.885097470622452
                                          Encrypted:false
                                          SSDEEP:384:SbaAMHqklg4gnhTM72bNIXvyT3BDXPVuSi2t9wn1TMf76dqEC:Nqyg/lM72hIXvyTxDXq2tSxMf764N
                                          MD5:B2AE803E16390CD76DB7AB0A759A5793
                                          SHA1:F711B038A268DFDF0CDD1D92042CFE6D0503C95F
                                          SHA-256:E3B1459781141A7EC079325325D2F9FCCD81A36C2F7CC8A5212996B648D2A536
                                          SHA-512:E86E6273F531DC4EACA8CCC61C01A8A25D1E4E35C8DC9DDCEBFD90B87EDA2897B6504BB75CCEDB2F1453098F9C494D8F992B629FA0E7D7677F6719E19131F55C
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="html . HyperText Markup Language support" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/html.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/html/__init__.py This module defines utilities to manipulate HTML. Submodules in the html package are: html.parser . HTML/XHTML parser with lenient parsing mode, html.entities . HT..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/html/__init__.py Thi

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\html.parser.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (679), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):52119
                                          Entropy (8bit):4.896710486684326
                                          Encrypted:false
                                          SSDEEP:1536:FqyvMb22ohNFyTB93Dx1DrkPxfJIoFuCS+8K37/KKpK3kck/SbbnbgrkZc09HkaY:02GbRtg
                                          MD5:69A30E1CA83F5BC055323111C0467DC7
                                          SHA1:63E9209EB73358D940A47352AB630313CE0F4282
                                          SHA-256:F656FEE4AEC13FEB97EA4E78B131E03BED9829E15560BA3C9A1951B43E2D426C
                                          SHA-512:4322E488A214BCCF4E3369D196C844FEE5AF9485FE7D4E3EA682C85FF9518F5BA86F01F88AAAA4D966B77846810DE697FC75F747AE8DA6668F474313152EC3C4
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="html.parser . Simple HTML and XHTML parser" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/html.parser.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/html/parser.py This module defines a class HTMLParser which serves as the basis for parsing text files formatted in HTML (HyperText Mark-up Language) and XHTML. Example HTML Parser..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/html/parser.py

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\http.client.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1162), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):96712
                                          Entropy (8bit):4.868298213412328
                                          Encrypted:false
                                          SSDEEP:1536:Oqy0MpAPOzRTwHnJeOzZRTTwTQMgyLiyFuyFS1CS2JDc7gFYzqLyD9iNlYrnUUQu:fz+/7astk+g
                                          MD5:FE6D7FE608F38D6CC96B1380934B9124
                                          SHA1:BC869635CC4A0129264601AF336142EB9544ECEC
                                          SHA-256:E01DECE484EF11449CE1C84C5F76E03FB0BCEBE8DD2BC1217D8A6F2A4834DB20
                                          SHA-512:C13751C38DBB704088241BAB21A0C29506E76965A3FAAD2BAD29ABC1E74B12E125843FD880F1294AECECEDF4A05D70BFB11A0778E8021EDB693E55FECAD7B23E
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="http.client . HTTP protocol client" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/http.client.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/http/client.py This module defines classes that implement the client side of the HTTP and HTTPS protocols. It is normally not used directly . the module urllib.request uses it to h..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/http/client.py This m

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\http.cookiejar.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3177), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):120763
                                          Entropy (8bit):4.872603536181286
                                          Encrypted:false
                                          SSDEEP:1536:tFWqyqMRVNFwOyF0OVyFcyFFyFmD71OIyFNyF4yT6yYhyFkyYByYZyTbyYVyVDyN:E9T+gsg
                                          MD5:DDB9A0D2CB8DB6188C78F1F98122A65F
                                          SHA1:3F780648937ADFF3629472990529C9E585E3BF91
                                          SHA-256:8BD896E3B090EE756C31199778D3BFF2F55BFC0A9F868F59778671D9F29E662C
                                          SHA-512:007499B0697E85050F3A3A7D4DE175BBBCACDA2563E7ACD616E9633E27C8ABF165A5903837D61603F6EB9DD572E9EFC81DCB3ECAE0CF8BA044EEAD79D1126ABA
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="http.cookiejar . Cookie handling for HTTP clients" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/http.cookiejar.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/http/cookiejar.py The http.cookiejar module defines classes for automatic handling of HTTP cookies. It is useful for accessing web sites that require small pieces of data . cookies..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/htt

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\http.cookies.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (913), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):53890
                                          Entropy (8bit):4.88981106022121
                                          Encrypted:false
                                          SSDEEP:1536:Bu/Tqy71M4AyXNkNfXNf3hA/hS2qyF+y43y5wjuqyFO7QLJtQ/YQcTUrf1eHGR86:BumhMg
                                          MD5:B332088170D1EEE411D691CC08020B7A
                                          SHA1:85B7BFD51B5600CA178BC4AA9469C34CB0C65FA3
                                          SHA-256:2F7AE29D084D5D4B5EE497D64B1F68B7EE799D78F6B2FD94B69E6F2293009D58
                                          SHA-512:9AC2A58BDE5C157DC5ED7A40DDD679AC4551E0FDF40C3BC2EF632AAD3B1D1F2D44878E350D508A85DB784DE4D04F9AFB4394670505DC3491291C52314D36F75B
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="http.cookies . HTTP state management" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/http.cookies.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/http/cookies.py The http.cookies module defines classes for abstracting the concept of cookies, an HTTP state management mechanism. It supports both simple string-only cookies, and..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/http/cookies.py The

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\http.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (530), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):61093
                                          Entropy (8bit):5.023143483850098
                                          Encrypted:false
                                          SSDEEP:768:BIqycsth1M5XlFzVg5MPW/j0s+G4hnFgqlnslOLurkZhnORzAaMp5haa/K3RGYVQ:mqylM51FzfGLJciuJuTl0K64MF764N
                                          MD5:5983607967974C0D9E7E129959DF0FC9
                                          SHA1:104E56C7616D3886E50B8B64D68DC520A0B19A4A
                                          SHA-256:DB6B4926007C650C2335C49C5C7AEFC025317C32308499DF9B0CDFECAC0537E4
                                          SHA-512:5E256589B970FA32B6CEBA2AA94D3C5521DC4C0A5AF64501757D6C99779235121C02421D5CAAEE1CACE54E1E28AD03E0D1AAD89920B4817C382837CAF0C6F0B5
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="http . HTTP modules" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/http.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/http/__init__.py http is a package that collects several modules for working with the HyperText Transfer Protocol: http.client is a low-level HTTP protocol client; for high-level U..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/http/__init__.py http is a package that colle

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\http.server.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (880), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):80894
                                          Entropy (8bit):4.894574401186496
                                          Encrypted:false
                                          SSDEEP:1536:IqyiMLPBWQMWj4MWrdXzYjtzcTSkdoxnwv0JUz7lgYwswo5MyF0yFY5MyFu5O959:6mTJLlI/+g
                                          MD5:ED991EAEA3B656EE347985E7FE462E3F
                                          SHA1:2049D24BD99E072E2B74CB59F7FF7E81DBD8CC54
                                          SHA-256:A4DFD9D59FEF83D0657D97899275938F7555AAA5094D112AFA75E89A8AAAF0B2
                                          SHA-512:C1C11A9DB4A14F7BCD58EEAFC711526DA6E140F4EB0C838BCD843446AE5526E5B98BA8702F21556F128D568CE55BAA2E1E5CC94416F373018A3B38D3AC9B4ECF
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="http.server . HTTP servers" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/http.server.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/http/server.py This module defines classes for implementing HTTP servers. Availability: not Emscripten, not WASI. This module does not work or is not available on WebAssembly platf..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/http/server.py This module defi

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\i18n.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (373), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):16626
                                          Entropy (8bit):4.833648833563167
                                          Encrypted:false
                                          SSDEEP:192:WrxPrtZKHqkX1vLMpMgVnQTMbnvnMu4xMfGkeGOvGCp1Md67nmTMbWvA76dqEC:JHqklgBVnQTM+vJB9+c7nmTMt76dqEC
                                          MD5:CDDBCD253EEAFC19BD74AC270E213B16
                                          SHA1:A6C786A81DF4B32606D42C89B0620DBE9E728499
                                          SHA-256:A2C28E340A696104468201CD2E820040F82DD703D089C8F02A3F740057FD0DF6
                                          SHA-512:EC83E57A159DD08F6AAB5C48DC19EB83F05B3E2C3D965D82B57FB07367A1176EBAC663811BF0935B675B2653B85F9F677E5799D5A323523749C97BA602F77DE3
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="Internationalization" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/i18n.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="The modules described in this chapter help you write software that is independent of language and locale by providing mechanisms for selecting a language to be used in program messages or by tailor..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="The modules described in this chapter help you write software t

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\idle.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (705), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):80986
                                          Entropy (8bit):4.888731271890979
                                          Encrypted:false
                                          SSDEEP:1536:5RqyXMVs+0P2wQFuMj5F5xCfi2oMD764N:1VvQFuMT5M6g
                                          MD5:5BD7795423044CFC8EF11A3D5FA076A2
                                          SHA1:1635AFC72B8BD6DE84B5C6CDF196DDF3D136BD03
                                          SHA-256:F20D853F9EE0FA0C746FA659312E581A2646ECD43A073BEBFEB4226675C1B1AE
                                          SHA-512:128C02FB587E24DC068C01B2012228984DC2C08F239092B3EE6A98E75351B045589777B85842656F6F2E2700D3B06500513062736DAAD6F0BB9FF32846566515
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="IDLE" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/idle.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/idlelib/ IDLE is Python.s Integrated Development and Learning Environment. IDLE has the following features: cross-platform: works mostly the same on Windows, Unix, and macOS, Pytho..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/idlelib/ IDLE is Python.s Integrated Development and Learn

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\imaplib.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1257), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):91683
                                          Entropy (8bit):4.873080608078685
                                          Encrypted:false
                                          SSDEEP:1536:eqyGMX3uOylQy+4yF2QXtVPl/d2DOylQylw5yF4yFmFPYupYLCq9DgXS+fHqgjME:mty3jp/pwGt3dg
                                          MD5:0628E5042238749111EBD4D6BC626DA3
                                          SHA1:074EE59462EFE6839006B10ED44F971C51E25525
                                          SHA-256:1CF1875A5D85D939596E47048A7834013B0793BAD365DFC16FDAC78DA54C9C41
                                          SHA-512:36A18FAEBD86E8909AF750F1DF45D8F552D0487DC3BAE71CC57F1BAA8F4C49E8776C014E76AD083396D6EA03006021CACE6B84FFB9414C5518EBC34653804278
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="imaplib . IMAP4 protocol client" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/imaplib.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/imaplib.py This module defines three classes, IMAP4, IMAP4_SSL and IMAP4_stream, which encapsulate a connection to an IMAP4 server and implement a large subset of the IMAP4rev1 cli..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/imaplib.py This module defines

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\imghdr.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (565), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21171
                                          Entropy (8bit):4.879354342923177
                                          Encrypted:false
                                          SSDEEP:384:LLfHqkliCenPTMLbT9r5aPyFull5nuDgn9nWw6XP6nrTMM76dqEC:/qyiFLMLlr5aPyFilFustWdXiPMM764N
                                          MD5:6A037C0B5C2D746F1447E309C0E4BEED
                                          SHA1:43203E23C8047F211D6BDA7C3A0D861B41AB1B4A
                                          SHA-256:AA2C21D3FB5B1FA36B74257B2F4778B347344E11CA2CED662A5429A0E218A0C6
                                          SHA-512:3E6B63640E929274B8C2FDE9D4B05DC76A7E0E4B4798EBA41682E93011240143AF4F61F9C45F70EB42796C6A19AC61A23BD3CAA083621261E43A6020893AEC81
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="imghdr . Determine the type of an image" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/imghdr.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/imghdr.py The imghdr module determines the type of image contained in a file or byte stream. The imghdr module defines the following function: The following image types are recogni..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/imghdr.py The imghdr mo

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\importlib.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1173), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):219226
                                          Entropy (8bit):4.834481671051082
                                          Encrypted:false
                                          SSDEEP:6144:e42C0qj5zal3pY5mkXj1R8rB34my6efnpWSoUoDR4YE1X8mi7d1Axmo1Ppg:e42QN1i1+g
                                          MD5:090CED58BE5C63F1ED88529C2F50A395
                                          SHA1:095C4391481C610A67C5A24ED70C13AA35031B21
                                          SHA-256:36A995E628129605E24980301843DB00943F6DC4481A40870D494079B99487B6
                                          SHA-512:3577A7BEFCF0C53332F9FAD5C70402E524E5C28E13BBEB7139FAC6A4C21E7C0A00A604ACEE5216F3DD70383A7FA48C3D9A52F07D181B6724ED0291E9C7250C37
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="importlib . The implementation of import" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/importlib.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/importlib/__init__.py Introduction: The purpose of the importlib package is three-fold. One is to provide the implementation of the import statement (and thus, by extension, the__i..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/importlib/__init__.

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\importlib.metadata.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (714), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):53581
                                          Entropy (8bit):4.92383773046078
                                          Encrypted:false
                                          SSDEEP:1536:iqy0Mxofos3KhLpIJBmvW9hDxE78b7uWFYeR9M5764N:tzn9rYofg
                                          MD5:7CBDC1D6A895670C44B6FDFEE82FF3BB
                                          SHA1:9C10828F61A3D9BF22BA57E28593E67A4902E4E1
                                          SHA-256:27A2DF8367513F410F773F4A2D3CB9EC64DC7F8AAE2DFE68E977CF756B393511
                                          SHA-512:E5D406A02AFA7B75F2725B98299FC1C1F785FFD6B94A4812567A354E391369B9E8EE7319942057040235E34C91345C561637AAA94AD8E74339C1931F4B2D30F8
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="importlib.metadata . Accessing package metadata" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/importlib.metadata.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/importlib/metadata/__init__.py importlib.metadata is a library that provides access to the metadata of an installed Distribution Package, such as its entry points or its top-level ..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/imp

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\importlib.resources.abc.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (765), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):33614
                                          Entropy (8bit):4.866272606551949
                                          Encrypted:false
                                          SSDEEP:768:oqyPrCMT1YJ8m+0kZ0SbUe5Ni4gkz84N8eJybiCkp/yVwHo1SyMtyFqTqlCQMT75:oqyWMT1YJ8v0kZ0SbD5Ni4gkz84N7JyU
                                          MD5:DD69A4B8E90261EFE8B490243AD2822A
                                          SHA1:C89C61C3A0A499D8E651DC8DB61F806591AD96B5
                                          SHA-256:A2DA351385CE4B35BB58967F1054EE5FCBC68FCE2257F89294C54EF18FEA7CC5
                                          SHA-512:B4AD2D9C6E62D19A1EA556AFBB2988D594BAE9F9E52FAFF193E58713A9C916D730172D998BC81FBA38BA46D329816829528DCF143955E8CB96032BEEB68F4574
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="importlib.resources.abc . Abstract base classes for resources" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/importlib.resources.abc.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/importlib/resources/abc.py" />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" content="Source code: Lib/importlib/resources/abc.py" />..<meta property="og:image:width" content="200" />..<meta property="og:image:height" content="200" />..<meta na

                                          C:\Users\user\AppData\Roaming\windows\Doc\html\library\importlib.resources.html

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (996), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):43075
                                          Entropy (8bit):4.823396392997468
                                          Encrypted:false
                                          SSDEEP:768:P+Cqy3BJMJtXf2zoB8ZqsbXlAhWbgLMDS7trpS7Wyb4ymVe/DS795pS7Wyb4ymu/:P+CqyLMJtXf2zoB8ZqsbXlAhWbgLMDSw
                                          MD5:89289EACF879D4AE1AFA09A4B222D762
                                          SHA1:D3D9D8F4211E5E815C77DAB550A90B55C98951BE
                                          SHA-256:1C2F98C4620E37D534672497A3AF49115D44C3D09C5B1FDEBECA0218E7D8899C
                                          SHA-512:A71D9122802139674D206AB3A1428E00A3AF9E034C1144548D3411E31E32FF69865897C45D8FC0A2699AB988563B3E337E97612DBE467E4CA9A0B0753206C886
                                          Malicious:false
                                          Preview:<!DOCTYPE html>....<html lang="en" data-content_root="../">.. <head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />..<meta property="og:title" content="importlib.resources . Package resource reading, opening and access" />..<meta property="og:type" content="website" />..<meta property="og:url" content="https://docs.python.org/3/library/importlib.resources.html" />..<meta property="og:site_name" content="Python documentation" />..<meta property="og:description" content="Source code: Lib/importlib/resources/__init__.py This module leverages Python.s import system to provide access to resources within packages. .Resources. are file-like resources associated with a m..." />..<meta property="og:image" content="https://docs.python.org/3/_static/og-image.png" />..<meta property="og:image:alt" content="Python documentation" />..<meta name="description" con

                                          C:\Users\user\AppData\Roaming\windows\Lib\_aix_support.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4129
                                          Entropy (8bit):5.054915225610184
                                          Encrypted:false
                                          SSDEEP:96:1086w0VnCwE4/o5I2Wqpt8u/GqhqCbuwAknVbRo61RmT+se8R2HR7:10G0VVoW+GqI4uwfnVbRo2Rk4R7
                                          MD5:41F88833D549197CEC2C7B52CB9D651E
                                          SHA1:F01590397FAFAEBC2F6273BE125C02D518D7A3B5
                                          SHA-256:4BBEDE7FC7B15C30DD3CDD54F40347DD21F9B6E65D1CA38BF831A7B50D456583
                                          SHA-512:5CB991A99CA16B6137BADED771B736090F6F25ED885B35B1F681F4964F0C503867CB1ECCD05CF25F5DCF537898878430F53B051CA197A870B050BF992721BA8F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""Shared AIX support functions."""....import sys..import sysconfig......# Taken from _osx_support _read_output function..def _read_cmd_output(commandstring, capture_stderr=False):.. """Output from successful command execution or None""".. # Similar to os.popen(commandstring, "r").read(),.. # but without actually using os.popen because that.. # function is not usable during python bootstrap... import os.. import contextlib.. fp = open("/tmp/_aix_support.%s"%(.. os.getpid(),), "w+b").... with contextlib.closing(fp) as fp:.. if capture_stderr:.. cmd = "%s >'%s' 2>&1" % (commandstring, fp.name).. else:.. cmd = "%s 2>/dev/null >'%s'" % (commandstring, fp.name).. return fp.read() if not os.system(cmd) else None......def _aix_tag(vrtl, bd):.. # type: (List[int], int) -> str.. # Infer the ABI bitwidth from maxsize (assuming 64 bit as the default).. _sz = 32 if sys.maxsize == (2**31-1) else 64.. _bd = bd if b

                                          C:\Users\user\AppData\Roaming\windows\Lib\_collections_abc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):33255
                                          Entropy (8bit):4.57321505202262
                                          Encrypted:false
                                          SSDEEP:768:IOPxpq3OCTN1Ewkx023y0SuqlTWbbYXxeF6tTgA/rTNq4UBR2npWtvVUCloh:lPxPCTqYh4kNpivVUCloh
                                          MD5:B10776F4C7D732CED7BD8A708E642CF3
                                          SHA1:964C2AF043BC4023F844497EBAEE379D9575FFEF
                                          SHA-256:C3454744BF6B649F19E91CA1411E88FFD608E86F58375F3F8CEE5CA53473E331
                                          SHA-512:AB64E37BBCE55D483EC48E3D87F54128048587DDED0C9A73E6584EE81EE60A30AA477AC5981A344ACD803CE4D7B024350ED32771C9E8D37A751F34DDC55F360C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:# Copyright 2007 Google, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Abstract Base Classes (ABCs) for collections, according to PEP 3119.....Unit tests are in test_collections..."""....############ Maintenance notes #########################################..#..# ABCs are different from other standard library modules in that they..# specify compliance tests. In general, once an ABC has been published,..# new methods (either abstract or concrete) cannot be added...#..# Though classes that inherit from an ABC would automatically receive a..# new mixin method, registered classes would become non-compliant and..# violate the contract promised by ``isinstance(someobj, SomeABC)``...#..# Though irritating, the correct procedure for adding new abstract or..# mixin methods is to create a new ABC as a subclass of the previous..# ABC. For example, union(), intersection(), and difference() cannot..# be added to Set but could go into a new ABC that extends Se

                                          C:\Users\user\AppData\Roaming\windows\Lib\_compat_pickle.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9013
                                          Entropy (8bit):5.071668224051392
                                          Encrypted:false
                                          SSDEEP:192:jX+gYVVcndom2qXur3co6d/f1OlQcrG5EbhqRbRq:T+gYVVcnrkco6d/f1OlQcC5ES1q
                                          MD5:4373F824346A53ECD29028BEF4655F56
                                          SHA1:88727AA744742F6C1C528C92DAA928C84933D995
                                          SHA-256:10C81E8803CFFAAC8BDF085CD01EA948C3ADFA32263B2D452BAFD5B5519410F6
                                          SHA-512:4032ABD13CB607F3D018B41D1B62EBB57195A54D0ED0F7E1F3D32BCA565A1D837BCA75E8E032296ADC25C9A1BB07C0AA77EB696DACEE2EC5065A49EDF7798A28
                                          Malicious:false
                                          Preview:# This module is used to map the old Python 2 names to the new names used in..# Python 3 for the pickle module. This needed to make pickle streams..# generated with Python 2 loadable by Python 3.....# This is a copy of lib2to3.fixes.fix_imports.MAPPING. We cannot import..# lib2to3 and use the mapping defined there, because lib2to3 uses pickle...# Thus, this could cause the module to be imported recursively...IMPORT_MAPPING = {.. '__builtin__' : 'builtins',.. 'copy_reg': 'copyreg',.. 'Queue': 'queue',.. 'SocketServer': 'socketserver',.. 'ConfigParser': 'configparser',.. 'repr': 'reprlib',.. 'tkFileDialog': 'tkinter.filedialog',.. 'tkSimpleDialog': 'tkinter.simpledialog',.. 'tkColorChooser': 'tkinter.colorchooser',.. 'tkCommonDialog': 'tkinter.commondialog',.. 'Dialog': 'tkinter.dialog',.. 'Tkdnd': 'tkinter.dnd',.. 'tkFont': 'tkinter.font',.. 'tkMessageBox': 'tkinter.messagebox',.. 'ScrolledText': 'tkinter.scrolledtext',.. 'Tkconstants':

                                          C:\Users\user\AppData\Roaming\windows\Lib\_compression.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5843
                                          Entropy (8bit):4.312570122004757
                                          Encrypted:false
                                          SSDEEP:96:ArOasdGagyvLQOAj+pPbO6bf/Zvlf0rwazuza6:eOasdbtlb/fcrwazuza6
                                          MD5:F75E9299E14E9B11FD7DAE94D061253E
                                          SHA1:6025D13A35D283496DC83444366FE93E22B03B61
                                          SHA-256:A10CF1A317374641BCDB8252499E9CB9D4D6E774AC724EDFDDDD0433EAD771D9
                                          SHA-512:BEE88E9C44A2477E7679F47F414FF8327AD06EF4E81D65405A1D55E9684040838C9F30F3F0A35FF0C5A7E850B858FE83E48734BE7EA171A1F5DBB75FB45A2FB7
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""Internal classes used by the gzip, lzma and bz2 modules"""....import io..import sys....BUFFER_SIZE = io.DEFAULT_BUFFER_SIZE # Compressed data read chunk size......class BaseStream(io.BufferedIOBase):.. """Mode-checking helper functions.""".... def _check_not_closed(self):.. if self.closed:.. raise ValueError("I/O operation on closed file").... def _check_can_read(self):.. if not self.readable():.. raise io.UnsupportedOperation("File not open for reading").... def _check_can_write(self):.. if not self.writable():.. raise io.UnsupportedOperation("File not open for writing").... def _check_can_seek(self):.. if not self.readable():.. raise io.UnsupportedOperation("Seeking is only supported ".. "on files open for reading").. if not self.seekable():.. raise io.UnsupportedOperation("The underlying file object "..

                                          C:\Users\user\AppData\Roaming\windows\Lib\_markupbase.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):15049
                                          Entropy (8bit):4.144690404366886
                                          Encrypted:false
                                          SSDEEP:384:hJdW3aalUU2IJWEY4tokA+jFW/tFoak6iExy/LemE/9ueOU:hJRalUU2IJWIo+jEFGaw1iN
                                          MD5:2DFE8125174DDC3D0694E41EB8489C58
                                          SHA1:EF097AC9988D1E06BE47D771008B53797682156D
                                          SHA-256:914361CF055D5D2E1B69A2603A5C94B22DEDB987D72CE9F791AFEC0524718F28
                                          SHA-512:E5657D6619EA50AEE6051808F5C153B75438C97231010F898D9884937C7370241C4C41FA695B002D1AEA0489994F4FD96D3ADE037ECF30D761A99019F9E1E043
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""Shared support for scanning document type declarations in HTML and XHTML.....This module is used as a foundation for the html.parser module. It has no..documented public API and should not be used directly....."""....import re...._declname_match = re.compile(r'[a-zA-Z][-_.a-zA-Z0-9]*\s*').match.._declstringlit_match = re.compile(r'(\'[^\']*\'|"[^"]*")\s*').match.._commentclose = re.compile(r'--\s*>').._markedsectionclose = re.compile(r']\s*]\s*>')....# An analysis of the MS-Word extensions is available at..# http://www.planetpublish.com/xmlarena/xap/Thursday/WordtoXML.pdf...._msmarkedsectionclose = re.compile(r']\s*>')....del re......class ParserBase:.. """Parser base class which provides some common support methods used.. by the SGML/HTML and XHTML parsers.""".... def __init__(self):.. if self.__class__ is ParserBase:.. raise RuntimeError(.. "_markupbase.ParserBase must be subclassed").... def reset(self):.. self.lineno = 1..

                                          C:\Users\user\AppData\Roaming\windows\Lib\_osx_support.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22602
                                          Entropy (8bit):4.723979551934765
                                          Encrypted:false
                                          SSDEEP:384:KEQb8Fu0jFaUTj065gw4DehE58J+pPSUbjaMVqnV6sxlVItVnCfvQY+y1q6NT:KB8Fu0jFaYj0sgve81pP3SAYE2
                                          MD5:09B076187C2B59E07F5C46CF47B03DE7
                                          SHA1:26C2EDF625F3FEB5C6FBFE95646F3C861BB61033
                                          SHA-256:B72A3C3EC5AEF4C8B67A27482DC5730F6CA0A1F763C73D7F5EDD37B7A180AABB
                                          SHA-512:BA12EA788469813D7FFCC0F6E8CCB89943ECDAECC6C7CA6DD53C43351B7CB191A7AFC6DA62C0DB62037F97B4F31787644239E7C56488F948D4F86977F6C46843
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""Shared OS X support functions."""....import os..import re..import sys....__all__ = [.. 'compiler_fixup',.. 'customize_config_vars',.. 'customize_compiler',.. 'get_platform_osx',..]....# configuration variables that may contain universal build flags,..# like "-arch" or "-isdkroot", that may need customization for..# the user environment.._UNIVERSAL_CONFIG_VARS = ('CFLAGS', 'LDFLAGS', 'CPPFLAGS', 'BASECFLAGS',.. 'BLDSHARED', 'LDSHARED', 'CC', 'CXX',.. 'PY_CFLAGS', 'PY_LDFLAGS', 'PY_CPPFLAGS',.. 'PY_CORE_CFLAGS', 'PY_CORE_LDFLAGS')....# configuration variables that may contain compiler calls.._COMPILER_CONFIG_VARS = ('BLDSHARED', 'LDSHARED', 'CC', 'CXX')....# prefix added to original configuration variable names.._INITPRE = '_OSX_SUPPORT_INITIAL_'......def _find_executable(executable, path=None):.. """Tries to find 'executable' in the directories listed in 'path'..... A string listing dir

                                          C:\Users\user\AppData\Roaming\windows\Lib\_py_abc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6336
                                          Entropy (8bit):4.398612520141537
                                          Encrypted:false
                                          SSDEEP:192:tChBz2a5ZMoU3JhZqwCtb4kmAp0PT5L7AH4/kt/E/StLp/kL/5:tChtjgJhZZKb4qH/7O
                                          MD5:E9F2D6D09F06D7E0772B74B32759881C
                                          SHA1:6E4A2145565B7B9436CB7DB5CF18FA97E9B3BEE0
                                          SHA-256:8F790C97331A66EA442964314843F7CC8863FB3D9B899183F6D02598D4361A5C
                                          SHA-512:D3D22D17387A04B79AB54C7F71E994A075AB309057A8F98A3972E0F17535C4D905342D282ECF3D1A8A99351BBC8AEC207E7E277B0377255572153A80EFBB07A6
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:from _weakrefset import WeakSet......def get_cache_token():.. """Returns the current ABC cache token..... The token is an opaque object (supporting equality testing) identifying the.. current version of the ABC cache for virtual subclasses. The token changes.. with every call to ``register()`` on any ABC... """.. return ABCMeta._abc_invalidation_counter......class ABCMeta(type):.. """Metaclass for defining Abstract Base Classes (ABCs)..... Use this metaclass to create an ABC. An ABC can be subclassed.. directly, and then acts as a mix-in class. You can also register.. unrelated concrete classes (even built-in classes) and unrelated.. ABCs as 'virtual subclasses' -- these and their descendants will.. be considered subclasses of the registering ABC by the built-in.. issubclass() function, but the registering ABC won't show up in.. their MRO (Method Resolution Order) nor will method.. implementations defined by the registering ABC be callable

                                          C:\Users\user\AppData\Roaming\windows\Lib\_pydatetime.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):94740
                                          Entropy (8bit):4.486813729670233
                                          Encrypted:false
                                          SSDEEP:1536:a9IQYbeLy7YOd9BF87J6lQ3r6yZeUE/v0B11YwHYX:a9IQYS2YOdm7J2lyMUhc+s
                                          MD5:6A6D2E4E3731246BA2EC11BFB0B8AA6E
                                          SHA1:38672C2367F40B470B68900453A9B154DD052EF2
                                          SHA-256:5D59A58B96462239916D5E3F24A161BEC46A70D7CB12C21C7BD14B39B46AEAD1
                                          SHA-512:C003A47EC209F925230ABAA969B6D0202F0CEB7B36F338BB38A95F8EFE95846AA180636AE916638B8F79361B50826283404117FD9E2D5E5B05C772F342C684BA
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""Concrete date/time and related types.....See http://www.iana.org/time-zones/repository/tz-link.html for..time zone and DST data sources..."""....__all__ = ("date", "datetime", "time", "timedelta", "timezone", "tzinfo",.. "MINYEAR", "MAXYEAR", "UTC")......import time as _time..import math as _math..import sys..from operator import index as _index....def _cmp(x, y):.. return 0 if x == y else 1 if x > y else -1....def _get_class_module(self):.. module_name = self.__class__.__module__.. if module_name == '_pydatetime':.. return 'datetime'.. else:.. return module_name....MINYEAR = 1..MAXYEAR = 9999.._MAXORDINAL = 3652059 # date.max.toordinal()....# Utility functions, adapted from Python's Demo/classes/Dates.py, which..# also assumes the current Gregorian calendar indefinitely extended in..# both directions. Difference: Dates.py calls January 1 of year 0 day..# number 1. The code here calls January 1 of year 1 day number 1. This is..# to match the

                                          C:\Users\user\AppData\Roaming\windows\Lib\_pydecimal.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):235645
                                          Entropy (8bit):4.563560590127949
                                          Encrypted:false
                                          SSDEEP:6144:fPpNAkfLyemfbPcKcNZuUxOapxHPfm+LymnEvD:HvxPA
                                          MD5:6B5437EA2015E0F1F0CFBB24D18842AB
                                          SHA1:2328558422C867B7BF586435989AABE164E9422C
                                          SHA-256:B4DE5BF447E53FD324EC33A95D32193C1B7DD12B375481566CF25AC2D348F869
                                          SHA-512:6AB6CBC1E262512D34991BB68FEE9F8C33D887107EA1B2EDCEF005F06B33E4D1A2B0D812A0DF0456D8352148D65B601D9ACCD6660C3B5C3F5413F712858779E2
                                          Malicious:false
                                          Preview:# Copyright (c) 2004 Python Software Foundation...# All rights reserved.....# Written by Eric Price <eprice at tjhsst.edu>..# and Facundo Batista <facundo at taniquetil.com.ar>..# and Raymond Hettinger <python at rcn.com>..# and Aahz <aahz at pobox.com>..# and Tim Peters....# This module should be kept in sync with the latest updates of the..# IBM specification as it evolves. Those updates will be treated..# as bug fixes (deviation from the spec is a compatibility, usability..# bug) and will be backported. At this point the spec is stabilizing..# and the updates are becoming fewer, smaller, and less significant....."""..This is an implementation of decimal floating point arithmetic based on..the General Decimal Arithmetic Specification:.... http://speleotrove.com/decimal/decarith.html....and IEEE standard 854-1987:.... http://en.wikipedia.org/wiki/IEEE_854-1987....Decimal floating point has finite precision with arbitrarily large bounds.....The purpose of this modul

                                          C:\Users\user\AppData\Roaming\windows\Lib\_pyio.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):96291
                                          Entropy (8bit):4.364506935988488
                                          Encrypted:false
                                          SSDEEP:1536:viNtkV5SO52T4fWEai+6wsWB/5bjQsngmRAUd:viNtkr5SuWEai+6bWp5bjLgmR5
                                          MD5:9511989045D3247243E25A31B64B259A
                                          SHA1:800A8C327F47BCC41F0724162C00B7FE8E29D0E2
                                          SHA-256:3A2AAF9CFFB2FD7CF4F27DB0B8C16160C08FBA69D55C7237865C9C9D7BB92444
                                          SHA-512:DB0D4AEC0F57EF2E43A235E8A23BD503966346CB717AAEF963D2E0796025133508F623AD1E6E80CF84D388008E73196AF02BD4C209F089CE09C827D24CD440DF
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""..Python implementation of the io module..."""....import os..import abc..import codecs..import errno..import stat..import sys..# Import _thread instead of threading to reduce startup cost..from _thread import allocate_lock as Lock..if sys.platform in {'win32', 'cygwin'}:.. from msvcrt import setmode as _setmode..else:.. _setmode = None....import io..from io import (__all__, SEEK_SET, SEEK_CUR, SEEK_END)....valid_seek_flags = {0, 1, 2} # Hardwired values..if hasattr(os, 'SEEK_HOLE') :.. valid_seek_flags.add(os.SEEK_HOLE).. valid_seek_flags.add(os.SEEK_DATA)....# open() uses st_blksize whenever we can..DEFAULT_BUFFER_SIZE = 8 * 1024 # bytes....# NOTE: Base classes defined here are registered with the "official" ABCs..# defined in io.py. We don't use real inheritance though, because we don't want..# to inherit the C implementations.....# Rebind for compatibility..BlockingIOError = BlockingIOError....# Does io.IOBase finalizer log the exception if the close() method fails?

                                          C:\Users\user\AppData\Roaming\windows\Lib\_pylong.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9332
                                          Entropy (8bit):4.649641793285662
                                          Encrypted:false
                                          SSDEEP:192:ibiuRsd32//Cs0uRC7F6Uq/WRTus50sMEE4EDkaq71uqhCkiu66V:ibiuRc3uR+oct5TSknRxCnc
                                          MD5:210849258B55A6D3D5174A928D20D355
                                          SHA1:C3C7B26339C20AC1FE5570AA3E936C5C6BDC27C6
                                          SHA-256:998AAA9A183839BEB0582E98B1C5C8BD061B4706A4C54A1F5F42388D60DE9968
                                          SHA-512:9B432E4DBCE50759C067DA26A5FC5984B08E25A8D1545246EED4C851C9C319A1C2FC3700D7C7866C523FA4C1927F058067A404775B916D0B2C783E13202B1F29
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""Python implementations of some algorithms for use by longobject.c...The goal is to provide asymptotically faster algorithms that can be..used for operations on integers with many digits. In those cases, the..performance overhead of the Python implementation is not significant..since the asymptotic behavior is what dominates runtime. Functions..provided by this module should be considered private and not part of any..public API.....Note: for ease of maintainability, please prefer clear code and avoid.."micro-optimizations". This module will only be imported and used for..integers with a huge number of digits. Saving a few microseconds with..tricky or non-obvious code is not worth it. For people looking for..maximum performance, they should use something like gmpy2."""....import re..import decimal......def int_to_decimal(n):.. """Asymptotically fast conversion of an 'int' to Decimal.""".... # Function due to Tim Peters. See GH issue #90716 for details... # https://github

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6058
                                          Entropy (8bit):4.513858440536954
                                          Encrypted:false
                                          SSDEEP:96:VHdpCpI/qD2Q0pU8F6fdaLcbkCN/yRMffWL1+rpOc6i7AYS2kEJl+iKaN6w1AD4:XpCpIPpHEN/yYi1+NOc6IAYS2kEXR6wr
                                          MD5:EA0E0D20C2C06613FD5A23DF78109CBA
                                          SHA1:B0CB1BEDACDB494271AC726CAF521AD1C3709257
                                          SHA-256:8B997E9F7BEEF09DE01C34AC34191866D3AB25E17164E08F411940B070BC3E74
                                          SHA-512:D8824B315AA1EB44337FF8C3DA274E07F76B827AF2A5AC0E84D108F7A4961D0C5A649F2D7D8725E02CD6A064D6069BE84C838FB92E8951784D6E891EF54737A3
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Standard "encodings" Package.... Standard Python encoding modules are stored in this package.. directory..... Codec modules must have names corresponding to normalized encoding.. names as defined in the normalize_encoding() function below, e.g... 'utf-8' must be implemented by the module 'utf_8.py'..... Each codec module must export the following interface:.... * getregentry() -> codecs.CodecInfo object.. The getregentry() API must return a CodecInfo object with encoder, decoder,.. incrementalencoder, incrementaldecoder, streamwriter and streamreader.. attributes which adhere to the Python Codec Interface Standard..... In addition, a module may optionally also define the following.. APIs which are then used by the package's codec search function:.... * getaliases() -> sequence of encoding name strings to use as aliases.... Alias names returned by getaliases() must be normalized encoding.. names as defined by normalize_encoding().....Writ

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5810
                                          Entropy (8bit):5.5773136395655305
                                          Encrypted:false
                                          SSDEEP:96:lvoHIYGspF3e06Q0Yhs6Yjz/6kVXfOmhfKYnjkwVY5tT6pl02TYbXigaKSDVRoM/:pYLpFkYy6GXVKYnjkwaDeX0Za/pACJh
                                          MD5:C6E7A320BCD3CFD93EEAAD2DED5441DF
                                          SHA1:CB3042A4B3B2CD86A96F4B575B09E03DAD602855
                                          SHA-256:D153F7CDA31B3D8C18391A725FE09B4101C7DB519962FF43F6A7CDF35BEE2E75
                                          SHA-512:5FAC090E3958A4A80C7CC46272E71DB13FB5DFC924C5FC7B6CA657754B763E60C66B31636522AA4C11A3F2A8CB2CBCB2A12375B5406FD1AE14138AD58FCF34E3
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...i.Z.d.Z.d.g.Z.e.j...................Z...G.d...d.e.e.........Z.d...Z.d...Z...e.j...................e...........e.j...................d.k(..r.d...Z...e.j...................e...........y.y.).a2... Standard "encodings" Package.. Standard Python encoding modules are stored in this package. directory... Codec modules must have names corresponding to normalized encoding. names as defined in the normalize_encoding() function below, e.g.. 'utf-8' must be implemented by the module 'utf_8.py'... Each codec module must export the following interface:.. * getregentry() -> codecs.CodecInfo object. The getregentry() API must return a CodecInfo object with encoder, decoder,. incrementalencoder, incrementaldecoder, streamwriter and streamreader. attributes which adhere to the Python Codec Interface Standard... In addition, a module may optionally also define the following. APIs which are then

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\aliases.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):12428
                                          Entropy (8bit):6.120577664996768
                                          Encrypted:false
                                          SSDEEP:192:UX2eNkBweGfGkueKm+I14Xqb36RhOgaxL8PZm+/Qnu1isWk2lEfBN2ckAaq1Ya1i:UXG0buenU6uHc+HeOfj2fUYxCwZuiBD
                                          MD5:7372093B1CBC7046B9C6AC739F9D6663
                                          SHA1:64ECC1EDAE4722F1D14427CA35191CA0E0DBB7D3
                                          SHA-256:74ED63EBDFC392A7E54A91AF451D65617BD3F02FFB72EB54515840BDB5786FE9
                                          SHA-512:A54E14044E304D15F26D8F33531A2EE54DEC461E8DBD797A6039477F111E6BAE9A628BCD7C89C668171EC59BDAC0564A1D4C5481DEF1A2FC2CA929897D1B0F0D
                                          Malicious:false
                                          Preview:...........fd?..............................d.Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d...d!d...d"d#..d$d#..d%d#..d&d'..d(d'..d)d'..d*d'....i.d+d,..d-d,..d.d/..d0d/..d1d2..d3d2..d4d5..d6d5..d7d8..d9d8..d:d;..d<d;..d=d>..d?d>..d@dA..dBdA..dCdD....i.dEdD..dFdG..dHdG..dIdJ..dKdJ..dLdJ..dMdN..dOdN..dPdN..dQdN..dRdS..dTdS..dUdS..dVdW..dXdW..dYdW..dZdW....i.d[dW..d\d]..d^d]..d_d]..d`da..dbda..dcda..ddde..dfde..dgde..dhdi..djdi..dkdi..dldm..dndm..dodm..dpdq....i.drdq..dsdq..dtdu..dvdu..dwdu..dxdy..dzdy..d{dy..d|dy..d}d~..d.d~..d.d~..d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d....

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\cp1252.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3154
                                          Entropy (8bit):5.14567685045668
                                          Encrypted:false
                                          SSDEEP:48:8+kM1qr1Ye1SXqGbL2JSZpxkTBcArETpmD1l/c4WqDfLTTLTDfLTTp6HbDHbBjXt:Rko0Y/64Gu7kTiArwcDIjCf33Pf396nf
                                          MD5:C6645129EFC049EE6D1AD50C09224E68
                                          SHA1:20228BCC34D8812C4CE05AF8602C40CADD33EB24
                                          SHA-256:B5F99CEC3E8C2DF4BBA976BD7E5BDF5CEB075EC8F6D1D9B127F71ED98A50A124
                                          SHA-512:68D1F06B40CA015090F76BE95B9035B7B461F106800CBC1CC36AEFB2E4136FA1D43A7566798DBC29DA964AE18F6A2D73B249941207C627EC2D3434E7E973636D
                                          Malicious:false
                                          Preview:...........f.5..............................d.Z.d.d.l.Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.e.j...........................Z...G.d...d.e.e.j...........................Z.d...Z.d.Z...e.j...................e.........Z.y.).zv Python Character Mapping Codec cp1252 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP1252.TXT' with gencodec.py........Nc...........................e.Z.d.Z.d.d...Z.d.d...Z.y.)...Codecc.....................8.....t.........j...................|.|.t.................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .;C:\Users\V3NOM0u$\Desktop\python312\Lib\encodings\cp1252.py..encodez.Codec.encode................$..$.U.6....A..A.....c.....................8.....t.........j...................|.|.t.................S.r....).r......charmap_decode..decoding_tabler....s.... r......decodez.Codec.decode....r....r....N)...strict)...__name__..__module

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\cp437.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13304
                                          Entropy (8bit):5.605884729333868
                                          Encrypted:false
                                          SSDEEP:192:Famku5TnFk+xNkeyV7UihlYdOEczj+JFnHookioJR1GTnGRtFyz7nRAXE2JHFtoj:ggFRo5ydOBQokEkTnG0HRA0y8T
                                          MD5:014BC5CA81701BD56DF9E87C157CB81B
                                          SHA1:6477516323060CC1C1BE55E0A10EC467E248394A
                                          SHA-256:859F5E659CB0BB1CD8AD95CD9045550D9610777D26A4F9B841106A238CCB3586
                                          SHA-512:DF7DD33F75A64E0126CA701D2454C4C4BAA56B0A5433B727DB76A83147F99B0991C65B3DF541CB896D9B6D82BB4DB0BC618D6D2D88C0BDA73A3A87A6BA64712B
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.e.j...........................Z...G.d...d.e.e.j...........................Z.d...Z...e.j.....................e.d.................Z.e.j...................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d&..d'd(..d)d*..d+d,..d-d...d/d0..i.d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF..dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR....i.dFdS..dHdT..dUdV..dJdW..dXdY..dZd[..d\d]..d^d_..dYd`..dadb..d`dc..dddQ..deda..dfdg..dhdi..djdk..dldm....i.dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..d[d|..dgd}..dcd~..dbd...d.d...d]d...d.d...d.d...d.d...d.d.....i.d,d...d.d...d4d...d.d...d.d...d0d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...dWd...d.d...d.d...d.d.....i.d.d...dBd...d.d...d.d...d.d...d.d...d.d...dDd...d.d...d.d...d.d...d.d...dPd...d.d...d.d...d.d...d.d.....i.d2dr..d.d...d$d..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\idna.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9936
                                          Entropy (8bit):5.127123878546738
                                          Encrypted:false
                                          SSDEEP:192:PwW06OECxoHAdT3MI+O+vZ31l8ji88u8nyPb:YW06DglhAh8Sd+
                                          MD5:71E77333D79B373D658447E18F1705CA
                                          SHA1:734979CA7518975FC1C5071DAFF544CC101A0465
                                          SHA-256:A0F5287FAD9E91D3D38D9F450CDCCB2B92F3FCA51118224A7C4147B936B3EC03
                                          SHA-512:8619A747E99D42D42E8390278A3C3EF8B26331641762007493001A2BA38CB49587905CD6A221AA214CB98195FEC8D31B9F4725938B8E45F96E00D0B66042868B
                                          Malicious:false
                                          Preview:...........f+'........................B.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....e.j...................d.........Z.d.Z.d.Z.d...Z.d...Z.d...Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.e.j"..........................Z...G.d...d.e.e.j$..........................Z.d...Z.y.)......N)...ucd_3_2_0u....[....]s....xn--z.xn--c.....................F.....g.}.|.D.]<..}.t.........j...................|.........r...|.j...................t.........j...................|....................>..d.j...................|.........}.t.........j...................d.|.........}.|.D.]...}.t.........j...................|.........s.t.........j...................|.........s.t.........j...................|.........s.t.........j...................|.........sjt.........j...................|.........sUt.........j...................|.........s@t.........j...................|.........s+t.........j...................|........

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\__pycache__\utf_8.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2167
                                          Entropy (8bit):4.642222860927488
                                          Encrypted:false
                                          SSDEEP:48:6XaXgOHi/6XHApxkMEyzxe15tGPYD+Pw6t2Vj:IawOHQ2HA7kMlVgiwx
                                          MD5:920FCE43B709A089699C17FC429764CE
                                          SHA1:369BCFB71F06E1E3C8A9663350318604084307EC
                                          SHA-256:B9DD2D8680F26D1BADF5BFD204923E6574F113C1F93C9A247362698CBAFEA79B
                                          SHA-512:150F5E8A61FD4C129C4926E9D2F3B1855424983FDC35919995B72D4366B799F042BB9BB2390CEB9AAF807400AB48B2A3CBAC2FE01387B839974F4DEBF48C452B
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.Z.e.j...................Z.d.d...Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z.d...Z.y.).z. Python 'utf-8' Codec...Written by Marc-Andre Lemburg (mal@lemburg.com)...(c) Copyright CNRI, All Rights Reserved. NO WARRANTY........Nc.....................0.....t.........j...................|.|.d.........S.).NT)...codecs..utf_8_decode)...input..errorss.... .:C:\Users\V3NOM0u$\Desktop\python312\Lib\encodings\utf_8.py..decoder........s................u.f.d..3..3.....c...........................e.Z.d.Z.d.d...Z.y.)...IncrementalEncoderc.....................H.....t.........j...................|.|.j...........................d.....S.).Nr....).r......utf_8_encoder....)...selfr......finals.... r......encodez.IncrementalEncoder.encode....s..........."..".5.$.+.+..6.q..9..9r....N).F)...__name__..__module__..__qualname__r......

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp737.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35379
                                          Entropy (8bit):4.616163070442315
                                          Encrypted:false
                                          SSDEEP:384:VmDXpX8Jytkjh4wVoEm3clxHRE8q6HWJn4AVhUise69/TUMy:8DXizjhJVoEm3clx6y2BFH25W
                                          MD5:BD60E98CC59C8BD60874F59A06E30F78
                                          SHA1:D0086209BA6B3D56964EA7295A8EA54BC5AA02D7
                                          SHA-256:F2DA9D418B2364C2E1A587B7A6E26FF5601C16AA7993070F2C955DDF2A1F860D
                                          SHA-512:377D0F87DDBB23D9CCAABE35085EF1E92FCE766B01E55774F4371EA281A03825D141A6F905C90C419B19D09529A8185827C9F4FC6EB176BBADE3DFB478AFB1A0
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec cp737 generated from 'VENDORS/MICSFT/PC/CP737.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp737',.. encode=Codec().enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp775.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35173
                                          Entropy (8bit):4.550355257462109
                                          Encrypted:false
                                          SSDEEP:192:8HLsuYDvRxp2YM0AQ7COJgJOlSwrE0PXRN/h4wcuSMy+PeD3xUpWS2449jBRWJnI:lRNALMSkjh4wVHeahcHWJn4AVztzXsj5
                                          MD5:CBEF285952C0476BF35BFCD7E7818919
                                          SHA1:1C61953A3AE6638EE415CA2A93710FF3D8E59D68
                                          SHA-256:00F2A5E71CA98ED656EC430A80FC2E971988A0A33EBDEA77661BDBE24FE2FBFF
                                          SHA-512:2F78E73843365DB7F164C2F3C7CD2AE5860D80A11BAF9212BA54C58F9B08C99035FEF6A200D836036AF2B4F1F286B0C2447953203B0EB1C87FD5F1DBE3D24396
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec cp775 generated from 'VENDORS/MICSFT/PC/CP775.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp775',.. encode=Codec().enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp850.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34803
                                          Entropy (8bit):4.521332806052938
                                          Encrypted:false
                                          SSDEEP:192:QHLsuYDvRVSUpAJZjJBfX6l6xSwrE0PXRN/h4wcuSM5kw9evMStmxspGf6w6F44j:hbAZSkjh4wV5j9eJTHWJn4AVgqur
                                          MD5:F5F11DA44C65B2A394A4137E36E35E82
                                          SHA1:BD17C2F9156D704AEAB144A4C1B5B8CA436A5D73
                                          SHA-256:DCBE5938D7FE65072D4A286A184046DB211544C30F0C3C370B9CD594CF3B36BD
                                          SHA-512:58AE94059D5ABDC1892FE28DA1646249A0A96817B790BA468B1AA11983A8292AB1FCD1357C9EF9771DE11685FC999791DB184CAF16E7E05D634680AF8A74D6BA
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP850.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp850',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp852.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35700
                                          Entropy (8bit):4.529290225811869
                                          Encrypted:false
                                          SSDEEP:192:SHLsuYDvRzgbY6oxCzhnfnh7gwrE0PXRN/h4wcuSMyLLUhmCIbp0w449jBRWJn4d:vgCkjh4wVy/xHWJn4AV9dQr
                                          MD5:BB2BA9443AE7BD887BA8EAC3E622366A
                                          SHA1:777E47CA86C4CF65DA68603DDACD6C78B89E0DC7
                                          SHA-256:8B6AD769607B3DB0D60E4BA1A6321A3823AD8460890D48C816220DCDF8CBEA98
                                          SHA-512:EBAEC3C9AB014DD4B9629DF511D5E98A9CC88F4035841756142AFC462AB00D07B92050F62C89CF7B2C4891E7D4165F3B3C78548062AACE86E4680C6E2FF3F996
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP852.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp852',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp855.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34548
                                          Entropy (8bit):4.55461632698867
                                          Encrypted:false
                                          SSDEEP:192:PHLsuYDvR+mIj30FeMwrE0PXRN/h4wcuSM2fi+ypK2449jBRWJn4bkVd8nOiB6HL:i+0rkjh4wV8iN3HWJn4AVd8n0r
                                          MD5:7C84762C6FD5251CD237754FEB1752D4
                                          SHA1:B4F083D0AC32E26B77DB2E99F53C079DB7B844A1
                                          SHA-256:F4F47A5CF3FE5A8CD269B68A73C1DC293A75CD3B9C0489CFA600919B47B35A4C
                                          SHA-512:D841B04E354ADD8C3D337A6952163CDC8D74FE8F561418A8DEA9C7C5986EE15179F9F5B2336880ABD279CE45AA46CB55020EDE9CDF0FE8B7EA093D1033B5F108
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP855.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp855',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp856.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12730
                                          Entropy (8bit):4.6600353742865055
                                          Encrypted:false
                                          SSDEEP:192:JgHhsuOTDvRPUrXPLouhIAs2+i+/4mwNLlYip2MUo8ONT:jT5uhIAlg02MH
                                          MD5:EE5A43420B08D06B0B2D72A49F00216D
                                          SHA1:5CAB8D55CB2910C092AF40C921E0B0959933C216
                                          SHA-256:F0C9DAC1B08D688B81B4F11CA603336FBD5C7FC4C1A30E8B7836283C2AD9A8E7
                                          SHA-512:97CC6127C21CF49679AD8AC1B47D22D674A07D83BDCD7FAB54B3C821F8DC531435F3B12EE63222C92E3A9D6895404BA857926BA2CA52CDB1BD3ED51B49009C65
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec cp856 generated from 'MAPPINGS/VENDORS/MISC/CP856.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp856',.. encode=Cod

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp857.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34602
                                          Entropy (8bit):4.528500526287676
                                          Encrypted:false
                                          SSDEEP:192:BHLsuYDvR8LmUdMAJZjy5xSwrE0PXRN/h4wcuSMMksbYevMScnepGW449jBRWJn+:4FAcSkjh4wVMuecebHWJn4AVk2Yr
                                          MD5:DD1F84F2921D49CF944DF4BCF6ECF7E8
                                          SHA1:7EEE7B6CAA8120C4D26E96FCCC21C4474BD2652A
                                          SHA-256:8AE4CB6989342105C513678480ECBDF2D5D8E534E69704964D0FB4D2A960039B
                                          SHA-512:92DB4E13E84876B51B2600F503C56857E96F06A1F23C327762372F97628C766B0E524568672FBF3BA07B26A4284C1AEB522BD433F3ABB9704CF9277157B95832
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP857.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp857',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp858.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34713
                                          Entropy (8bit):4.518245366498134
                                          Encrypted:false
                                          SSDEEP:192:CLsuYDvR9SUpAJZjJBIX6l6xSwrE0PXRN/h4wcuSM5kw9evMStmxNpGf6w6F4490:3jAYSkjh4wV5j9e2THWJn4AVgq/r
                                          MD5:F0B8B1B55A90C1EA058759AD18834A75
                                          SHA1:FD7AFDDE40956991241D6130F72A40D1C655B15B
                                          SHA-256:04A67B43EFA1E0CE2D80791C290BC2C8EA01C3991EB3DF37528B1DD575B12330
                                          SHA-512:72F7905616B3B3F9D961E4A605B15A8B9D427E13A82B1BA9AC1F2380E961DE6848A9C5068A57DE6CF62E0CEC5D9E6C2D7310F906D0EC16CAC345E48AA1ABF352
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec for CP858, modified from cp850....."""....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp858',.. encode=Codec().encode,.. decode=Codec().decode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp860.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35379
                                          Entropy (8bit):4.587856666654445
                                          Encrypted:false
                                          SSDEEP:192:/HLsuYDvRGYj/bXdiaYzIUqwrE0PXRN/h4wcuSMBmkwNvuD8HtIMpWZEt449jBRq:SfnZkjh4wVMjNjxAEJHWJn4AVWIcOMy
                                          MD5:1F0B22586EC65A59C966A709024E35E4
                                          SHA1:143BCD55359AD3B9506D6583D04A8C1BF32366BD
                                          SHA-256:E2B8B4B2658ECC3DC53D4B0760AEA95517BE298FAFBFA69574B08933747922BE
                                          SHA-512:7859FBC58DD5B68614F3F83DA28AA600E86A6F2DB7E011870B212E4D721478A8028D893AB666212DA1B1D38D41BB9E03B985C555154E33A20D71D2449DE7FDF2
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP860.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp860',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp861.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35331
                                          Entropy (8bit):4.588014438980019
                                          Encrypted:false
                                          SSDEEP:384:FfLnZkjh4wVlPVjxAEJHWJn4AVPScqPMy:JqjhJVbxAEJ2BFDS
                                          MD5:83CFB87E2BB8A42739A03DA1D979AF6A
                                          SHA1:97C16F469B56F437F521C482C613D4AEC6EF3206
                                          SHA-256:D7FE52A55FDCAC4E6E9ECDC4884C793D1FEB345D0276B074214DB1BF4BCF3033
                                          SHA-512:589B6933A5E45176210EA18997B056F41A6B03D765668B7328577D5CF8EEC9CF55B6247E225835D4666EB2AA0714ED927902929B75E27711437612BF9463D89E
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP861.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp861',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp862.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34068
                                          Entropy (8bit):4.605627535144471
                                          Encrypted:false
                                          SSDEEP:384:oPFL+DZkjh4wVOjIVjx79EJHWJn4AVE6AsqPMy:8UDqjhJVkKx79EJ2BFX7S
                                          MD5:D22ABCA28D2425D802F53021178224A1
                                          SHA1:D26E991DA020C07E58C03506347803A88230A6BB
                                          SHA-256:6D99C0415136CE45AB438C8238772A1A132E7B38212C623467C2170F1A8AAE75
                                          SHA-512:66E7C898ED749CF2706EA877FB099F50477EC5EA3C0FB4F2FA189F4E849D37AD01E7899BFC04A3D60D6CD5A1D42CFF69E71D0A39BE5F51C919543D22C2D82C6A
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP862.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp862',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp863.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34950
                                          Entropy (8bit):4.597040843450106
                                          Encrypted:false
                                          SSDEEP:384:DQ6LHZkjh4wV5VvxAEJHWJn4AV7qmqPMy:VqjhJVjxAEJ2BFtS
                                          MD5:13279C9ED7C1F7AF8722F9EB3A1B595B
                                          SHA1:BCF042EA7D75E802EE940B3C979626DCD0FAAD33
                                          SHA-256:32FC23645A773EBB3247B3692D0525EA43513B358DD0350EF3A171864E326335
                                          SHA-512:95CDDCB21D1E738A6850BEA50F6ABD8BBC537F916AC1B3BC16449710EECCDD6B9A54A584A6E40F89E3068B601F43EB297214B1585C9F658B7901BE8F1CBB5162
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP863.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp863',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp864.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):34353
                                          Entropy (8bit):4.587380932355719
                                          Encrypted:false
                                          SSDEEP:192:THLsuYDvRKLaH2bdfn8yrE0PXRQ/h4wcuSMurHUF3zZUB+yEsqj44HjBRWJn4bkg:On2quKh4wVU2HWJn4AVXwn
                                          MD5:30CBEC79DA2D6565A1C62EF240272223
                                          SHA1:00C4D427BBE2ADEC7FD3EB73C4F025523D352EA6
                                          SHA-256:E8879DB3682B0F234BFCF97FE74A3A7DB63CFD5F40281F580E911932DEC4A4D3
                                          SHA-512:69191F9A4D7089C74A5CA459D0A325BD21347AAC6CAA7F2D4DBE7835A73CD31CCD23C395B11ED91AB55C1592456C7D39A6F3D2CBF1CD2338A27B921A41435864
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP864.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp864',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp865.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35316
                                          Entropy (8bit):4.589958887283082
                                          Encrypted:false
                                          SSDEEP:384:RQVLCZkjh4wVXjIVSxAEJHWJn4AVUVcqPMy:PqjhJVz5xAEJ2BFfS
                                          MD5:FE9E2A87FF8164A9602AF05FE30F64FC
                                          SHA1:3BEC0843F48826EC25A9D660B9A578148085D82F
                                          SHA-256:0722BBF3A0F93700E99B3816E9E52C75674E14319146F9AC3FD1E17F87E66CB0
                                          SHA-512:B1C5797EC453694C0E285084F25B7825C13C59B2754DE58319745923784BB5105485883C6E8BDDFEAC3267EE8E9CDD34A76155282C2AD774CEF58FBC6AC476FC
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP865.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp865',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp866.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35094
                                          Entropy (8bit):4.600424943983017
                                          Encrypted:false
                                          SSDEEP:192:lHLsuYDvRI0CnFdiaYzFFwrE0PXRN/h4wcuSMXY3uD8HtIMpW5449jBRWJn4bkV1:EVMYkjh4wVXYrxcHWJn4AVo0kQMy
                                          MD5:BE6B4AAAD297AE734F59800072CCAA30
                                          SHA1:6FE723B5DA8606EC26DC4523AA6F6EEEDACD16E0
                                          SHA-256:E3A033B3B790018A0A02E9F67A03530753C7FB5F94B6ABA84F5173D29FB389AE
                                          SHA-512:5E4B443A4778EAF7ECFA41E88CC259A6ABB2CCA0F578F7F72800C201D280C3AC033528EBF1043862DD64896DDEA444190FFF29C6EC7AEB6DE00B5E6C7EBAA86C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP866.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp866',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp869.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):33654
                                          Entropy (8bit):4.583176642392538
                                          Encrypted:false
                                          SSDEEP:384:9XtKOodhREjkjh4wV+TRLMCXkWDoq4HWJn4AV+/S0sOkYmPr:UhR1jhJVBukWDo72BFEEN
                                          MD5:FC295CB9BF854E29A7EAB588DF20A662
                                          SHA1:F9D95ED00BBCB7CB89661A0BB93880BF08A70802
                                          SHA-256:4322E184D3C1DFA56EDB013E895CBFB71130E7846F8F56BCAFC4C0082373CB6A
                                          SHA-512:0167CC25A48AB6B09F08233CD51C8C622AF7014642BE6E9A72F37EA8C459F67CAE04DFED076E8148C512747CD775457442528F1963CE3F677FE3B5F45AD71C1B
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/MICSFT/PC/CP869.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp869',.. encode=Codec().encode,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp874.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12902
                                          Entropy (8bit):4.624503078499216
                                          Encrypted:false
                                          SSDEEP:192:KHhsuOTDvRHUrXPLouhIAs2+iRvskDCYnO00pC8i1bE:nThuhIAlX/H8iG
                                          MD5:5E2C1051F63CEB3600F970937C5FC6E4
                                          SHA1:062664CD22F5DC7A52E99EDCC9C5D356C2B6F841
                                          SHA-256:94179E22722674527BD56386B5E9DAC5427B0F55248D1AA63E204C105DA18D8B
                                          SHA-512:B6643A970DDF837CA060CB511C4AFA2E4224657450455BDAEF1980ED122791991FD13BAEFD56DE10A63FC1248EAB26478EE0B0B82B0E884FCEDD71D85DCB84F3
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec cp874 generated from 'MAPPINGS/VENDORS/MICSFT/WINDOWS/CP874.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp874',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp875.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13161
                                          Entropy (8bit):4.598690745287678
                                          Encrypted:false
                                          SSDEEP:192:LHhsuOTDvRUUZkPS3RI4WcMHFVleIuiZdH77eDVqeOFf2nuS:eT5RIzc+gi72DcdFOnb
                                          MD5:3DAB3DF72E688978781C91CEA3285C4A
                                          SHA1:65664E8974B621B2C461774187C483ABFA0E735F
                                          SHA-256:5C42ADFEC39CF9D891FBB2ED19D882C6160A00B8487B7867F9E2296B9E2F491B
                                          SHA-512:7F940428049BCB0A95FC67FC178749B61ABF522646A68505B5B420718E5BD8ABBF6973B48CBF17DDA48179ABBA4D31F1E2169DBD5EFA33C044414A7A02673899
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec cp875 generated from 'MAPPINGS/VENDORS/MICSFT/EBCDIC/CP875.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='cp875',.. e

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp932.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1062
                                          Entropy (8bit):4.549007604127859
                                          Encrypted:false
                                          SSDEEP:24:n5oqwOzff/XohaZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj93cJxFpz:Oqpwhat62VJjRU8njOxLnrxLbrLKmJx/
                                          MD5:70E562A99A8F07255F47C5F3C05518A5
                                          SHA1:F1F0A00A3238B19786D88B83F9FA57D043E2D0A9
                                          SHA-256:F917DB40F96F9F676E45FD9F1A7FA5D9BBB67A703BDF88B546CA4DA84C4905F5
                                          SHA-512:48C7BF7FDA257EC6ECC4421BFEF66E026C285DABB358ED41DDB6A9FFC6D73F61DA35F25A5622FC8D9D4D086D4BFA37E67A40810D39A6FA5F538F61427304298A
                                          Malicious:false
                                          Preview:#..# cp932.py: Python Unicode Codec for CP932..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('cp932')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='cp932',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp949.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1062
                                          Entropy (8bit):4.532318933180232
                                          Encrypted:false
                                          SSDEEP:24:no53qzqOzSf/XoxKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9+6cJxFV:otqzHzl62VJjRU8njOxLnrxLbrLK03Jd
                                          MD5:D85D0503255F9363D30F7B7AAD7355D4
                                          SHA1:DE0F8989F4BBE4CC9A91241DEED093BF259E2DC1
                                          SHA-256:DA13FD6F1BD7A1D3B48AED1FC75F7516D6A33814086CF971E030625590E9DDA0
                                          SHA-512:ED408E5A0B1042E0F1F94CF57171381F4B2A0491B9319BF2E0E02DB8B63BF342D7C4091B97DA8F9802B6EA0AE94EFFBE797F17E92F25E5F436BD88E11E4735B7
                                          Malicious:false
                                          Preview:#..# cp949.py: Python Unicode Codec for CP949..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_kr, codecs..import _multibytecodec as mbc....codec = _codecs_kr.getcodec('cp949')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='cp949',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\cp950.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1062
                                          Entropy (8bit):4.541713907609811
                                          Encrypted:false
                                          SSDEEP:24:nqqqhOz6f/XoHKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ncJxFplR:qqVLj62VJjRU8njOxLnrxLbrLKWJxTz
                                          MD5:15D67984C7486D079058D4DBA07DDBBE
                                          SHA1:51AE51CD6ED99E4B594A5EFF1621308AA89DE532
                                          SHA-256:8FD6E86DFB38006E753B3B0301AA4B377C64C25F4EC9E6333FC99C3F06E90917
                                          SHA-512:46F3A96CE463669D8AD256C53C84EE201FB3D1EC0BEEEE55E622E75E93D1C9AA272BC0A414F3E65123C9BB1972BEEC9A8F43B2B9ACF849A2361DB188EE3F7836
                                          Malicious:false
                                          Preview:#..# cp950.py: Python Unicode Codec for CP950..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_tw, codecs..import _multibytecodec as mbc....codec = _codecs_tw.getcodec('cp950')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='cp950',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\euc_jis_2004.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1090
                                          Entropy (8bit):4.603655042489424
                                          Encrypted:false
                                          SSDEEP:24:nsqVsOzff/XoL2KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9TcJxFplR:sqHwU62VJjRU8njOxLnrxLbrLKKJxTz
                                          MD5:F1FAE768C9FF8329D237608533530CED
                                          SHA1:3167902E4F9294DB74131FA2CE505E2F62B9C9B4
                                          SHA-256:78265BA431395662E7252A9B79BC2A75FFE438DB872B2CF1CBCFB243D83F0C87
                                          SHA-512:F726B7652435D174D1D84578A9278DD6B751B62CE231247CE4299860A5A4B2E1DB1D243B370625633D526278D30F2D05BBEBA9FC9E8312A103C455C65E802D68
                                          Malicious:false
                                          Preview:#..# euc_jis_2004.py: Python Unicode Codec for EUC_JIS_2004..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('euc_jis_2004')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_jis_2004',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incrementa

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\euc_jisx0213.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1090
                                          Entropy (8bit):4.624592201957947
                                          Encrypted:false
                                          SSDEEP:24:nrqLOzff/XoL1KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9IcJxFplR:rqAwl62VJjRU8njOxLnrxLbrLKLJxTz
                                          MD5:45A11BD69244CE2DCC3FF49206AD041B
                                          SHA1:C0FF2F0406F4158D26DA4FC850584D14764FCA55
                                          SHA-256:12CA22A7DB25D9EEEF9BF5FACDC5594E3165CCF451528D36E3B68A03989521AC
                                          SHA-512:06AFD42F84A6E83A55645C82A638A7AF6C545401570EB3871913060FCBCC8D348583F589E3133745A6584998493C35DE25F66336E7D4F48EAC1BFDD6C35D08D6
                                          Malicious:false
                                          Preview:#..# euc_jisx0213.py: Python Unicode Codec for EUC_JISX0213..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('euc_jisx0213')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_jisx0213',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incrementa

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\euc_jp.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1066
                                          Entropy (8bit):4.531522047071056
                                          Encrypted:false
                                          SSDEEP:24:n9qNOzff/XoLjKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9KcJxFplR:9q2wL62VJjRU8njOxLnrxLbrLKlJxTz
                                          MD5:0F2187EA4FC89DA2F54522EF29F58A7F
                                          SHA1:9DE39800CBBD630D7D4A1504C1A07F334EF3FAC5
                                          SHA-256:8927683A4234B936BE1935B8A799BE78520438BB5EA072499D51E7FE3D182987
                                          SHA-512:61BDFF78DE0A5E781C47F692620F7ACCD78AA006F530D478502A0905D51312B499E119F2EAA5524F2CEEF3CC4950F2865A1EFCFFF23BB4B9702579E0F3AEC97C
                                          Malicious:false
                                          Preview:#..# euc_jp.py: Python Unicode Codec for EUC_JP..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('euc_jp')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_jp',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. strea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\euc_kr.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1066
                                          Entropy (8bit):4.509188463695804
                                          Encrypted:false
                                          SSDEEP:24:nSBqnChOzSf/Xoap0KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9DJFc3:EqnXzao62VJjRU8njOxLnrxLbrLK9J+3
                                          MD5:B6EF8BD54861FA5D1E0AFF68F50F2913
                                          SHA1:3CB1AC8785AF724B359BEFBFC3758D918067B77A
                                          SHA-256:03AFE0CF8020529EAD00A0EA26A7131D354994CD2352D42F9032216B3748EA91
                                          SHA-512:B8147C8F711BC1ACE96FB2769F79A54728F7A744FCCD3AA4BE1257E8F09507DEDE44CF9F5C1F089BB88F11A88D372874EB343BB48AFE639A6C7E8D27204BFA05
                                          Malicious:false
                                          Preview:#..# euc_kr.py: Python Unicode Codec for EUC_KR..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_kr, codecs..import _multibytecodec as mbc....codec = _codecs_kr.getcodec('euc_kr')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='euc_kr',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. strea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\gb18030.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1070
                                          Entropy (8bit):4.573121414528306
                                          Encrypted:false
                                          SSDEEP:24:nBMqgOz+f/Xo1GoKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9zcJxFpz:Wq5P1l62VJjRU8njOxLnrxLbrLKSJxTz
                                          MD5:40B18EE51A3241C53EF5CBC6C019997D
                                          SHA1:C4F48863B74CB56844A2CC68AF9629D9407B7CF7
                                          SHA-256:0D9C1DB7E2959E60E4F6CB4B97C884585668C55B48F2D9D715B2BDAF5E78C671
                                          SHA-512:12952CBED997D8E4F3608F2DA4BA0FAC468D7D48E7685556E3669AF18FC6C238688713894E4490AACDC05C253242ADE9C88E522DC45EB9D5827E29548108D5AE
                                          Malicious:false
                                          Preview:#..# gb18030.py: Python Unicode Codec for GB18030..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('gb18030')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='gb18030',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. s

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\gb2312.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1066
                                          Entropy (8bit):4.554621344303813
                                          Encrypted:false
                                          SSDEEP:24:nB6q6Oz+f/Xo11ZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9jcJxFpz:oq3P11t62VJjRU8njOxLnrxLbrLK+Jx/
                                          MD5:72F02C10927F33B52DF6549FF1F52E60
                                          SHA1:6C666F6A4C36D0C3CBD944216E170E26D7B5D91A
                                          SHA-256:2B5573EBF7FDC20DCF126633ADF0B7283C08629D36DBEFA669C985C9DDB98EA7
                                          SHA-512:F7F0D5C10490026F0809714BEED7CB2F5AB284C7BDC05BCBDF7C690A255DBA59F815B5524D88F5ED35CD6FD668C93695126EF7153CCBFA5B58BAA5E151839C51
                                          Malicious:false
                                          Preview:#..# gb2312.py: Python Unicode Codec for GB2312..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('gb2312')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='gb2312',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. strea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\gbk.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1054
                                          Entropy (8bit):4.504465163109839
                                          Encrypted:false
                                          SSDEEP:24:nBOEpqNOz+f/Xo1SKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9scJxFV:4Epq2P1k62VJjRU8njOxLnrxLbrLKPJd
                                          MD5:0D6CF4D6FFFB4B761BEBCEBC1D2C3CF3
                                          SHA1:64C7CD7A46E8CAE1CB9F0700035CA6BD2EC73C76
                                          SHA-256:9C7828E3B9661E39D4D75419A12B9D132FA9D0B4DAEC36F3DF51AD1C3A638DE3
                                          SHA-512:0F4F577C2FB46AB6B6D8DD6CFB5F89C8748F67E864D9AB6E3D92904BB0AE9EDB6239CABDF8A8F9B11238EEB60870EB819499B4A942E2D3B5CB7032F444246FCF
                                          Malicious:false
                                          Preview:#..# gbk.py: Python Unicode Codec for GBK..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('gbk')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='gbk',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=Stre

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\hex_codec.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1563
                                          Entropy (8bit):4.660866418659877
                                          Encrypted:false
                                          SSDEEP:48:Xtc/QX1AIgs1AIc1wX1euM8ivIvPTKs3ntJxHjH:XS/QX/gs/cmX8uAA3TKsdrH
                                          MD5:1E55C95602534092B4DB3ED99CB9E67C
                                          SHA1:D1DBA179C7F3B0FF22D4F1713275D0C48637BB48
                                          SHA-256:5881C1AEEEB5F9CD27CE0E0E62AB9D6551F094955DBD52DC8184165DAF78AEBA
                                          SHA-512:84DACC6B4CBFBB99D7D6F0124EF1E7B26035C7249730EB1C185B60A750DE2548CA60E8A939DF8445D5DDDF1F8D397708A264D9FD7771C674C7DA889C306C9D93
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:"""Python 'hex_codec' Codec - 2-digit hex content transfer encoding.....This codec de/encodes from bytes to bytes.....Written by Marc-Andre Lemburg (mal@lemburg.com)..."""....import codecs..import binascii....### Codec APIs....def hex_encode(input, errors='strict'):.. assert errors == 'strict'.. return (binascii.b2a_hex(input), len(input))....def hex_decode(input, errors='strict'):.. assert errors == 'strict'.. return (binascii.a2b_hex(input), len(input))....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return hex_encode(input, errors).. def decode(self, input, errors='strict'):.. return hex_decode(input, errors)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. assert self.errors == 'strict'.. return binascii.b2a_hex(input)....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. assert self.errors == 'strict'..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\hp_roman8.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13789
                                          Entropy (8bit):4.607934099089844
                                          Encrypted:false
                                          SSDEEP:192:zbhsuOTDvRFUrXPLouhIAs2+ijLoM69Ne/DD6e:STjuhIAlgM6G6e
                                          MD5:1332CCB5750EB756B2856CCAD9E18CC1
                                          SHA1:ACDBF93730FB0420EA5B77AFE7E3282669829EF4
                                          SHA-256:681FF6A2273BD64450E04FC6F04B2EC63015A91490E30A31E25ED193708C99D4
                                          SHA-512:6F43760A54CB494E48B8C9A659505727246AEAF539AD4A35AFE6F4F5D0E4A84C2F5F0ED5055794DE2D575E78D5A5D1497EB795F35D8F5533DF955587EBC38FD4
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec generated from 'hp_roman8.txt' with gencodec.py..... Based on data from ftp://dkuug.dk/i18n/charmaps/HP-ROMAN8 (Keld Simonsen).... Original source: LaserJet IIP Printer User's Manual HP part no.. 33471-90901, Hewlet-Packard, June 1989..... (Used with permission)...."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.Strea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\hz.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1050
                                          Entropy (8bit):4.49858978606931
                                          Encrypted:false
                                          SSDEEP:24:nvpqxOz+f/Xo1cZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ecJxFpz:vpqyP1ct62VJjRU8njOxLnrxLbrLK5Jd
                                          MD5:78235EEDFAE419F3CC13044D7890799B
                                          SHA1:5BF1944AC39D99B3777CCD61DB7FAE3FF0D3E936
                                          SHA-256:2601DC6EF938FF87BD2024B3C4785254F2B3DD4D8D34D8F63E254D7B8545B077
                                          SHA-512:F5B7383FC8CBBAA13E8D101DD264D0F7952CD3A681F6746B5D941381A7CD39BE808D3E15375CF3778AC80D026658D494FA410CE1904683BD873D91C55DA9CA41
                                          Malicious:false
                                          Preview:#..# hz.py: Python Unicode Codec for HZ..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_cn, codecs..import _multibytecodec as mbc....codec = _codecs_cn.getcodec('hz')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='hz',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamRe

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\idna.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):10027
                                          Entropy (8bit):4.492934350217829
                                          Encrypted:false
                                          SSDEEP:192:g2wxhP5XBp7Z/J/8V2zbxofjEY7pKrlIRYUnIzSGAy4DYvRv3:gPvPjp7q2zbIbwDcGx
                                          MD5:04477AE720F73BBAC7793082CC0DFC9C
                                          SHA1:D29599BAC27431F1BC3CF2A45FD43FB7204C2599
                                          SHA-256:0C2181970F9ED35031700453022EE123069DC207200BB2F74C340CC1B71BA0DE
                                          SHA-512:BAC1387BC56D8AE123A2C5409884483A004EDDAF6C752651E53CEA54BDD34A605CBB9754F05207CB59EFD120E60E5483FD3ED6CEC0A181200DA26992B15503AD
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:# This module implements the RFCs 3490 (IDNA) and 3491 (Nameprep)....import stringprep, re, codecs..from unicodedata import ucd_3_2_0 as unicodedata....# IDNA section 3.1..dots = re.compile("[\u002E\u3002\uFF0E\uFF61]")....# IDNA section 5..ace_prefix = b"xn--"..sace_prefix = "xn--"....# This assumes query strings, so AllowUnassigned is true..def nameprep(label):.. # Map.. newlabel = [].. for c in label:.. if stringprep.in_table_b1(c):.. # Map to nothing.. continue.. newlabel.append(stringprep.map_table_b2(c)).. label = "".join(newlabel).... # Normalize.. label = unicodedata.normalize("NFKC", label).... # Prohibit.. for c in label:.. if stringprep.in_table_c12(c) or \.. stringprep.in_table_c22(c) or \.. stringprep.in_table_c3(c) or \.. stringprep.in_table_c4(c) or \.. stringprep.in_table_c5(c) or \.. stringprep.in_table_c6(c) or \.. stringprep.in_table_c7(c) or

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso2022_jp.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1092
                                          Entropy (8bit):4.599723694318225
                                          Encrypted:false
                                          SSDEEP:24:n9qdOz0f/XojmKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ecJxFplR:9qmFU62VJjRU8njOxLnrxLbrLKZJxTz
                                          MD5:0607F8E6310A0B601897FF8EC76FF2C4
                                          SHA1:3839A936E2792722D3F157F11965BF510241C0FA
                                          SHA-256:7169767DD6732A80A0B665315588EF9CFF2DF4D495A86BC0BDD22B5C9F0644B9
                                          SHA-512:C763E0D3AFA5DBB7FA96D03A52F0F5828A61E8FF24523BF62A852C989DD3BFBBFC3DA4535B5401A78E47FE16F3EA33364BA63655D91A6A12516315E231F23B15
                                          Malicious:false
                                          Preview:#..# iso2022_jp.py: Python Unicode Codec for ISO2022_JP..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incremen

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso2022_jp_1.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1100
                                          Entropy (8bit):4.625134249310359
                                          Encrypted:false
                                          SSDEEP:24:nhq1Oz0f/XojglKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9CcJxFplR:hquF8J62VJjRU8njOxLnrxLbrLK5JxTz
                                          MD5:4D2B0675DE1A9AFB3553B5D5E894020C
                                          SHA1:A9B6F704D09F7A0B5182BE7C3581D321BA4DDA76
                                          SHA-256:627D3BDB5D3BC70DD00E51199B689D1C225EFE747A2DB8D5938E6AF78263F572
                                          SHA-512:AC8E08AA4A2235BF20C563EC1A466B666A39F09CCD4AE681CD34DCF51754E3B8C860D557354691D170ABCDE43029B3B45E5597AADDED398577F9A90C74FADC57
                                          Malicious:false
                                          Preview:#..# iso2022_jp_1.py: Python Unicode Codec for ISO2022_JP_1..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_1')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_1',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso2022_jp_2.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1100
                                          Entropy (8bit):4.611453480597579
                                          Encrypted:false
                                          SSDEEP:24:nnSqgOz0f/Xoj7ZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9VcJxFpz:nSq5F3t62VJjRU8njOxLnrxLbrLK0Jx/
                                          MD5:A4798D8B5DEE38BCCF3CBEAD235F392E
                                          SHA1:8971456D5A2C4A3255592399EE1141E119880774
                                          SHA-256:DC680A0E34DCE73756F0E3B5CBB23DD819022BE7E10F80E55289A5EAB9ED7C2E
                                          SHA-512:E329124E3ADA51C303556CA0C6B5B4644ED76E6F43C943BFE72F318928EF1DAA6121FE545480F4092F92B05CD25315D3E5B7ADB09E63985E9D8879BA3A751C2B
                                          Malicious:false
                                          Preview:#..# iso2022_jp_2.py: Python Unicode Codec for ISO2022_JP_2..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_2')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_2',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso2022_jp_2004.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1112
                                          Entropy (8bit):4.645190214359865
                                          Encrypted:false
                                          SSDEEP:24:n8q1sOz0f/XojvKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9FcJxFplR:8qnF/62VJjRU8njOxLnrxLbrLKoJxTz
                                          MD5:E1738D28D315C80A04908CDB21CBE7BD
                                          SHA1:D79BC1E83E0A2103909A7AB97DB3A456D21C0711
                                          SHA-256:C8CB592DF0CF38A6B7E8265C02D7784FB32052EF9AD94D0FF369889EDA540273
                                          SHA-512:BFDF5D44B36916C3B828EA1C599E644CB9D3ADBC0D2D4922F016F9DDD7EB424F8A937C19FA3EFBA0E9F4AC14ADFF3C0BA6B924130ED2D050C3A9BDDC2F4165C2
                                          Malicious:false
                                          Preview:#..# iso2022_jp_2004.py: Python Unicode Codec for ISO2022_JP_2004..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_2004')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_2004',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. increme

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso2022_jp_3.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1100
                                          Entropy (8bit):4.625134249310359
                                          Encrypted:false
                                          SSDEEP:24:nrq3Oz0f/XojUKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9IcJxFplR:rqkFa62VJjRU8njOxLnrxLbrLKnJxTz
                                          MD5:3E98055A4B7D99A49798F3012C4D9DDB
                                          SHA1:8579E49AA8080610BF40A51DC18B6DF5EEE56A2E
                                          SHA-256:2A2AE4368D962C2E7B5DB2F29EE89EFD5A7FDB881DEF523C21670E0D1A1C50CE
                                          SHA-512:DBA054816FC0022810D545D089BC62997BFE04143B579E59EF1DAD2D25DCAFC879BF00CADEA2DDF3CE850728E00911984590EA8C8C8D6EA1AF30F71AA97CEA76
                                          Malicious:false
                                          Preview:#..# iso2022_jp_3.py: Python Unicode Codec for ISO2022_JP_3..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_3')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_3',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso2022_jp_ext.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1108
                                          Entropy (8bit):4.633181613509048
                                          Encrypted:false
                                          SSDEEP:24:npqNOz0f/XojaKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ycJxFplR:pq2Fg62VJjRU8njOxLnrxLbrLK5JxTz
                                          MD5:34E904E0F16F84EC0A001DFFCDE7514C
                                          SHA1:19BCD8776FB3239A003F4B5F04B7056B81D0A6C6
                                          SHA-256:5B4439C7DBE65638166A70C5404CABB72552019D1F497193C6689B86BD3C4C94
                                          SHA-512:F9DC1EA03840BD9763BC2B1521D2557FD0111682D1FF805FCCDA123508C3F23768F819FA26B2E097447595F70ABCB2737C9B153B848D2687DB3E2E9E645801EC
                                          Malicious:false
                                          Preview:#..# iso2022_jp_ext.py: Python Unicode Codec for ISO2022_JP_EXT..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_jp_ext')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_jp_ext',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incremental

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso2022_kr.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1092
                                          Entropy (8bit):4.584383388529371
                                          Encrypted:false
                                          SSDEEP:24:nJIBqqOz0f/XojfKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ncJxFpz:EqHFn62VJjRU8njOxLnrxLbrLKGJxTz
                                          MD5:F907851FF35FB61EB485B2C163A2BCCB
                                          SHA1:CA280AC9C832208B01242601F7F3A78803A1CDF9
                                          SHA-256:FD9EFD7094361F6557D00857E332D7229E922597336A0714FB0FA2402C954029
                                          SHA-512:4992572D79613856F84F7332C1D7C588B2BA4256613FCAB21BEF6C74BF8D50F2D96CAA2ABFF2C92D040DDFE45A328B7495BCB29CD51580577D5F5A5527CC469D
                                          Malicious:false
                                          Preview:#..# iso2022_kr.py: Python Unicode Codec for ISO2022_KR..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_iso2022, codecs..import _multibytecodec as mbc....codec = _codecs_iso2022.getcodec('iso2022_kr')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='iso2022_kr',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=Incremen

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_1.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13483
                                          Entropy (8bit):4.571059193460173
                                          Encrypted:false
                                          SSDEEP:192:qHhsuOTDvRAUrXPLouhIAs2+ijLMZt6CJTd12:HTauhIAlEZt680
                                          MD5:0466703A1EB5752CDD5115B2D738D822
                                          SHA1:03354F0D1406A99B9934276675759C6002D4A901
                                          SHA-256:CCFDBA207B483DCD38673D85B6E2A773A5BF64E8AE9DB7E90A01F8014E62B24A
                                          SHA-512:3D7B957FF194B69AC9DE7FE59BD03DB29EBD076456FC93FD3E6AFB6B09EACB8C5D327A6E17719C02AE5F71E8428BB55FAB633955861699BC4FF90C3F80D0A783
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_1 generated from 'MAPPINGS/ISO8859/8859-1.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-1',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_10.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13896
                                          Entropy (8bit):4.591898710758108
                                          Encrypted:false
                                          SSDEEP:192:OHhsuOTDvR4UrXPLouhIAs2+ijLWDf6z6iC:bTmuhIAleu+
                                          MD5:28ADCF051DD15E45A38CE929864BBD83
                                          SHA1:A09E4C13D00393CE6C2F3CF9665455D74BBF8A0A
                                          SHA-256:76216C65399DE88B6D40E0BE3209ED7B14D6DD87AFB9C0A984ADDDD0CF6B559F
                                          SHA-512:13A368308279E76F2D6C3AEF73B66AD4EF4A5A88098FF1A85B403C3C006B3925E25BBB72A6BAC1585CF90D60CF26ADE576CCE484A65E1AE0EC52467370D0507C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_10 generated from 'MAPPINGS/ISO8859/8859-10.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-10',.. enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_11.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12642
                                          Entropy (8bit):4.621611083140247
                                          Encrypted:false
                                          SSDEEP:192:gHhsuOTDvRrUrXPLouhIAs2+ijLA00pC8i5I:dTpuhIAlBH8iG
                                          MD5:8BE69EAC235E74EFCA68174DB8EA6352
                                          SHA1:28447A4EC5A2111A8B370DECD143F45935EBC454
                                          SHA-256:5E346F5769E0C3EEB6B5547B954481A821481A970AA8FEC33BFFBF07B880689A
                                          SHA-512:2E4CB687855A577BDBA8665767BFDD29E95D0952C10C0DA9C2547659629C6DBCD7A95E9C821A1CED7CA4BE5600A95BAEA1D5383AFC9A491E3861A344F1FFAEFB
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_11 generated from 'MAPPINGS/ISO8859/8859-11.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-11',.. enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_13.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13578
                                          Entropy (8bit):4.614312894970411
                                          Encrypted:false
                                          SSDEEP:192:oHhsuOTDvRNUrXPLouhIAs2+ijLdyGeyd:1TXuhIAlQGeG
                                          MD5:89E3297E11801E02B40A23B6180DCD25
                                          SHA1:EB58BC97EEE69D9DB6670CD439C684057B7A3937
                                          SHA-256:BEE45734B991C04E76C2ABA2BA8C7208F6BA743324D815DE95965945643D8084
                                          SHA-512:F8AF2186EC0C3CE5B391999280086ADFD3882425269ECFBCA4D70A33907CE42A1F8F6949D9BE2937FB92300A8235667611DECD358C7E0F8273858B72ADF56CB3
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_13 generated from 'MAPPINGS/ISO8859/8859-13.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-13',.. enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_14.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13959
                                          Entropy (8bit):4.584053979506915
                                          Encrypted:false
                                          SSDEEP:192:mHhsuOTDvR0UrXPLouhIAs2+ijLXwwTdW:DTKuhIAlvwkW
                                          MD5:445A9BD974736A30077C9BF14106E805
                                          SHA1:85E673B1E179E5886765F6051ED2F9235063F2F8
                                          SHA-256:C498772FADF244077B650E468E7922AE1C0DB74ED6984A2A81BC0E088631F0F9
                                          SHA-512:0D8D322C1DCCB5F2169F402CB82875A10D725F65DFBDE6E70515839CFC8451DD58DD5F938AED1DE25A2C1E74ACEADC7E07889F81C98808ECDE2F6F24D5C73D89
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_14 generated from 'MAPPINGS/ISO8859/8859-14.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-14',.. enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_15.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13519
                                          Entropy (8bit):4.566581461339518
                                          Encrypted:false
                                          SSDEEP:192:QHhsuOTDvRnUrXPLouhIAs2+ijLhFsVN6ATdo56G:NTNuhIAl5Fsto
                                          MD5:0D2C4FB1B7CCD0D085108F651A041593
                                          SHA1:947AF7C07B789EB743031C3C108BB2FDB882F673
                                          SHA-256:D703D64AE2D23602E38C2F387EEFFD5D4E5792209BC3CE64928FEE2F99DCD906
                                          SHA-512:3B24DE05424FBEFC09C8B3743DEA37C4AFEDE5C68A96D0721622D28A6AD42B47D2BB28011F39E6B89AD14B893DB545572537EC741090B880414C26CDF8845EDA
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_15 generated from 'MAPPINGS/ISO8859/8859-15.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-15',.. enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_16.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13864
                                          Entropy (8bit):4.596808715275571
                                          Encrypted:false
                                          SSDEEP:192:fiHhsuOTDvRf+UrXPLouhIAs2+ijLOSVCXKm:fvT4uhIAlznm
                                          MD5:6ED16EE5F05DE02F25349CEBA19AFF51
                                          SHA1:B036FA26C737669AB311D450BE274CE57845EB9C
                                          SHA-256:F49FFF248546D510F7ECB5FC2C25C9B68925A2F483B938035CD7A54957A560A2
                                          SHA-512:18FFEC059B44077627A86139D2861509E28DC8564FC9B5F822C79E21E8A43043780469221B66743D5BFEF84552C3F787E25B721B87B2422A0AFCBCEC84953AE8
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_16 generated from 'MAPPINGS/ISO8859/8859-16.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-16',.. enc

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_2.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13711
                                          Entropy (8bit):4.594295226318269
                                          Encrypted:false
                                          SSDEEP:192:eHhsuOTDvR1UrXPLouhIAs2+ijLRG3RKjV:rTLuhIAlw4V
                                          MD5:62DC1A7320D0B8FB3FB535E0F2055446
                                          SHA1:02D0C9E5D224A0C6036C27C842EC54E3962681C3
                                          SHA-256:D9102AE464030E5A0F4D1712435AC3BDB2FA98ECAA689B5965442EF92B13DFEC
                                          SHA-512:29D58449D2B6216C9BB40E151E0133FC370D104C07C6960581B914495C8940B2B7C7B85E70514EB0D37313854A8EC2BDC3163406881B4521262CEBF26A385EAE
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_2 generated from 'MAPPINGS/ISO8859/8859-2.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-2',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_3.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13396
                                          Entropy (8bit):4.597193229637006
                                          Encrypted:false
                                          SSDEEP:192:uHhsuOTDvRCUrXPLouhIAs2+ijLA/SI7JbrO:7TIuhIAltIBC
                                          MD5:79D790F88E256CC8C968456344519BAB
                                          SHA1:6EA401BBD3082D55BA2235D768A80BEA52E4759A
                                          SHA-256:E372E25B32E8657DB9B57B3C9B53D68B67F3FC6651C53B071DCAC6CAB6662FCA
                                          SHA-512:EDB436E11FE172A73DD899E163F3D05D1DB6214755FCCCD7311A1923EF5EE8F7530D353D1EEB9BE8B9E435F250509CD114CE540BC4F928B32000A64E05EB4E9C
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_3 generated from 'MAPPINGS/ISO8859/8859-3.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-3',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_4.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13683
                                          Entropy (8bit):4.589930243244332
                                          Encrypted:false
                                          SSDEEP:192:yHhsuOTDvRvUrXPLouhIAs2+ijL4Eo6z+:/T5uhIAlhb+
                                          MD5:4C0E2E5478CFC6B2A8134D5C5D3C76ED
                                          SHA1:73749BA58832D716683A2F76354BB032A3123E78
                                          SHA-256:164C26A1A13DC22A21A7F80E5C0176EA9223111B759D2ED1CD8B3C55AAB63BBD
                                          SHA-512:C469837BC68A419D91FD8EB0D52A2164D557C3EEBDA6E7F2B1040D18DFC6F94BDA827CFAC0EF44BF8F19DDE6B732A9AF3A48214EE0AFB143600D3D77E98F1C59
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_4 generated from 'MAPPINGS/ISO8859/8859-4.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-4',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_5.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13322
                                          Entropy (8bit):4.619153100357495
                                          Encrypted:false
                                          SSDEEP:192:iHhsuOTDvRcUrXPLouhIAs2+ijL762Y+n:vT2uhIAlT62n
                                          MD5:70CB514B7CD7B9A494A55CB257553431
                                          SHA1:7F689F78B422164FDA39F897B45AAE7C8CCFE8DB
                                          SHA-256:4622BB45469E23C852698A6B784B5E28AFD8072FDDB8E319C02D39B138CB9DBE
                                          SHA-512:CCCA6974D74B32643D84198A626C28A6CC777B3D9853C90FDE3F61D54F8A41ED3C423CE2795402E6157A1529985C91E56B1D2C944EF3222E54CA8D2A232C0D6D
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_5 generated from 'MAPPINGS/ISO8859/8859-5.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-5',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_6.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11140
                                          Entropy (8bit):4.629970059245577
                                          Encrypted:false
                                          SSDEEP:192:+HhsuOTDvRhUrXPLouhIAs2+ijLeCdxeiu5iEp30yfZn:LTnuhIAlUH
                                          MD5:A69D78A4C1AB4134DC5033FA45821AAE
                                          SHA1:C0B9008772067BF43B1A817780D6B86DFCD87EF8
                                          SHA-256:1543F9AD8DCC4AA912C5C901A5A216A4EA3DB62FB19197A0D90CCC0EE69B4538
                                          SHA-512:230E26A9366387FAE38340921C675D3AD3CD8580096824842FA9261EB1BBA391E399525425030854FAA9F84819E57F7F9F238426B809274A6D78676143AC9F3B
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_6 generated from 'MAPPINGS/ISO8859/8859-6.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-6',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_7.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13151
                                          Entropy (8bit):4.649031466938632
                                          Encrypted:false
                                          SSDEEP:192:+HhsuOTDvReUrXPLouhIAs2+ijLEARfO21XHHjfvK8uHZh:LTEuhIAl8AN11XO8Aj
                                          MD5:50BFFF8D67F78DF6B9941AD829159358
                                          SHA1:D766C9E1E2EA76FB3CA67793F36A3F45C1545132
                                          SHA-256:41FEB2BEC72E3F07C0D67F0E421FF8E51A8E1688AA20AF7C8A12CE0DDF464104
                                          SHA-512:00EEA3F1B69FA47E0DA4B7AC0E4AD0E8830A6A3E845B3D340A4ACB4DB0838D01423B4FFAD94863178ECAD72FA1053868CE506C5AF3C010C76A29D11F2BB992C5
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_7 generated from 'MAPPINGS/ISO8859/8859-7.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-7',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_8.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11343
                                          Entropy (8bit):4.621650787612196
                                          Encrypted:false
                                          SSDEEP:192:aHhsuOTDvR7UrXPLouhIAs2+ijLUSj6ZZPHxvi:3TluhIAlcSv
                                          MD5:E873B80A7B474B64BA463354A5D1A39A
                                          SHA1:58682E0EF443927AC206F8C0B70FB2636DD1C2C2
                                          SHA-256:63D11B2592BDB036C8F4150EC1F968D1A6E01D22AF8D7DAF94F6C72E0A8FD752
                                          SHA-512:185EA3AD52F3CE519171B5CBBB5BF7071C009A800121F368CD06118F1A82D37BA2A5526118D6A8B1117C5C9AD31699BD657903CDA9C4A25D6BB7D192C643C717
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_8 generated from 'MAPPINGS/ISO8859/8859-8.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-8',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\iso8859_9.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13463
                                          Entropy (8bit):4.569353880954753
                                          Encrypted:false
                                          SSDEEP:192:KHhsuOTDvRIUrXPLouhIAs2+ijLMZt6B5TdjN:nTiuhIAlEZt69x
                                          MD5:CAD4BC52AF4F5E24614AC8857D21DC35
                                          SHA1:49BDA77039C166194660CAF30885E17951603F3E
                                          SHA-256:FD0CCFDE95FCFEBF48BA5ED5F697C4799C3303B853077F48FFEF2FD9EF1E30C8
                                          SHA-512:6CBDC2C1F97DB4A9A1BFD1D1601C55F946C82BB5AE2844DDECC98A1B760B7EB292EA393DFD2A1D45BA99906397861BF01E1C0C3430D8285B517724F06F19D10E
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec iso8859_9 generated from 'MAPPINGS/ISO8859/8859-9.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='iso8859-9',.. encode

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\johab.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1062
                                          Entropy (8bit):4.530496029691674
                                          Encrypted:false
                                          SSDEEP:24:nNqxOzSf/XokTZKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj92FcJxFpz:Nqyzqt62VJjRU8njOxLnrxLbrLK8+Jx/
                                          MD5:161F7EEDD0B4169D0A36DA2E7808EB7B
                                          SHA1:35D8869963DBB870A4B9DF3C974DE9A5CF5F4E41
                                          SHA-256:C83AA2098AB15FBAD7EB999C303B27350B0459EE9F6FC2B2BF4004D4285F9E8D
                                          SHA-512:5219805C9AF0799449BA650FE4108B450A20A3864AC5CD7ADA83A5C2429F9604025E8F1F296A461600E73372779838971AB91F150060761597D670B4AB9ED531
                                          Malicious:false
                                          Preview:#..# johab.py: Python Unicode Codec for JOHAB..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_kr, codecs..import _multibytecodec as mbc....codec = _codecs_kr.getcodec('johab')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='johab',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamrea

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\koi8_r.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14086
                                          Entropy (8bit):4.696171438355166
                                          Encrypted:false
                                          SSDEEP:192:veHhsuOTDvRnUrXPLouhIAs2+i4bur6Zv8muyEdP:vrT5uhIAl/euxP
                                          MD5:75872A24381833D8B71D42A66523AA45
                                          SHA1:C4AC11C4903178821FE680C732462C02626C016B
                                          SHA-256:90A883B291D5F1E6DBB735413D51648C31580B1927500161C16624836D01E5EE
                                          SHA-512:A84BD3BDBC4BCBFE90B550CB4FFB6CDBEBBB4B1C3824A931CBA448E84C79D4D6B05D9D67C0718FA97F790B8C1071C775010058306BCEC2769D4E721808CED8FF
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec koi8_r generated from 'MAPPINGS/VENDORS/MISC/KOI8-R.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='koi8-r',.. encode=

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\koi8_t.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13501
                                          Entropy (8bit):4.664370116157909
                                          Encrypted:false
                                          SSDEEP:192:ahsuOTDvRNUrXPLouhIAs2+imIzDCYPfuyEdP:fTLuhIAl5jfuxP
                                          MD5:B2F96B9A1CF37B7C81BE8704D4E62EF9
                                          SHA1:AB37BF387BF19A833126952D139E41093DD217D9
                                          SHA-256:86D922A935AFDE1BD7C22CF8A9F23A237511C92C51509A80051DD2862A84D09F
                                          SHA-512:F139A2AAB199BB95905B6C020A6410D9FC1C67486BB8AF7796CE41BCC8CDE7AE034749F50728162BE836AE2D4ED74D4ED82282EE56517843C404412C72756ECE
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec koi8_t.."""..# http://ru.wikipedia.org/wiki/...-8..# http://www.opensource.apple.com/source/libiconv/libiconv-4/libiconv/tests/KOI8-T.TXT....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return c

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\koi8_u.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14069
                                          Entropy (8bit):4.689466302139651
                                          Encrypted:false
                                          SSDEEP:192:SHhsuOTDvR6UrXPLouhIAs2+i4bur6e9zuyEdP:fTIuhIAl/5uxP
                                          MD5:211B71B4C717939EDEDBFD33A9C726BE
                                          SHA1:64DEB95FD1A59EC03B09643BE2F2055A079151E4
                                          SHA-256:9F77F72F8A42A1BA97C7D53AFDB6F6A6D4E08707CAA4D4CD57D6C113156BB32B
                                          SHA-512:3CBACB39A0994C5285E5B0316B3816916D43C6EE607398022B7BF05430A9621416C2F28A848C2E90B47BE147DDFFB7CF03D5CE8C129BFE52247D6AA238FF5639
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec koi8_u generated from 'python-mappings/KOI8-U.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='koi8-u',.. encode=Codec(

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\kz1048.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14030
                                          Entropy (8bit):4.572243714560591
                                          Encrypted:false
                                          SSDEEP:192:Mn/GuINDBTXqJPnXEeXGyQCmEYcrj6CbwK+avSMcdgF:LNneXGy1lHwK+avSMNF
                                          MD5:F4729A1242BD140B732D4BEE6E137558
                                          SHA1:44EFA222BB2CA9ADD776C29A098F9F03FF03E515
                                          SHA-256:DA8BAC477F14620D8AA89EB6CB8963602E1C39724148369C88EF48C95D495011
                                          SHA-512:F5812E38B06620752A557FA70F207AA3298A2FEC7598107BCE749F5B1529A8CA92CAC5AD72E068F6F711C714868389861E93B25B484FA2AD13FC8B3A50EE797E
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec kz1048 generated from 'MAPPINGS/VENDORS/MISC/KZ1048.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self, input, errors='strict'):.. return codecs.charmap_encode(input, errors, encoding_table).... def decode(self, input, errors='strict'):.. return codecs.charmap_decode(input, errors, decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input, self.errors, encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input, self.errors, decoding_table)[0]....class StreamWriter(Codec, codecs.StreamWriter):.. pass....class StreamReader(Codec, codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='kz1048',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\latin_1.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1314
                                          Entropy (8bit):4.724793488479122
                                          Encrypted:false
                                          SSDEEP:24:J4OSEHV0yWJyWKMufQ2hQZUQWSJzWSJDtyWVyWg9ZKj9b1QJxFplR:J4OSJui6SJ6SJ8TKnQJxTz
                                          MD5:92C4D5E13FE5ABECE119AA4D0C4BE6C5
                                          SHA1:79E464E63E3F1728EFE318688FE2052811801E23
                                          SHA-256:6D5A6C46FE6675543EA3D04D9B27CCCE8E04D6DFEB376691381B62D806A5D016
                                          SHA-512:C95F5344128993E9E6C2BF590CE7F2CFFA9F3C384400A44C0BC3ACA71D666ED182C040EC495EA3AF83ABBD9053C705334E5F4C3F7C07F65E7031E95FDFB7A561
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python 'latin-1' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... # Note: Binding these as C functions will result in the class not.. # converting them to methods. This is intended... encode = codecs.latin_1_encode.. decode = codecs.latin_1_decode....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.latin_1_encode(input,self.errors)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.latin_1_decode(input,self.errors)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....class StreamConverter(StreamWriter,StreamReader):.... encode = codecs.latin_1_decode.. decode = codecs.latin_1_encode....### encodings module API..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_arabic.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:CSV text
                                          Category:dropped
                                          Size (bytes):37165
                                          Entropy (8bit):4.736863402692657
                                          Encrypted:false
                                          SSDEEP:384:RakostECDXJVf+hiOjiU6Q3DBEQ12yWQZr75CAwKC1/h:Ukost5LX2htjN6QT682PQx5PwVJ
                                          MD5:C269925332C46C7A774FBFCAD74F4B66
                                          SHA1:5F9542A16C83A7EE831F320507BD87756B398DCF
                                          SHA-256:F5C262F930F3B7D83466283347F8B0D7B5C7CBF18DD6FCEB4FAF93DBCD58839E
                                          SHA-512:5BAE57045F650E062EAEA05106F726A0C9B29409CA6CD9667338473DF8CA779BE8965C5F8BD5D87B2DDB76024794AFFC92FF98850D0D0161269133AC3B2F7825
                                          Malicious:false
                                          Preview:""" Python Character Mapping Codec generated from 'VENDORS/APPLE/ARABIC.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_map).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_map)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-arabic',.. encode=Codec().encode,

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_croatian.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13940
                                          Entropy (8bit):4.577897629122807
                                          Encrypted:false
                                          SSDEEP:192:wHhsuOTDvRI7ZpouhIAs2+iy2w4kN8gzeqBwHr+:tTZuhIAl+4E16ap
                                          MD5:C3FC8C5389BFDF1371B849C38FE1A20C
                                          SHA1:009654FD007C938E2FC889B64954FD139EE051E8
                                          SHA-256:68539CA54FFD5D96C07F3590E720D8A28009CB7CAA13E607AC3084D19DD5A19A
                                          SHA-512:8F81FD2106ED43E0CE34004576ED99D77FB6766EC6B757EB4F8B815742E86F90C36CDBAF19E9C3BE3D4F2B92B94695D014721C4A2D7E22312155BE7FBA1164BA
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec mac_croatian generated from 'MAPPINGS/VENDORS/APPLE/CROATIAN.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-croatian',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_cyrillic.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13761
                                          Entropy (8bit):4.613646718299373
                                          Encrypted:false
                                          SSDEEP:192:8HhsuOTDvRA7ZpouhIAs2+i4Xm8jLPeqBap+f:pTduhIAl+mmia1f
                                          MD5:69AF178D83304D0AB6260D64CC9C734F
                                          SHA1:AA73ADF92F5762F559B26C9858590AA750D4F25F
                                          SHA-256:AC11E1F54789AFF782D79FE7D6FD52183EF0F57B6AC4A0F680353FE0113F0D4D
                                          SHA-512:A42B7C7CD5E6AE157B1DCE131264C353DF0FF6FEA09B06D1498EF07931D94D91C48D311964E0F35D4DF893CE65BFD5F3339BB9E1541DFBE2A2FEED25A478E9F9
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec mac_cyrillic generated from 'MAPPINGS/VENDORS/APPLE/CYRILLIC.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-cyrillic',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_farsi.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:CSV text
                                          Category:dropped
                                          Size (bytes):15477
                                          Entropy (8bit):4.803106966743048
                                          Encrypted:false
                                          SSDEEP:192:4HhsuOTDvRe7Zt+/UxcXwz1BhFouhCuMQ+iujx5zCdxeiu5iEpkHzWO0yfZBcsWR:FTPuhCuj6fHmHzp03
                                          MD5:46E0758A4DF808F2649BD6B7262362BA
                                          SHA1:A647995DAE668E9D2EDF34529CF1DDDD06AC8016
                                          SHA-256:B0F1FA8399AD1844EF5F07ACFCD523585AB576F411D845A008A610FF6A25AD31
                                          SHA-512:ABB217D00013E01B89855773B9CA728F2F0D14C9E3A7F4CC705588D458CB06E93A6FC187F87FD084F78E0668094324F9D0857D58CFC68D04A8883C8973BB6A77
                                          Malicious:false
                                          Preview:""" Python Character Mapping Codec mac_farsi generated from 'MAPPINGS/VENDORS/APPLE/FARSI.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-farsi',.. e

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_greek.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14028
                                          Entropy (8bit):4.6264619578502515
                                          Encrypted:false
                                          SSDEEP:192:WlHhsuOTDvRT7ZpouhIAs2+iEh+GsHlIu/lwqBxTj/Fq3FHEj:rTCuhIAl6+GeJ/Wa3QVQ
                                          MD5:338143EC1BC5F5DDE251657BECC4667A
                                          SHA1:E68BFEAB6E5209748AC47B44505E6CA581141647
                                          SHA-256:4C67D361F922B611213FD8FEB9FCAAA9FF8CB57CD961F1CA1B5CF4483B1DEE66
                                          SHA-512:D58D0F6309FCF945FF25F7B5D825E8BAB1BFBDB40490110ADBA51B587AED5BE101A22C22CA99B9A4FF9B355F8E7980A713EA6CDD550403B37915EB79796E8A39
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec mac_greek generated from 'MAPPINGS/VENDORS/APPLE/GREEK.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-greek',.. e

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_iceland.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13805
                                          Entropy (8bit):4.569004919357403
                                          Encrypted:false
                                          SSDEEP:192:+HhsuOTDvRB7ZpouhIAs2+iy2wkKY2gKPeqBamec6U6+8:LTcuhIAl+k3LFam
                                          MD5:8FF7EE70CFFA2B336AEE3367796C96ED
                                          SHA1:1F26D1C59F9A124AD334FB2BB3FC1E3D605587FA
                                          SHA-256:64DE55FD0EA0FE4D2512B2303DCB3D20CC57061D78D08A11D3AA6F19E1877826
                                          SHA-512:6D0A64EBFA6F29FD5317043F9C08D0D1F68A39B6640615B2EF093C99629479CE8562C29AEA6509E2FEB255BFE93D0E9FCE9FB1DB43F86F17FE366ADC2788FC7F
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec mac_iceland generated from 'MAPPINGS/VENDORS/APPLE/ICELAND.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-iceland',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_latin2.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14430
                                          Entropy (8bit):4.621572363853459
                                          Encrypted:false
                                          SSDEEP:192:S3hsuOTDvRNUrXPLouhIAs2+iDK19L4vJPeqB48:hTnuhIAlmP4EaD
                                          MD5:BAF2B9E09D011F78EA36ED2CC5ED22FD
                                          SHA1:77B62918E1FAFD837EEE086C552265384BB506B4
                                          SHA-256:74C9045009FABFFA3E81B5B41D97A85860BA42D109DB6673A276EA8BA9B59E56
                                          SHA-512:5FB69F8A5FB424B7872B3872CB75B3B538A35533BFE8F8AFFEC44D82B372C866D1841B2568680ACB954CEB696A92EE3091DC06F04EA89DB5651F35F5667B6DA1
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec mac_latin2 generated from 'MAPPINGS/VENDORS/MICSFT/MAC/LATIN2.TXT' with gencodec.py.....Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY...(c) Copyright 2000 Guido van Rossum....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(C

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_roman.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13787
                                          Entropy (8bit):4.580644681215749
                                          Encrypted:false
                                          SSDEEP:192:wHhsuOTDvR27ZpouhIAs2+iy2w4KY2gKPeqBaoG5:tT/uhIAl+43LFaW
                                          MD5:1F99EDC6D4A3BA200295364C52D6038D
                                          SHA1:8FD1FF1EEC2F74907935621572360E7E53FE7038
                                          SHA-256:6BF6FDE10F2350232DE5EE47D27CAE885362602443B59A924DE8EB6998B18BB2
                                          SHA-512:2924BFF1C570128D57711F91CE1A87B5D156A24144FA3FEBDDDF6C9BB7B82570FB1F9B9FB1C5D23CD9625BF5568F42B718DB3A432F35B47DFF9E72FAE199EA56
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec mac_roman generated from 'MAPPINGS/VENDORS/APPLE/ROMAN.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-roman',.. e

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_romanian.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13968
                                          Entropy (8bit):4.599704767840293
                                          Encrypted:false
                                          SSDEEP:192:FqHhsuOTDvR+7ZpouhIAs2+iy2w4kyYpDgKPeqBaj5:FHTvuhIAl+4cqFaI
                                          MD5:425337635E74A8B98CD770F43848AF18
                                          SHA1:C0F5A92D564177C49E76471117E4B521FD52DF17
                                          SHA-256:1DE13F2703A62479C4312F9A39514C7691CF7F737958B3915AF395A53A596183
                                          SHA-512:853EC8BEB168F69C36AEA83AE221AEADE920DD293928B6F9F61F8938955DF3C709169424D93F49EE05CE2C1AD487CE925808CB136CA91C5022BAD6404008AF6A
                                          Malicious:false
                                          Antivirus:
                                          • Antivirus: ReversingLabs, Detection: 0%
                                          Preview:""" Python Character Mapping Codec mac_romanian generated from 'MAPPINGS/VENDORS/APPLE/ROMANIAN.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-romanian',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mac_turkish.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13820
                                          Entropy (8bit):4.579994522132136
                                          Encrypted:false
                                          SSDEEP:192:yHhsuOTDvRT7ZpouhIAs2+iy2w4KY2gKPeqB9NGc:/TquhIAl+43LFal
                                          MD5:1C214A3F28D2D23CC7FDED7A387585A0
                                          SHA1:B40E5DA5FD44499B161BD2649A6258C9A968D5D5
                                          SHA-256:E7F9E6C9F92513C69754AEF1D7AB235B09E9EEADBBCED4C86DF6E2AA2D06A1EF
                                          SHA-512:58C6B56938D709AFC4E756C2F0CC40812724B963B118CE5E1CA84798DFD17F9E324AC8F5B68FA84FE883E91CBEA8E7FC4BBE32EAE175F1B55072FAAFA7F7397A
                                          Malicious:false
                                          Preview:""" Python Character Mapping Codec mac_turkish generated from 'MAPPINGS/VENDORS/APPLE/TURKISH.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='mac-turkish',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\mbcs.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1258
                                          Entropy (8bit):4.753222127608113
                                          Encrypted:false
                                          SSDEEP:24:JwEFOXxVaniSdZSHvcGWQvnNq1I5atMufnb+s0ktzE9ZKj94JxFplR:JwEWxVaniSvIvdvNq1I5aCuzbztzETK2
                                          MD5:0D4DEB48618561417DDE714ACF399AA3
                                          SHA1:F617D8FC1B17AEC713947CDEE9BA302B4B2E71B1
                                          SHA-256:B00887A6D93C97D320CBB1C3379BD7C6DE767CCFC34ED13442891E06CC62F148
                                          SHA-512:722C9182DEAF8A8A65550EF86F967A559105BE6EB61C9FB3244521D51649B8A2B901E911A28FBB0CC42F1E680ACD0FC64B475E53DEE921287010EE112D982630
                                          Malicious:false
                                          Preview:""" Python 'mbcs' Codec for Windows......Cloned by Mark Hammond (mhammond@skippinet.com.au) from ascii.py,..which was written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..# Import them explicitly to cause an ImportError..# on non-Windows systems..from codecs import mbcs_encode, mbcs_decode..# for IncrementalDecoder, IncrementalEncoder, .....import codecs....### Codec APIs....encode = mbcs_encode....def decode(input, errors='strict'):.. return mbcs_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return mbcs_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = mbcs_decode....class StreamWriter(codecs.StreamWriter):.. encode = mbcs_encode....class StreamReader(codecs.StreamReader):.. decode = mbcs_decode....### encodings module API....def getregentry():.. return codecs

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\oem.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1060
                                          Entropy (8bit):4.538507695911449
                                          Encrypted:false
                                          SSDEEP:24:JkZSHvcGW6pjvneEq1IhhatMufko3b+00kwWzu9ZKj9wJxFplR:JSIvvBvPq1IhhaCu8M1zPzuTKiJxTz
                                          MD5:5163EF7B87B6DEE11BC7914E2AB1FF8E
                                          SHA1:92EB877FD4F77A40FC6745717139D4E335670613
                                          SHA-256:991D1FD2F4B815943EAE7F7BFA9F87E2DE980ACB08932BEA3258FB034902A15F
                                          SHA-512:99458C11DB86287A818176588DEBD76AD18401557B7D49F01FCFA85C917947CDADC310DEF539434824997922CB24005853751920EAE103B0DB04A83AB3A49E46
                                          Malicious:false
                                          Preview:""" Python 'oem' Codec for Windows...."""..# Import them explicitly to cause an ImportError..# on non-Windows systems..from codecs import oem_encode, oem_decode..# for IncrementalDecoder, IncrementalEncoder, .....import codecs....### Codec APIs....encode = oem_encode....def decode(input, errors='strict'):.. return oem_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return oem_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = oem_decode....class StreamWriter(codecs.StreamWriter):.. encode = oem_encode....class StreamReader(codecs.StreamReader):.. decode = oem_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='oem',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreade

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\palmos.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13827
                                          Entropy (8bit):4.583791210166393
                                          Encrypted:false
                                          SSDEEP:192:7hsuOTDvR1UrXPLouhIAs2+iXIcDCYBZt6CJTd12:mTDuhIAlX9Zt680
                                          MD5:3D512E1AB4D97E95DCEE526F991E685F
                                          SHA1:0349C9649CC54002699DD48E80DA09DDC21F9432
                                          SHA-256:C9E5D71C1FA128602E2D10E9BED0B271132DF349290F4465CFCA9D5DAA5BA86C
                                          SHA-512:DB6CE7BF928D829175D54328A6A37F1A8B691B04CEF1C76CE0C98B6B2C21959DF7BCA822416BFF39C2530E93F8B15CCB55E480FD1187C6258734923A10CF9878
                                          Malicious:false
                                          Preview:""" Python Character Mapping Codec for PalmOS 3.5.....Written by Sjoerd Mullender (sjoerd@acm.org); based on iso8859_15.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.. def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='palmos',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\ptcp154.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14327
                                          Entropy (8bit):4.653952382312946
                                          Encrypted:false
                                          SSDEEP:192:63hsuOTDvRmUrXPLouhIAs2+iRQCzJHDCYbtlqtEDp+/:ZTsuhIAlXzJHftlqtEo/
                                          MD5:6EE7970BA64A9E17B3246A28C7CECD28
                                          SHA1:6B56118465C3E53A7E6C0BECE694E3643B485FC0
                                          SHA-256:F3BDA3C1415D37DD1C314E3F474529913F36F7021279D82DED0D11154EED55F2
                                          SHA-512:FAA196E1B4CCEEB771F9EC19E528696B35EAD5AC6CF1EF53DA092F75DB701FB59DBBA7FACEF3F169BC4D6DBF9336D250E0F4B9DFEE9EF2DCAD32C0FAD31C8A93
                                          Malicious:false
                                          Preview:""" Python Character Mapping Codec generated from 'PTCP154.txt' with gencodec.py.....Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY...(c) Copyright 2000 Guido van Rossum....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\punycode.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7120
                                          Entropy (8bit):4.519199483696464
                                          Encrypted:false
                                          SSDEEP:192:l3Dt9EqNFDPf3rBEX2M+4lCQ57+K6AWujvRI3:lRSO/SLV5SZ
                                          MD5:DB14BE3F7A2ADCBCC07E2A32AD0A7198
                                          SHA1:A4F5C43558E47C3F89EB807FEFB2F49119D51B75
                                          SHA-256:823D1424AFA9508EA425F667F787567C80A6A28AE9742C66AA90A829ACC19748
                                          SHA-512:5D572DF2302FF9F74BB4E5F884F8057CDEDFB7BC6C53E82809627BD982104CB42A595B3001C8B65E5C087E94CBEDBC088951ED0EBF0D3AE3C4D88823F3C89BA6
                                          Malicious:false
                                          Preview:""" Codec for the Punicode encoding, as specified in RFC 3492....Written by Martin v. L.wis..."""....import codecs....##################### Encoding #####################################....def segregate(str):.. """3.1 Basic code point segregation""".. base = bytearray().. extended = set().. for c in str:.. if ord(c) < 128:.. base.append(ord(c)).. else:.. extended.add(c).. extended = sorted(extended).. return bytes(base), extended....def selective_len(str, max):.. """Return the length of str, considering only characters below max.""".. res = 0.. for c in str:.. if ord(c) < max:.. res += 1.. return res....def selective_find(str, char, index, pos):.. """Return a pair (index, pos), indicating the next occurrence of.. char in str. index is the position of the character considering.. only ordinals up to and including char, and pos is the position in.. the full string. index/pos is the starting p

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\quopri_codec.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1581
                                          Entropy (8bit):4.656023184812778
                                          Encrypted:false
                                          SSDEEP:48:5UeC1AIc1eq1AIrZ1+A1+0uwY+vIvBTKXgCJxHjH:5Uj7c1P7rZdBu6AJTKVrH
                                          MD5:096A80038FB883522A68E9E6C434C6A6
                                          SHA1:3FAFAD17359B000B8A417446E15D69EEE44A10B2
                                          SHA-256:4BF9A405B6F2359E5B931E0D9FB9BD9609B013688CE2E58AEBBD9BFCB119A356
                                          SHA-512:8088AE700A1C85C55BA10FE47EEC68193497DDC5145069C48D258604273F284F46A42D5F83D43D826A2C11CB1E71692A0D4D15005D63800F072DD883BA7890BB
                                          Malicious:false
                                          Preview:"""Codec for quoted-printable encoding.....This codec de/encodes from bytes to bytes..."""....import codecs..import quopri..from io import BytesIO....def quopri_encode(input, errors='strict'):.. assert errors == 'strict'.. f = BytesIO(input).. g = BytesIO().. quopri.encode(f, g, quotetabs=True).. return (g.getvalue(), len(input))....def quopri_decode(input, errors='strict'):.. assert errors == 'strict'.. f = BytesIO(input).. g = BytesIO().. quopri.decode(f, g).. return (g.getvalue(), len(input))....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return quopri_encode(input, errors).. def decode(self, input, errors='strict'):.. return quopri_decode(input, errors)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return quopri_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\raw_unicode_escape.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1378
                                          Entropy (8bit):4.688171660474759
                                          Encrypted:false
                                          SSDEEP:24:JKmSEHV0yWfBx1yWfB8MufQfBxCb+nh5fBiiUQWSJzWSmi1GfBX9ZKj9UnQJxlTt:JVST31u0WMp6SJ6SL1CBTKanQJxHf
                                          MD5:7B4C09E92D59EF6722DFCB9C79B792A7
                                          SHA1:F413714763D5BC134CE873FEB69A4D79735C381B
                                          SHA-256:2CC24FFC2D06CAB80423ADA94E3DFFC02C010346E17EFC2FFFE86825A6E07808
                                          SHA-512:9584CF7FDC438C9E1D00CA3387A3F8AF103B3DDB41A65768131ACC5F3E7D40AF180D1991EF613451B2736E20D963BD2EC08F48106C15146134C8A42BB6A64D3A
                                          Malicious:false
                                          Preview:""" Python 'raw-unicode-escape' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... # Note: Binding these as C functions will result in the class not.. # converting them to methods. This is intended... encode = codecs.raw_unicode_escape_encode.. decode = codecs.raw_unicode_escape_decode....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.raw_unicode_escape_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. def _buffer_decode(self, input, errors, final):.. return codecs.raw_unicode_escape_decode(input, errors, final)....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. def decode(self, input, errors='strict'):.. return codecs.raw_unicode_escape_dec

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\rot_13.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2561
                                          Entropy (8bit):4.800734764439435
                                          Encrypted:false
                                          SSDEEP:48:7Hk1rNJm1rNJbuvNJTNJi6SJ6S0TK/JxHjRohn3xrUAosYDYKQyaDl:7EvJmvJbu1JRJivCTK/rSh1U8eSyol
                                          MD5:15F4EDEE2C94C2FB2F07435332C7A25A
                                          SHA1:D110DE2410DE8170389F26082E79C33EA643C991
                                          SHA-256:DC6052650356095A92A8CB3A6C63300B7F51A63B6CD3B6F636350B5F22CDA32A
                                          SHA-512:B9A21BB0C6AF53193088CAAF45FD94AAC472FD87927281198D88E70DE07F5D938CCAE2D081D737DEA9C6D11ACB53DCF1E2E855B464DA9871B99D522692492EBD
                                          Malicious:false
                                          Preview:#!/usr/bin/env python..""" Python Character Mapping Codec for ROT13.....This codec de/encodes from str to str.....Written by Marc-Andre Lemburg (mal@lemburg.com)..."""....import codecs....### Codec APIs....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return (str.translate(input, rot13_map), len(input)).... def decode(self, input, errors='strict'):.. return (str.translate(input, rot13_map), len(input))....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return str.translate(input, rot13_map)....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return str.translate(input, rot13_map)....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='rot-13',.. encode=Codec().encod

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\shift_jis.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1078
                                          Entropy (8bit):4.563549974626686
                                          Encrypted:false
                                          SSDEEP:24:n5SqSOzff/XokKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9RcJxFplR:5Sqfwm62VJjRU8njOxLnrxLbrLKUJxTz
                                          MD5:9C02A2E9711192F5738426F6E7285B5C
                                          SHA1:6AF9532F9C07B806DBA9D248A17E14B3EE637B1C
                                          SHA-256:195C87BF032904002D5ADB51C256AE14D99F4A69FFC15C989CA34DD51FC203D7
                                          SHA-512:3607DA04E5A83C27B8F6F3223872BF7957B58EA8326E19ECEB6A5836DD4E35B1A27CF43BBB4250E0CF0B931BB4BBEF6290FB6D30BEF407CC8C137277DBEB85D2
                                          Malicious:false
                                          Preview:#..# shift_jis.py: Python Unicode Codec for SHIFT_JIS..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('shift_jis')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='shift_jis',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\shift_jis_2004.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1098
                                          Entropy (8bit):4.636186915032078
                                          Encrypted:false
                                          SSDEEP:24:njqMsOzff/XoRKyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9ocJxFplR:jqkwF62VJjRU8njOxLnrxLbrLKHJxTz
                                          MD5:0440951B33F486E65DB5176D5CF99851
                                          SHA1:D6269777856EC9BB88F7A0413A55EBCCE3BFBE17
                                          SHA-256:B806ADF317A9920E69A1DEB14C7F078F0D5A9BD26BD370C89492F4DD296AA52A
                                          SHA-512:A92FF2A9EB64C6E42E4CB808823E1B88CD760EC83EAB27BDAAB974152FB2B8DDC2288F800BE85A622F79304DADFD7E96DDEF86FED3434B73CC53967F873BBCEA
                                          Malicious:false
                                          Preview:#..# shift_jis_2004.py: Python Unicode Codec for SHIFT_JIS_2004..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('shift_jis_2004')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='shift_jis_2004',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=In

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\shift_jisx0213.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1098
                                          Entropy (8bit):4.656971526890629
                                          Encrypted:false
                                          SSDEEP:24:nAqqOzff/Xo2KyYydVM2VJjq2UIBlnjqvIiLxySrIiUmx5ASrIIKj9PcJxFplR:AqHw462VJjRU8njOxLnrxLbrLKCJxTz
                                          MD5:CBAB0DA456CE49672F8A5CDB79018312
                                          SHA1:A682827169185DA5BBA2B498BF0302B2EAE087A7
                                          SHA-256:16BE3CDC9EFA7C3A6EC5A683BC03BCAA9DBB41FCC70C92900130175A761A9D62
                                          SHA-512:EFE6CF1021E7FEEF474A3C0E0B346515410716DA6536488765803F2DBD1DA2A217F23F64484634C8EDDC149086F1AD82D563EB9A7C6319976FB852747CCCCF9D
                                          Malicious:false
                                          Preview:#..# shift_jisx0213.py: Python Unicode Codec for SHIFT_JISX0213..#..# Written by Hye-Shik Chang <perky@FreeBSD.org>..#....import _codecs_jp, codecs..import _multibytecodec as mbc....codec = _codecs_jp.getcodec('shift_jisx0213')....class Codec(codecs.Codec):.. encode = codec.encode.. decode = codec.decode....class IncrementalEncoder(mbc.MultibyteIncrementalEncoder,.. codecs.IncrementalEncoder):.. codec = codec....class IncrementalDecoder(mbc.MultibyteIncrementalDecoder,.. codecs.IncrementalDecoder):.. codec = codec....class StreamReader(Codec, mbc.MultibyteStreamReader, codecs.StreamReader):.. codec = codec....class StreamWriter(Codec, mbc.MultibyteStreamWriter, codecs.StreamWriter):.. codec = codec....def getregentry():.. return codecs.CodecInfo(.. name='shift_jisx0213',.. encode=Codec().encode,.. decode=Codec().decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=In

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\tis_620.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12607
                                          Entropy (8bit):4.621772981576072
                                          Encrypted:false
                                          SSDEEP:192:WHhsuOTDvR2LUrXPLouhIAs2+ijLf00pC8i5I:zTojuhIAl0H8iG
                                          MD5:D9690A0F4A8779777A17C8E04C5EA6FF
                                          SHA1:F10E74D2FDC0BE0582B97094F50BF4A38320C6FA
                                          SHA-256:18AFE3A0FD28797D71762EAFFADC9822E0CB8832BE696AF2298F6727AB92627F
                                          SHA-512:48AEBA9D13106BECC3305F42FB4C0A9B9D3A5663C807C7B42FAC579229D9FD43E2F15BBE3AA9DB6C19216334F296D584308BB12D93C4D998D0AF607ABB621BAA
                                          Malicious:false
                                          Preview:""" Python Character Mapping Codec tis_620 generated from 'python-mappings/TIS-620.TXT' with gencodec.py....."""#"....import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. return codecs.charmap_encode(input,errors,encoding_table).... def decode(self,input,errors='strict'):.. return codecs.charmap_decode(input,errors,decoding_table)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.charmap_encode(input,self.errors,encoding_table)[0]....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. return codecs.charmap_decode(input,self.errors,decoding_table)[0]....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='tis-620',.. encode=Cod

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\undefined.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1348
                                          Entropy (8bit):4.667992147176458
                                          Encrypted:false
                                          SSDEEP:24:JldJcg5qSEH6e1cUe2e1cUeFMufKUeFhKUemUQWSJzWS09ZKj9EmIcJxlTpf:JldJ9ISo1ner1neKuhe5em6SJ6S0TK2M
                                          MD5:7C6EF4AB65DA0214127F4E70CB74D180
                                          SHA1:01D2D4FAE5C7C55DDD33CE3D5DB95BC56EA68E03
                                          SHA-256:E882AD26197F05AFB20980407787F77D18E234F562E6EC396B7D9DF3C7EEF5FC
                                          SHA-512:2DEC757B249BEC760DA00B5269D51C2F7ADEF574FD68A188B64304EB1B7974C84E0B4AB89A138764203D89231DFE76AA4784C466B384655B26D510FA58522E7E
                                          Malicious:false
                                          Preview:""" Python 'undefined' Codec.... This codec will always raise a ValueError exception when being.. used. It is intended for use by the site.py file to switch off.. automatic string to Unicode coercion.....Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... def encode(self,input,errors='strict'):.. raise UnicodeError("undefined encoding").... def decode(self,input,errors='strict'):.. raise UnicodeError("undefined encoding")....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. raise UnicodeError("undefined encoding")....class IncrementalDecoder(codecs.IncrementalDecoder):.. def decode(self, input, final=False):.. raise UnicodeError("undefined encoding")....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. pass

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\unicode_escape.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1350
                                          Entropy (8bit):4.660145850496412
                                          Encrypted:false
                                          SSDEEP:24:JDmSEHV0yWcBx1yWcB8MufQcBxCb+nh5cBiiUQWSJzWSmi1GcBX9ZKj9jQJxlTpf:JaSAE1uzWbp6SJ6SL1tBTKpQJxHf
                                          MD5:C939A021963EDD01807CDF57B08163D7
                                          SHA1:5549D399865582B0A802D950E8B3B7FA4474D726
                                          SHA-256:1D1372CF4F46E2F99820070B78563BD3EEED60FFC43A932B483CC7918F3DA5E9
                                          SHA-512:8BF2450C2A44B4ED7B9E901C425AD7BA114E9B946E69FF0DB36644DBD82BF85266EB487C373179F50DB983CE0A51A03E52F43539F92DBC9BF69D39F5DBAE7753
                                          Malicious:false
                                          Preview:""" Python 'unicode-escape' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....class Codec(codecs.Codec):.... # Note: Binding these as C functions will result in the class not.. # converting them to methods. This is intended... encode = codecs.unicode_escape_encode.. decode = codecs.unicode_escape_decode....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.unicode_escape_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. def _buffer_decode(self, input, errors, final):.. return codecs.unicode_escape_decode(input, errors, final)....class StreamWriter(Codec,codecs.StreamWriter):.. pass....class StreamReader(Codec,codecs.StreamReader):.. def decode(self, input, errors='strict'):.. return codecs.unicode_escape_decode(input, errors, False

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_16.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5391
                                          Entropy (8bit):4.3113332789517
                                          Encrypted:false
                                          SSDEEP:96:JgcgiEqCubuY5lRlE2GRCGEFdIXv5lLoQyLt6ofvBUpzdft0iL7+9WiV9lkip8IB:aruCouolRaRCRIhlL7yLt7vYfLL72blt
                                          MD5:2867E58C229EB66CE2FC8704F1E380D2
                                          SHA1:57CB01EF3A3CD16BCCB814C86A3B6DABC379B7C4
                                          SHA-256:FD85A9D634B6F3868D6777E2B0367643571B3E61111B87C79F65DF3F57C7ACB3
                                          SHA-512:7E08E1F9FFCF68123DA6B5B531ED0040AE652FC00DCCEAFCD2B4AF121CA627ECF7A4F9DC6AEB44EF8C040414F27BB3AC0B31FAB030A7BB6D5C2491CA5161CC12
                                          Malicious:false
                                          Preview:""" Python 'utf-16' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs, sys....### Codec APIs....encode = codecs.utf_16_encode....def decode(input, errors='strict'):.. return codecs.utf_16_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. codecs.IncrementalEncoder.__init__(self, errors).. self.encoder = None.... def encode(self, input, final=False):.. if self.encoder is None:.. result = codecs.utf_16_encode(input, self.errors)[0].. if sys.byteorder == 'little':.. self.encoder = codecs.utf_16_le_encode.. else:.. self.encoder = codecs.utf_16_be_encode.. return result.. return self.encoder(input, self.errors)[0].... def reset(self):.. codecs.IncrementalEncoder.reset(self).. self.encoder = None.... de

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_16_be.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1079
                                          Entropy (8bit):4.776020747108792
                                          Encrypted:false
                                          SSDEEP:24:JMSEVyWuq1IjaatMufQBb+OyW80kzyWEzryW79ZKj9kJxFplR:JMS1q1I2aCuqEzSzhTKOJxTz
                                          MD5:71C7BEDB2761CE2BCD7D4AB422CF4F40
                                          SHA1:9BE6A38B88716031ED83825611C3B010284C3677
                                          SHA-256:16329B46D794F4D13B38A7A2540002E72E176D85237872CA3A24BF3C90D7665C
                                          SHA-512:D72E83FB2FD71EED49EC72F9B99B87A0341B2923091C6D92B5DEAB7C380418F8BFB868EE064A76FD321EBD2C2D8560A2559D76401730F199870374B4B555E35B
                                          Malicious:false
                                          Preview:""" Python 'utf-16-be' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....encode = codecs.utf_16_be_encode....def decode(input, errors='strict'):.. return codecs.utf_16_be_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_16_be_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_16_be_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_16_be_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_16_be_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-16-be',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_16_le.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1079
                                          Entropy (8bit):4.763394951954305
                                          Encrypted:false
                                          SSDEEP:24:J+SEVyWMq1IjP8atMufQfb+OyWPy0kzyWuzryWP19ZKj9qJxFplR:J+SHq1I4aCuYizgzXTKQJxTz
                                          MD5:E34C5A24FE48A17FCBFC4335389F6C4E
                                          SHA1:4FD9811F688CE9ADDF6B1315600707C46BA02D56
                                          SHA-256:6D3B04F3ABD9FB6151FEE5CA0426C2E7ED2677EF1358C269747FF8946FFC02B9
                                          SHA-512:2FE8D6111B3A81F509BB67AB452CEDF9721501222F16E3CCDC4E412BF7BB2383317269ED4059E2C1E82434EF6830794A6EB8AA7DDA2E6230290A8027E601BB10
                                          Malicious:false
                                          Preview:""" Python 'utf-16-le' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....encode = codecs.utf_16_le_encode....def decode(input, errors='strict'):.. return codecs.utf_16_le_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_16_le_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_16_le_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_16_le_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_16_le_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-16-le',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_32.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5279
                                          Entropy (8bit):4.273683297819166
                                          Encrypted:false
                                          SSDEEP:96:g+tqC0buY5lRlzeRCGEFdIPv5lLoQwLt6ofvBUpzdf/0iL7+zykV9bkMpZ/ut1fA:DkCSuolRMRCRMhlL7wLt7vYfVL7qbbpd
                                          MD5:616CF58B40671374C8A7BB69A3EBC565
                                          SHA1:2F71BE2439277B332CC255B7E0B0F11AFF9AB090
                                          SHA-256:97F6038F368954DD48BE9B5FA41B1395A71FCA0271B0FEA69F8E16F9F6633775
                                          SHA-512:43D921D34974BA356A0AE3B650516B7E1108DBFB10618BAC22A0485A5AD1B55D73B1090F77C69C67ACD0C3BE231E4DBD02A32040BCF88FA646610C91F819F341
                                          Malicious:false
                                          Preview:"""..Python 'utf-32' Codec.."""..import codecs, sys....### Codec APIs....encode = codecs.utf_32_encode....def decode(input, errors='strict'):.. return codecs.utf_32_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. codecs.IncrementalEncoder.__init__(self, errors).. self.encoder = None.... def encode(self, input, final=False):.. if self.encoder is None:.. result = codecs.utf_32_encode(input, self.errors)[0].. if sys.byteorder == 'little':.. self.encoder = codecs.utf_32_le_encode.. else:.. self.encoder = codecs.utf_32_be_encode.. return result.. return self.encoder(input, self.errors)[0].... def reset(self):.. codecs.IncrementalEncoder.reset(self).. self.encoder = None.... def getstate(self):.. # state info we return to the caller:.. # 0: stream is in natural order for th

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_32_be.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):967
                                          Entropy (8bit):4.64840879615024
                                          Encrypted:false
                                          SSDEEP:24:g6VyWEq1IjsatMufQ3b+OyWi0kzyWWzryWF9ZKj9KJxFplR:gRq1IQaCusKzwzXTKYJxTz
                                          MD5:85519A8598572F85931621ACCB60DB87
                                          SHA1:2B7912D3F1D4042A0778C22C068A18A9AD00B990
                                          SHA-256:A3698A68287CC78323117D14BE3B0B40F46289A850EB06AA9A5328D44B2A30EF
                                          SHA-512:AAF1FB52FCB6BCE9D3E026BD4866149D48F5E2434A735DED9165C65A5FD4D0186CC44715A797A890F4E01C9E4CB44453BCA8D4BA6993B93811739CA80E86F5FA
                                          Malicious:false
                                          Preview:"""..Python 'utf-32-be' Codec.."""..import codecs....### Codec APIs....encode = codecs.utf_32_be_encode....def decode(input, errors='strict'):.. return codecs.utf_32_be_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_32_be_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_32_be_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_32_be_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_32_be_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-32-be',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReader,.. streamwriter=StreamWriter,.. )..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_32_le.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):967
                                          Entropy (8bit):4.629711576470682
                                          Encrypted:false
                                          SSDEEP:24:gEVyWWq1IjyatMufQpb+OyWE0kzyWczryWj9ZKj95WJxFplR:g5q1IeaCuG8zizhTKGJxTz
                                          MD5:6647D201D3BAD385BD7897DF02EC45ED
                                          SHA1:AADB093709162E4B5F9ABA0590235AFE3D96246B
                                          SHA-256:945AF03D1DA591640DE7176BEF879658594B399AC7BBE564D790893CA7B38A73
                                          SHA-512:CF7F010E0E199BD017636894D7B1B060E21D2ADF13D81BAE710046889D48604A01D05F10F1B1ACA8033F19E8254857A93334CBBF471E55FD58BD4888B190CE62
                                          Malicious:false
                                          Preview:"""..Python 'utf-32-le' Codec.."""..import codecs....### Codec APIs....encode = codecs.utf_32_le_encode....def decode(input, errors='strict'):.. return codecs.utf_32_le_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_32_le_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_32_le_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_32_le_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_32_le_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-32-le',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReader,.. streamwriter=StreamWriter,.. )..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_7.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):984
                                          Entropy (8bit):4.635801396513396
                                          Encrypted:false
                                          SSDEEP:24:JWyVyW6q1IjWatMufQVb+OyWg0kzyW4zryWH9ZKj9+5JxFplR:JWjq1IiaCu24zmzNTK85JxTz
                                          MD5:ECFD453A49D4C576E4F189CF6B23376C
                                          SHA1:70B61C19024F20BBC476C11D3CE95AA484225D09
                                          SHA-256:1BE7FC4C85EDAAB33427D3F1230D56B8A4B0D75566F726D9DFC50FACEA36688B
                                          SHA-512:F6AB67F17F586459362581DD894D3CAF62D67E283C075DFCD15B2D03E0AC79FF53E31853900A9EFF5E8778ECEC7AEE7A945EA55368D663FF82F657E7950B4A51
                                          Malicious:false
                                          Preview:""" Python 'utf-7' Codec....Written by Brian Quinlan (brian@sweetapp.com)..."""..import codecs....### Codec APIs....encode = codecs.utf_7_encode....def decode(input, errors='strict'):.. return codecs.utf_7_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_7_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_7_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_7_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_7_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-7',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReader,.. streamwriter=StreamWriter,.. )..

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_8.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1047
                                          Entropy (8bit):4.729776202710733
                                          Encrypted:false
                                          SSDEEP:24:JgqSEVyW7yEq1IjPatMufQ7y3b+OyWR0kzyW7yWzryWc9ZKj9/JxFplR:J1SKyEq1IjaCuwyr5z1yWzeTKZJxTz
                                          MD5:F932D95AFCAEA5FDC12E72D25565F948
                                          SHA1:2685D94BA1536B7870B7172C06FE72CF749B4D29
                                          SHA-256:9C54C7DB8CE0722CA4DDB5F45D4E170357E37991AFB3FCDC091721BF6C09257E
                                          SHA-512:A10035AE10B963D2183D31C72FF681A21ED9E255DDA22624CBAF8DBED5AFBDE7BE05BB719B07573DE9275D8B4793D2F4AEF0C0C8346203EEA606BB818A02CAB6
                                          Malicious:false
                                          Preview:""" Python 'utf-8' Codec......Written by Marc-Andre Lemburg (mal@lemburg.com).....(c) Copyright CNRI, All Rights Reserved. NO WARRANTY....."""..import codecs....### Codec APIs....encode = codecs.utf_8_encode....def decode(input, errors='strict'):.. return codecs.utf_8_decode(input, errors, True)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def encode(self, input, final=False):.. return codecs.utf_8_encode(input, self.errors)[0]....class IncrementalDecoder(codecs.BufferedIncrementalDecoder):.. _buffer_decode = codecs.utf_8_decode....class StreamWriter(codecs.StreamWriter):.. encode = codecs.utf_8_encode....class StreamReader(codecs.StreamReader):.. decode = codecs.utf_8_decode....### encodings module API....def getregentry():.. return codecs.CodecInfo(.. name='utf-8',.. encode=encode,.. decode=decode,.. incrementalencoder=IncrementalEncoder,.. incrementaldecoder=IncrementalDecoder,.. streamreader=StreamReade

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\utf_8_sig.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4263
                                          Entropy (8bit):4.440495855479389
                                          Encrypted:false
                                          SSDEEP:96:JGJ9aCCIFyqPICuY5lRlDrwzRC35v5lLo3YCaLt3AvBNiLD1Lg9Ft1QYxTKB3:8J9vCIFTwCuolR9rwzRCJhlLIaLtQv+d
                                          MD5:99B035D3C80B206F86E525A4DB7704D3
                                          SHA1:5006274B7CC61564CF6839AC070631F788FD5FCB
                                          SHA-256:21A95BB95448F2F064F08AA2C89E843B87A20A5A13C45C6C47C288F2BE5219A4
                                          SHA-512:B19A6876EB04CD5739F99C7C0A07B2269E2EB9A72199A656149DD2B87A25EB0F9945CD9CAEFD2B7DA8756386468294493C6353645CB055343F008CDCFF115F4F
                                          Malicious:false
                                          Preview:""" Python 'utf-8-sig' Codec..This work similar to UTF-8 with the following changes:....* On encoding/writing a UTF-8 encoded BOM will be prepended/written as the.. first three bytes.....* On decoding/reading if the first three bytes are a UTF-8 encoded BOM, these.. bytes will be skipped..."""..import codecs....### Codec APIs....def encode(input, errors='strict'):.. return (codecs.BOM_UTF8 + codecs.utf_8_encode(input, errors)[0],.. len(input))....def decode(input, errors='strict'):.. prefix = 0.. if input[:3] == codecs.BOM_UTF8:.. input = input[3:].. prefix = 3.. (output, consumed) = codecs.utf_8_decode(input, errors, True).. return (output, consumed+prefix)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. codecs.IncrementalEncoder.__init__(self, errors).. self.first = 1.... def encode(self, input, final=False):.. if self.first:.. self.first = 0.. r

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\uu_codec.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2954
                                          Entropy (8bit):4.703525654326454
                                          Encrypted:false
                                          SSDEEP:48:XnE2/bf1OV5FPdLLlKTOARSMoxz1AFPLpLGpW7NRp6/df1Fo141RzuwBvIvPTKrf:XESf1OVjPpUOAoMot8P1HJydf/omXu+P
                                          MD5:C62CEDA36D6B362A2250094DFA2EF15A
                                          SHA1:D96068DC9790D38B44F3DA580F134EF1C7288B33
                                          SHA-256:3991C68ACBB5CE946C6BA71CCB044FBBB449F9EAC9B76262456537EAEBEF9340
                                          SHA-512:6C0296817CA26680858DB78B38BF1D1BE39FC7EDB7894979251EA3281496E7447914A12C9C5B41A1EAD12610DD472C00FF9752816FE30CFF4298C083DA29B3A3
                                          Malicious:false
                                          Preview:"""Python 'uu_codec' Codec - UU content transfer encoding.....This codec de/encodes from bytes to bytes.....Written by Marc-Andre Lemburg (mal@lemburg.com). Some details were..adapted from uu.py which was written by Lance Ellinghouse and..modified by Jack Jansen and Fredrik Lundh..."""....import codecs..import binascii..from io import BytesIO....### Codec APIs....def uu_encode(input, errors='strict', filename='<data>', mode=0o666):.. assert errors == 'strict'.. infile = BytesIO(input).. outfile = BytesIO().. read = infile.read.. write = outfile.write.... # Remove newline chars from filename.. filename = filename.replace('\n','\\n').. filename = filename.replace('\r','\\r').... # Encode.. write(('begin %o %s\n' % (mode & 0o777, filename)).encode('ascii')).. chunk = read(45).. while chunk:.. write(binascii.b2a_uu(chunk)).. chunk = read(45).. write(b' \nend\n').... return (outfile.getvalue(), len(input))....def uu_decode(input, error

                                          C:\Users\user\AppData\Roaming\windows\Lib\encodings\zlib_codec.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2281
                                          Entropy (8bit):4.555875191198799
                                          Encrypted:false
                                          SSDEEP:48:XLDD4W1AIejO1AI73101ouY51wdP7z0I51wzD5x6Ftx0+HvIvPTKyJxTPH:XHD4W/ejO/73OauY5y7z/58uXnA3TKyD
                                          MD5:77C7F92636D3B55460B5E1AFD451D5DB
                                          SHA1:DCE6B27A30BC191F9CFA34DEA5A27682AE274DE4
                                          SHA-256:9B660028249BDB7E9B80AF1D5432BF0C90B132A6D0DD205E2DED2A3B3275B728
                                          SHA-512:93E2E6197321CAD932F88F234EBFAD23F88ABB00C18D2F80C5711D15119CA4D0D1AB261156D6E9A7E1FEEA8A30675759823A3353F353551BA887101CDBBFA98D
                                          Malicious:false
                                          Preview:"""Python 'zlib_codec' Codec - zlib compression encoding.....This codec de/encodes from bytes to bytes.....Written by Marc-Andre Lemburg (mal@lemburg.com)..."""....import codecs..import zlib # this codec needs the optional zlib module !....### Codec APIs....def zlib_encode(input, errors='strict'):.. assert errors == 'strict'.. return (zlib.compress(input), len(input))....def zlib_decode(input, errors='strict'):.. assert errors == 'strict'.. return (zlib.decompress(input), len(input))....class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):.. return zlib_encode(input, errors).. def decode(self, input, errors='strict'):.. return zlib_decode(input, errors)....class IncrementalEncoder(codecs.IncrementalEncoder):.. def __init__(self, errors='strict'):.. assert errors == 'strict'.. self.errors = errors.. self.compressobj = zlib.compressobj().... def encode(self, input, final=False):.. if final:.. c

                                          C:\Users\user\AppData\Roaming\windows\Lib\ensurepip\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9734
                                          Entropy (8bit):4.712839348125911
                                          Encrypted:false
                                          SSDEEP:192:F0LxaCi8IROG2kcYfJJg4/PwO/sROSs4bGdJAlAPvTGf4RNttRm:F0LxBIRf2A0IWOSsHdQGM6Nxm
                                          MD5:A834506779D4F1745E722F61C7B7FB24
                                          SHA1:C7939881FEC4FF3E305875232635DB0EEC91C6AD
                                          SHA-256:CA96B1B61EF834837C1242BF875D012012ECE0CBB2E4AA2E4F631BBD595E842F
                                          SHA-512:14A26599A631F35AA57DF92827CD5B5EBF93897C27C374F59D6B213C17D3EBEDE49F6E30FA92D7BA14041FF276E067E19BE985A3217E33DA92A207C10621DF00
                                          Malicious:false
                                          Preview:import collections..import os..import os.path..import subprocess..import sys..import sysconfig..import tempfile..from importlib import resources......__all__ = ["version", "bootstrap"].._PACKAGE_NAMES = ('pip',).._PIP_VERSION = "24.0".._PROJECTS = [.. ("pip", _PIP_VERSION, "py3"),..]....# Packages bundled in ensurepip._bundled have wheel_name set...# Packages from WHEEL_PKG_DIR have wheel_path set..._Package = collections.namedtuple('Package',.. ('version', 'wheel_name', 'wheel_path'))....# Directory of system wheel packages. Some Linux distribution packaging..# policies recommend against bundling dependencies. For example, Fedora..# installs wheel packages in the /usr/share/python-wheels/ directory and don't..# install the ensurepip._bundled package..._WHEEL_PKG_DIR = sysconfig.get_config_var('WHEEL_PKG_DIR')......def _find_packages(path):.. packages = {}.. try:.. filenames = os.listdir(path).. except OSError:.. # Ignore: path

                                          C:\Users\user\AppData\Roaming\windows\Lib\ensurepip\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):93
                                          Entropy (8bit):4.307585564430433
                                          Encrypted:false
                                          SSDEEP:3:JSdQsMn3oUHhAjpv/F0L4MlCAS5Novn:cQsAYsAjpH3lAS/ov
                                          MD5:B66408AC25B2935927C825261FAE1D47
                                          SHA1:29C8161ACB7EB3E46C1F0E7AB2F72510DAF103F9
                                          SHA-256:BE2DEE4F4B55958AAB36AEBBE6D2D644065E9C36A6DD44727E955FC590501925
                                          SHA-512:534FACB1A57F917AA343D69221B6F8F4150565730715C71069A1961B6CA425631307AF98FDA5069CBF7FE996D3A14D09DE5F6A9EFD22C6987C16E76F29A31CF0
                                          Malicious:false
                                          Preview:import ensurepip..import sys....if __name__ == "__main__":.. sys.exit(ensurepip._main())..

                                          C:\Users\user\AppData\Roaming\windows\Lib\ensurepip\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9540
                                          Entropy (8bit):5.4935831209140185
                                          Encrypted:false
                                          SSDEEP:192:ehWKV5jPIbHN9a94saXBsn6O153/TkNKBSIGVIv1W8ZlfppVs:eVV57Z9UR+15401jZlhpVs
                                          MD5:722213221C882C91BF032E43D894AE3C
                                          SHA1:F3960786423474F54F413D1BAD5B3A6AC3F27163
                                          SHA-256:E8AE7E9B848485D92CE3063CD25F104D8ECC3DFA75D98FCAE7663C5BC4C1D8BA
                                          SHA-512:AA84345EFE87576D9A027ACC973D1EFFE495C14D8890658695C3127D217C053BE207803627E33AF83B31A883067602A8A77A94F9197D391BFAF7087EB2923823
                                          Malicious:false
                                          Preview:...........f.&..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.g.Z.d.Z.d.Z.d.e.d.f.g.Z...e.j...................d.d.........Z...e.j...................d.........a.d...Z.d...Z.d.a.d.d...Z.d...Z.d...Z.d.d.d.d.d.d.d...d...Z.d.d.d.d.d.d.d...d...Z.d.d...d...Z.d.d...Z.y.)......N)...resources..version..bootstrap)...pipz.24.0r......py3..Package).r......wheel_name..wheel_path..WHEEL_PKG_DIRc..........................i.}...t.........j...................|.........}.t.........|.........}.|.D.]...}.|.j...................d.........s...t.........D.]...}.|.d.z...}.|.j...................|.........s.....n....9|.j...................|.........j...................d.........d.....}.t.........j...................j...................|.|.........}.t.........|.d.|.........|.|.<.......|.S.#.t.........$.r...d.}.Y...w.x.Y.w.).N..z..whl..-r....)...os..listdir..OSError..sorted..endswith.._PACKAGE_NAMES..startswith..removeprefix..partition..path..join.._Package).r..

                                          C:\Users\user\AppData\Roaming\windows\Lib\ensurepip\__pycache__\__main__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):345
                                          Entropy (8bit):4.894774947698524
                                          Encrypted:false
                                          SSDEEP:6:BDpKjxIllIlkZzhe9IuQLWaQlbJ6qpR2QH46Iayle+llVSuvhpy6t7Xxt:1pKjxI/jduRbjWQKayleuMu5py6t7Xb
                                          MD5:4A736601F5E5E39983EC08D3A6BE3474
                                          SHA1:4975F4F18A71E48846AE0E6EC71C96B1B96BDEAA
                                          SHA-256:6815F95DC26D84F92EB60CED75FBFD9E6772FE6B33FAF19F18FB402DEE931865
                                          SHA-512:48D32C9DCC1E5F647FF285ECD5B12D6ECA801765B62B2DC8217965372FF9BF5D81FB87BA84F17BFEA5111EFAC5DD10D5B62401E9A7FC99462CDD82BABF8D2658
                                          Malicious:false
                                          Preview:...........f].........................b.....d.d.l.Z.d.d.l.Z.e.d.k(..r"..e.j.....................e.j.....................................y.y.)......N..__main__)...ensurepip..sys..__name__..exit.._main........=C:\Users\V3NOM0u$\Desktop\python312\Lib\ensurepip\__main__.py..<module>r........s/..................z.......C.H.H._.Y._._...........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\ensurepip\_bundled\pip-24.0-py3-none-any.whl

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                          Category:dropped
                                          Size (bytes):2110226
                                          Entropy (8bit):7.989601069085752
                                          Encrypted:false
                                          SSDEEP:49152:MV+RRK1eWXNS0vVOdKNqeLPC8/Lmy0KXBVctxYx4Xn+foz:MV+fG/AAVOdKh2ZL5txYIgoz
                                          MD5:74E3C5E4082113B1239CA0E9ABFD1E82
                                          SHA1:E44313AE1E6AF3C2BD3B60AB2FA8C34308D00555
                                          SHA-256:BA0D021A166865D2265246961BEC0152FF124DE910C5CC39F1156CE3FA7C69DC
                                          SHA-512:5D7462A584105BCCAA9CF376F5A8C5827EAD099C813C8AF7392D478A4398F373D9E8CAC7BBAD2DB51B335411AB966B21E119B1B1234C9A7AB70C6DDFC9306DA6
                                          Malicious:false
                                          Preview:PK.........NCXP.&.....c.......pip/__init__.py=P.J.@...W.^ta..YP..^.A..e).m...!I]..Nw.@.....Z.#.(t@c...I.[.NJ1.....C..T..@...1...FO..s'._...|8d.W....W....\EQ..$...F.W....1.3..B..&A8.(...S.:.....LI...{.....{hP=...A.^5I.\G.OG[..9y.5..L(.q..dWg....d..Vwv.,i1(.)fT....../V.u.p...l.?PK.........NCXo......V.......pip/__main__.py]RKo.0...W.....9.K..w-v..C..-......#..i......(....<.t...E..o8..BY.q..9Ft.......QD.|\..~.4 ..9...U.W.&.4.@=......y.`f..y...J....~.D...h...!.E!s..8.0..9..R.p....._.....4x..S...........[.......&.t.....Y{U.|.NG..G.....qvN[....G1e........!..1.u.p...\pw)...4.0......n.`.U0m..3..w.O........m'C.m..n..1I..L.VE8E..#+?...........r.zC..!h...meb!{.@.q.7....I......52../..\._.:.<..w..yO.x.<8..c.Nu&......e...e..).MK..p......Y......]..P..|...PK.........NCX~.%.............pip/__pip-runner__.py}T.n.0...+8.0.p...0 X..E...dIz..BPl..fK.$g1...H;N....$.......p......./[.k. 3u...Z...Qt.AB...-j..7..].>..%...D..-+.A:P...xC..H........~.aEiUm.......38/=.5.0......'t

                                          C:\Users\user\AppData\Roaming\windows\Lib\ensurepip\_uninstall.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):839
                                          Entropy (8bit):4.54535391507707
                                          Encrypted:false
                                          SSDEEP:24:8QVm1VQL7MNrhuUYyy+Y01uV9gTlHpHILpy/ov:8QIrQLYloVbv6ugTtyLQq
                                          MD5:A924387CC28E1ACF2CBCC6D16A000F01
                                          SHA1:B789691D39DEF8C95D67782D6CB91EAEDB05FE8B
                                          SHA-256:B24642D35A69A8378BD4C8A034C79EFDF0D582D5562ACFCF19F790A90A7D508C
                                          SHA-512:A3B5934447A95720D5968EB460A62C2A07B60A6F1073E87EC4FFA3AE7BD2865760404096769484D4C20622A5AF655E97BA1592F09EFE5ED9232DF10D0B390C77
                                          Malicious:false
                                          Preview:"""Basic pip uninstallation support, helper for the Windows uninstaller"""....import argparse..import ensurepip..import sys......def _main(argv=None):.. parser = argparse.ArgumentParser(prog="python -m ensurepip._uninstall").. parser.add_argument(.. "--version",.. action="version",.. version="pip {}".format(ensurepip.version()),.. help="Show the version of pip this will attempt to uninstall.",.. ).. parser.add_argument(.. "-v", "--verbose",.. action="count",.. default=0,.. dest="verbosity",.. help=("Give more output. Option is additive, and can be used up to 3 ".. "times."),.. ).... args = parser.parse_args(argv).... return ensurepip._uninstall_helper(verbosity=args.verbosity)......if __name__ == "__main__":.. sys.exit(_main())..

                                          C:\Users\user\AppData\Roaming\windows\Lib\enum.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):83745
                                          Entropy (8bit):4.226339386224079
                                          Encrypted:false
                                          SSDEEP:1536:kNbOIG3/30YXgvHGe0TkZ+UrfSRCygwMhtbe4/DurHZXLlkPOlRbEuxAX0riAX:kNbOZ3/30YXgvHGe0oZ+RCygwOtbe4/G
                                          MD5:3A87F9629EDAD420BEB85AB0A1C4482A
                                          SHA1:30C4C3E70E45128C2C83C290E9E5F63BCFA18961
                                          SHA-256:9D1B2F7DD26000E03C483BC381C1AF20395A3AC25C5FD988FBED742CD5278C9A
                                          SHA-512:E0AED24D8A0513E8D974A398F3FF692D105A92153C02D4D6B7D3C8435DEDBB9482DC093EB9093FB86B021A28859AB541F444E8ACC466D8422031D11040CD692A
                                          Malicious:false
                                          Preview:import sys..import builtins as bltns..from types import MappingProxyType, DynamicClassAttribute..from operator import or_ as _or_..from functools import reduce......__all__ = [.. 'EnumType', 'EnumMeta',.. 'Enum', 'IntEnum', 'StrEnum', 'Flag', 'IntFlag', 'ReprEnum',.. 'auto', 'unique', 'property', 'verify', 'member', 'nonmember',.. 'FlagBoundary', 'STRICT', 'CONFORM', 'EJECT', 'KEEP',.. 'global_flag_repr', 'global_enum_repr', 'global_str', 'global_enum',.. 'EnumCheck', 'CONTINUOUS', 'NAMED_FLAGS', 'UNIQUE',.. 'pickle_by_global_name', 'pickle_by_enum_name',.. ]......# Dummy value for Enum and Flag as there are explicit checks for them..# before they have been created...# This is also why there are checks in EnumType like `if Enum is not None`..Enum = Flag = EJECT = _stdlib_enums = ReprEnum = None....class nonmember(object):.. """.. Protects item from becoming an Enum member during class creation... """.. def __init__(sel

                                          C:\Users\user\AppData\Roaming\windows\Lib\filecmp.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):10500
                                          Entropy (8bit):4.528557394014585
                                          Encrypted:false
                                          SSDEEP:96:S4TNBBnKhVsBrA7go4ly/vF1AUCzRUYqRvmC14ziCI6M/UtNiYPWEiOVtYh3+BdI:SWZvoF/vrierHCJM/Utvtc3+T9x9FxS
                                          MD5:401DB769DA5728550DB93FF9D4B8B8C9
                                          SHA1:C6EDB036A7A071D323AC8744C8B1EC837C0F078D
                                          SHA-256:AA9E254243EDCC519AC1915BC5FD7AA384AD1C1E5E140CBD6BF0C77CC73D198F
                                          SHA-512:E156F3F7462FA108F31612C9326C265EA31359F44BF6096D989151115DA7946673DB50D0732B3B00B9F9305BC5780F71873AE59D2493F4C2FDEE75508865097A
                                          Malicious:false
                                          Preview:"""Utilities for comparing files and directories.....Classes:.. dircmp....Functions:.. cmp(f1, f2, shallow=True) -> int.. cmpfiles(a, b, common) -> ([], [], []).. clear_cache()...."""....import os..import stat..from itertools import filterfalse..from types import GenericAlias....__all__ = ['clear_cache', 'cmp', 'dircmp', 'cmpfiles', 'DEFAULT_IGNORES']...._cache = {}..BUFSIZE = 8*1024....DEFAULT_IGNORES = [.. 'RCS', 'CVS', 'tags', '.git', '.hg', '.bzr', '_darcs', '__pycache__']....def clear_cache():.. """Clear the filecmp cache.""".. _cache.clear()....def cmp(f1, f2, shallow=True):.. """Compare two files..... Arguments:.... f1 -- First file name.... f2 -- Second file name.... shallow -- treat files as identical if their stat signatures (type, size,.. mtime) are identical. Otherwise, files are considered different.. if their sizes or contents differ. [default: True].... Return value:.... True if the files are the same

                                          C:\Users\user\AppData\Roaming\windows\Lib\fileinput.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):16156
                                          Entropy (8bit):4.328063649196717
                                          Encrypted:false
                                          SSDEEP:192:aPuyi2h40tVqXZqRPUJeRalQFufMR2RgzRXhRWRhRHR8p8iqK/5V6E0j0ZP5Od/C:muy7h40QZqR/nFufe8gNXXcXx4TVPZPn
                                          MD5:5A4891CC3AC46851BC767DDCB8E3D673
                                          SHA1:1F2FC6FE33DF8844AC619D3D5037EDCBDEA78662
                                          SHA-256:BAC33A85F39799938D6A532886F801F34CE29B8B2563F55EF7E56B41B3B9E44E
                                          SHA-512:B2B6D8B00F27F9C349BA8129843AA3F686F7A19A0874D514759D0B7ACBA92EB82580DF42BE2B51C87044661999F8F5E928DD2FA0F9B9E151BE718E59F7AAE84F
                                          Malicious:false
                                          Preview:"""Helper class to quickly write a loop over all standard input files.....Typical use is:.... import fileinput.. for line in fileinput.input(encoding="utf-8"):.. process(line)....This iterates over the lines of all files listed in sys.argv[1:],..defaulting to sys.stdin if the list is empty. If a filename is '-' it..is also replaced by sys.stdin and the optional arguments mode and..openhook are ignored. To specify an alternative list of filenames,..pass it as the argument to input(). A single file name is also allowed.....Functions filename(), lineno() return the filename and cumulative line..number of the line that has just been read; filelineno() returns its..line number in the current file; isfirstline() returns true iff the..line just read is the first line of its file; isstdin() returns true..iff the line was read from sys.stdin. Function nextfile() closes the..current file so that the next iteration will read the first line from..the next file (if any); lines not

                                          C:\Users\user\AppData\Roaming\windows\Lib\fnmatch.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6184
                                          Entropy (8bit):4.341535614254614
                                          Encrypted:false
                                          SSDEEP:192:mPdA3GVpok8oQAhpt4CLJzovn6WkPmByCJi9Xknf06cwVPR4E:a4VFaJQyCJi9XkBfx
                                          MD5:25330CC531D5B235ACEF733F724A4D2C
                                          SHA1:C2D58AA844C8AE698B214C40D37A12210508594B
                                          SHA-256:146D27A2853CD14C95EE49CC6130B9F84E2A56618DD1BE695CDDB20489460425
                                          SHA-512:1D0182832A5438068A17C51BD984D58EC7F9DB8AFCD4EAE10D2943794A269A096CAA501AD74A333756D15BD5F5275E01CBD55E2E4625570CD5BA44FCFBAD30AF
                                          Malicious:false
                                          Preview:"""Filename matching with shell patterns.....fnmatch(FILENAME, PATTERN) matches according to the local convention...fnmatchcase(FILENAME, PATTERN) always takes case in account.....The functions operate by translating the pattern into a regular..expression. They cache the compiled regular expressions for speed.....The function translate(PATTERN) returns a regular expression..corresponding to PATTERN. (It does not compile it.).."""..import os..import posixpath..import re..import functools....__all__ = ["filter", "fnmatch", "fnmatchcase", "translate"]....def fnmatch(name, pat):.. """Test whether FILENAME matches PATTERN..... Patterns are Unix shell style:.... * matches everything.. ? matches any single character.. [seq] matches any character in seq.. [!seq] matches any char not in seq.... An initial period in FILENAME is not special... Both FILENAME and PATTERN are first case-normalized.. if the operating system requires it... If you don't wa

                                          C:\Users\user\AppData\Roaming\windows\Lib\fractions.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):39055
                                          Entropy (8bit):4.466111115142351
                                          Encrypted:false
                                          SSDEEP:768:s77Tfh/N5O9LGWKQF4TtnnBbV2ZmEpSgBX3+:s77VOFWTtnnQSAXO
                                          MD5:7E2850AC9B9E3A17FF1565D843C90673
                                          SHA1:8A36CF259DE590F018F729D450FA5D1BD5B19DF0
                                          SHA-256:54DDEF0252DDBE76A3BEF3D821E1AE96BB5C655A1621B3B913C3EBDE9D762A00
                                          SHA-512:9E0B5100C017961811E47D887B0AADDC2F143506C1E9EEBDDA14E9FCDAF505BB7EC1FE26DEB96625AE150DCAA0B22366ACA6E73E66FA71D424924FA8D072663D
                                          Malicious:false
                                          Preview:# Originally contributed by Sjoerd Mullender...# Significantly modified by Jeffrey Yasskin <jyasskin at gmail.com>....."""Fraction, infinite-precision, rational numbers."""....from decimal import Decimal..import functools..import math..import numbers..import operator..import re..import sys....__all__ = ['Fraction']......# Constants related to the hash implementation; hash(x) is based..# on the reduction of x modulo the prime _PyHASH_MODULUS..._PyHASH_MODULUS = sys.hash_info.modulus..# Value to be used for rationals that reduce to infinity modulo..# _PyHASH_MODULUS..._PyHASH_INF = sys.hash_info.inf....@functools.lru_cache(maxsize = 1 << 14)..def _hash_algorithm(numerator, denominator):.... # To make sure that the hash of a Fraction agrees with the hash.. # of a numerically equal integer, float or Decimal instance, we.. # follow the rules for numeric hashes outlined in the.. # documentation. (See library docs, 'Built-in Types')..... try:.. dinv = pow(denominator,

                                          C:\Users\user\AppData\Roaming\windows\Lib\ftplib.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35701
                                          Entropy (8bit):4.519184524404518
                                          Encrypted:false
                                          SSDEEP:768:xp+qv4dk/rJQJ9+Lx8CDSh8Y+3+amuimaw+QpkRi3edm:xpDTzJQJiDSh8Y+3+fuKMsi3ec
                                          MD5:C76032BAC296A9BAAA8A1208DF75FCBE
                                          SHA1:595516EA93DB2EC75426AB244A8A0E979A5C985B
                                          SHA-256:B651A03A02373EE9844C52C5598CAB1ECB4F6D8E7864B514A303010AC32945EF
                                          SHA-512:291333D13A2D2365CBB9A84AB2CC8E72109DBC9B559D1A50819B2B24B902EACD2BBC1477560D6B392B44E877AFC1604312C47433684EDBE4D78BC7FB3D0EA643
                                          Malicious:false
                                          Preview:"""An FTP client class and some helper functions.....Based on RFC 959: File Transfer Protocol (FTP), by J. Postel and J. Reynolds....Example:....>>> from ftplib import FTP..>>> ftp = FTP('ftp.python.org') # connect to host, default port..>>> ftp.login() # default, i.e.: user anonymous, passwd anonymous@..'230 Guest login ok, access restrictions apply.'..>>> ftp.retrlines('LIST') # list directory contents..total 9..drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ...drwxr-xr-x 8 root wheel 1024 Jan 3 1994 ....drwxr-xr-x 2 root wheel 1024 Jan 3 1994 bin..drwxr-xr-x 2 root wheel 1024 Jan 3 1994 etc..d-wxrwxr-x 2 ftp wheel 1024 Sep 5 13:43 incoming..drwxr-xr-x 2 root wheel 1024 Nov 17 1993 lib..drwxr-xr-x 6 1094 wheel 1024 Sep 13 19:07 pub..drwxr-xr-x 3 root wheel 1024 Jan 3 1994 usr..-rw-r--r-- 1 root root 312 Aug 1 1994 welcome.msg..'226 Transfer complete.'..>>> ft

                                          C:\Users\user\AppData\Roaming\windows\Lib\functools.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):39132
                                          Entropy (8bit):4.545306756804744
                                          Encrypted:false
                                          SSDEEP:768:sWkDM+q6JeCAkxPN2NqXBF7sMHrCXZdgbV6ncxCD+jG:sWki6JeCAk7v7sMHrCpESfZ
                                          MD5:3638D2608C42E3A3BF3B2B1C51B765F4
                                          SHA1:BE947A9B8301BBEDF2406416AC908963279B46CD
                                          SHA-256:BD6F192C31C5E266AD9EEC9F550B8BC485F90D583764FF81AA3F36D1209F005E
                                          SHA-512:14B60F0B5119B90FCD4DB3B0AEB48EC4CA9775910470178796BA54C0D16F8887B9A3D283F925AF779A1CC6BC99D25F016CCCBF2BB72D4A9099BB821A54A2B418
                                          Malicious:false
                                          Preview:"""functools.py - Tools for working with functions and callable objects.."""..# Python module wrapper for _functools C module..# to allow utilities written in Python to be added..# to the functools module...# Written by Nick Coghlan <ncoghlan at gmail.com>,..# Raymond Hettinger <python at rcn.com>,..# and .ukasz Langa <lukasz at langa.pl>...# Copyright (C) 2006-2013 Python Software Foundation...# See C source code for _functools credits/copyright....__all__ = ['update_wrapper', 'wraps', 'WRAPPER_ASSIGNMENTS', 'WRAPPER_UPDATES',.. 'total_ordering', 'cache', 'cmp_to_key', 'lru_cache', 'reduce',.. 'partial', 'partialmethod', 'singledispatch', 'singledispatchmethod',.. 'cached_property']....from abc import get_cache_token..from collections import namedtuple..# import types, weakref # Deferred to single_dispatch()..from reprlib import recursive_repr..from _thread import RLock..from types import GenericAlias......#############################################

                                          C:\Users\user\AppData\Roaming\windows\Lib\genericpath.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5468
                                          Entropy (8bit):4.6213245159421765
                                          Encrypted:false
                                          SSDEEP:96:jqF24r0OS60O0gJN1Ng+jl2LyqSgPGfGeYM6Zf8lG4iuRs+laP8q+PCI7ocfz/r7:jqk4r0v60hePDhWL+fuMeebiuRPr/r/j
                                          MD5:F2DA5A9BDBCCABBDD44D309002EA9661
                                          SHA1:9DD844C2F69BE7C076B746F41F41B2FFAF7120A6
                                          SHA-256:C540A28C560234D4D00D3451DFDDE05B404F81A38BDE87086CE8773021E1CC1B
                                          SHA-512:C9E2465CD02976025A9831CFECB4C8E9B34D3DF2725A801EAF5E4C26EF8F90ED69E545D5990F6353BF4450D8D4E2BD020F46B854A74EC1C06FAB9A78F09C5F1C
                                          Malicious:false
                                          Preview:"""..Path operations common to more than one OS..Do not use directly. The OS specific modules import the appropriate..functions from this module themselves..."""..import os..import stat....__all__ = ['commonprefix', 'exists', 'getatime', 'getctime', 'getmtime',.. 'getsize', 'isdir', 'isfile', 'islink', 'samefile', 'sameopenfile',.. 'samestat']......# Does a path exist?..# This is false for dangling symbolic links on systems that support them...def exists(path):.. """Test whether a path exists. Returns False for broken symbolic links""".. try:.. os.stat(path).. except (OSError, ValueError):.. return False.. return True......# This follows symbolic links, so both islink() and isdir() can be true..# for the same path on systems that support symlinks..def isfile(path):.. """Test whether a path is a regular file""".. try:.. st = os.stat(path).. except (OSError, ValueError):.. return False.. return stat.S_ISREG(st.st_m

                                          C:\Users\user\AppData\Roaming\windows\Lib\getopt.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7703
                                          Entropy (8bit):4.587932802475573
                                          Encrypted:false
                                          SSDEEP:192:oSGuBRjBdvQQ0ZW4X0RfUFCo/g/FF+44VJ3X0WNoO:oj0dH0ZW4+LBwJnkO
                                          MD5:2F404A8F69E1F65802672EC3D9BD7E22
                                          SHA1:EBFB72BD6FB62F906431D7C229E5C6704DCD68D6
                                          SHA-256:FE8C1422EFF6BE1280800A819718F88DCA24617F03BE09B91FE769F1483438E3
                                          SHA-512:8E6DA70EDE01B516C7AC798F824D44E44659F81A6B21EC3203C2E55482355C92A661653378AB2EAF166F8CC23CF709F9C99E6BB960A95DEA9D0D5A97476810F8
                                          Malicious:false
                                          Preview:"""Parser for command line options.....This module helps scripts to parse the command line arguments in..sys.argv. It supports the same conventions as the Unix getopt()..function (including the special meanings of arguments of the form `-'..and `--'). Long options similar to those supported by GNU software..may be used as well via an optional third argument. This module..provides two functions and an exception:....getopt() -- Parse command line options..gnu_getopt() -- Like getopt(), but allow option and non-option arguments..to be intermixed...GetoptError -- exception (class) raised with 'opt' attribute, which is the..option involved with the exception..."""....# Long option support added by Lars Wirzenius <liw@iki.fi>...#..# Gerrit Holl <gerrit@nl.linux.org> moved the string-based exceptions..# to class-based exceptions...#..# Peter .strand <astrand@lysator.liu.se> added gnu_getopt()...#..# TODO for gnu_getopt():..#..# - GNU getopt_long_only mechanism..# - allow the caller to spe

                                          C:\Users\user\AppData\Roaming\windows\Lib\getpass.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6175
                                          Entropy (8bit):4.440480314278831
                                          Encrypted:false
                                          SSDEEP:96:PX8OzPyKo5dCMPUwl5o0FvZGNYAp83byrYl4Npx2AfeX2RMqdzNydJdCymzGFQ6Z:0OOVvTAlNppYsYmpxvxRMqtM39Q6qQJ
                                          MD5:0F8B3481C15E6805AFAD8EAE8E770FA1
                                          SHA1:25DDD71B1BD1F38E61A70C1B53E40F0752D328DF
                                          SHA-256:D2B77376A296CBDD0F659DA6CAB047426A4719D3F09949ABA8F334BD01E80593
                                          SHA-512:0E7EE49047339D8DF9D1F233C6EB47004B76D41EE324DACBBDDDA4C55D7C85CFBBFCDE3F9762B9B51AEC6007DEA4796852846A35B8094E61B8F9D472C838B348
                                          Malicious:false
                                          Preview:"""Utilities to get a password and/or the current user name.....getpass(prompt[, stream]) - Prompt for a password, with echo turned off...getuser() - Get the user name from the environment or password database.....GetPassWarning - This UserWarning is issued when getpass() cannot prevent.. echoing of the password contents while reading.....On Windows, the msvcrt module will be used....."""....# Authors: Piers Lauder (original)..# Guido van Rossum (Windows support and cleanup)..# Gregory P. Smith (tty support & GetPassWarning)....import contextlib..import io..import os..import sys..import warnings....__all__ = ["getpass","getuser","GetPassWarning"]......class GetPassWarning(UserWarning): pass......def unix_getpass(prompt='Password: ', stream=None):.. """Prompt for a password, with echo turned off..... Args:.. prompt: Written on stream to ask for the input. Default: 'Password: '.. stream: A writable file object to display the prompt. Def

                                          C:\Users\user\AppData\Roaming\windows\Lib\gettext.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21966
                                          Entropy (8bit):4.538634415037831
                                          Encrypted:false
                                          SSDEEP:384:8KE7Hoh/h9wzIhOPkvUKAWJLyR5Q5j7KdrmPECXKxlGt:8v2hEIh6kcKXZyraHKdrpxlGt
                                          MD5:D25CEAB4564001991B850B3FBF0F1588
                                          SHA1:96020C5932B754525F9C6998DB0DC4A406FE6C3B
                                          SHA-256:DA55E22F51BB369819FE4CC1201459C8F18CA948B6CA00137E6DFD7012814D83
                                          SHA-512:75582B3A6130E62C75D6591F8EF4227644AA136A53D64315C96FE340C2BC4AC2C1F590D3A9E4213354FBF37C13A6417EF8AED7F1D99329B46C7CC4FCDD20A595
                                          Malicious:false
                                          Preview:"""Internationalization and localization support.....This module provides internationalization (I18N) and localization (L10N)..support for your Python programs by providing an interface to the GNU gettext..message catalog library.....I18N refers to the operation by which a program is made aware of multiple..languages. L10N refers to the adaptation of your program, once..internationalized, to the local language and cultural habits....."""....# This module represents the integration of work, contributions, feedback, and..# suggestions from the following people:..#..# Martin von Loewis, who wrote the initial implementation of the underlying..# C-based libintlmodule (later renamed _gettext), along with a skeletal..# gettext.py implementation...#..# Peter Funk, who wrote fintl.py, a fairly complete wrapper around intlmodule,..# which also included a pure-Python implementation to read .mo files if..# intlmodule wasn't available...#..# James Henstridge, who also wrote a gettext.py module, wh

                                          C:\Users\user\AppData\Roaming\windows\Lib\glob.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8984
                                          Entropy (8bit):4.44906503859826
                                          Encrypted:false
                                          SSDEEP:192:pFcyAlKumAroiAo/MO3LMRcjRDaqySlZaxixLOTu7tTy:pyBgeMro/MOyc9DaqX40xnhu
                                          MD5:ED16C9A7EFC539303125C4CC7848BA2F
                                          SHA1:5DD237E8E14589057E0A82CBB20F7A90C16B1D78
                                          SHA-256:65E7C086807D87AF4810DFFC492D1FAAC8BECE9531827A9C370F4D1E79CF14E7
                                          SHA-512:457B4BEAE58BB73637FB51B38296C435911C7F36A17D8B34EB8D2CBCB429711BA88A6670A09757600909E0AAB5C523E7AA58972009728CF1C36B87967DCC8EB3
                                          Malicious:false
                                          Preview:"""Filename globbing utility."""....import contextlib..import os..import re..import fnmatch..import itertools..import stat..import sys....__all__ = ["glob", "iglob", "escape"]....def glob(pathname, *, root_dir=None, dir_fd=None, recursive=False,.. include_hidden=False):.. """Return a list of paths matching a pathname pattern..... The pattern may contain simple shell-style wildcards a la.. fnmatch. Unlike fnmatch, filenames starting with a.. dot are special cases that are not matched by '*' and '?'.. patterns by default..... If `include_hidden` is true, the patterns '*', '?', '**' will match hidden.. directories..... If `recursive` is true, the pattern '**' will match any files and.. zero or more directories and subdirectories... """.. return list(iglob(pathname, root_dir=root_dir, dir_fd=dir_fd, recursive=recursive,.. include_hidden=include_hidden))....def iglob(pathname, *, root_dir=None, dir_fd=None, recursive=False,..

                                          C:\Users\user\AppData\Roaming\windows\Lib\graphlib.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9906
                                          Entropy (8bit):4.263228961608472
                                          Encrypted:false
                                          SSDEEP:96:mNcRMEUR8YGCyTXFCRIBxgI1umbJrjMpxEIPktyaZN58Uff7yWPJyeTs7SD3Kqng:+iMEUmCyQMxgI0XEBX58UFXl+H
                                          MD5:0D738AD9A15E7CECDDE6A2CDC8D1BD8E
                                          SHA1:C8A824DFB20F05E0D8352CC32C2840FF97830D67
                                          SHA-256:9C23A989085259603C38E401B7ECC7D9C2F591C0FEB7B4B74F5721B113197541
                                          SHA-512:F328332BB3851F96878058D55BF8AC6DF34BCF8859E6526CFD54769781839D6A64CC34799C7732922D5C63076A0545A7D42703E35AB94B583989B06D68F2AE0C
                                          Malicious:false
                                          Preview:from types import GenericAlias....__all__ = ["TopologicalSorter", "CycleError"]...._NODE_OUT = -1.._NODE_DONE = -2......class _NodeInfo:.. __slots__ = "node", "npredecessors", "successors".... def __init__(self, node):.. # The node this class is augmenting... self.node = node.... # Number of predecessors, generally >= 0. When this value falls to 0,.. # and is returned by get_ready(), this is set to _NODE_OUT and when the.. # node is marked done by a call to done(), set to _NODE_DONE... self.npredecessors = 0.... # List of successor nodes. The list can contain duplicated elements as.. # long as they're all reflected in the successor's npredecessors attribute... self.successors = []......class CycleError(ValueError):.. """Subclass of ValueError raised by TopologicalSorter.prepare if cycles.. exist in the working graph..... If multiple cycles exist, only one undefined choice among them will be reported.. and

                                          C:\Users\user\AppData\Roaming\windows\Lib\gzip.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25553
                                          Entropy (8bit):4.537013140843265
                                          Encrypted:false
                                          SSDEEP:384:4rr1HTcJt3MIIGYRDSErRaA2NBeT1r/LA5sRk8tQywQXBnW:JJtlAUvMutOQ8W
                                          MD5:A2BBDCCE322EFF4C7142E1FE01D916C3
                                          SHA1:B1F48E9BCBED9D38B99B7AC10F4F0B5A6545A4F2
                                          SHA-256:AD3098B20FDA695A7CAEC7326D2CF0ABEEB253D8CBD943D18B44719C6E208141
                                          SHA-512:5D33E1CA22A5A1E4630023341D0B7FF66C838B36388C458A57301B0866F11FEB2E33B82447E30FEF1B59C044166AB4927C98448B0664273AE9E34A820EC01C0E
                                          Malicious:false
                                          Preview:"""Functions that read and write gzipped files.....The user of the file doesn't have to worry about the compression,..but random access is not allowed."""....# based on Andrew Kuchling's minigzip.py distributed with the zlib module....import struct, sys, time, os..import zlib..import builtins..import io..import _compression....__all__ = ["BadGzipFile", "GzipFile", "open", "compress", "decompress"]....FTEXT, FHCRC, FEXTRA, FNAME, FCOMMENT = 1, 2, 4, 8, 16....READ, WRITE = 1, 2...._COMPRESS_LEVEL_FAST = 1.._COMPRESS_LEVEL_TRADEOFF = 6.._COMPRESS_LEVEL_BEST = 9....READ_BUFFER_SIZE = 128 * 1024.._WRITE_BUFFER_SIZE = 4 * io.DEFAULT_BUFFER_SIZE......def open(filename, mode="rb", compresslevel=_COMPRESS_LEVEL_BEST,.. encoding=None, errors=None, newline=None):.. """Open a gzip-compressed file in binary or text mode..... The filename argument can be an actual filename (a str or bytes object), or.. an existing file object to read from or write to..... The mode argument can be

                                          C:\Users\user\AppData\Roaming\windows\Lib\hashlib.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9602
                                          Entropy (8bit):4.879612409796633
                                          Encrypted:false
                                          SSDEEP:96:KSBDUhawz9fJ+8lOVaX2B91c+jZIJ0tMmLfGfpR9eGe9IpeuR95x4SQZRvP5W2XB:KSBmfj2pDMmqpR+9u5d45ZRvIMWJiKi
                                          MD5:5F4B662810ACBFA30869931BDEE5FCB0
                                          SHA1:FE52497C8FCCC080D01804CE0F04C94D39008D63
                                          SHA-256:F0C8900585062C567A283CB782C3C867F86C38516E30F1F98A04FFA775B9A013
                                          SHA-512:9B74E620D2BBA0AF3C948D8A0B12F9ADBEDA6AE4E0F04A3FA1B1867B64C0D771DFD17A18C46E0C97785BEE1E020193FD375E109CDD20F69A3A318F68CB156414
                                          Malicious:false
                                          Preview:#. Copyright (C) 2005-2010 Gregory P. Smith (greg@krypto.org)..# Licensed to PSF under a Contributor Agreement...#....__doc__ = """hashlib module - A common interface to many hash functions.....new(name, data=b'', **kwargs) - returns a new hash object implementing the.. given hash function; initializing the hash.. using the given binary data.....Named constructor functions are also available, these are faster..than using new(name):....md5(), sha1(), sha224(), sha256(), sha384(), sha512(), blake2b(), blake2s(),..sha3_224, sha3_256, sha3_384, sha3_512, shake_128, and shake_256.....More algorithms may be available on your platform but the above are guaranteed..to exist. See the algorithms_guaranteed and algorithms_available attributes..to find out what algorithm names can be passed to new().....NOTE: If you want the adler32 or crc32 hash functions they are available in..the zlib module.....Choose your hash function wisely.

                                          C:\Users\user\AppData\Roaming\windows\Lib\heapq.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):23627
                                          Entropy (8bit):4.577391750067338
                                          Encrypted:false
                                          SSDEEP:384:zIRh8ImoQ2TaWDxr0K6rNK3WahBUmYcqV3+oxjTe+ENxd1S2+HGRh:zIb8ImTiA5cgxjT4xdGH+
                                          MD5:DA0A9B9E8C81A7158C59C0DE95F1A4C4
                                          SHA1:57F50A27C9D4EF9FFE5643223D0993A416FD3131
                                          SHA-256:5BDBF0450B6721F00FB0508FCE97625C9560A87CCAE8D551D94A3E220C8195E6
                                          SHA-512:C5A201AA2EAE6BFC2AD2AB4A69ABE65F35D54AF04AB458AFF51AE22795CABA7B02633B3DE3DD474A9242566DA6B877D81C0CA1111B790BFA069AA1E1798EEB85
                                          Malicious:false
                                          Preview:"""Heap queue algorithm (a.k.a. priority queue).....Heaps are arrays for which a[k] <= a[2*k+1] and a[k] <= a[2*k+2] for..all k, counting elements from 0. For the sake of comparison,..non-existing elements are considered to be infinite. The interesting..property of a heap is that a[0] is always its smallest element.....Usage:....heap = [] # creates an empty heap..heappush(heap, item) # pushes a new item on the heap..item = heappop(heap) # pops the smallest item from the heap..item = heap[0] # smallest item on the heap without popping it..heapify(x) # transforms list into a heap, in-place, in linear time..item = heappushpop(heap, item) # pushes a new item and then returns.. # the smallest item; the heap size is unchanged..item = heapreplace(heap, item) # pops and returns smallest item, and adds.. # new item; the heap size is unchanged....Our API differs from textbook heap algorithms as follows:....-

                                          C:\Users\user\AppData\Roaming\windows\Lib\hmac.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7935
                                          Entropy (8bit):4.550376078499665
                                          Encrypted:false
                                          SSDEEP:192:6ko2Qnkb5tQl/eFrNry3HYO429+036i5BhzRG8j:6ko2QM5tQlmFrNr/O4L03HhzRD
                                          MD5:88A1B95384888F83DC615F6A74FBE6F9
                                          SHA1:05B1DB3735DAE7501945A1D463A52091509DF110
                                          SHA-256:B3A1C91643BEB33A3D31EF4048500CD852C46967595D332ED64358D807205192
                                          SHA-512:4FCAA4ACF5F96B3C31AA90F88CC48758361C9C2AB12B5BCDC4437ED9A393DDF165CE852CDB5CA424C80F24172F29B918885664D4ADDE8EF0083C740ED7458441
                                          Malicious:false
                                          Preview:"""HMAC (Keyed-Hashing for Message Authentication) module.....Implements the HMAC algorithm as described by RFC 2104..."""....import warnings as _warnings..try:.. import _hashlib as _hashopenssl..except ImportError:.. _hashopenssl = None.. _functype = None.. from _operator import _compare_digest as compare_digest..else:.. compare_digest = _hashopenssl.compare_digest.. _functype = type(_hashopenssl.openssl_sha256) # builtin type....import hashlib as _hashlib....trans_5C = bytes((x ^ 0x5C) for x in range(256))..trans_36 = bytes((x ^ 0x36) for x in range(256))....# The size of the digests returned by HMAC depends on the underlying..# hashing module used. Use digest_size from the instance of HMAC instead...digest_size = None......class HMAC:.. """RFC 2104 HMAC class. Also complies with RFC 4231..... This supports the API for Cryptographic Hash Functions (PEP 247)... """.. blocksize = 64 # 512-bit HMAC; can be changed in subclasses..... __slots__ = (..

                                          C:\Users\user\AppData\Roaming\windows\Lib\html\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4907
                                          Entropy (8bit):5.128389447372523
                                          Encrypted:false
                                          SSDEEP:96:ER1Op3Kv5VjLGXWa1OECg5KmXhtdVXLrVEWoFX2SCTSCXxF3t42xWQZxmQsl1RNe:EeEVjLGma0ECg5KmXBV7rDkCWCX/9QcB
                                          MD5:8E08D329C5B69E5EBC8E5E746F0F3475
                                          SHA1:42D44F91FAF5CA6FBBFB37FAB69A439366CA1E6E
                                          SHA-256:4AF8ED80247D7CC374E1D4A6FCC5244212A8DE668E40B11C0F328DB33C686FEF
                                          SHA-512:4F8E92BE17B73C02C9B170B421726CF3BDE7186287B95E56811B39FB9228BCFBD1B958F6A687AB0700CB3DF063502B304DDE70ED79A90BC0C53DC047D92D80E1
                                          Malicious:false
                                          Preview:"""..General functions for HTML manipulation..."""....import re as _re..from html.entities import html5 as _html5......__all__ = ['escape', 'unescape']......def escape(s, quote=True):.. """.. Replace special characters "&", "<" and ">" to HTML-safe sequences... If the optional flag quote is true (the default), the quotation mark.. characters, both double quote (") and single quote (') characters are also.. translated... """.. s = s.replace("&", "&amp;") # Must be done first!.. s = s.replace("<", "&lt;").. s = s.replace(">", "&gt;").. if quote:.. s = s.replace('"', "&quot;").. s = s.replace('\'', "&#x27;").. return s......# see https://html.spec.whatwg.org/multipage/parsing.html#numeric-character-reference-end-state...._invalid_charrefs = {.. 0x00: '\ufffd', # REPLACEMENT CHARACTER.. 0x0d: '\r', # CARRIAGE RETURN.. 0x80: '\u20ac', # EURO SIGN.. 0x81: '\x81', # <control>.. 0x82: '\u201a', # SINGLE LOW-9 QUOTATION MA

                                          C:\Users\user\AppData\Roaming\windows\Lib\html\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4406
                                          Entropy (8bit):5.608461070407122
                                          Encrypted:false
                                          SSDEEP:96:knejUKUrNY736aSJk57iX8Y3bNMjYRaUJJAikUe:6VSWpJkFiXJbNgW3Jn/e
                                          MD5:87CE1352425C22893917D1A7BABF30D7
                                          SHA1:0E277F411DA9DA7C820FA2176968A3676C66201B
                                          SHA-256:B3849571AB50E39620D48958F96597FD661CCA86CAE54E6575894C599E54BEC3
                                          SHA-512:860F1434AD9874FC55FFCDA42B6573E218A59810D2ACBEEF1DA3E1F8D7D6672D75DFECB4DE8A149231AFC9FD17733587D042ACC7EFBD5AD0333594B001E59729
                                          Malicious:false
                                          Preview:...........f+.........................8.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.g.Z.dNd...Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..d$d%..d&d'..i.d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE..dFdG..dHdI....Z.h.dJ..Z.dK..Z...e.j...................dL........Z.dM..Z.y.)Oz*.General functions for HTML manipulation.......N)...html5..escape..unescapec..........................|.j...................d.d.........}.|.j...................d.d.........}.|.j...................d.d.........}.|.r$|.j...................d.d.........}.|.j...................d.d.........}.|.S.).z.. Replace special characters "&", "<" and ">" to HTML-safe sequences.. If the optional flag quote is true (the default), the quotation mark. characters, both double quote (") and single quote (') characters are also. translated.. ..&z.&amp;..<z.&lt;..>z.&gt;.."z.&quot;..'z.&#x27;)...replace)...s..quotes.... .8C:\Users\V3NOM0u$\De

                                          C:\Users\user\AppData\Roaming\windows\Lib\html\__pycache__\entities.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):97690
                                          Entropy (8bit):6.264935654428003
                                          Encrypted:false
                                          SSDEEP:1536:PHh9diX3e0u+4lPX5VYHaLnBAsEsZT1eIm/js5EC0xbXzVAjtVH4+Ao7VXNk3xBK:ji3e0ulGaDBAPYw/jHdtX6jv4hee3xBK
                                          MD5:C6F2D1BA5B41281032D6B63D434B5BFF
                                          SHA1:08BF5F90061152796FA58879661F2C0E85EB35DE
                                          SHA-256:CC2B87129ECCCD40166B30115BD1FDC6BD20C390C3EBB57BF950B4BA6E3EC459
                                          SHA-512:22B0DE255777D515C74DCA90B853AA6715C341DECD03E30BE0F870A51B0EB45B03C823B6F53D90DA8BCF42DAEBF67C049488DFCF722CDC58D8C42B216B63E559
                                          Malicious:false
                                          Preview:...........f.0.........................`....d.Z.g.d...Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..i.d$d%..d&d'..d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE....i.dFdG..dHdI..dJdK..dLdM..dNdO..dPdQ..dRdS..dTdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..dbdc..ddde..dfdg....i.dhdi..djdk..dldm..dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..d|d}..d~d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d...d.d...d.d...d.d...d.d...d.d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....i...d...d.....d...d.....d...d.....d...d.....d...d.....d...d...

                                          C:\Users\user\AppData\Roaming\windows\Lib\html\__pycache__\parser.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):17194
                                          Entropy (8bit):5.296160250623389
                                          Encrypted:false
                                          SSDEEP:384:NwUeKDRntdjD5rBIz0yGICZdtoraT2bl4vHar25M0/wqLoYZB:NwUeKtrj1rBIIZFtT2bqaO/wZI
                                          MD5:7F3338394F18D02DD15FD27DE6350FA6
                                          SHA1:67546FA5D031C487852C40BCFB0416CD0CB3E873
                                          SHA-256:32A007637106A7932CF187DE7AD61B0706F7ADFC78AFA20432BCE3E6CC12F26C
                                          SHA-512:99044DFD0A9C7F96F9A0C8D81D3A076F97559E2D53C06AB08576861E286B00A3D1D2522822CA5BE81C10C8A40D23B8FD07FBB12CFB68789EFB0E29A905F9A2F1
                                          Malicious:false
                                          Preview:...........ffD..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.g.Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.e.j ..........................Z...e.j...................d.........Z...e.j...................d.........Z...G.d...d.e.j(..........................Z.y.).z.A parser for HTML and XHTML......N)...unescape..HTMLParserz.[&<]z.&[a-zA-Z#]z%&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]z)&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]z.<[a-zA-Z]..>z.--\s*>z+([a-zA-Z][^\t\n\r\f />\x00]*)(?:\s|/(?!>))*z]((?<=[\'"\s/])[^\s/>][^\s/=>]*)(\s*=+\s*(\'[^\']*\'|"[^"]*"|(?![\'"])[^>\s]*))?(?:\s|/(?!>))*aF.... <[a-zA-Z][^\t\n\r\f />\x00]* # tag name. (?:[\s/]* # opt

                                          C:\Users\user\AppData\Roaming\windows\Lib\html\entities.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):78025
                                          Entropy (8bit):4.815868450525149
                                          Encrypted:false
                                          SSDEEP:1536:pawUaq4jxcGpzdKpp5Tiy2U2rAYMviMHLnqCpIFbkfjOqWNAh9Kkp3QbYMFZL/hQ:tUaq4jxHpzYpB7D
                                          MD5:154955F3B5FD44F2C48EEAAF58557FC7
                                          SHA1:3E26EBBC09DD47A7FA98663309C92FF836DE286A
                                          SHA-256:FA0B2845437AA3680AA6C33457D7A242DD303ED27C2A5073772D1C2B04D62473
                                          SHA-512:534BBADFFB08454C57690D24D603FDD00E78A4C709993BF479B0E4FFF11399C9CB2D3F9DE21C8504D865F25AC37F55B9CEC67FA806C1260777678A005675BF90
                                          Malicious:false
                                          Preview:"""HTML character entity references."""....__all__ = ['html5', 'name2codepoint', 'codepoint2name', 'entitydefs']......# maps HTML4 entity name to the Unicode code point..name2codepoint = {.. 'AElig': 0x00c6, # latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1.. 'Aacute': 0x00c1, # latin capital letter A with acute, U+00C1 ISOlat1.. 'Acirc': 0x00c2, # latin capital letter A with circumflex, U+00C2 ISOlat1.. 'Agrave': 0x00c0, # latin capital letter A with grave = latin capital letter A grave, U+00C0 ISOlat1.. 'Alpha': 0x0391, # greek capital letter alpha, U+0391.. 'Aring': 0x00c5, # latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1.. 'Atilde': 0x00c3, # latin capital letter A with tilde, U+00C3 ISOlat1.. 'Auml': 0x00c4, # latin capital letter A with diaeresis, U+00C4 ISOlat1.. 'Beta': 0x0392, # greek capital letter beta, U+0392.. 'Ccedil': 0x00c7, # latin capital letter C with c

                                          C:\Users\user\AppData\Roaming\windows\Lib\html\parser.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17510
                                          Entropy (8bit):4.314713635799775
                                          Encrypted:false
                                          SSDEEP:384:/nuoCu1HTLuI2NLCGW/BojKL1BeiN82ATa:/nuoz1HUNL0BojQN8na
                                          MD5:2747AB5DFB91F1C7B53632330FEC404A
                                          SHA1:7CEFFD2DC594764AC3206CF6DCD15F4F6DD6891B
                                          SHA-256:ED37C8DED84AFEF74DFD671F8A20911F58B379BEF8F577739C05DBFA99115017
                                          SHA-512:BA7F7AE36FB923F241B399F8C358D914AC807E83FBCEA8C36EA0DFBB0BE4D2222AFA034708E915A6136C72D30C2210865218A1C70284535CF75007753EC980FB
                                          Malicious:false
                                          Preview:"""A parser for HTML and XHTML."""....# This file is based on sgmllib.py, but the API is slightly different.....# XXX There should be a way to distinguish between PCDATA (parsed..# character data -- the normal case), RCDATA (replaceable character..# data -- only char and entity references and end tags are special)..# and CDATA (character data -- only end tags are special).......import re..import _markupbase....from html import unescape......__all__ = ['HTMLParser']....# Regular expressions used for parsing....interesting_normal = re.compile('[&<]')..incomplete = re.compile('&[a-zA-Z#]')....entityref = re.compile('&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]')..charref = re.compile('&#(?:[0-9]+|[xX][0-9a-fA-F]+)[^0-9a-fA-F]')....starttagopen = re.compile('<[a-zA-Z]')..piclose = re.compile('>')..commentclose = re.compile(r'--\s*>')..# Note:..# 1) if you change tagfind/attrfind remember to update locatestarttagend too;..# 2) if you change tagfind/attrfind and/or locatestarttagend the parser wi

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8508
                                          Entropy (8bit):5.096832707441712
                                          Encrypted:false
                                          SSDEEP:192:VFcbQSi4+TbKatPR4qXiasXh+O5ZSsB3CeAXI5UKZYcLXhGsIU:VFFyqXiasXzgep5UKZYQsU
                                          MD5:C8809BF3CEE30939A61E235849DDFCFB
                                          SHA1:51CBA6DA7D66CCC0652D1A57190AB8484D533109
                                          SHA-256:420E7F74A3B5062B7CD1EB820962980FCCA3CDEA512C1FD6B641326F70A54F4E
                                          SHA-512:A8035C3DC101DD9A75723B5E7B46C43B7D4915AC75E0E2F6BA5821B29E1735F1A78088D07DAA38B49A3B3A5C732BB6F7D7C98F632882384B0D7665C9B3E738F0
                                          Malicious:false
                                          Preview:from enum import StrEnum, IntEnum, _simple_enum....__all__ = ['HTTPStatus', 'HTTPMethod']......@_simple_enum(IntEnum)..class HTTPStatus:.. """HTTP status codes and reason phrases.... Status codes from the following RFCs are all observed:.... * RFC 7231: Hypertext Transfer Protocol (HTTP/1.1), obsoletes 2616.. * RFC 6585: Additional HTTP Status Codes.. * RFC 3229: Delta encoding in HTTP.. * RFC 4918: HTTP Extensions for WebDAV, obsoletes 2518.. * RFC 5842: Binding Extensions to WebDAV.. * RFC 7238: Permanent Redirect.. * RFC 2295: Transparent Content Negotiation in HTTP.. * RFC 2774: An HTTP Extension Framework.. * RFC 7725: An HTTP Status Code to Report Legal Obstacles.. * RFC 7540: Hypertext Transfer Protocol Version 2 (HTTP/2).. * RFC 2324: Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0).. * RFC 8297: An HTTP Status Code for Indicating Hints.. * RFC 8470: Using Early Data in HTTP..

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9507
                                          Entropy (8bit):5.92980957550618
                                          Encrypted:false
                                          SSDEEP:192:KsdAuTB8kaKaNzpZOKDcxHN/812MHb4kvrneU5Wny:7MzpZOKDcpNG2c3v5Wny
                                          MD5:699DE28A4E29550C236BFD294591CA9B
                                          SHA1:B882DC526C3E0E52266AF1DFB817FB74934D1989
                                          SHA-256:9F2F437D8E4D463EA2D3C14CF51196DFD4052FA0A5F72EB8094294A9EB7767BA
                                          SHA-512:0AF9C57DB90F10BD653EE63668BF3ABA4266451AF17FC837333F8FCEC59A86BF3FD6F12D59A541CCA624DD4B7C11463E5E8BDBA2C680BB58E63713DEDE7DFE2B
                                          Malicious:false
                                          Preview:...........f<!........................t.....d.d.l.m.Z.m.Z.m.Z...d.d.g.Z...e.e...........G.d...d.................Z...e.e...........G.d...d.................Z.y.)......)...StrEnum..IntEnum.._simple_enum..HTTPStatus..HTTPMethodc.....................`.....e.Z.d.Z.d.Z.dGd...Z.e.d...........Z.e.d...........Z.e.d...........Z.e.d...........Z.e.d...........Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z d.Z!d.Z"d Z#d!Z$d"Z%d#Z&d$Z'd%Z(d&Z)d'Z*d(Z+d)Z,d*Z-d+Z.d,Z/d-Z0d.Z1d/Z2d0Z3d1Z4d2Z5d3Z6d4Z7d5Z8d6Z9d7Z:d8Z;d9Z<d:Z=d;Z>d<Z?d=Z@d>ZAd?ZBd@ZCdAZDdBZEdCZFdDZGdEZHyF)Hr....aG...HTTP status codes and reason phrases.. Status codes from the following RFCs are all observed:.. * RFC 7231: Hypertext Transfer Protocol (HTTP/1.1), obsoletes 2616. * RFC 6585: Additional HTTP Status Codes. * RFC 3229: Delta encoding in HTTP. * RFC 4918: HTTP Extensions for WebDAV, obsoletes 2518. * RFC 5842: Binding Extensions to WebDAV. *

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\__pycache__\client.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):57186
                                          Entropy (8bit):5.214477449033178
                                          Encrypted:false
                                          SSDEEP:1536:OG3zgCFg3B/soqIRM0Vo11Be2jlzHlUQQQmiaIq04ey:OG3zgCFgp2+IHmXz
                                          MD5:9745AA3C914DFB677F379F15AE0A19F3
                                          SHA1:68C10D24EB888F2D227F45D81C83C9590E5C232E
                                          SHA-256:A3A24EE4C8E8C1B29936324072BE5B337A003B9EED5FF03138E367392618E897
                                          SHA-512:323D9DAE50E4F311BBFE054659CE7F8AF7917E843B5FC66C392057BDD423AC9BF20A10116E899D82954D10D8C481268283A0CC82FDFB8C81BD472A0F6B370D80
                                          Malicious:false
                                          Preview:...........f..........................b.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...g.d...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z...e.........j-..................e.j...................j0............................e.j...................j0..................j3..........................D...c.i.c.]...}.|.|.j4........................c.}.Z.d.Z.d.Z...e.j<..................d.........j>..................Z ..e.j<..................d.........jB..................Z"..e.j<..................d.........Z#..e.j<..................d.........Z$h.d...Z%d>d...Z&d.e'd.e'f.d...Z(..G.d...d.e.jR..................jT..........................Z+d...Z,e+f.d...Z-e+f.d...Z...G.d...d.e.j^..........................Z0d...Z1..G.d...d.........Z2..d.d.l3Z3..G.d ..d!e2........Z4e.jk..................d!............G.d"..d#e7........Z8..G.d$..d%e8........Z9..G.d&..d'e8........Z:..G.d(..d)e8........Z;..G.d*..d+e8........Z<..G.d,..d-e8........Z=..G.d...d/e8........Z>..G.d0..d1e8........Z?..G.d2..

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\__pycache__\cookiejar.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):81647
                                          Entropy (8bit):5.402780801939138
                                          Encrypted:false
                                          SSDEEP:1536:XByLT18XjniIS6n1LKP4PCKwI8DZGz7+p/svSe:XBysH1R67cmpEqe
                                          MD5:2C40088D52BBCE1BC51FD5FDA52DEDA0
                                          SHA1:B9101AF0DF9792CCDE7F9A96488D8705FBDE9EBA
                                          SHA-256:362D12D369A25C8B8335593E696AD7DA8E8739FB44269F7D053BF809D92B9CD2
                                          SHA-512:5406E4AF5A13A72D0EE2E581825B6E0F4DEDE91391FF1A7E724A2F91EB2E7A7A5D8E4A523389404457E0A9056899A250F09F6DFAD2517BE9B5382832207188E3
                                          Malicious:false
                                          Preview:...........f.6........................j.....d.Z.g.d...Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.Z.d.a.d...Z.d.Z.d.Z...e.e.j,..................j...........................Z...e.j2..................d.........Z.d.Z.d.Z.d...Z.d.Z.d...Z.g.d...Z g.d...Z!e!D...c.g.c.]...}.|.jE................................c.}.Z#dKd...Z$dKd...Z%d.d.d.d.d...Z&..e.j2..................d.e.jN..........................Z(d...Z)d...Z*..e.j2..................d.e.jN..........................Z+..e.j2..................d.e.jX..................e.jN..................z...........Z-..e.j2..................d.e.j\..................e.jN..................z...........Z/d...Z0..e.j2..................d.e.j\..................e.jN..................z...........Z1d...Z2d...Z3..e.j2..................d.........Z4..e.j2..................d.........Z5..e.j2..................d ........Z6..e.j2..................d!........Z7d"..Z8..e.j2..................d#........Z9d$..Z:d%..Z;d&..Z<..e.j2........

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\__pycache__\cookies.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):21557
                                          Entropy (8bit):5.424555122852431
                                          Encrypted:false
                                          SSDEEP:384:ehqTUFfuySriLbb9fVyb2CVozo6o4GV+h3ysKCokVsAhEvl33/9:aTj9fVyb2CVozNo4GVrsLokVscEvl331
                                          MD5:A98D407F9DDBCAC620946AEF02BE3970
                                          SHA1:5E710DD080AF2A9A8CC4406703C687103BD5258A
                                          SHA-256:858D59106CB6B7AD3578D6496F74709EA5A78DBA6E7CC7267E71DA09A611BDAB
                                          SHA-512:3A50CB591D69B337941C6B39982BB6DF9878FD32DA911A6FCCBCE3FF935753D1C85A59644385704D2D9F709B8340D69FD873D75D1C965E6E50A29D2089E62B79
                                          Malicious:false
                                          Preview:...........ffR..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.g.d...Z.d.j...................Z.d.j...................Z.d.j...................Z...G.d...d.e.........Z.e.j...................e.j...................z...d.z...Z.e.d.z...Z...e...e.d...................e...e.e.e.................z...D...c.i.c.]...}.|.d.|.z.........c.}.Z.e.j)....................e.d.........d...e.d.........d.i.............e.j*..................d...e.j,..................e.........z...........j...................Z.d...Z...e.j*..................d.........Z...e.j*..................d.........Z.d...Z.g.d...Z.g.d...Z.d.e.e.f.d...Z...G.d...d.e ........Z!d.Z"e"d.z...Z#..e.j*..................d.e"z...d.z...e#z...d.z...e.jH..................e.jJ..................z...........Z&..G.d ..d!e ........Z'..G.d"..d#e'........Z(y.c...c.}.w.)$a.....Here's a sample session to show how to use this module..At the moment, this is the only documentation...The Basics.----------..Importing is easy..... >>> from http import cookies..

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\client.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):58776
                                          Entropy (8bit):4.4278746800087205
                                          Encrypted:false
                                          SSDEEP:1536:l3z+3hB5SQi1oScyNzBoVQOQBWhc4oHCrPuKRkJtPU:l3z+3hB5SQi1oScyNzBoVQOQBWACrP7X
                                          MD5:DC8BF2D8A448778EF2CDE6D5A4792F04
                                          SHA1:DC6EE9AF0B32913DCCF2430ACD64DC16966DBEC5
                                          SHA-256:CFFCBFFB80491A4A5C85DA575ABD89ECC410D75547BF8F9748B4DB4445B89CC5
                                          SHA-512:84036B63A7340E5076ADCBB05C8443B511AC36DEE11953DBE3B12ED077B616EFB61D250883E5A6657B77259AFDE8188E7DEE8068B5735697BBEDC40C080D2A2B
                                          Malicious:false
                                          Preview:r"""HTTP/1.1 client library....<intro stuff goes here>..<other stuff, too>....HTTPConnection goes through a number of "states", which define when a client..may legally make another request or fetch the response for a particular..request. This diagram details these state transitions:.... (null).. |.. | HTTPConnection().. v.. Idle.. |.. | putrequest().. v.. Request-started.. |.. | ( putheader() )* endheaders().. v.. Request-sent.. |\_____________________________.. | | getresponse() raises.. | response = getresponse() | ConnectionError.. v v.. Unread-response Idle.. [Response-headers-read].. |\____________________.. | |.. | response.read() | putrequest().. v v.. Idle Req-started-unread-response.. ______/|.. /

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\cookiejar.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):79559
                                          Entropy (8bit):4.460811276790579
                                          Encrypted:false
                                          SSDEEP:1536:Gsf53CLTKr88g99gZ5T2SLbzf7bbVbFVJRyx67NF:G0I7jgZ5ZD/ZFbRs6ZF
                                          MD5:104EE963A477A64AB8692C88CE98D57B
                                          SHA1:FCEB2607FA42C983BD9C3F3BFEAE8F2ACE1115C7
                                          SHA-256:F4C1FAC9A8323FAB6840BEECDA77C69F83FDD72F9345B3D8259C5CC1015FDA4E
                                          SHA-512:D0EFE42484B974807F3EC63B56FAA9E012F2F81D9E335304EFC9813F32D2606837DDD3D703DFBC1E2F133FEC42442F1619BA6DC2B8E35265D20693FA74D48973
                                          Malicious:false
                                          Preview:r"""HTTP cookie handling for web clients.....This module has (now fairly distant) origins in Gisle Aas' Perl module..HTTP::Cookies, from the libwww-perl library.....Docstrings, comments and debug strings in this code refer to the..attributes of the HTTP cookie system as cookie-attributes, to distinguish..them clearly from Python attributes.....Class diagram (note that BSDDBCookieJar and the MSIE* classes are not..distributed with the Python standard library, but are available from..http://wwwsearch.sf.net/):.... CookieJar____.. / \ \.. FileCookieJar \ \.. / | \ \ \.. MozillaCookieJar | LWPCookieJar \ \.. | | \.. | ---MSIEBase | \.. | / | | \.. | / MSIEDBCookieJar BSDDBCookieJar.. |/.. MSIECookieJar...."""....__all__ = ['Cookie', 'Cook

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\cookies.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21094
                                          Entropy (8bit):4.737928355464598
                                          Encrypted:false
                                          SSDEEP:384:ShNUZtUx0dqJ1sJxttmT+tOVVyeuPFcLIcfOuu7jvxyXWNYN:ShNUZmx0dCsNPFGIcfyM+YN
                                          MD5:BB19E50B174A51A5972C7DFD8F142ADB
                                          SHA1:FE6E9FB17F72042FF2EF00FC6E7F5C51631D2F3C
                                          SHA-256:D049D9DE921DD9A2D13CD205FC0ABED14691CDDC8BA6F3C174653AF938ECD79F
                                          SHA-512:993B3238D231137B5E703FC4ADC0FD2A263A6EB7D07FDBFCA11DEEC422184A99C8ABAD6F2CE8F6A36C253D5967BAE8BA921261C636BE4F4B4A3B7D22A05EB27A
                                          Malicious:false
                                          Preview:####..# Copyright 2000 by Timothy O'Malley <timo@alum.mit.edu>..#..# All Rights Reserved..#..# Permission to use, copy, modify, and distribute this software..# and its documentation for any purpose and without fee is hereby..# granted, provided that the above copyright notice appear in all..# copies and that both that copyright notice and this permission..# notice appear in supporting documentation, and that the name of..# Timothy O'Malley not be used in advertising or publicity..# pertaining to distribution of the software without specific, written..# prior permission...#..# Timothy O'Malley DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS..# SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY..# AND FITNESS, IN NO EVENT SHALL Timothy O'Malley BE LIABLE FOR..# ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES..# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,..# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS..# ACTION, ARISING

                                          C:\Users\user\AppData\Roaming\windows\Lib\http\server.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):49836
                                          Entropy (8bit):4.568587656018124
                                          Encrypted:false
                                          SSDEEP:1536:lfng3S+gSOsn6f0aKucGIEgA0BBrETVp5tU6N0Y+:lvg3S+7OsnQ0aKucGIEOBCTZN0Y+
                                          MD5:475B51062BC286BBFCEB982AC56F8EDF
                                          SHA1:B54CD3951C705D433363EB74C79CAB7158897691
                                          SHA-256:240BA27E5469B77E14BCD0F912F778FCFF79CFD423B281DAB0CDB1AC4BB0F32F
                                          SHA-512:2AD5D0345ACA53EC5C9C8040581F25B7E22AB5FC1F64EC8AC70B2C63ED3ECC1A4092776E8E75A14E874E9F3047274259B073F29412633B82ECD48C65BE32972C
                                          Malicious:false
                                          Preview:"""HTTP server classes.....Note: BaseHTTPRequestHandler doesn't implement any HTTP request; see..SimpleHTTPRequestHandler for simple implementations of GET, HEAD and POST,..and CGIHTTPRequestHandler for CGI scripts.....It does, however, optionally implement HTTP/1.1 persistent connections,..as of version 0.3.....Notes on CGIHTTPRequestHandler..------------------------------....This class implements GET and POST requests to cgi-bin scripts.....If the os.fork() function is not present (e.g. on Windows),..subprocess.Popen() is used as a fallback, with slightly altered semantics.....In all cases, the implementation is intentionally naive -- all..requests are executed synchronously.....SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL..-- it may execute arbitrary Python code or external programs.....Note that status code 200 is sent prior to execution of a CGI script, so..scripts cannot send other status codes such as 302 (redirect).....XXX To do:....- log requests even

                                          C:\Users\user\AppData\Roaming\windows\Lib\imaplib.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):55320
                                          Entropy (8bit):4.698963047894621
                                          Encrypted:false
                                          SSDEEP:1536:LxnlDansQeIBol2eKsBKOgE1IFWv4wem8fCY17JTBY:L9lWsQ5el2eKs4OgE1IFwDem8fN5Ri
                                          MD5:3A49CC9459497FBB42C7ADA13F6FCEA8
                                          SHA1:74751D80FB62412994BC1716B1AF9052E8C579FC
                                          SHA-256:12C34D60B9F7BE521F898E13D72B7F1D2BBEDC87C71F9C00140FFB4593E2FB3C
                                          SHA-512:E2DBDC1099C574BD02A90F9C41D6CC4D827A3177C009C6C6F11CA5870DA95869CFEB774638D0DAD5CC33C5BC731000897323AE6B17AC817B2B1FDD8C2454BCF3
                                          Malicious:false
                                          Preview:"""IMAP4 client.....Based on RFC 2060.....Public class: IMAP4..Public variable: Debug..Public functions: Internaldate2tuple.. Int2AP.. ParseFlags.. Time2Internaldate.."""....# Author: Piers Lauder <piers@cs.su.oz.au> December 1997...#..# Authentication code contributed by Donn Cave <donn@u.washington.edu> June 1998...# String method conversion by ESR, February 2001...# GET/SETACL contributed by Anthony Baxter <anthony@interlink.com.au> April 2001...# IMAP4_SSL contributed by Tino Lange <Tino.Lange@isg.de> March 2002...# GET/SETQUOTA contributed by Andreas Zeidler <az@kreativkombinat.de> June 2002...# PROXYAUTH contributed by Rick Holbert <holbert.13@osu.edu> November 2002...# GET/SETANNOTATION contributed by Tomas Lindroos <skitta@abo.fi> June 2005.....__version__ = "2.58"....import binascii, errno, random, re, socket, subprocess, sys, time, calendar..from datetime import datetime, timezone, tim

                                          C:\Users\user\AppData\Roaming\windows\Lib\imghdr.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4578
                                          Entropy (8bit):4.76441763929676
                                          Encrypted:false
                                          SSDEEP:96:MwbND3M4HLBZ6Wl/wH6wLZ6L3KkZPaQG6q8GjHjKkz:MWD77IhQCpjHjKkz
                                          MD5:316394ACA6BF6A5AF7996A6143E0AECE
                                          SHA1:6B119E846026FCF24034E4F7292E996D92C6E6E1
                                          SHA-256:F6BE0B302E7D4B7F0A9A32085AD69BEBBC735E704B9BE68510E3D9009C3E83F4
                                          SHA-512:7EBE465294186E5D83FEE8BA5DFE92CE67FFA9F6A99B963C7495227D3930224AAA4B1F17F516D9EB1FF16C6F708A696BEAACFFE96CF99FFAF862B31D002DD01F
                                          Malicious:false
                                          Preview:"""Recognize image file formats based on their first few bytes."""....from os import PathLike..import warnings....__all__ = ["what"]......warnings._deprecated(__name__, remove=(3, 13))......#-------------------------#..# Recognize image headers #..#-------------------------#....def what(file, h=None):.. """Return the type of image contained in a file or byte stream.""".. f = None.. try:.. if h is None:.. if isinstance(file, (str, PathLike)):.. f = open(file, 'rb').. h = f.read(32).. else:.. location = file.tell().. h = file.read(32).. file.seek(location).. for tf in tests:.. res = tf(h, f).. if res:.. return res.. finally:.. if f: f.close().. return None......#---------------------------------#..# Subroutines per image file type #..#---------------------------------#....tests = []....def test_jpeg(h, f):.. """Test f

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4912
                                          Entropy (8bit):4.6319009488503635
                                          Encrypted:false
                                          SSDEEP:96:4tH2fRvVSnhV4kSSNOyKGk+SNplpIZvYZwPbBbrx1x410aKZt9RH++3mTatLxhV:glz4vSNGGXSNV4bRrp41vKZt9RJmOtVb
                                          MD5:BCA19823F6D3DA9AC57114B681CF3F4F
                                          SHA1:4B4AC01ABE65A7CE3752343F9681EAD705274E0E
                                          SHA-256:96DC7E6276BEAF680D6576917173FD67B1260BC3B10BB7324F481C424ECB3F4E
                                          SHA-512:B995194B78FCFA4C5E66B84DDF2FAC2AEA2C51E20BB26DA6FF57AC4ED195ADD3D9375A12CA9FFB3DFE7A485BF4741727682EF7CF1175C5C9AEFD9A282ED3E574
                                          Malicious:false
                                          Preview:"""A pure Python implementation of import."""..__all__ = ['__import__', 'import_module', 'invalidate_caches', 'reload']....# Bootstrap help #####################################################....# Until bootstrapping is complete, DO NOT import any modules that attempt..# to import importlib._bootstrap (directly or indirectly). Since this..# partially initialised package would be present in sys.modules, those..# modules would get an uninitialised copy of the source version, instead..# of a fully initialised version (either the frozen one or the one..# initialised below if the frozen one is not available)...import _imp # Just the builtin component, NOT the full Python module..import sys....try:.. import _frozen_importlib as _bootstrap..except ImportError:.. from . import _bootstrap.. _bootstrap._setup(sys, _imp)..else:.. # importlib._bootstrap is the built-in import, ensure we don't create.. # a second copy of the module... _bootstrap.__name__ = 'importlib._bootstrap

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4585
                                          Entropy (8bit):5.665709964349121
                                          Encrypted:false
                                          SSDEEP:96:dhxU9e1bkBCmhxK1sWAS+CZCxDzm2xA9P8M+XALOPYa:jk0UK1FAS+RxmIukwe
                                          MD5:FDC83B48E52F32F174974C83CAB9E8C2
                                          SHA1:FF43A977103D6401F768362A161492DECFC5198E
                                          SHA-256:1D72B176FC014B94237C84CD72C60D01E75CF59F44BCC9DA432CE4A623DD88AE
                                          SHA-512:195450AF0D385D84A9BE38A9D69C95FFBBC9D07C773ABEC8A7FCB2520B15C13074410FDA485162436F6BA54512A85B545BAE3766B59C3A660957E2CC8C2979BA
                                          Malicious:false
                                          Preview:...........f0.........................,.....d.Z.g.d...Z.d.d.l.Z.d.d.l.Z...d.d.l.Z.d.e._.........d.e._...........e.j...................d.d.........e._.........e.e.j...................d.<.....d.d.l.Z.d.e._.........d.e._...........e.j...................d.d.........e._.........e.e.j...................d.<...e.j$..................Z.e.j&..................Z.d.d.l.Z.d.d.l.m.Z...d...Z.d.d...Z.i.Z.d...Z.y.#.e.$.r...Y...w.x.Y.w.#.e.$.r...d.d.l.m.Z.....e.j...................e.e...........Y...w.x.Y.w.#.e.$.r...Y..tw.x.Y.w.#.e.$.r"..d.d.l.m.Z.....e.j"..................e...........e.e._.........Y...w.x.Y.w.).z'A pure Python implementation of import.)...__import__..import_module..invalidate_caches..reload.....Nz.importlib._bootstrap..importlibz.__init__.pyz._bootstrap.py.....)..._bootstrapz.importlib._bootstrap_externalz._bootstrap_external.py)..._bootstrap_external).r....c.....................h.....t.........j...................D.]...}.t.........|.d.........s...|.j..............................!..y.).

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\__pycache__\_abc.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1663
                                          Entropy (8bit):5.136880199414396
                                          Encrypted:false
                                          SSDEEP:24:tbJUrqm4haCXN2/WHX/I7ChNIu8CiqIwxb9FReg+L+CVVR9Vz8R1wtAjZn:ZJUOnsCDCqj9FKx9R8R1yYn
                                          MD5:1FC3477C199F2494FF671AAB772829A5
                                          SHA1:7AF6A929704D504A7EE4829D0C1866BAD5291258
                                          SHA-256:F4A4AA348E05B28A98E35DDCE615DF8017BEE36B5A0951C0D96C553A4411E301
                                          SHA-512:7CAC82959A6ED93693D2E7EE8445E14BFA541FF85B3C3F4458CD4012023D6F4C74D4FCAE5D71722C09C798EFAF2421B38A705945CE8E36C47CF2547C7DC6318A
                                          Malicious:false
                                          Preview:...........fq.........................H.....d.Z.d.d.l.m.Z...d.d.l.Z...G.d...d.e.j.............................Z.y.).z>Subset of importlib.abc used to reduce importlib.util imports......)..._bootstrap.....Nc...........................e.Z.d.Z.d.Z.d...Z.d...Z.y.)...Loaderz'Abstract base class for import loaders.c...........................y.).z.Return a module to initialize and into which to load... This method should raise ImportError if anything prevents it. from creating a new module. It may return None to indicate. that the spec should create the new module.. N..)...self..specs.... .9C:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\_abc.py..create_modulez.Loader.create_module....s................c.....................R.....t.........|.d.........s.t...........t.........j...................|.|.........S.).a....Return the loaded module... The module must be added to sys.modules and have import-related. attributes set properly. The fullname is

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\__pycache__\abc.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10436
                                          Entropy (8bit):5.240731605934953
                                          Encrypted:false
                                          SSDEEP:192:rOoAj+k16K3an/5qq3MsPMbDA9ntVSGz03czkDgcn:unjG/5qq3veA9ntB5QM4
                                          MD5:D6587969D924B61896A99D376DE76C4F
                                          SHA1:3AED8451D7315B268D9DAD9873A1CE8F906EF2B7
                                          SHA-256:9015157A666C51AFFDD2E46E53D49934DA94A55E7DE67376B3558A319BBE9D10
                                          SHA-512:994974E9BD620FC00D41740999CE10B98D65CF5479A17F750A784CF5D437D4CFF263D25E0FB3020D1BDD1419926D08372E017BB0449C002D8387F2F579ED7ECE
                                          Malicious:false
                                          Preview:...........f..........................4.....d.Z.d.d.l.m.Z...d.d.l.m.Z.....d.d.l.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...g.d...Z.d...Z.d...Z...G.d...d.e.j$............................Z...e.e.e.j(..................e.j*..................e.j,..................e.j...............................G.d...d.e.j$............................Z...e.e.e.j2..............................G.d...d.e.........Z...G.d...d.e.........Z...e.e.e.j(..................e.j*..................e.j8..............................G.d...d.e.........Z...e.e.e.j<..............................G.d...d.e.j>..................e.e.........Z...e.e.e.j@..................e.jB..............................G.d...d.e.jD..................e.e.........Z"..e.e"e.j@............................y.#.e.$.r.Z.e.j...................d.k7..r...d.Z.Y.d.Z.[....pd.Z.[.w.w.x.Y.w.#.e.$.r...e.Z.Y....}w.x.Y.w.).z(Abstract base classes related to import......)..._bootstrap_external)...machinery.....N.._frozen_importlib)...Loader)...abc).r......Me

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\__pycache__\readers.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):482
                                          Entropy (8bit):5.394936210574115
                                          Encrypted:false
                                          SSDEEP:12:158fSBdsrUEyqw1zNxQj4gwKJO0Un2WKChB3aghpPT0q/:vK6s4Eyqw1zNxsCKJORhhogh5Y6
                                          MD5:1E9BC1F4526660282CC0AE77078AF096
                                          SHA1:E36995988697C93CA6CA49DDFEB9065C38676ED9
                                          SHA-256:577B9705905F68CF4AA9B0858FCA74D3F6773C0B2327DE356EDB058605D28D22
                                          SHA-512:93081CD58D6FFBD3551321A7213C0247BBB9A3A3C1C685BA0461B0F83D29437113B0831B86C38415BAD40F20BEE967CD2CC36CCA2E00102EB36D74173F582103
                                          Malicious:false
                                          Preview:...........fS.........................(.....d.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...g.d...Z.y.).z..Compatibility shim for .resources.readers as found on Python 3.10...Consumers that can rely on Python 3.11 should use the other.module directly.......)...FileReader..ZipReader..MultiplexedPath..NamespaceReaderN)...__doc__..resources.readersr....r....r....r......__all__........<C:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\readers.py..<module>r........s............................L...r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\_abc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1393
                                          Entropy (8bit):4.427551858910038
                                          Encrypted:false
                                          SSDEEP:24:7+SdXp8ImdaCtl27fisRiqITfqF6BSES5C+LOqqc9:CSK07fisQqgqF2SEqxz
                                          MD5:B9344DFD73AFA9269F1701F6959D7A94
                                          SHA1:B4945D7DE3B00D0761760B6131D9F7D3A95411D6
                                          SHA-256:795157B91862D662AE681C0521DAA1311B34B763B955E01505A27C865D848EAE
                                          SHA-512:7A994E456BEC98C52A2130898FDE1F5148A5919F17F814CA4357BF7B9C48C100930D0519F2A8BE5D4ED37D17C0C7AB0A8F571BB71EF01613E8ED24B715A4F1CB
                                          Malicious:false
                                          Preview:"""Subset of importlib.abc used to reduce importlib.util imports."""..from . import _bootstrap..import abc......class Loader(metaclass=abc.ABCMeta):.... """Abstract base class for import loaders.""".... def create_module(self, spec):.. """Return a module to initialize and into which to load..... This method should raise ImportError if anything prevents it.. from creating a new module. It may return None to indicate.. that the spec should create the new module... """.. # By default, defer to default semantics for the new module... return None.... # We don't define exec_module() here since that would break.. # hasattr checks we do to support backward compatibility..... def load_module(self, fullname):.. """Return the loaded module..... The module must be added to sys.modules and have import-related.. attributes set properly. The fullname is a str..... ImportError is raised on failure.....

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\_bootstrap.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):58607
                                          Entropy (8bit):4.432175502845617
                                          Encrypted:false
                                          SSDEEP:768:18AwHfgLuEbK7qyz4yBZIFUxn3vkuFlszRJ1l89GRO0sdB4miJ55v:u3IuEbwq5vUh3vku+SYv
                                          MD5:683A9FFC2665B44EAB0DC6CD7FEAE818
                                          SHA1:44E1896F51986A655FF3B791BCD09B3AEEC7C707
                                          SHA-256:74A7017D6CCF9AAB6A6140771DB1E83118449331DFDB3AFA87A1C06A372C4F05
                                          SHA-512:FCD09112256AE27ADB4322512173A65D827DAA69EF844FDC4A9DCB85195F685AA22DCEE7DAB6CDD1C80AD2D46F937D1D6130B1C3DC66C8EFEF64C32E7052FE0F
                                          Malicious:false
                                          Preview:"""Core implementation of import.....This module is NOT meant to be directly imported! It has been designed such..that it can be bootstrapped into Python as the implementation of import. As..such it requires the injection of specific modules and attributes in order to..work. One should use importlib as the public-facing version of this module....."""..#..# IMPORTANT: Whenever making changes to this module, be sure to run a top-level..# `make regen-importlib` followed by `make` in order to get the frozen version..# of the module updated. Not doing so will result in the Makefile to fail for..# all others who don't have a ./python around to freeze the module..# in the early stages of compilation...#....# See importlib._setup() for what is injected into the global namespace.....# When editing this code be aware that code executed at import time CANNOT..# reference any injected objects! This includes not only global code but also..# anything specified at the class level.....def _object_name

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\_bootstrap_external.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):70920
                                          Entropy (8bit):4.782756894999464
                                          Encrypted:false
                                          SSDEEP:768:iKsoAmFfyJ4QFhE/tn5ePIJ0feP1tI4qOuMCxl6knccZ/76UlgMvflotc9:txQ4QF8tn5eP8C4q6kccZzZveq
                                          MD5:31949D8E3054036EFFF8B3AEE9DF79BA
                                          SHA1:1A170A0F5875DF05AE22F3AFD90353B03BA9232C
                                          SHA-256:A4644D1472529A8F2BDF039CC211630CC4B37CD293F8AE13FD8D974D37E6DC57
                                          SHA-512:6338A2770939DF8CD4AA8A614868DE89F93D18E53AD7900D6AE043F389BB8C1473083CA75FB99C1592A92CFC62E453B4837C023BF4D578E2003C681BCC03522C
                                          Malicious:false
                                          Preview:"""Core implementation of path-based import.....This module is NOT meant to be directly imported! It has been designed such..that it can be bootstrapped into Python as the implementation of import. As..such it requires the injection of specific modules and attributes in order to..work. One should use importlib as the public-facing version of this module....."""..# IMPORTANT: Whenever making changes to this module, be sure to run a top-level..# `make regen-importlib` followed by `make` in order to get the frozen version..# of the module updated. Not doing so will result in the Makefile to fail for..# all others who don't have a ./python around to freeze the module in the early..# stages of compilation...#....# See importlib._setup() for what is injected into the global namespace.....# When editing this code be aware that code executed at import time CANNOT..# reference any injected objects! This includes not only global code but also..# anything specified at the class level.....# Module

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\abc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7851
                                          Entropy (8bit):4.615080798654411
                                          Encrypted:false
                                          SSDEEP:96:+E1GL85updL/sl7/piIJYkYuHImwTh2M5XyEZUM5wnEeAA/h/8M8HMDx5D2dhl9G:0L/+/YIBIjyyroF8c1470fY7GTDHf
                                          MD5:24BD6DA498D8D1962F931980E80996DC
                                          SHA1:6B1B13F61A258C19EB7FDDE5581026ABBBCBB084
                                          SHA-256:E968730B743A235C1D4D245563DD2257FE1D3CE4FAA22AEA0274680B3B2BDE97
                                          SHA-512:7CC1DB4172573961AA445319E3D3FE3B1141CA51441AB65C0CFEB2FA5100B0F3D8D25EE9AB8F22518A527CF38FC02C876AA671844920CCA2C3D458EBE382A86E
                                          Malicious:false
                                          Preview:"""Abstract base classes related to import."""..from . import _bootstrap_external..from . import machinery..try:.. import _frozen_importlib..except ImportError as exc:.. if exc.name != '_frozen_importlib':.. raise.. _frozen_importlib = None..try:.. import _frozen_importlib_external..except ImportError:.. _frozen_importlib_external = _bootstrap_external..from ._abc import Loader..import abc..import warnings....from .resources import abc as _resources_abc......__all__ = [.. 'Loader', 'MetaPathFinder', 'PathEntryFinder',.. 'ResourceLoader', 'InspectLoader', 'ExecutionLoader',.. 'FileLoader', 'SourceLoader',..]......def __getattr__(name):.. """.. For backwards compatibility, continue to make names.. from _resources_abc available through this module. #93963.. """.. if name in _resources_abc.__all__:.. obj = getattr(_resources_abc, name).. warnings._deprecated(f"{__name__}.{name}", remove=(3, 14)).. globals()[name] = obj..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\machinery.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):900
                                          Entropy (8bit):4.955279656424343
                                          Encrypted:false
                                          SSDEEP:24:YT166asGSaopamPQpaJ2XEaJ2QaJLYaJRaJnaJiaJeMaJ2h5Jir:2VGSD0y20y2QyLYyRynyiyfy2h5Jir
                                          MD5:2492D118AAA72971157EC93AD1919FCB
                                          SHA1:6A48065FDA49FE587D255CACF31EFDAFC09F8AE8
                                          SHA-256:9A2EE437C38E45CDF7559F613F57209B5B11C0824A9069192B9EBD5A2CEEFA1A
                                          SHA-512:DDCB67E4DDE35064CF851B6C7F4D9B58123CE01D75FE20369B189BC52123AAB8B3ECD53F40A9D50875A360992AD453239C5BAFA5DC17C3C41A0EDD20D7E7DD4F
                                          Malicious:false
                                          Preview:"""The machinery of importlib: finders, loaders, hooks, etc."""....from ._bootstrap import ModuleSpec..from ._bootstrap import BuiltinImporter..from ._bootstrap import FrozenImporter..from ._bootstrap_external import (SOURCE_SUFFIXES, DEBUG_BYTECODE_SUFFIXES,.. OPTIMIZED_BYTECODE_SUFFIXES, BYTECODE_SUFFIXES,.. EXTENSION_SUFFIXES)..from ._bootstrap_external import WindowsRegistryFinder..from ._bootstrap_external import PathFinder..from ._bootstrap_external import FileFinder..from ._bootstrap_external import SourceFileLoader..from ._bootstrap_external import SourcelessFileLoader..from ._bootstrap_external import ExtensionFileLoader..from ._bootstrap_external import NamespaceLoader......def all_suffixes():.. """Returns a list of all recognized module suffixes for this process""".. return SOURCE_SUFFIXES + BYTECODE_SUFFIXES + EXTENSION_SUFFIXES..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):29709
                                          Entropy (8bit):4.587258080464864
                                          Encrypted:false
                                          SSDEEP:384:LAYSytaMmMXy0Tgx3/eEXeb1S5OeGZIMVopvE85tQTsaTC2SWTtdB7GFQ6+hwRgG:LPSgmMXy4gxNOlVavENfhNSCwnaq
                                          MD5:30110FEE47A4E4F3874FE2C46CDDC3B9
                                          SHA1:CA4925F316C4DE2C05B5D7C98C2F33445BD711BE
                                          SHA-256:9798E43428F6C11BF9C4602BE62599FF2470088FE0BF82C8BBBC177E740E1F08
                                          SHA-512:965DBC96E891397CCA995CF15B1150E2BDAB73B4BC8F9B05B3D9B56F31F44750D04F2449688ED5A76B283496906129F27F43C8281D55AF95CA94D7FDC6D8BE42
                                          Malicious:false
                                          Preview:import os..import re..import abc..import csv..import sys..import email..import pathlib..import zipfile..import operator..import textwrap..import warnings..import functools..import itertools..import posixpath..import contextlib..import collections..import inspect....from . import _adapters, _meta..from ._collections import FreezableDefaultDict, Pair..from ._functools import method_cache, pass_none..from ._itertools import always_iterable, unique_everseen..from ._meta import PackageMetadata, SimplePath....from contextlib import suppress..from importlib import import_module..from importlib.abc import MetaPathFinder..from itertools import starmap..from typing import List, Mapping, Optional, cast......__all__ = [.. 'Distribution',.. 'DistributionFinder',.. 'PackageMetadata',.. 'PackageNotFoundError',.. 'distribution',.. 'distributions',.. 'entry_points',.. 'files',.. 'metadata',.. 'packages_distributions',.. 'requires',.. 'version',..]......class PackageN

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):48504
                                          Entropy (8bit):5.1709751785903295
                                          Encrypted:false
                                          SSDEEP:768:PZMd9mVMXBPqh1fpSjme5nfrKYBgHATlZuDJnw/VdfZLl:PZi9mMqhajmwnfXB8AwJw/VrLl
                                          MD5:680BC04601CA22D101BEAB72C7EB4A1A
                                          SHA1:913CD2CFF49081F8B91D82965DDD16439373B558
                                          SHA-256:7E7B614A02124D65BC268D1E941FEB2EBD20182578FEB4635523441070E2A092
                                          SHA-512:D2D001A6C6F2EA1E49603F70CFB71869B55B45EE09C4114C5E8D30B8990D50E732353EDC2761F0E8ADCC3DDAC2CCAB0C5D0D78E40940773E7F2815CCC3B04350
                                          Malicious:false
                                          Preview:...........f.t........................8.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#..d.d.l.m$Z$..d.d.l%m&Z&m'Z'm(Z(m)Z)..g.d...Z*..G.d...d.e+........Z,..G.d...d.........Z-..G.d...d.........Z...G.d...d.e.........Z/..G.d...d.e0........Z1..G.d...d.e.jd..........................Z3..G.d...d.........Z4..G.d...d.........Z5..G.d...d.e5........Z6..G.d ..d!e#........Z7..G.d"..d#........Z8..G.d$..d%........Z9..G.d&..d'........Z:..G.d(..d)e7........Z;..G.d*..d+e6........Z<d,..Z=d-..Z>d.e.j:..................f.d/..Z?d0..Z@..e.j...................e...e.j...................d1.........2........ZC..d.e1f.d3..ZDd4..ZEd5..ZFd.e'eGe&eG....f.....f.d6..ZHd7..ZId8..ZJy.)9.....N.....)..._adapters.._meta)...FreezableDefaultDict..Pair)...method_cache..pass_none)...always_iterable..unique_everseen)...Pack

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__pycache__\_adapters.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3855
                                          Entropy (8bit):5.291762124078507
                                          Encrypted:false
                                          SSDEEP:48:QJZ6XRGKwQLXs8SAByPMOCkXMQjKRUlt8xwEXd15IB8NtZ2Ct3GN:QTKvsUsMHRUl6zP+B8N7HI
                                          MD5:5AC0EAD5C77B4CC8635415F73069F24B
                                          SHA1:25BA3D64BD4C0754E7D5AD037DEB2D7C11BD7430
                                          SHA-256:90194C795EC0B20643D98C2A4EE0124B60E742C225ABEB7A991F35D7BDD67F4E
                                          SHA-512:B85295B7F52A3D2FA47DD5D722F920DE086AE38AC5E5435A24E23536799794116C4D9CB4E746DF1B3214F4E3E77CF15FBDE5F269D8C2AB9B2B830D6FE3F30BAF
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....e.j...................e.j...................d.e.d...........Z...G.d...d.e.j...................j...........................Z.y.)......N.....)...FoldedCasezFImplicit None on return values is deprecated and will raise KeyErrors......)...stacklevelc............................e.Z.d.Z...e...e.e.g.d...................Z...d.e.j...................j...................f...f.d...Z.d...Z...f.d...Z...f.d...Z.d...Z.e.d...........Z...x.Z.S.)...Message)...Classifierz.Obsoletes-Dist..Platformz.Project-URLz.Provides-Distz.Provides-Extraz.Requires-Distz.Requires-Externalz.Supported-Platform..Dynamic..origc.....................l.......t...........|.....|.........}.t.........|.........j...................t.........|...................|.S...N)...super..__new__..vars..update)...clsr......res..__class__s.... ..GC:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\metadata\_adapters.pyr....z.Message.__new__)...s,.

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__pycache__\_collections.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1903
                                          Entropy (8bit):5.144831276885953
                                          Encrypted:false
                                          SSDEEP:24:pqCflLM8ZOSIJxBgP3d7Ij7tkXnpflW9l05BMtRKq6G1DR2Nu2I4l/dqJp3Y:pXl4KOSIV6KjKOlcBMHKgR2I2Hl+p3Y
                                          MD5:01E73B7B02160D03826241B073D40541
                                          SHA1:AEB689C2CACCFA8AF917782792BE82606EC1ED57
                                          SHA-256:440A9A622990E9050B945B2D484A10628D32A8F42FFF73E046ACDDBC0BA97A21
                                          SHA-512:20B44479449C351A50ED424CC6EE0DD7B9BAA4D51B9B89C752605F777D26624E9091363D0688F923B10C653CAE49223AA0066F1934A0583326D38B6EA397A05D
                                          Malicious:false
                                          Preview:...........f..........................n.....d.d.l.Z...G.d...d.e.j...........................Z...G.d...d...e.j...................d.d.................Z.y.)......Nc.....................(.......e.Z.d.Z.d.Z...f.d...Z.d...Z...x.Z.S.)...FreezableDefaultDicta!.... Often it is desirable to prevent the mutation of. a default dict after its initial construction, such. as to prevent mutation during iteration... >>> dd = FreezableDefaultDict(list). >>> dd[0].append('1'). >>> dd.freeze(). >>> dd[1]. []. >>> len(dd). 1. c.....................:.........t.........|.d.t...........|.............|.........S.).N.._frozen)...getattr..super..__missing__)...self..key..__class__s.... ..JC:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\metadata\_collections.pyr....z FreezableDefaultDict.__missing__....s.........<.w.t.Y.....(;..<.S..A..A.....c...............................f.d....._.........y.).Nc.....................$.........j...........................S.).N)...default_factor

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__pycache__\_functools.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3461
                                          Entropy (8bit):5.281827262382292
                                          Encrypted:false
                                          SSDEEP:48:qfbuTGKoOIXlUsSUUEQ1lGIGX5G5GurSYwBpHPdG7lfsJdSOTK/J/SarXN0le/ys:qGoOCDUX4sXwjvMXNpaRkIO5pL
                                          MD5:BC14D54043BC52F90A8CEE5924D43CC1
                                          SHA1:5AE16350ECB6232C764C71B8E2C3B7F3B73A754E
                                          SHA-256:822F206A32A68E4A24CA2E6E56C63CED7EFB2BCC9CA437DDC97AA482048D9AC1
                                          SHA-512:1D7C18B90477200640758EE3BE560C147B8803E325B81F76CF8810A8488500A13DC6ABB1BA03712EB7CED5B9DA0A1F10D1DB542EC6F1250D8BEAFC34AAD529FF
                                          Malicious:false
                                          Preview:...........f..........................".....d.d.l.Z.d.d.l.Z.d.d...Z.d...Z.y.)......Nc.....................V...........x.s...t.........j.................................f.d...}.d...|._.........|.S.).aV.... Wrap lru_cache to support storing the cache data in the object instances... Abstracts the common paradigm where the method explicitly saves an. underscore-prefixed protected property on first call and returns that. subsequently... >>> class MyClass:. ... calls = 0. .... ... @method_cache. ... def method(self, value):. ... self.calls += 1. ... return value.. >>> a = MyClass(). >>> a.method(3). 3. >>> for x in range(75):. ... res = a.method(x). >>> a.calls. 75.. Note that the apparent behavior will be exactly like that of lru_cache. except that the cache is stored on each instance, so values in one. instance will not flush values from another, and when an instance is. deleted, so are the ca

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__pycache__\_itertools.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2385
                                          Entropy (8bit):5.502203544852047
                                          Encrypted:false
                                          SSDEEP:48:o+N3JjfPMlIZ48AVCkCzOQVQqtXBcNqo+UoJyE5fp:tN5jx48lhBnY+UhE5R
                                          MD5:33DFBEEBC61F09817273C2DFE8B4C1E3
                                          SHA1:A9DD7AD4F40DE04FCAA7373377C03AF417BFFFE1
                                          SHA-256:1461A68A8E1F3B09207FDAE7D8F5F3D0CD7FE79576DB07B080B0949D47C00C98
                                          SHA-512:49EE30831339BA5463304912D63C9F7CBC9E671297FE386717149CE0E0732C36B5ADFDBDC16D702E62151935AE61545331AC099F566F6F9CC7B5E7CF987C6B85
                                          Malicious:false
                                          Preview:...........f].........................&.....d.d.l.m.Z...d.d...Z.e.e.f.f.d...Z.y.)......)...filterfalseNc................#........K.....t.................}.|.j...................}.|..(t.........|.j...................|.........D.]...}...|.|...........|...........y.|.D.]...}...|.|.........}.|.|.v.s.....|.|...........|...........y...w.).zHList unique elements, preserving order. Remember all elements ever seen.N)...set..addr......__contains__)...iterable..key..seen..seen_add..element..ks.... .HC:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\metadata\_itertools.py..unique_everseenr........ss..............5.D....x.x.H....{..".4.#4.#4.h..?......G....W.......M......... ......G....G...A......}..................s.....A.A$....A$.c..........................|...t.........d.........S.|...t.........|.|.........r.t.........|.f.........S...t.........|.........S.#.t.........$.r...t.........|.f.........c.Y.S.w.x.Y.w.).ax...If *obj* is iterable, return an iterator over its items::.. >>> obj

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__pycache__\_meta.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3301
                                          Entropy (8bit):5.007995728486877
                                          Encrypted:false
                                          SSDEEP:96:x1IxqY/Q83oZ47j5wGe4fFYdlqrTI8YtWtXBjJH:x1IT/Q83oZ47j5wN4fFYdlq3DYtWtRlH
                                          MD5:8FBC4AF29927FD20A6553396BE10EAF6
                                          SHA1:F52DDB88E86BD2133DAA395F0CC24312CA4EE1A7
                                          SHA-256:AB1B9FA7F89A1E442786B89AD27E46DED76128AE56DEC632C101B7EEC250CB9F
                                          SHA-512:10FF6B16F2C4485826289BA555DD8F408A80378580C43F11ED366FE4486A16615FBBAEDEE3626A8C6F54B0BEA68D6B6EE9BBAC96CC5B257D53046E2E690F634E
                                          Malicious:false
                                          Preview:...........fu.........................z.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.........Z...G.d...d.e.........Z...G.d...d.e.e.............Z.y.)......)...Protocol)...Any..Dict..Iterator..List..Optional..TypeVar..Union..overload.._Tc.....................".....e.Z.d.Z.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.e.....f.d...Z.e.d.d.e.d.d.d.e.e.....f.d...........Z.e.d.e.d.e.d.e.e.e.f.....f.d...........Z.e.d.d.e.d.d.d.e.e.e.........f.d...........Z.e.d.e.d.e.d.e.e.e.....e.f.....f.d...........Z.e.d.e.e.e.e.e.e.....f.....f.....f.d...........Z.y.)...PackageMetadata..returnc...........................y...N......selfs.... .CC:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\metadata\_meta.py..__len__z.PackageMetadata.__len__.....................itemc...........................y.r....r....).r....r....s.... r......__contains__z.PackageMetadata.__contains__....r....r......keyc...........................y.r....r....).r....r....s.... r......__getitem__z.PackageMetadata.__geti

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\__pycache__\_text.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3862
                                          Entropy (8bit):4.997404337690412
                                          Encrypted:false
                                          SSDEEP:96:mzrbGowYRzHinOrIAeQc2jr9YWdDMWwAk+S3MOjRM:XowCmVAeQv9YWdPwFnK
                                          MD5:2C1059947A35AFF7B1487FEE4C821CD4
                                          SHA1:E206ECA1FE2DCA66F477C79D0265A936970DFA14
                                          SHA-256:25EBD67A1E7377EEFFCC47BB39EBB0FAA5E356887F8448E429C232D8B69D7ECC
                                          SHA-512:F22A170C5F5F82BDB54CFFD31166370B3EE9F393DBDE0B76F3BB6077B02AD307C0F0478A59231CBF8F909EDE9DB27FB1334CB56DE6C13DEB2352222D433A6D9D
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.d.l.m.Z.....G.d...d.e.........Z.y.)......N.....)...method_cachec.....................h.......e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z...f.d...Z.d...Z.e...f.d...........Z.d...Z.d.d...Z...x.Z.S.)...FoldedCasea{.... A case insensitive string class; behaves just like str. except compares equal when the only variation is case... >>> s = FoldedCase('hello world').. >>> s == 'Hello World'. True.. >>> 'Hello World' == s. True.. >>> s != 'Hello World'. False.. >>> s.index('O'). 4.. >>> s.split('O'). ['hell', ' w', 'rld'].. >>> sorted(map(FoldedCase, ['GAMMA', 'alpha', 'Beta'])). ['alpha', 'Beta', 'GAMMA'].. Sequence membership is straightforward... >>> "Hello World" in [s]. True. >>> s in ["Hello World"]. True.. You may test for set inclusion, but candidate and elements. must both be folded... >>> FoldedCase("Hello World") in {s}. True. >>> s in {FoldedCase("Hello Wo

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\_adapters.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2495
                                          Entropy (8bit):4.4481790370885905
                                          Encrypted:false
                                          SSDEEP:48:gIwGFG9kX+5jVN5+LjtoIKEuFKRw5oGpEnFSy1lkVsqG31WCkG:gBmG9FjX5+uG1Fnl8SWCkG
                                          MD5:C91BB638CA8D00BD6E43AEBD2E63E401
                                          SHA1:A2966028FF90685B01AA61332A7E65035F5AE0A9
                                          SHA-256:C42DEC9F9FBB2FC493DA2E0599158A67C8D3DFA7B6D69955AAA1BA9ED589A6BA
                                          SHA-512:B6AF727E94564D5066B635E87F1157A9B920B058554890A47E81304051C4EFE6CF3CB88745EF4875536FE09BB816E5BAC17F57C81C9008C0039F16A28D7835E5
                                          Malicious:false
                                          Preview:import functools..import warnings..import re..import textwrap..import email.message....from ._text import FoldedCase......# Do not remove prior to 2024-01-01 or Python 3.14.._warn = functools.partial(.. warnings.warn,.. "Implicit None on return values is deprecated and will raise KeyErrors.",.. DeprecationWarning,.. stacklevel=2,..)......class Message(email.message.Message):.. multiple_use_keys = set(.. map(.. FoldedCase,.. [.. 'Classifier',.. 'Obsoletes-Dist',.. 'Platform',.. 'Project-URL',.. 'Provides-Dist',.. 'Provides-Extra',.. 'Requires-Dist',.. 'Requires-External',.. 'Supported-Platform',.. 'Dynamic',.. ],.. ).. ).. """.. Keys that may be indicated multiple times per PEP 566... """.... def __new__(cls, orig: email.message.Message):.. res = super().__

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\_collections.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):773
                                          Entropy (8bit):4.707400693185867
                                          Encrypted:false
                                          SSDEEP:12:ysSCg72MrelLMEdrqbM1Mgd5aWqp/IV/MZhmuyNSKtVYCy:ytYlLMZ3y5aWowVEZ8m
                                          MD5:0E214D282C8470C634BBA8872B3DC139
                                          SHA1:98850B764D8FD22830CB9014E2528FE5FE36C315
                                          SHA-256:4281B8DA21C38B837C93E93916D6BBC0A01F7E023C7D39251E3B80250F7D575E
                                          SHA-512:9F024100BFCEA2ABCD2587C97CE0E35B7BF485A972C879883DA99E8F1A4A5931F9A9A2963354AF2389CB46314F1EBF43C09DCC5E30D25790E1470EC6E9539B01
                                          Malicious:false
                                          Preview:import collections......# from jaraco.collections 3.3..class FreezableDefaultDict(collections.defaultdict):.. """.. Often it is desirable to prevent the mutation of.. a default dict after its initial construction, such.. as to prevent mutation during iteration..... >>> dd = FreezableDefaultDict(list).. >>> dd[0].append('1').. >>> dd.freeze().. >>> dd[1].. [].. >>> len(dd).. 1.. """.... def __missing__(self, key):.. return getattr(self, '_frozen', super().__missing__)(key).... def freeze(self):.. self._frozen = lambda key: self.default_factory()......class Pair(collections.namedtuple('Pair', 'name value')):.. @classmethod.. def parse(cls, text):.. return cls(*map(str.strip, text.split("=", 1)))..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\_functools.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2999
                                          Entropy (8bit):4.6344062686720875
                                          Encrypted:false
                                          SSDEEP:48:b8buTGBskHc4SpcJ1lGRGX5GEGuvSpQIgQyAdGnlfsJdSpzTKjJkmSphBlle/RlV:bgst6XJyQIT4bhU5I4NrM3IT4W
                                          MD5:656CF285C9D4FAE91F3F4B02851338D5
                                          SHA1:4F4293F48C7C74C7B0EC949AF3CC526C4F59084B
                                          SHA-256:DA7408563C04CAD511DAEBF9E2A1091AD148DEF11A388437D05B97A5618B881D
                                          SHA-512:453138A2FA3974AD3614842CE0948C439167513ACB18243E76C37449AAB71693600966A014690A0FCB0C246A01D0AFE10CFC269C44C904FF37F88DE197508CB3
                                          Malicious:false
                                          Preview:import types..import functools......# from jaraco.functools 3.3..def method_cache(method, cache_wrapper=None):.. """.. Wrap lru_cache to support storing the cache data in the object instances..... Abstracts the common paradigm where the method explicitly saves an.. underscore-prefixed protected property on first call and returns that.. subsequently..... >>> class MyClass:.. ... calls = 0.. ..... ... @method_cache.. ... def method(self, value):.. ... self.calls += 1.. ... return value.... >>> a = MyClass().. >>> a.method(3).. 3.. >>> for x in range(75):.. ... res = a.method(x).. >>> a.calls.. 75.... Note that the apparent behavior will be exactly like that of lru_cache.. except that the cache is stored on each instance, so values in one.. instance will not flush values from another, and when an instance is.. deleted, so are the cached values for that instance..... >>> b = MyClass()..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\_itertools.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2141
                                          Entropy (8bit):4.53241011385655
                                          Encrypted:false
                                          SSDEEP:48:Hu9gJjTxeR2Xz+u+0zOi/IRq7Xl/QlhNo+9+Xlh9B:yEjg2/nKceq+9A
                                          MD5:CFE0D87F1513C3989FFAEA94FB498F39
                                          SHA1:ABA83ABA5E644ECD326FD68CB30B18167F721612
                                          SHA-256:A31E572E13346401BFF14A2A046DF203B970228C281455819BD11CC2C746F6AE
                                          SHA-512:9D07B01347F6102D6CD04EC8D8BE97E4A6AD2CFD2874941F738236948B01B7DF7121A446DCE522B19B3405381359CE774513F36E3551E65150DFFADF708EF2ED
                                          Malicious:false
                                          Preview:from itertools import filterfalse......def unique_everseen(iterable, key=None):.. "List unique elements, preserving order. Remember all elements ever seen.".. # unique_everseen('AAAABBBCCDAABBB') --> A B C D.. # unique_everseen('ABBCcAD', str.lower) --> A B C D.. seen = set().. seen_add = seen.add.. if key is None:.. for element in filterfalse(seen.__contains__, iterable):.. seen_add(element).. yield element.. else:.. for element in iterable:.. k = key(element).. if k not in seen:.. seen_add(k).. yield element......# copied from more_itertools 8.8..def always_iterable(obj, base_type=(str, bytes)):.. """If *obj* is iterable, return an iterator over its items::.... >>> obj = (1, 2, 3).. >>> list(always_iterable(obj)).. [1, 2, 3].... If *obj* is not iterable, return a one-item iterable containing *obj*::.... >>> obj = 1.. >>> list(always_ite

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\_meta.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1653
                                          Entropy (8bit):4.669384473845916
                                          Encrypted:false
                                          SSDEEP:24:1RENC8Hr9tYIWOtG8hJsLozyFLJb5ZtR4BWYvcqjUFixt3hH:QJL9aIrttPsLo+Vb7tR4gec2j3l
                                          MD5:29DC2D3706499F5BD1DCBE6ABD1E6A06
                                          SHA1:94531A6B069A2C88AFC14F6D0A060BE3157844DE
                                          SHA-256:D84BAADE84952A90014A0FDB70BE6716726E669A897D7C261EA99E38385BB62E
                                          SHA-512:8D90E3D2D45BA1636A6AC61A8C1A7F9473B2D70DD2329879013946ECAB4E4342EB9471D2F3308FCF70A020C28872A40FD8152ED113B892194E56AA4DEFD5BCC6
                                          Malicious:false
                                          Preview:from typing import Protocol..from typing import Any, Dict, Iterator, List, Optional, TypeVar, Union, overload......_T = TypeVar("_T")......class PackageMetadata(Protocol):.. def __len__(self) -> int:.. ... # pragma: no cover.... def __contains__(self, item: str) -> bool:.. ... # pragma: no cover.... def __getitem__(self, key: str) -> str:.. ... # pragma: no cover.... def __iter__(self) -> Iterator[str]:.. ... # pragma: no cover.... @overload.. def get(self, name: str, failobj: None = None) -> Optional[str]:.. ... # pragma: no cover.... @overload.. def get(self, name: str, failobj: _T) -> Union[str, _T]:.. ... # pragma: no cover.... # overload per python/importlib_metadata#435.. @overload.. def get_all(self, name: str, failobj: None = None) -> Optional[List[Any]]:.. ... # pragma: no cover.... @overload.. def get_all(self, name: str, failobj: _T) -> Union[List[Any], _T]:.. """.. R

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\metadata\_text.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2265
                                          Entropy (8bit):4.649909401623028
                                          Encrypted:false
                                          SSDEEP:48:BUu/H8O42w9/2kz8/WVy1wux7QcY5Djwa7TrbjmfVbp5bWYjE7faS5Egwz0u3v:BUM8O1w9/2kz8/W41wA7QcenFq1R3v
                                          MD5:EFD66631577D71C781E1C625F9F41FDA
                                          SHA1:BE295E4B93AD7EC6471FE64A3B6403E96FF58F63
                                          SHA-256:7E89957A504AED6B3F93B0718CA881B6CA9F8D0BF961701B0C0A37A3B55EAACD
                                          SHA-512:D6FA08CE02D1BDDA89B2E65AFC8B14E9965140573955AF45CD12FF2DBE15F1BE6DAE879622E75424E68E18AB9E97A368CF197253EBA6A0B7241A3031E758C0CE
                                          Malicious:false
                                          Preview:import re....from ._functools import method_cache......# from jaraco.text 3.5..class FoldedCase(str):.. """.. A case insensitive string class; behaves just like str.. except compares equal when the only variation is case..... >>> s = FoldedCase('hello world').... >>> s == 'Hello World'.. True.... >>> 'Hello World' == s.. True.... >>> s != 'Hello World'.. False.... >>> s.index('O').. 4.... >>> s.split('O').. ['hell', ' w', 'rld'].... >>> sorted(map(FoldedCase, ['GAMMA', 'alpha', 'Beta'])).. ['alpha', 'Beta', 'GAMMA'].... Sequence membership is straightforward..... >>> "Hello World" in [s].. True.. >>> s in ["Hello World"].. True.... You may test for set inclusion, but candidate and elements.. must both be folded..... >>> FoldedCase("Hello World") in {s}.. True.. >>> s in {FoldedCase("Hello World")}.. True.... String inclusion works as long as the FoldedCase object.. is on the right..... >>> "hello"

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\readers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):339
                                          Entropy (8bit):4.793460663096757
                                          Encrypted:false
                                          SSDEEP:6:INgUrW/EmFqMz/ZWJaM+zowdXLXzLW/MxCgtdzJG4Vdi03AoiDiOB544V1hre:IrUEyqs1zH5jnUMxptdz44HYDiOn44Tk
                                          MD5:38015D56A79137F7CB169139F2CC2C82
                                          SHA1:EAF4A1DB5061E83C8FD33C21E51A3921BC535997
                                          SHA-256:5FB5AE1DCF4C24BDDDCEF0487DC0F5E9A7917C5280E7A993617A96C1FFF25730
                                          SHA-512:0C039DCF0EFA48921D18C20020AEE210E104BB959E8C239CDB6990C0BDC489D2ECF4EF9A4BA0C837D70B97E3FD8C7B6CD09B3C71D2CC8A1FDB019AE1E35AAAE7
                                          Malicious:false
                                          Preview:"""..Compatibility shim for .resources.readers as found on Python 3.10.....Consumers that can rely on Python 3.11 should use the other..module directly..."""....from .resources.readers import (.. FileReader, ZipReader, MultiplexedPath, NamespaceReader,..)....__all__ = ['FileReader', 'ZipReader', 'MultiplexedPath', 'NamespaceReader']..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):542
                                          Entropy (8bit):4.405609390874925
                                          Encrypted:false
                                          SSDEEP:12:S6JNiV55uud2X4Jf40+yGtOUxADonYlJoVW/dXCBIOtcTy+:pJNQ50cJfF+y8OqnYlsW4cTh
                                          MD5:4C88EC58675223F93130B8C91BD01019
                                          SHA1:DA55D65401FDD729E8BA3B9C4F26488B753F2A79
                                          SHA-256:09FF374BDF81082CC52EA40C0F6ED172342BD6533A0196E4642CCE52B9852FF1
                                          SHA-512:164AB05B60AEB38D1E8E83229BC119208A8002CED939F8190CD8782C74D77EEA4BDA5D391DEBA628037F3A13A45ADDCA27436677FBF725298C6DC8CF055A9D03
                                          Malicious:false
                                          Preview:"""Read resources contained within a package."""....from ._common import (.. as_file,.. files,.. Package,..)....from ._legacy import (.. contents,.. open_binary,.. read_binary,.. open_text,.. read_text,.. is_resource,.. path,.. Resource,..)....from .abc import ResourceReader......__all__ = [.. 'Package',.. 'Resource',.. 'ResourceReader',.. 'as_file',.. 'contents',.. 'files',.. 'is_resource',.. 'open_binary',.. 'open_text',.. 'path',.. 'read_binary',.. 'read_text',..]..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):635
                                          Entropy (8bit):5.224148557017559
                                          Encrypted:false
                                          SSDEEP:12:1jaiCSBOToVYbcjPi6MCxfXhMY4myyxOHt28sWnlnWKCebaYtY3fet:hBC90VYGP5M6M5myyxOHA86hVaY36
                                          MD5:DA7992EAF521212CA5A1F3E64ADD9973
                                          SHA1:91888929F29F25C92F57977588A863E8D1E5432E
                                          SHA-256:CCF63397B397D60B69BCC43EB4CFE760A8236F94FB04EB6689C6815D16A7C9D3
                                          SHA-512:1FECBC1E23D543A25DA969A82E738E0F07C0A9A6A47FFBFC3A3664BBDBC423DE81FC63F5CF9C865F370A33652E4CF99162F790290A3C9C64C026ED30CC7C645A
                                          Malicious:false
                                          Preview:...........f..........................X.....d.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...g.d...Z.y.).z*Read resources contained within a package......)...as_file..files..Package)...contents..open_binary..read_binary..open_text..read_text..is_resource..path..Resource)...ResourceReader).r....r....r....r....r....r....r....r....r....r....r....r....N)...__doc__.._commonr....r....r......_legacyr....r....r....r....r....r....r....r......abcr......__all__........GC:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\resources\__init__.py..<module>r........s-..........0............................. .......r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__pycache__\_adapters.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9646
                                          Entropy (8bit):4.883760572986703
                                          Encrypted:false
                                          SSDEEP:96:AwOb2TdDuJg8jJBivDs9ECvQWxxU0dfXJlPMJ6JVdSORSA0LNPqPUxJIO7+jOeuF:BAyDuNj+vwEfOndfj0CyAcPDJ971ehw
                                          MD5:F44BC56D21CD7681E91837451479EA9B
                                          SHA1:93F1AFC6F1B26925AAC91810CD4462D317199666
                                          SHA-256:33BCD6D87EFC13302E5F5CDDE8AFFD4E95A053F8DF04BC2C4DD458E97F828D34
                                          SHA-512:26ED4309C819819BBF634D92176A9B66FDC43A4E7A02CF3D26134D6DEED87F6F0B59E3B015769292333CEC7D5376D76046B154CD7EE66AEE9CC8D3AD8F41B2FB
                                          Malicious:false
                                          Preview:...........f*.........................r.....d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.........Z...G.d...d.........Z.d.d...Z...G.d...d.........Z.d...Z.y.)......)...suppress)...TextIOWrapper.....)...abcc.....................".....e.Z.d.Z.d.Z.d...f.d...Z.d...Z.y.)...SpecLoaderAdapterz>. Adapt a package spec to adapt the underlying loader.. c...........................|.j...................S...N)...loader....specs.... .HC:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\resources\_adapters.py..<lambda>z.SpecLoaderAdapter.<lambda>....s.......$.+.+.......c.....................,.....|.|._...........|.|.........|._.........y.r....).r....r....)...selfr......adapters.... r......__init__z.SpecLoaderAdapter.__init__....s.................d.m....r....c...........................t.........|.j...................|.........S.r....)...getattrr......r......names.... r......__getattr__z.SpecLoaderAdapter.__getattr__....s..........t.y.y.$..'..'r....N)...__name__..__module__..__qualname__..__doc_

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__pycache__\_common.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8731
                                          Entropy (8bit):5.126811646743948
                                          Encrypted:false
                                          SSDEEP:192:Dd5+d0+ItslL3RhUzspJWi/RcVEedBJaGSmnubh05BhQbNQ8TAd2:DP+dSslL3HUzspJWi2WedLaGg9010QYr
                                          MD5:478659253526C0D6D93044CBE7E2A084
                                          SHA1:24BF8A8D8722A2D570395B1981095F832ED0ECB9
                                          SHA-256:83EAE3EA1FB3D4F7E419AAFB2C2BF61C4AD763001916BC614D15A3326405DCFC
                                          SHA-512:5F174F7C5F1DCF863C2E6442E0169C1982E987A42818ECFA4482EB7E074B1D13E5B115406F375CFFA2205B026640610BFEA2F7A2482951461D5C67FEB81CB499
                                          Malicious:false
                                          Preview:...........f".........................2.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...e.e.j&..................e.f.....Z.e.Z.d...Z.e.d.d.e.e.....d.e.f.d...........Z.d.e.j&..................d.e.e.....f.d...Z.e.j4..................d.e.e.....d.e.j&..................f.d...........Z.e.j8..................d.e.d.e.j&..................f.d...........Z.e.j8..................d.d.d.e.j&..................f.d...........Z.d...Z.d.e.j&..................f.d...Z.e.j@....................d.e.jB..................d...d...........Z"d...Z#d.e.d.e$f.d...Z%e.j4..................d...........Z&e&j9..................e.jN..........................e.j@..................d...................Z.e.j@..................d.e.jP..................f.d...........Z)e.j@..................d...........Z*d...Z+y.)......N)...Union..Optional..cast.....)...ResourceReader..Traversable)...wrap_specc.....................`.........t...................t.....

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__pycache__\_itertools.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1559
                                          Entropy (8bit):5.55414379208287
                                          Encrypted:false
                                          SSDEEP:24:pBKSJoSXFQMS3LJw1BI93wmq9sVC0vMByBh5FsJ7WoWhpeTRK5:ZXlTB9sg0v8mrsJ7g4K5
                                          MD5:A10158B5588678868DA7D07F19288EC7
                                          SHA1:02A8A742195696BDC1348C7F5AB40086898E28CC
                                          SHA-256:5A6CFEF2F1BC2161B16B1898BB9715FB563751F414838D163D01BB2165575FF6
                                          SHA-512:1B76735D85ABAF10B3B8E566F9824CF4CBD372DA9B30AB5267BFBB722F6590AD4920721BE9E43B5F3CE4D14F214AA8564BE5FC4C302CE13F994E57C14C6A0722
                                          Malicious:false
                                          Preview:...........f#...............................d.d...Z.y.).Nc..........................t.........|.........}.t.........|.|.........}...t.........|.........}.d.j...................|.|.........}.|.x.s...t.........|...........#.t.........$.r...Y.|.S.w.x.Y.w.).a(...If *iterable* has only one item, return it.. If it has zero items, return *default*.. If it has more than one item, raise the exception given by *too_long*,. which is ``ValueError`` by default.. >>> only([], default='missing'). 'missing'. >>> only([1]). 1. >>> only([1, 2]) # doctest: +IGNORE_EXCEPTION_DETAIL. Traceback (most recent call last):. .... ValueError: Expected exactly one item in iterable, but got 1, 2,. and perhaps more.'. >>> only([1, 2], too_long=TypeError) # doctest: +IGNORE_EXCEPTION_DETAIL. Traceback (most recent call last):. .... TypeError. Note that :func:`only` attempts to advance *iterable* twice to ensure there. is only one item. See :func:`spy` or :fun

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__pycache__\_legacy.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5763
                                          Entropy (8bit):5.304500700415956
                                          Encrypted:false
                                          SSDEEP:96:B9nWzimJ9trVKl9/wNkmtTCmyTlqTJYjb2yz0l9mJ7NOeLtojqjBfnY2iw:B9nWziq9txKl94DtOmttYP249XroAnHn
                                          MD5:AF4782B7406498A144312CD5A0B195BC
                                          SHA1:59C715ABC27E8DB3DF95A47D5950A0F7060A5845
                                          SHA-256:B84699BEEED3C2BD7A089458440014849BFBCD5955C5F9377508C56DB48BA2B1
                                          SHA-512:1688D07A3AA19AD69F39894D30D94AD1B81D9C11BBE661E3BD1D5042E8EE4653AA73FABBBBAE16A1C14494D92E942CF514C65F18593019F215B4695EB812D3D8
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...e.e.j...................e.f.....Z.e.Z.d...Z.d.e.d.e.f.d...Z.e.d.e.d.e.d.e.f.d...........Z.e.d.e.d.e.d.e.f.d...........Z.e.....d.d.e.d.e.d.e.d.e.d.e.f.d...........Z.e.....d.d.e.d.e.d.e.d.e.d.e.f.d...........Z.e.d.e.d.e.e.....f.d...........Z.e.d.e.d.e.d.e.f.d...........Z.e.d.e.d.e.d.e.e.j8......................f.d...........Z.y.)......N)...Union..Iterable..ContextManager..BinaryIO..TextIO..Any.....)..._commonc.....................B.......t.........j...............................f.d...........}.|.S.).Nc.....................f.......t.........j.....................j.....................d...t.........d.................|.i.|.....S.).Nz. is deprecated. Use files() instead. Refer to https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy for migration advice......)...stacklevel)...warnings..warn..__name__..DeprecationWarning)...args..kwar

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__pycache__\abc.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8941
                                          Entropy (8bit):5.132743370621098
                                          Encrypted:false
                                          SSDEEP:192:Bnh/tTDABD9d5m0ZFoHH2dQIbWsfN24vJ0:jdA604XE0q2
                                          MD5:38712D04A09A757382A28EE80AF61B04
                                          SHA1:616C0CBA3AB990CB132EC3D49A4A6A840C8CF28F
                                          SHA-256:D521E6D9FC2627F661B5701771570C64DF3114EBA48E9789459C635DE2EECDA1
                                          SHA-512:4861FD6B8C898B2FD1C6933822F3BD3BA057129871E733436A90A580A17E184B69C075B8C5813253E55078B9ADCF3662228A19657B1F88CB8DEF9A0B4B2B3B2A
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...e.e.e.j"..................e.....f.....Z.g.d...Z...G.d...d.e.j(............................Z...G.d...d.e.........Z.e...G.d...d.e.................Z...G.d...d.e.........Z.y.)......N)...Any..BinaryIO..Iterable..Iterator..NoReturn..Text..Optional)...runtime_checkable..Protocol)...Union)...ResourceReader..Traversable..TraversableResourcesc...........................e.Z.d.Z.d.Z.e.j...................d.e.d.e.f.d...........Z.e.j...................d.e.d.e.f.d...........Z.e.j...................d.e.d.e.f.d...........Z.e.j...................d.e.e.....f.d...........Z.y.).r....zDAbstract base class for loaders to provide resource reading support...resource..returnc...........................t...........).z.Return an opened, file-like object for binary reading... The 'resource' argument is expected to represent only a file name.. If the resou

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\__pycache__\readers.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8914
                                          Entropy (8bit):5.011100582457992
                                          Encrypted:false
                                          SSDEEP:192:TMPgS58alVNMBTuuJ4p/7QgDzEfffQo7sqCPAS4a+fIsV+2jq:TMd5rNMBCuIFm4T2O
                                          MD5:93F5F4DAEEFE76008177FDBB80963747
                                          SHA1:90C9F9064067BE9228110E38335728DC3356B67A
                                          SHA-256:100DE9EEFDA0C747A9F09599E9FF9C8FFF7954577A00B555B278A202CAA3C3EC
                                          SHA-512:5FE5AF04142B4303E79EEC9AE81019A99B021EB2E7EBB8ED79B98EAE052B860F69DFE624A25A5DF4DA626C433D43B666243D466173F9C866D47A2429200AD7EA
                                          Malicious:false
                                          Preview:...........f_...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d...Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z.y.)......N.....)...abc)...onlyc.....................R.....t.........t.........j...................j...................|.................S...N)...iter..collections..OrderedDict..fromkeys)...itemss.... .FC:\Users\V3NOM0u$\Desktop\python312\Lib\importlib\resources\readers.py..remove_duplicatesr........s.............'..'..0..0....7..8..8.....c...........................e.Z.d.Z.d...Z.d...Z.d...Z.y.)...FileReaderc.....................`.....t.........j...................|.j...........................j...................|._.........y.r....)...pathlib..Path..path..parent)...self..loaders.... r......__init__z.FileReader.__init__....s..........L.L........-..4..4....r....c.....................J.....t.........|.j........

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\_adapters.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4650
                                          Entropy (8bit):4.366030348359478
                                          Encrypted:false
                                          SSDEEP:96:qE644hrU2ksTZpvIbGK/Lm//LgaPOUkGCVWOHqcznMqf:AhrU5sNpvDK/I/ZPO/GCZHqsMqf
                                          MD5:CF4C239F8AA86FC461C68622C4F3C8CC
                                          SHA1:19A8DAD58DA165E1C655A47649BC8DF7D7146C34
                                          SHA-256:570783F57345F54C4348F1906BE59DDED85159B31AB92FD5D7EF80FE36156BBC
                                          SHA-512:1D9752AAC74D391FADDE817B4027B3C519774283174BB3AD77A4F3BCE303FEF2F821752D90A20C19FEEE2A34663F89F724DD3FE0003409DB8207D2BA1104546A
                                          Malicious:false
                                          Preview:from contextlib import suppress..from io import TextIOWrapper....from . import abc......class SpecLoaderAdapter:.. """.. Adapt a package spec to adapt the underlying loader... """.... def __init__(self, spec, adapter=lambda spec: spec.loader):.. self.spec = spec.. self.loader = adapter(spec).... def __getattr__(self, name):.. return getattr(self.spec, name)......class TraversableResourcesLoader:.. """.. Adapt a loader to provide TraversableResources... """.... def __init__(self, spec):.. self.spec = spec.... def get_resource_reader(self, name):.. return CompatibilityFiles(self.spec)._native()......def _io_wrapper(file, mode='r', *args, **kwargs):.. if mode == 'r':.. return TextIOWrapper(file, *args, **kwargs).. elif mode == 'rb':.. return file.. raise ValueError(f"Invalid mode value '{mode}', only 'r' and 'rb' are supported")......class CompatibilityFiles:.. """.. Adapter for an existing or no

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\_common.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5666
                                          Entropy (8bit):4.65663491701135
                                          Encrypted:false
                                          SSDEEP:96:Cx8GjAvLHnDAhS89SFZIyHf4mbA+UC1d/mWEBP1J2HE3VIXH/ZR9Q3/2EkqRZxzd:Cb2Gv9gLf4mUxC1d+fBPuHE3VIXHRRC9
                                          MD5:C504069E4691E456C488DFB7515B3741
                                          SHA1:4538122DE68757CF58EE7DD3F03D24DE43B22AA4
                                          SHA-256:FE1554DC2BC912808BB2697D36726B71A0F0CF93984471A578C52673C4141ED5
                                          SHA-512:7F7547A8F3A0299465A720E44099254BE9735A64AEAB8163368B061C6F74BD9448A177D7B2ECFED356B38BF3C6FA42D128273BF490F266B9CC8B3F4081B9DF6F
                                          Malicious:false
                                          Preview:import os..import pathlib..import tempfile..import functools..import contextlib..import types..import importlib..import inspect..import warnings..import itertools....from typing import Union, Optional, cast..from .abc import ResourceReader, Traversable....from ._adapters import wrap_spec....Package = Union[types.ModuleType, str]..Anchor = Package......def package_to_anchor(func):.. """.. Replace 'package' parameter as 'anchor' and warn about the change..... Other errors should fall through..... >>> files('a', 'b').. Traceback (most recent call last):.. TypeError: files() takes from 0 to 1 positional arguments but 2 were given.. """.. undefined = object().... @functools.wraps(func).. def wrapper(anchor=undefined, package=undefined):.. if package is not undefined:.. if anchor is not undefined:.. return func(anchor, package).. warnings.warn(.. "First parameter to files is renamed to 'anchor'",..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\_itertools.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1315
                                          Entropy (8bit):4.769536521565181
                                          Encrypted:false
                                          SSDEEP:24:VpcExocjBVVJJwOBEVaJq91VCZF16OmXkKZdBL4gos:7fV+SEl91gZF16HhLBos
                                          MD5:3E324E7E7C9F78C12B5896CE5EAED29C
                                          SHA1:82A915F32E36CC70D447E8A070627F27E5C87DC9
                                          SHA-256:D509A9DA20DC9619FD2AC63F30CC088599995D3E1B38B1EE5AA68FB697DE8897
                                          SHA-512:48DB1AA5CB305D99E98D1E396454812052A7FA9CB5C53BBC30CD8F4B90DC2F031C8E4F42CE0CA883E0A1BDB2222B240F48802B460DD8B2753A6B1896C7FB7BA8
                                          Malicious:false
                                          Preview:# from more_itertools 9.0..def only(iterable, default=None, too_long=None):.. """If *iterable* has only one item, return it... If it has zero items, return *default*... If it has more than one item, raise the exception given by *too_long*,.. which is ``ValueError`` by default... >>> only([], default='missing').. 'missing'.. >>> only([1]).. 1.. >>> only([1, 2]) # doctest: +IGNORE_EXCEPTION_DETAIL.. Traceback (most recent call last):.. ..... ValueError: Expected exactly one item in iterable, but got 1, 2,.. and perhaps more.'.. >>> only([1, 2], too_long=TypeError) # doctest: +IGNORE_EXCEPTION_DETAIL.. Traceback (most recent call last):.. ..... TypeError.. Note that :func:`only` attempts to advance *iterable* twice to ensure there.. is only one item. See :func:`spy` or :func:`peekable` to check.. iterable contents less destructively... """.. it = iter(iterable).. first_value = next(it, default).... try:.. s

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\_legacy.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3601
                                          Entropy (8bit):4.695501803485121
                                          Encrypted:false
                                          SSDEEP:96:gi899q0MTty/UuRfAVfKVEODgEdr0GolnN02qPfyRG:gaBTg/9ZAFKWOBd0GolN026yRG
                                          MD5:C6783656BCAF6DF484F007E8E322EE7A
                                          SHA1:6F11C1CD08C4731AED995774D8765409FFE4AE21
                                          SHA-256:3A0FF12B9FA46E82847D8709A756B3531BAC8BE10916DACFAE7B1A8570362DA2
                                          SHA-512:8D0802368FCCA56E2DFF0EFD487AF62B3E3C845CCD3A36E9347DAF9AA35092550E640D443DA60FD01464534144DD8F3E1E41B71AC24FF07B432DED27F4E984B7
                                          Malicious:false
                                          Preview:import functools..import os..import pathlib..import types..import warnings....from typing import Union, Iterable, ContextManager, BinaryIO, TextIO, Any....from . import _common....Package = Union[types.ModuleType, str]..Resource = str......def deprecated(func):.. @functools.wraps(func).. def wrapper(*args, **kwargs):.. warnings.warn(.. f"{func.__name__} is deprecated. Use files() instead. ".. "Refer to https://importlib-resources.readthedocs.io".. "/en/latest/using.html#migrating-from-legacy for migration advice.",.. DeprecationWarning,.. stacklevel=2,.. ).. return func(*args, **kwargs).... return wrapper......def normalize_path(path: Any) -> str:.. """Normalize a path by ensuring it is a string..... If the resulting string contains path separators, an exception is raised... """.. str_path = str(path).. parent, file_name = os.path.split(str_path).. if parent:.. raise ValueError

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\abc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5376
                                          Entropy (8bit):4.505175660902373
                                          Encrypted:false
                                          SSDEEP:96:EfRHVKW/YO/Kmu96frLOmzFn+IKetz7P6:EzK+uIGmBn+IKetzO
                                          MD5:4CD3C9FC84D12E05946043AAB3539FAB
                                          SHA1:78CBCE0C7330CFA5FDD6E3EBECE5F8955BBF2112
                                          SHA-256:F66D4D78AE31FF360C36F18BE66000326AACAFB4CE851C5B10648B7C75F42333
                                          SHA-512:F2155A454A346C3F56BD0085A58A3A5B7366DB552B49EEC2B4D0CB28E0D788CA7BFEBA26E1342356C93119CE274215DCF547511F67D60CB162A99F27A89B5069
                                          Malicious:false
                                          Preview:import abc..import io..import itertools..import os..import pathlib..from typing import Any, BinaryIO, Iterable, Iterator, NoReturn, Text, Optional..from typing import runtime_checkable, Protocol..from typing import Union......StrPath = Union[str, os.PathLike[str]]....__all__ = ["ResourceReader", "Traversable", "TraversableResources"]......class ResourceReader(metaclass=abc.ABCMeta):.. """Abstract base class for loaders to provide resource reading support.""".... @abc.abstractmethod.. def open_resource(self, resource: Text) -> BinaryIO:.. """Return an opened, file-like object for binary reading..... The 'resource' argument is expected to represent only a file name... If the resource cannot be found, FileNotFoundError is raised... """.. # This deliberately raises FileNotFoundError instead of.. # NotImplementedError so that if this method is accidentally called,.. # it'll still do the right thing... raise FileNotFoundError..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\readers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4447
                                          Entropy (8bit):4.528929673079825
                                          Encrypted:false
                                          SSDEEP:96:NZKcTSJI0J8mEbHt5sr4d8NvQCd5LHnorJeAi:NRSf3EbHtCrY8NvQCbLHor8L
                                          MD5:FF26E45B1D6849065272607BF12C7016
                                          SHA1:5E27C831CBD6431C8D89520C83C2024810007D9C
                                          SHA-256:3E447AA8A544F61ED834FBD3720CA6991843E8DE60D50C5E002A9B473EDB8AE3
                                          SHA-512:DEF1011D4E9E758E08F78416D927551CDF3D1A0EC894441F2D10C79B60AC05F970C37DAFA6A614B5F3C4C762769038DDE6ED1D16A32AB1A7B9C9385FD965E02C
                                          Malicious:false
                                          Preview:import collections..import itertools..import pathlib..import operator..import zipfile....from . import abc....from ._itertools import only......def remove_duplicates(items):.. return iter(collections.OrderedDict.fromkeys(items))......class FileReader(abc.TraversableResources):.. def __init__(self, loader):.. self.path = pathlib.Path(loader.path).parent.... def resource_path(self, resource):.. """.. Return the file system path to prevent.. `resources.path()` from creating a temporary.. copy... """.. return str(self.path.joinpath(resource)).... def files(self):.. return self.path......class ZipReader(abc.TraversableResources):.. def __init__(self, loader, module):.. _, _, name = module.rpartition('.').. self.prefix = loader.prefix.replace('\\', '/') + name + '/'.. self.archive = loader.archive.... def open_resource(self, resource):.. try:.. return super().open_resource(resourc

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\resources\simple.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2690
                                          Entropy (8bit):4.526701396390816
                                          Encrypted:false
                                          SSDEEP:48:KGo0Zq8U4hoqG2w0Tkr00gq+FtN2PNShmUfHYmxd:KGo38FoudENgLQ8hN4mxd
                                          MD5:BAE9438D5F515335B7715B07087B1AD7
                                          SHA1:AAEBCBC814BC35F05231F20EC98058699C0304D5
                                          SHA-256:36D8A88A01A4A7166461A99F66A7F06E819B2938BC3057C73498FBC576082B81
                                          SHA-512:93C73E91E174BDF49C8ACEECCFDBF6C4A842BDB06E18A26C0998DF01212C81823463D0C0FC59DACAF3D27A946D1C186A002205B349F549905177BECAC33C57FE
                                          Malicious:false
                                          Preview:"""..Interface adapters for low-level readers..."""....import abc..import io..import itertools..from typing import BinaryIO, List....from .abc import Traversable, TraversableResources......class SimpleReader(abc.ABC):.. """.. The minimum, low-level interface required from a resource.. provider... """.... @property.. @abc.abstractmethod.. def package(self) -> str:.. """.. The name of the package for which this reader loads resources... """.... @abc.abstractmethod.. def children(self) -> List['SimpleReader']:.. """.. Obtain an iterable of SimpleReader for available.. child containers (e.g. directories)... """.... @abc.abstractmethod.. def resources(self) -> List[str]:.. """.. Obtain available named resources for this virtual package... """.... @abc.abstractmethod.. def open_binary(self, resource: str) -> BinaryIO:.. """.. Obtain a File-like for a named resource...

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\simple.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):368
                                          Entropy (8bit):4.7550177135351435
                                          Encrypted:false
                                          SSDEEP:6:INgUrW8U7FqMz/ZWJaM+zowdXLXzLW8igBCW7AYLtR6AoiDo18geK76Uy:Irmqs1zH5jnsi1EQDoPyp
                                          MD5:DD120D1EED86DDF996C749E9B17C696E
                                          SHA1:B640B9CAFEB9917AE67BA0EFE64FF6052A1C19A7
                                          SHA-256:EC15151F532D7E2E4740F0A9618481F3B37828C1180A9A86B7AE450117D67B51
                                          SHA-512:D6A49D1AF4B9119703715D5AC62F2417BE9FBDFCDB371B4A1C03F2A6194E80D1DF13739921EB1F1DDB41839510533F4CB737406197E2F6BCFFFC9ACCB1AEA30E
                                          Malicious:false
                                          Preview:"""..Compatibility shim for .resources.simple as found on Python 3.10.....Consumers that can rely on Python 3.11 should use the other..module directly..."""....from .resources.simple import (.. SimpleReader, ResourceHandle, ResourceContainer, TraversableReader,..)....__all__ = [.. 'SimpleReader', 'ResourceHandle', 'ResourceContainer', 'TraversableReader',..]..

                                          C:\Users\user\AppData\Roaming\windows\Lib\importlib\util.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11108
                                          Entropy (8bit):4.467337199704047
                                          Encrypted:false
                                          SSDEEP:192:ukRi99RbmAGewxmDwzxeaCs6KfYs+Fbve2+c6uNUS7GE7GHXonMbwq:uWi9DbmAGecmDwteQTft+9ee6uNUSdNc
                                          MD5:C3553B6F4BBCC833370B063D7E485994
                                          SHA1:B0FAB8A00A803AD7719215BDA1725A4100A17480
                                          SHA-256:D54717B02265B8807EC4241864A5008CF1F07FE44ED525B0A7E4830BDCB0177E
                                          SHA-512:91F02BD0EA770610ABD8A39B9C8E74B843896788122D5BF3C67D27EAAE785D0BE5E11D336303D4A4B8252C8B9B5AEFCB7E2D8B2500BC93BCB0790B89D8237C5C
                                          Malicious:false
                                          Preview:"""Utility code for constructing importers, etc."""..from ._abc import Loader..from ._bootstrap import module_from_spec..from ._bootstrap import _resolve_name..from ._bootstrap import spec_from_loader..from ._bootstrap import _find_spec..from ._bootstrap_external import MAGIC_NUMBER..from ._bootstrap_external import _RAW_MAGIC_NUMBER..from ._bootstrap_external import cache_from_source..from ._bootstrap_external import decode_source..from ._bootstrap_external import source_from_cache..from ._bootstrap_external import spec_from_file_location....import _imp..import sys..import threading..import types......def source_hash(source_bytes):.. "Return the hash of *source_bytes* as used in hash-based pyc files.".. return _imp.source_hash(_RAW_MAGIC_NUMBER, source_bytes)......def resolve_name(name, package):.. """Resolve a relative module name to an absolute one.""".. if not name.startswith('.'):.. return name.. elif not package:.. raise ImportError(f'no package speci

                                          C:\Users\user\AppData\Roaming\windows\Lib\inspect.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):128815
                                          Entropy (8bit):4.5450804886005605
                                          Encrypted:false
                                          SSDEEP:3072:Ysbp3kW3MOJ48WwycCMn+8R/E8iEcLBb5xaTqSsGjQdO69MR:/d3kW3Z48BycC6+i/3izb5EqpGjuOQMR
                                          MD5:4BF5163B840E062F42EED37E74E6D907
                                          SHA1:22722AE70EC807409A5FE7E9C55740E666035970
                                          SHA-256:2E53238C7F60ABF930DFBFD16C5969AFD0EDE52B74BF5ED74E87B2B12EA141C1
                                          SHA-512:2B96C12C7E72512A02C4854067D07955304BBBBE9C579A425280A0AEBEDE9B65DBF3F86D3BABC0B6B03124570F96C606AF1EAEC861A5371E40A1E34C1A54C7BE
                                          Malicious:false
                                          Preview:"""Get useful information from live Python objects.....This module encapsulates the interface provided by the internal special..attributes (co_*, im_*, tb_*, etc.) in a friendlier fashion...It also provides some help for examining source code and class layout.....Here are some of the useful functions provided by this module:.... ismodule(), isclass(), ismethod(), isfunction(), isgeneratorfunction(),.. isgenerator(), istraceback(), isframe(), iscode(), isbuiltin(),.. isroutine() - check object types.. getmembers() - get members of an object that satisfy a given condition.... getfile(), getsourcefile(), getsource() - find an object's source code.. getdoc(), getcomments() - get documentation on an object.. getmodule() - determine the module that an object came from.. getclasstree() - arrange classes so as to represent their hierarchy.... getargvalues(), getcallargs() - get info about function arguments.. getfullargspec() - same, with support for Pytho

                                          C:\Users\user\AppData\Roaming\windows\Lib\io.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3681
                                          Entropy (8bit):4.9444373184330574
                                          Encrypted:false
                                          SSDEEP:96:pKFiCaQLDyrpVfnmlaypyc4RQmvItakagjUgXgBagO:dCJDo/U9ycObojXQB9O
                                          MD5:AE864C768E16CE88666AFD08CD41A2FE
                                          SHA1:A33FB950B99FBAE349A29B476A7EF4FA7F2126E0
                                          SHA-256:D70646D9C063DD0AC4293591639DE75A100731D9F091F916FBCA4857CD8A044E
                                          SHA-512:A445ED5D76E0C8D1CD9EC8886CFDE873553C2A65BE164A9AA0B0340E78A0606819C841DE777A0654D4B96884E014FB8594129525AE7C0B5E7E1D1C2340B787D4
                                          Malicious:false
                                          Preview:"""The io module provides the Python interfaces to stream handling. The..builtin open function is defined in this module.....At the top of the I/O hierarchy is the abstract base class IOBase. It..defines the basic interface to a stream. Note, however, that there is no..separation between reading and writing to streams; implementations are..allowed to raise an OSError if they do not support a given operation.....Extending IOBase is RawIOBase which deals simply with the reading and..writing of raw bytes to a stream. FileIO subclasses RawIOBase to provide..an interface to OS files.....BufferedIOBase deals with buffering on a raw byte stream (RawIOBase). Its..subclasses, BufferedWriter, BufferedReader, and BufferedRWPair buffer..streams that are readable, writable, and both respectively...BufferedRandom provides a buffered interface to random access..streams. BytesIO is a simple stream of in-memory bytes.....Another IOBase subclass, TextIOBase, deals with the encoding and decoding..of stre

                                          C:\Users\user\AppData\Roaming\windows\Lib\ipaddress.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):77311
                                          Entropy (8bit):4.543781477920564
                                          Encrypted:false
                                          SSDEEP:384:gMOEpzoz5zCcf6ZQ8kSEtw1M1DGhkaCU7m7F7nKEwXN60wGUrnPpNBsB/FfhUQ3/:D3k92cfn8rB/3UrP2tF1zkm4uJPNjZT
                                          MD5:19019D4E4BBEE2096C35140714348B57
                                          SHA1:2AF2A0F877D9AA6FE8CDEF463716A21B6E088460
                                          SHA-256:4179279BF3A9711CC7A9C0E0679366113BAED44428807BE5A8F2C81B271F19B3
                                          SHA-512:2B2823EA8956F5154C4FC94166EB0C0A8A3E80C5102FE275907471D3104CFFF9430F08A4355E68E9CE0C54227595207E042639C6D61C65111ACEDB6A16656E1D
                                          Malicious:false
                                          Preview:# Copyright 2007 Google Inc...# Licensed to PSF under a Contributor Agreement....."""A fast, lightweight IPv4/IPv6 manipulation library in Python.....This library is used to create/poke/manipulate IPv4 and IPv6 addresses..and networks....."""....__version__ = '1.0'......import functools....IPV4LENGTH = 32..IPV6LENGTH = 128......class AddressValueError(ValueError):.. """A Value Error related to the address."""......class NetmaskValueError(ValueError):.. """A Value Error related to the netmask."""......def ip_address(address):.. """Take an IP string/int and return an object of the correct type..... Args:.. address: A string or integer, the IP address. Either IPv4 or.. IPv6 addresses may be supplied; integers less than 2**32 will.. be considered to be IPv4 by default..... Returns:.. An IPv4Address or IPv6Address object..... Raises:.. ValueError: if the *address* passed isn't either a v4 or a v6.. address.... """.. t

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14379
                                          Entropy (8bit):4.879440125735685
                                          Encrypted:false
                                          SSDEEP:192:yi/B/vYM/qFHkKzxUrZGabjtH0kSzxUrZGabuZbN92JDRCRtqUmnXRCRtqWAi2K5:yOIzxGwzxFxnWECxECdA
                                          MD5:DB4A220A79A5F826EF36359ED1C50C28
                                          SHA1:1774DC6339A61957AA38AB6A6A25AB6A0B1D9DE4
                                          SHA-256:FEB17670E443E5DB2723F217727DCC5D5E155C40E4E6935B16061C88542F24E7
                                          SHA-512:3A51E599669D4AFC7339EF06C7A3C9889718EE525F019F044672F2A1C7DE6BF98F581AF54B138D0573D2CC9CF660DDBDF81DB9C4516A125F49BE4A147F2F09B6
                                          Malicious:false
                                          Preview:r"""JSON (JavaScript Object Notation) <https://json.org> is a subset of..JavaScript syntax (ECMA-262 3rd edition) used as a lightweight data..interchange format.....:mod:`json` exposes an API familiar to users of the standard library..:mod:`marshal` and :mod:`pickle` modules. It is derived from a..version of the externally maintained simplejson library.....Encoding basic Python object hierarchies::.... >>> import json.. >>> json.dumps(['foo', {'bar': ('baz', None, 1.0, 2)}]).. '["foo", {"bar": ["baz", null, 1.0, 2]}]'.. >>> print(json.dumps("\"foo\bar")).. "\"foo\bar".. >>> print(json.dumps('\u1234')).. "\u1234".. >>> print(json.dumps('\\')).. "\\".. >>> print(json.dumps({"c": 0, "b": 0, "a": 0}, sort_keys=True)).. {"a": 0, "b": 0, "c": 0}.. >>> from io import StringIO.. >>> io = StringIO().. >>> json.dump(['streaming API'], io).. >>> io.getvalue().. '["streaming API"]'....Compact encoding::.... >>> import json.. >>> mydict = {'4':

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13640
                                          Entropy (8bit):5.582144422340985
                                          Encrypted:false
                                          SSDEEP:384:4M0TNAHo6vx/YvZ3vx8ZvWzZrk3Zr/WAA:B0pAHfvx/Yv1vx8ZvWZrk3Zr/WAA
                                          MD5:FCBDF629719E98B2DCE8582333E7DBD0
                                          SHA1:F24F312C644B9ADC3F18CE7D01B000928EB549D7
                                          SHA-256:87DDE6EB9395844062F2A03CEEA3E7BBADC2B9994FD0490073FB7097C0474E01
                                          SHA-512:A01E466AD0BD4B9C337F2D6FB4A211870BD2800221CE01EB4E005EDFCD0AE1D81DDD9B7DDE19BFB183AA8F76BEAE8644501882FDEBDBAA99B51020C4D61980E0
                                          Malicious:false
                                          Preview:...........f+8..............................d.Z.d.Z.g.d...Z.d.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.Z...e.d.d.d.d.d.d.d...........Z.d.d.d.d.d.d.d.d.d.d...d...Z.d.d.d.d.d.d.d.d.d.d...d...Z...e.d.d...........Z.d...Z.d.d.d.d.d.d.d...d...Z.d.d.d.d.d.d.d...d...Z.y.).a....JSON (JavaScript Object Notation) <https://json.org> is a subset of.JavaScript syntax (ECMA-262 3rd edition) used as a lightweight data.interchange format...:mod:`json` exposes an API familiar to users of the standard library.:mod:`marshal` and :mod:`pickle` modules. It is derived from a.version of the externally maintained simplejson library...Encoding basic Python object hierarchies::.. >>> import json. >>> json.dumps(['foo', {'bar': ('baz', None, 1.0, 2)}]). '["foo", {"bar": ["baz", null, 1.0, 2]}]'. >>> print(json.dumps("\"foo\bar")). "\"foo\bar". >>> print(json.dumps('\u1234')). "\u1234". >>> print(json.dumps('\\')). "\\". >>> print(json.dumps({"c": 0, "b": 0, "a": 0}, sort_keys=True)).

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\__pycache__\decoder.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13845
                                          Entropy (8bit):5.742891827911186
                                          Encrypted:false
                                          SSDEEP:192:qOyvB6kdGRZLu6A94DMUu5v7vLobKWjFZ3iIgXgw4F8mbANHFThJt7AeIM+JSlRJ:bVk0ni6A94DMUu5v7vPokR28muInJ8RJ
                                          MD5:6B17FC8A3851293611EF2968ED790104
                                          SHA1:6578F1FB2C2B9C0DEB93E46F19E30903A232151E
                                          SHA-256:06C1827D7D9F4923F0E290F885F3935A25B1485ED08FAB8B2900179B3BAD13C5
                                          SHA-512:B16B41CF441E444D3A09364F4ED8B5EBBA485AE64396BF42C8A36326B59462F6D99E266956DEC38023B547451932106CE82E7BAD71E2F2DFE3FBCB86E06B5608
                                          Malicious:false
                                          Preview:...........f.2..............................d.Z.d.d.l.Z.d.d.l.m.Z.....d.d.l.m.Z...d.d.g.Z.e.j...................e.j...................z...e.j...................z...Z...e.d.........Z...e.d.........Z...e.d.........Z...G.d...d.e.........Z.e.e.e.d...Z...e.j(..................d.e.........Z.d.d.d.d.d.d.d.d.d...Z.d...Z.d.e.e.j0..................f.d...Z.e.x.s...e.Z...e.j(..................d.e.........Z.d.Z.d.e.j0..................e.f.d...Z.e.j0..................e.f.d...Z...G.d...d.e.........Z.y.#.e.$.r...d.Z.Y...w.x.Y.w.).z.Implementation of JSONDecoder......N)...scanner)...scanstring..JSONDecoder..JSONDecodeError..nan..infz.-infc...........................e.Z.d.Z.d.Z.d...Z.d...Z.y.).r....a ...Subclass of ValueError with the following additional properties:.. msg: The unformatted error message. doc: The JSON document being parsed. pos: The start index of doc where parsing failed. lineno: The line corresponding to pos. colno: The column corresponding to pos.. c................

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\__pycache__\encoder.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):15118
                                          Entropy (8bit):5.804529523264435
                                          Encrypted:false
                                          SSDEEP:192:ZZX0up4Kkgf4MszI6lxnP14EZN7/JG2NQHbqzY4vyyK5wEnLZ6rtbvvs:fN4XMUnd4EZG2q2uHKELZ6xjs
                                          MD5:27A1045102354D985B93D320400BDB49
                                          SHA1:A757775DAEC032DE8F69DA35514616DA5EB9CF16
                                          SHA-256:7D5D7A32ED737C10A776E14791F085C8AF476C025648A14076E75649B02681F8
                                          SHA-512:C3079C79BB9140C65E1F053CF12D04AF88073ECD361CBD647EB13E8F607761BEE009179E3453798447A21FB3B13E8A8579E88D90A13BA66FE0F010B47C72C464
                                          Malicious:false
                                          Preview:...........f.@..............................d.Z.d.d.l.Z...d.d.l.m.Z.....d.d.l.m.Z.....d.d.l.m.Z.....e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z.d.d.d.d.d.d.d.d...Z...e.d.........D.])..Z.e.j#....................e.e.........d.j'..................e....................+..[...e.d.........Z.d...Z.e.x.s...e.Z.d...Z.e.x.s...e.Z...G.d...d.e.........Z.e.e.e.e.e.e.e.e e!e.jD..................f.d...Z#y.#.e.$.r...d.Z.Y...w.x.Y.w.#.e.$.r...d.Z.Y...w.x.Y.w.#.e.$.r...d.Z.Y...w.x.Y.w.).z.Implementation of JSONEncoder......N)...encode_basestring_ascii)...encode_basestring)...make_encoderz.[\x00-\x1f\\"\b\f\n\r\t]z.([\\"]|[^\ -~])s....[.-.]z.\\z.\"z.\bz.\fz.\nz.\rz.\t)...\.."................ .....\u{0:04x}..infc.....................@.....d...}.d.t.........j...................|.|.........z...d.z...S.).z5Return a JSON representation of a Python string.. c.....................2.....t.........|.j...................d.............S.).Nr....)...ES

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\__pycache__\scanner.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3341
                                          Entropy (8bit):5.70056363819936
                                          Encrypted:false
                                          SSDEEP:48:wt6DpunJrjjyo3RUSdoUGusv3yhE0vSFi0IE0MxBgZ9OU6ISSgGcceRl8L2dV4Jy:Vu1jyoB+PJ20z6Z9OU6ISPBR/dV4J0X
                                          MD5:4B632441EC2A10812D3F4B7EB00E7998
                                          SHA1:FFF9DAE9CC4A1B8C73148BE0702749749F07C339
                                          SHA-256:FABC93D0326B20A81E88ACA869BA508F173BE5A3A273D9EAC6B7FDC9E275239E
                                          SHA-512:CFAF614A89C938024B9E4698548C1EC8334D13359A05F5AB709332F663CBBF2A6B038698D75BC0A45A565BEB2141ECADC082157FEE8453144FA0956AE4CEED49
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z...d.d.l.m.Z...d.g.Z...e.j...................d.e.j...................e.j...................z...e.j...................z...........Z.d...Z.e.x.s...e.Z.y.#.e.$.r...d.Z.Y..Mw.x.Y.w.).z.JSON token scanner......N)...make_scannerr....z)(-?(?:0|[1-9]\d*))(\.\d+)?([eE][-+]?\d+)?c.....................Z.............................|.j.....................|.j.....................|.j.....................t.........j.....................|.j.....................|.j.....................|.j.....................|.j.....................|.j.....................|.j.....................|.j.............................................f.d.........f.d...}.|.S.).Nc..............................|.|.....}.|.d.k(..r.....|.|.d.z.............S.|.d.k(..r.....|.|.d.z...f...................S.|.d.k(..r.....|.|.d.z...f...........S.|.d.k(..r.|.|.|.d.z.....d.k(..r.d.|.d.z...f.S.|.d.k(..r.|.|.|.d.z.....d.k(..r.d.|.d.z...f.S.|.d.k(..r.|.|.|.d.z.....d.k(..r.d.|.d.z...f.S.

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\decoder.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12829
                                          Entropy (8bit):4.602150515729369
                                          Encrypted:false
                                          SSDEEP:192:4LZ5A9dcw1No306qcRvU23OHh7MSUBzBru3Gc5kaXQxzfv4YAimanhXYAxisbPK:4Z5AZq30Nuv4WDK
                                          MD5:5CCA52D21FDD03EBC838040B3B3448A0
                                          SHA1:26EA25AB90B1D325AE65D492944E3757C0A1A4D6
                                          SHA-256:B719FBCFCEBD2B174F076E71292E22B1A17D9E258DBE896C768325383BAD4F80
                                          SHA-512:E21F1F5EF9821DC49A71552D8E3E42DB1D1817A9567C10AEA7764B3143630105570BCBF41A63AEE58B65ED7AC13C77AFC2A16CB46DC236F3529A95D755150D66
                                          Malicious:false
                                          Preview:"""Implementation of JSONDecoder.."""..import re....from json import scanner..try:.. from _json import scanstring as c_scanstring..except ImportError:.. c_scanstring = None....__all__ = ['JSONDecoder', 'JSONDecodeError']....FLAGS = re.VERBOSE | re.MULTILINE | re.DOTALL....NaN = float('nan')..PosInf = float('inf')..NegInf = float('-inf')......class JSONDecodeError(ValueError):.. """Subclass of ValueError with the following additional properties:.... msg: The unformatted error message.. doc: The JSON document being parsed.. pos: The start index of doc where parsing failed.. lineno: The line corresponding to pos.. colno: The column corresponding to pos.... """.. # Note that this exception is used from _json.. def __init__(self, msg, doc, pos):.. lineno = doc.count('\n', 0, pos) + 1.. colno = pos - doc.rfind('\n', 0, pos).. errmsg = '%s: line %d column %d (char %d)' % (msg, lineno, colno, pos).. ValueError.__init__(self, errmsg).

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\encoder.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):16513
                                          Entropy (8bit):4.335956405004206
                                          Encrypted:false
                                          SSDEEP:384:zLMkYik8W5R700myuumc/Wif3vwPQj+xSgy3vYJ54Ivj+xSvxCJ2sa:DYR5R7JmyuumKf/pj+xSgy/8Nj+xSvQU
                                          MD5:B7B017A5F7AEC54D3743196D491F0CC9
                                          SHA1:8F117C230F7DF5EAEE396A6EB854117442CD64E8
                                          SHA-256:7DB65C95F09297D57CC6273D78858B25FFCBA65BC83709C4A15584D1DBEF3C38
                                          SHA-512:BAFDFDD9C4F652CF3DF4434F06E1F915DA6126F1A81E7C39CC28528C4E74364FA0327741AB8D073F61E955133BBBEFB631C4D4B2A6D79B3911CF689187B56A2B
                                          Malicious:false
                                          Preview:"""Implementation of JSONEncoder.."""..import re....try:.. from _json import encode_basestring_ascii as c_encode_basestring_ascii..except ImportError:.. c_encode_basestring_ascii = None..try:.. from _json import encode_basestring as c_encode_basestring..except ImportError:.. c_encode_basestring = None..try:.. from _json import make_encoder as c_make_encoder..except ImportError:.. c_make_encoder = None....ESCAPE = re.compile(r'[\x00-\x1f\\"\b\f\n\r\t]')..ESCAPE_ASCII = re.compile(r'([\\"]|[^\ -~])')..HAS_UTF8 = re.compile(b'[\x80-\xff]')..ESCAPE_DCT = {.. '\\': '\\\\',.. '"': '\\"',.. '\b': '\\b',.. '\f': '\\f',.. '\n': '\\n',.. '\r': '\\r',.. '\t': '\\t',..}..for i in range(0x20):.. ESCAPE_DCT.setdefault(chr(i), '\\u{0:04x}'.format(i)).. #ESCAPE_DCT.setdefault(chr(i), '\\u%04x' % (i,))..del i....INFINITY = float('inf')....def py_encode_basestring(s):.. """Return a JSON representation of a Python string.... """.. def replace(match):.

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\scanner.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2498
                                          Entropy (8bit):4.554490171873137
                                          Encrypted:false
                                          SSDEEP:48:krFYUtdVRojq1j1op2sy5zRwDvAvsCYSl2SOsyV9P:krFJGjcjepJy5zRvkCYSl2SOsyV9P
                                          MD5:83EDC258CA5D89378BC86FE790CBF1B7
                                          SHA1:618A95730FC4AD64ADA9BA39F155B6A873D0447F
                                          SHA-256:9841566FB17315EBDD40A1CA9CB214F02CDE7171B187D4DC821C80120EA853C3
                                          SHA-512:932029300DB3D377BAA4B8003ACB2B76D7F757C02F067B035F4A248A8D2C1FF8E34CB7BBC4E332D354A3ACEF01A4905349F291F7E66774D1F557BA6126A0A225
                                          Malicious:false
                                          Preview:"""JSON token scanner.."""..import re..try:.. from _json import make_scanner as c_make_scanner..except ImportError:.. c_make_scanner = None....__all__ = ['make_scanner']....NUMBER_RE = re.compile(.. r'(-?(?:0|[1-9]\d*))(\.\d+)?([eE][-+]?\d+)?',.. (re.VERBOSE | re.MULTILINE | re.DOTALL))....def py_make_scanner(context):.. parse_object = context.parse_object.. parse_array = context.parse_array.. parse_string = context.parse_string.. match_number = NUMBER_RE.match.. strict = context.strict.. parse_float = context.parse_float.. parse_int = context.parse_int.. parse_constant = context.parse_constant.. object_hook = context.object_hook.. object_pairs_hook = context.object_pairs_hook.. memo = context.memo.... def _scan_once(string, idx):.. try:.. nextchar = string[idx].. except IndexError:.. raise StopIteration(idx) from None.... if nextchar == '"':.. return parse_string(string, idx + 1, stri

                                          C:\Users\user\AppData\Roaming\windows\Lib\json\tool.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3424
                                          Entropy (8bit):4.383060644777333
                                          Encrypted:false
                                          SSDEEP:48:pPza+AFS0/LZ3DmLU9k+3W7P/BopadkHqdyf6yAp7zKaz:pP8Fp/F3EU9kV8adkHBf2Is
                                          MD5:04BB41005A34A0439354779391919F36
                                          SHA1:3878CE551869C7CD7A9801CC7E1533D758D73F7D
                                          SHA-256:E4940A58DC30B05A4D66ABCE80C8FF52712BD9EAAAAF50B526ECCB49185950D6
                                          SHA-512:E5ACA0CE7E46F86F678464E2C1AEEDD2B3BC86C98323B362FF02235DC69295001E0B6F7978754A0917AA4640808CB2656FFC64CCA179E88378AE85F2A0E34CD6
                                          Malicious:false
                                          Preview:r"""Command-line tool to validate and pretty-print JSON....Usage::.... $ echo '{"json":"obj"}' | python -m json.tool.. {.. "json": "obj".. }.. $ echo '{ 1.2:3.4}' | python -m json.tool.. Expecting property name enclosed in double quotes: line 1 column 3 (char 2)...."""..import argparse..import json..import sys..from pathlib import Path......def main():.. prog = 'python -m json.tool'.. description = ('A simple command line interface for json module '.. 'to validate and pretty-print JSON objects.').. parser = argparse.ArgumentParser(prog=prog, description=description).. parser.add_argument('infile', nargs='?',.. type=argparse.FileType(encoding="utf-8"),.. help='a JSON file to be validated or pretty-printed',.. default=sys.stdin).. parser.add_argument('outfile', nargs='?',.. type=Path,.. help='write the output of infile t

                                          C:\Users\user\AppData\Roaming\windows\Lib\keyword.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1137
                                          Entropy (8bit):4.579459752924743
                                          Encrypted:false
                                          SSDEEP:24:1TuAvF8VVC7Ln46q7a/cl6b93h0qkc7mKeWdItSw+9cCe5:1K88VVV8c0qqp7mKk
                                          MD5:A10DF1136C08A480EF1D2B39A1F48E4A
                                          SHA1:FC32A1FF5DA1DB4755ECFAE82AA23DEF659BEB13
                                          SHA-256:1F28F509383273238AD86EDA04A96343FA0DC10EEAF3189439959D75CDAC0A0B
                                          SHA-512:603F6DC4556CBBD283CF77233727E269C73C6E1B528084E6C6234AEFD538313B4ACC67CA70A7DB03E015A30F817FCFEDDA2B73DE480963AE0EEFD486F87463CD
                                          Malicious:false
                                          Preview:"""Keywords (from "Grammar/python.gram")....This file is automatically generated; please don't muck it up!....To update the symbols in this file, 'cd' to the top directory of..the python source tree and run:.... PYTHONPATH=Tools/peg_generator python3 -m pegen.keywordgen \.. Grammar/python.gram \.. Grammar/Tokens \.. Lib/keyword.py....Alternatively, you can run 'make regen-keyword'..."""....__all__ = ["iskeyword", "issoftkeyword", "kwlist", "softkwlist"]....kwlist = [.. 'False',.. 'None',.. 'True',.. 'and',.. 'as',.. 'assert',.. 'async',.. 'await',.. 'break',.. 'class',.. 'continue',.. 'def',.. 'del',.. 'elif',.. 'else',.. 'except',.. 'finally',.. 'for',.. 'from',.. 'global',.. 'if',.. 'import',.. 'in',.. 'is',.. 'lambda',.. 'nonlocal',.. 'not',.. 'or',.. 'pass',.. 'raise',.. 'return',.. 'try',.. 'while',.. 'with',.. 'yield'..]....softkwlist = [.. '_',..

                                          C:\Users\user\AppData\Roaming\windows\Lib\lib2to3\btm_matcher.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6786
                                          Entropy (8bit):4.2056810193877405
                                          Encrypted:false
                                          SSDEEP:96:5LZ23V6exALGbH1tz/ccERr3+tzB1NgU/FL93eCjMy0PuCjWl4D7H2R6I:u5K6/FL93eCjMPmCj+bR6I
                                          MD5:9FEAF597DF4589DAF018E8A4D9DE23AA
                                          SHA1:E3C21EAF4DEA2DBDD9A4BA5A36330E600002022A
                                          SHA-256:344AE77CA1E51F6919D34884B6CDD64849DDE851ECBF9F4D9EFC8C772545977B
                                          SHA-512:DA71A37B48438CC0140BB0F43516749FAD76648AF25CAEB71DB5D8F1DF70C109696153392B974E55E002002EDDD733C873D60D4661F9636C72571833BA9848C0
                                          Malicious:false
                                          Preview:"""A bottom-up tree matching algorithm implementation meant to speed..up 2to3's matching process. After the tree patterns are reduced to..their rarest linear path, a linear Aho-Corasick automaton is..created. The linear automaton traverses the linear paths from the..leaves to the root of the AST and returns a set of nodes for further..matching. This reduces significantly the number of candidate nodes."""....__author__ = "George Boutsioukis <gboutsioukis@gmail.com>"....import logging..import itertools..from collections import defaultdict....from . import pytree..from .btm_utils import reduce_tree....class BMNode(object):.. """Class for a node of the Aho-Corasick automaton used in matching""".. count = itertools.count().. def __init__(self):.. self.transition_table = {}.. self.fixers = [].. self.id = next(BMNode.count).. self.content = ''....class BottomMatcher(object):.. """The main matcher class. After instantiating the patterns should.. be ad

                                          C:\Users\user\AppData\Roaming\windows\Lib\lib2to3\btm_utils.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):10225
                                          Entropy (8bit):4.258637831249486
                                          Encrypted:false
                                          SSDEEP:192:63NTnUN2QTnt1d4xWlYGw0ggx1w/2GP/Mjp7joSL/DNwpIsjew:JJlPwmx1tGMj3Ci7w
                                          MD5:D76229E5B83D42029C9995DB1B8C7ED5
                                          SHA1:96CBC1686AC134DDEB5E16D599D4FBAF88AE6B56
                                          SHA-256:11B921004E6AF9351390BE268BDCD723B7EE7607CDF6E24A353747F048B1F9D4
                                          SHA-512:2B11D749058483D0A6879DCD96D4DBC57EBA3234CC29CD3804801C8D637C3A85AED84518F8632F2DF529BB3E27D5834EC699580A8D52AA037169CBDC4C69D5BE
                                          Malicious:false
                                          Preview:"Utility functions used by the btm_matcher module"....from . import pytree..from .pgen2 import grammar, token..from .pygram import pattern_symbols, python_symbols....syms = pattern_symbols..pysyms = python_symbols..tokens = grammar.opmap..token_labels = token....TYPE_ANY = -1..TYPE_ALTERNATIVES = -2..TYPE_GROUP = -3....class MinNode(object):.. """This class serves as an intermediate representation of the.. pattern tree during the conversion to sets of leaf-to-root.. subpatterns""".... def __init__(self, type=None, name=None):.. self.type = type.. self.name = name.. self.children = [].. self.leaf = False.. self.parent = None.. self.alternatives = [].. self.group = [].... def __repr__(self):.. return str(self.type) + ' ' + str(self.name).... def leaf_to_root(self):.. """Internal method. Returns a characteristic path of the.. pattern tree. This method must be run for all leaves until the.. linea

                                          C:\Users\user\AppData\Roaming\windows\Lib\lib2to3\fixer_base.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6876
                                          Entropy (8bit):4.411308717114407
                                          Encrypted:false
                                          SSDEEP:96:rDO1mqwWSFkEv1w5tLazO7x2dmmw1mBDog36TvEL8AupcrxmJB6CrxmJpHQ/l9/W:rCivSDDQYmx3KT28oH+2nHS0
                                          MD5:41D14A8EA6887DF17A9CAA4E37C9AD98
                                          SHA1:E9CDF58BD18562E7B29E2D263C6C5E9C58C7B1B4
                                          SHA-256:1195366080AE5114EF41253B9FF6AF99A75555FF0764BEAF390FF89213D94FC1
                                          SHA-512:C3436315C24E0438C8C6F9EB6DC22190D5DCDA30C1BC20A2D707803881ABC0BF5165C71775B400BAA7AFDB1C31BAEB786F0A6572441AEBA1D7E3733443D361A5
                                          Malicious:false
                                          Preview:# Copyright 2006 Google, Inc. All Rights Reserved...# Licensed to PSF under a Contributor Agreement....."""Base class for fixers (optional, but recommended)."""....# Python imports..import itertools....# Local imports..from .patcomp import PatternCompiler..from . import pygram..from .fixer_util import does_tree_import....class BaseFix(object):.... """Optional base class for fixers..... The subclass name must be FixFooBar where FooBar is the result of.. removing underscores and capitalizing the words of the fix name... For example, the class name for a fixer named 'has_key' should be.. FixHasKey... """.... PATTERN = None # Most subclasses should override with a string literal.. pattern = None # Compiled pattern, set by compile_pattern().. pattern_tree = None # Tree representation of the pattern.. options = None # Options object passed to initializer.. filename = None # The filename (set by set_filename).. numbers = itertools.count(1) # For new_name

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\README.txt

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):121
                                          Entropy (8bit):4.240738818911377
                                          Encrypted:false
                                          SSDEEP:3:hBWtHUVeRWRsjYR0uZjOBoVTDwwGvAgKVnA4lJMov:hBmHUAzYuYOBuaXE/lJB
                                          MD5:15ACB038B5C2E03D56F5B588A077BF22
                                          SHA1:09A1D643B7A3D233B047324C303E6295BFD93263
                                          SHA-256:1C99489111112D2150DB0E18BBD474FF45F78FEF80FA0E533DFD9ECFC6A3A480
                                          SHA-512:86006F3EF7BB88E46427D023A2229C63F6BD933D37AB1D7463CE6C6FEB9021CBFF17D5BE1DFB36CCFCBBCFC53C29E5004C43C91DCD3B43AD831E1FAC06A546DC
                                          Malicious:false
                                          Preview:This directory exists so that 3rd party packages can be installed..here. Read the source for site.py for more details...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):355
                                          Entropy (8bit):4.745572780794588
                                          Encrypted:false
                                          SSDEEP:6:1REYB9HZiEw3G5laLR0S8XiAsUSiuI9X+KLELwJqWl3VY2wVdLcJ+9EWaFSQ3Z/X:1REYB9f5gl0SQiASiuI+dCle2+LcJWG1
                                          MD5:439A7014D3D463C5591410E520FF6B00
                                          SHA1:AEACB5F33C115DC100C18C45D91DC9E8E54FDA49
                                          SHA-256:A009359C5A4B994552E4B9FB371BCDA06527E55927E851908CF68D0DFF10F299
                                          SHA-512:B733A32D51D6B7E289B1563D53BE2A5BFCA180B98A45245941384EE2290733708F7253D7CB8B550BFC5F169A572329005DB96AC071685AE6996C2C71B7538F50
                                          Malicious:false
                                          Preview:from typing import List, Optional..__version__ = "24.0"...def main(args: Optional[List[str]] = None) -> int:. """This is an internal API only meant for use by pip's own console scripts... For additional details, see https://github.com/pypa/pip/issues/7498.. """. from pip._internal.utils.entrypoints import _wrapper.. return _wrapper(args).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):854
                                          Entropy (8bit):4.657090303713565
                                          Encrypted:false
                                          SSDEEP:12:yKyKD5NqfFCm0le1H/A/Xv/YWVrOmUfvgUOfFjxl+giRJvzVqRu6Jo+Yh2paAqin:ZXNNqdv0le1fA/4cevUFtib00bepao/v
                                          MD5:A56E19F54A80E824D64E8F72C9EE78E8
                                          SHA1:4F4087AF34A52C3C155EA0274DE2E4DFEC45D431
                                          SHA-256:5B36E11D74DB484EA0058D7D98D37D9B8B39A3FDFAE4B3AF4D84A0AA06DD0611
                                          SHA-512:3270D68FD690D122C4ABA74AF2B88621405A58E949E926BF38476591F4EF4DB36E37B58CFAB9FD9E18F64857543E088E96762F18CFB32D58DA4E44FFC9AD0A06
                                          Malicious:false
                                          Preview:import os.import sys..# Remove '' and current working directory from the first entry.# of sys.path, if present to avoid using current directory.# in pip commands check, freeze, install, list and show,.# when invoked as python -m pip <command>.if sys.path[0] in ("", os.getcwd()):. sys.path.pop(0)..# If we are running from a wheel, add the wheel to sys.path.# This allows the usage python pip-*.whl/pip install pip-*.whl.if __package__ == "":. # __file__ is pip-*.whl/pip/__main__.py. # first dirname call strips of '/__main__.py', second strips off '/pip'. # Resulting path is the name of the wheel itself. # Add that to sys.path so we can import pip. path = os.path.dirname(os.path.dirname(__file__)). sys.path.insert(0, path)..if __name__ == "__main__":. from pip._internal.cli.main import main as _main.. sys.exit(_main()).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\__pip-runner__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1444
                                          Entropy (8bit):4.9657510210884865
                                          Encrypted:false
                                          SSDEEP:24:m+7rAGZi/boI1X076l9Lo20E8zql0CeRIpXvPLkQP5mmnJIQ804LZGp3UsAu:m+7Umyo2X076l9LoVi6EXL1P5vZ4LsdB
                                          MD5:6DB12AA0D3B88CFE811DEE51E5CCD04C
                                          SHA1:4F1643CAC3326F12464EAB68CAB415A5726D57A2
                                          SHA-256:127ADF2A628CCD601DAA0FC989C2C238FF58F79531EF31E1E0E6EFA8BB50723A
                                          SHA-512:64B86E073CC23DD28E64C631BA0038EAA515B68BB18C18A7F8642C5091AE47B777DD81798B075AA054A77D3FD47F02DF8792036859638E6D856203C3638A0539
                                          Malicious:false
                                          Preview:"""Execute exactly this copy of pip, within a different environment...This file is named as it is, to ensure that this module can't be imported via.an import statement.."""..# /!\ This version compatibility check section must be Python 2 compatible. /!\..import sys..# Copied from setup.py.PYTHON_REQUIRES = (3, 7)...def version_str(version): # type: ignore. return ".".join(str(v) for v in version)...if sys.version_info[:2] < PYTHON_REQUIRES:. raise SystemExit(. "This version of pip does not support python {} (requires >={}).".format(. version_str(sys.version_info[:2]), version_str(PYTHON_REQUIRES). ). )..# From here on, we can use Python 3 features, but the syntax must remain.# Python 2 compatible...import runpy # noqa: E402.from importlib.machinery import PathFinder # noqa: E402.from os.path import dirname # noqa: E402..PIP_SOURCES_ROOT = dirname(dirname(__file__))...class PipImportRedirectingFinder:. @classmethod. def find_spec(self, fullnam

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):675
                                          Entropy (8bit):5.468778157251209
                                          Encrypted:false
                                          SSDEEP:12:P/eRzYA/83nwfSQiASiuI+dCle2+LcJ22RknQWbcq6/5jO2lJBMCkkyZYr:MJ/8gKQdSLIeC6LcJ2Ukdb6llJBYxZYr
                                          MD5:DBD90F55A428A88551AC026050DC97A6
                                          SHA1:F89330306D089B33829AC13BF8CCD52DF57E6955
                                          SHA-256:2BBC3BCE2E3D5C5BCEC106A0DFA0AA59E8EF57AD2363C63A5D6FD1B9B533CE19
                                          SHA-512:E38C986E9484702693EDCB694F33C38F4980B8AEC6111C802D5D430DD9A81461109C281C6572D6F2506452F9D33BA019E0553F3C35DDC3D9F5CC2274576949F5
                                          Malicious:false
                                          Preview:...........fc.........................6.....d.d.l.m.Z.m.Z...d.Z.d.d.e.e.e.........d.e.f.d...Z.y.)......)...List..Optionalz.24.0N..args..returnc...........................d.d.l.m.}.....|.|.........S.).z.This is an internal API only meant for use by pip's own console scripts... For additional details, see https://github.com/pypa/pip/issues/7498.. r....)..._wrapper)...pip._internal.utils.entrypointsr....).r....r....s.... .EC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/__init__.py..mainr........s..........9....D.>........).N)...typingr....r......__version__..str..intr......r....r......<module>r........s)..........!...........x...S...."......c.....r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\__pycache__\__main__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):831
                                          Entropy (8bit):4.776275058405624
                                          Encrypted:false
                                          SSDEEP:12:0l2tody7NW1qKFSXZubhLWb4wabYpLgtBvLudhf:0lNys1qKwXcbIb4Jb8WBadhf
                                          MD5:2A067FB67DDF7247F1D3224BEDA8E40E
                                          SHA1:0EF784E1188E9FB1472B503E4A7EDDE63AFA3C89
                                          SHA-256:B4B65B8E1C2E76CE2ED60FBFF7EDE0E1E44BD9A562010B61FB6DA9E97400DBA2
                                          SHA-512:AC2CB155994499F5F3383EFAE3CA5147377311844DB880DFADA23DE1A5A64DFE8EDDAAEABC845FCC69EAEF1A05F8352FFF1DBC7B8C51085943BEA473BA9570AA
                                          Malicious:false
                                          Preview:...........fV.........................~.....d.d.l.Z.d.d.l.Z.e.j...................d.....d...e.j...........................f.v.r.e.j...................j...................d...........e.d.k(..rPe.j...................j...................e.j...................j...................e.................Z.e.j...................j...................d.e...........e.d.k(..r.d.d.l.m.Z.....e.j.....................e...................y.y.)......N....__main__)...main)...os..sys..path..getcwd..pop..__package__..dirname..__file__..insert..__name__..pip._internal.cli.mainr......_main..exit........EC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/__main__.py..<module>r........s.....................8.8.A.;.2.y.r.y.y.{..#..#....H.H.L.L...O......".........7.7.?.?.2.7.7.?.?.8..4..5.D....H.H.O.O.A.t.......z.....4....C.H.H.U.W........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\__pycache__\__pip-runner__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2194
                                          Entropy (8bit):5.459916072289949
                                          Encrypted:false
                                          SSDEEP:48:Q9Azo+7UmyMBHoQLjWpNgF4uwzfm/819e4fTzb38hv5F:rEgUmyMBqpNgFBwzf919e4f345P
                                          MD5:E7526C4ACD8F54C1CCC203B80AD91535
                                          SHA1:8AEF69DC33B2F4B8176DCB5379A35AA97DE6C63C
                                          SHA-256:BF32DB0AAD49A6F538635B13E8450571EE0C7C30BFD9EA44D926F158E01D8D1A
                                          SHA-512:183BC9BA5F77A342028BB29967487A314190836C2D28210789A5A84D0D6A42CD744D035D295DB98E60D7165A4B878CB8891FBFC3AD5A6520FC7050B0F204F87F
                                          Malicious:false
                                          Preview:...........f..........................t.....d.Z.d.d.l.Z.d.Z.d...Z.e.j...................d.d...e.k...r1..e.d.j.....................e.e.j...................d.d.............e.e...........................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.....e...e.e.................Z...G.d...d.........Z.e.j...................j!..................d...e...................e.d.k(..s.J.d.............e.j$..................d.d.d.............y.).z.Execute exactly this copy of pip, within a different environment...This file is named as it is, to ensure that this module can't be imported via.an import statement.......N)...........c.....................2.....d.j...................d...|.D.................S.).N...c................3....2...K.....|.]...}.t.........|...................y...w.).N)...str)....0..vs.... .KC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/__pip-runner__.py..<genexpr>z.version_str.<locals>.<genexpr>....s...........,.q.C...F..,.s........)...join)...versions.... r......version_strr........s...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\index\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):222
                                          Entropy (8bit):5.13160320753703
                                          Encrypted:false
                                          SSDEEP:6:LSy/aCCps1I1L+36B0WltT5jD6qpR2pAreKAnc6IaYleHXlll:T/aCC8IY36BvPTZxWbbcjaYkH1ll
                                          MD5:E488D63166581082F1E994BB0E43DB9A
                                          SHA1:87EA03E3E17FA49C916B608128E737F0C4C5E6F3
                                          SHA-256:C3DC638E846825A22849A1EE97491E6D8EB3A03EA78B72FF544036B2F03AF9FA
                                          SHA-512:33F7EBCABFF6F11EF8EAD49DE9F9973C276A79229154048C0853984ED4CFA7FD5B36F646C2D53D956A2E7F6F9D4E3294BBCF5FB8DBEAE57CB0AF8E8D9111D048
                                          Malicious:false
                                          Preview:...........f................................d.Z.y.).z.Index interaction code.N)...__doc__........UC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/index/__init__.py..<module>r........s..............r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\index\__pycache__\sources.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):12594
                                          Entropy (8bit):5.261250408392937
                                          Encrypted:false
                                          SSDEEP:192:6WPTo/W4rbEjyWoXqW4/t+n3cLw9/TJMjTxyyDfflr6U:LWW4rioXl4gr9/Tq5yyDlT
                                          MD5:26FCFD15F1F4C431754214C04270630F
                                          SHA1:BF2206E907E089060E7FAB0B89E68C8764FC27E5
                                          SHA-256:B16C9F5358A50A53E1EAC8C4455FF5A0AA134A4D47CABDC13C7EBCBEB7094599
                                          SHA-512:5E3FF360D7017DD379AC2F4A6E53B3E844D13B3C22A9103FF6994D0D22515054D0983D46DADCDD16DD620C48B00D0E226DA08A28E532DBA789C0205E0C4E26A0
                                          Malicious:false
                                          Preview:...........f.!..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....e.j8..................e.........Z.e.e.....Z.e.e.....Z e.e.g.e.e.....f.....Z!e.e.g.e"f.....Z#..G.d...d.........Z$d.e%d.e"f.d...Z&..G.d...d.........Z'..G.d...d.e$........Z(..G.d...d.e$........Z)..G.d...d.e$........Z*..G.d...d.e$........Z+d.e%d.e!d.e#d.e"d.e"d.e%d.e.e.e%....e.e$....f.....f.d...Z,y.)......N)...defaultdict)...Callable..Dict..Iterable..List..Optional..Tuple)...InvalidSdistFilename..InvalidVersion..InvalidWheelFilename..canonicalize_name..parse_sdist_filename..parse_wheel_filename)...InstallationCandidate)...Link)...path_to_url..url_to_path)...is_urlc.....................@.....e.Z.d.Z.e.d.e.e.....f.d...........Z.d.e.f.d...Z.d.e.f.d...Z.y.)...LinkSource..returnc...........................t...................).z,Returns the underlying link, if there's one.....NotImplementedError....s

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):15365
                                          Entropy (8bit):4.814507131821125
                                          Encrypted:false
                                          SSDEEP:192:OdFSftlYe423JTFZAj5iC7SCrEYuGcrgoqa6DxbLCLax3GZIOkeFIqK2RrRlFRoB:OdFSllF4sMwZ9b7qa6DpGjrNRs
                                          MD5:42097813533BC9F4A543ED8749B0DC4D
                                          SHA1:A4A9AF510C13B0BB0DC6B2DDFA089D570409A749
                                          SHA-256:0E1F0B2561BC2D19432B82488FDB1F445F7A4D113313EF8DFC0225C7B4EAA1EE
                                          SHA-512:4FCBB5BB4E960E75D75ABFC8522767A40DFD7DEE606C74073D4DED92453A438635A7777981EE08E32C27E03A63C49AD9DCA74175D92A20C53CD81F7916206E8A
                                          Malicious:false
                                          Preview:import functools.import logging.import os.import pathlib.import sys.import sysconfig.from typing import Any, Dict, Generator, Optional, Tuple..from pip._internal.models.scheme import SCHEME_KEYS, Scheme.from pip._internal.utils.compat import WINDOWS.from pip._internal.utils.deprecation import deprecated.from pip._internal.utils.virtualenv import running_under_virtualenv..from . import _sysconfig.from .base import (. USER_CACHE_DIR,. get_major_minor_version,. get_src_prefix,. is_osx_framework,. site_packages,. user_site,.)..__all__ = [. "USER_CACHE_DIR",. "get_bin_prefix",. "get_bin_user",. "get_major_minor_version",. "get_platlib",. "get_purelib",. "get_scheme",. "get_src_prefix",. "site_packages",. "user_site",.]...logger = logging.getLogger(__name__)..._PLATLIBDIR: str = getattr(sys, "platlibdir", "lib").._USE_SYSCONFIG_DEFAULT = sys.version_info >= (3, 10)...def _should_use_sysconfig() -> bool:. """This function determines the value

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):16766
                                          Entropy (8bit):5.519620941161394
                                          Encrypted:false
                                          SSDEEP:384:GozXlHd4tbChc26p9eilj05jF3a7PDd+wven1Kt:Gorn4/eilj65gBWn1Kt
                                          MD5:EA9169337B8AD22BDA9DA7BDA2D6FE57
                                          SHA1:9AF1F0FA1B2EFF26BC19064DC4B641DA18D67E95
                                          SHA-256:622CE7EED5F0D9C08D8EBEE27660FB3A6CF9DB06175AB14742A8DC208D7D2F45
                                          SHA-512:A3663FFDE46EA30506EA843685D8C40E22B5E90B43041FEE38BC9061A6F19CAA94A8D9D317E051312467597A4547243B8564B4971047A3E465AAA6EDA1483ACE
                                          Malicious:false
                                          Preview:...........f.<........................r.....U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...g.d...Z...e.j>..................e ........Z!..e"e.d.d.........Z#e$e%d.<...e.jL..................d.k\..Z'd.e(f.d...Z)..e)........Z*e*s.d.d.l.m+Z+..e'r.e*s.e.jX..................Z-n.e.j\..................Z-d.e(f.d...Z/d.e.e$e$f.....d.e(f.d...Z0..e.jb..................d...........d.e(f.d...........Z2..e.jb..................d...........d.e(f.d...........Z3..e.jb..................d...........d.e(f.d...........Z4..e.jb..................d...........d.e(f.d...........Z5..e.jb..................d...........d.e(f.d...........Z6d.e.e$....d.e.e$d.d.f.....f.d...Z7..e.jb..................d...........d.e.jp..................d.e.jp..................d.e$d.d.f.d ..........Z9d.e.jp..................d.e.jp..................d.e$d.e(f.d!..Z:..e.jb..................d...........d"d.d.d.d#..d$e(d%

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\__pycache__\_distutils.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6846
                                          Entropy (8bit):5.531763260524412
                                          Encrypted:false
                                          SSDEEP:96:jA4mRlJske9uLhnTdMZakdrwVVlgznaoix4F5dJEUlVzW:shRrEddrehoBFJECa
                                          MD5:508B0AD37E0E7B029BDC2DA6AC089206
                                          SHA1:BF5D17C325EE908E90D013B948B6729A0039297A
                                          SHA-256:6641D0CDE0F380B6F12A30B84AEBC84D194B2CA42377A7E4AE18D9C0762A6A24
                                          SHA-512:7299F92496875E450A90AEB75CE31C94D1A7D9AA43A857CE65C978F79AE12DB05B7841BC743BAFF36F9E0D8740FFE5392835A72D4D0B0CC7FF5DA0F0C47ABD0E
                                          Malicious:false
                                          Preview:...........fy...............................d.Z.....e.d.........j.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j>..................e ........Z!..........d.d.d...d.e"d.e#d.e.e"....d.e.e"....d.e#d.e.e"....d.e#d.e.e"e"f.....f.d...Z$..........d.d.e"d.e#d.e.e"....d.e.e"....d.e#d.e.e"....d.e.f.d...Z%d.e"f.d...Z&d.e"f.d...Z'd.e"f.d...Z(y.#.e.e.f.$.r...Y...w.x.Y.w.).z7Locations where we look for configs, install stuff, etc.._distutils_hack.....N)...Command)...SCHEME_KEYS)...install....get_python_lib)...Dict..List..Optional..Union..cast)...Scheme)...WINDOWS)...running_under_virtualenv.....)...get_major_minor_versionF)...ignore_config_files..dist_name..user..home..root..isolated..prefixr......returnc..........................d.d.l.m.}...d.|.i.}.|.r.d.g.|.d.<.....|.|.........}.|.s...|.j.............................d.}.|.j...................d.d...........}.|...J..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\__pycache__\_sysconfig.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8001
                                          Entropy (8bit):5.493803611489178
                                          Encrypted:false
                                          SSDEEP:96:4XaHI7MYoLOb/Gp0Tg6oKTZikflZ1WVnrJTLAUUZLmO/JMRg5nHNQNRSiEkEuASh:4q7cP0wiopWJrZLAUUZLTNWruLwfSs
                                          MD5:041E1003B57F551602F2DA7FBB7AA78C
                                          SHA1:AD5DDE18FC43439892EB141045176837CFEC5490
                                          SHA-256:2ECA282F33A8F792FDF553C42E4EF0FFCE7EF10856AC9BC50082B6AFD6546A5E
                                          SHA-512:592382699A7549C321F1361FFE3CAC1D66736D8B85D534907137DD0091F5531B552FDD0B2BA9E7B153248E4F32FC742DEE35CF74A106F993F5250A9D312E8326
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....e.j"..................e.........Z...e...e.j*..................................Z...e.e.d.d.........Z.d.e.f.d...Z.d.e.f.d...Z.d.e.f.d...Z.d.e.f.d...Z.g.d...Z...e.j@..................d...........e.jC..................d.....................d.d.e.d.e.d.e.jD..................e.....d.e.jD..................e.....d.e.d.e.jD..................e.....d.e.f.d...Z#d.e.f.d...Z$d.e.f.d...Z%d.e.f.d...Z&y.)......N)...InvalidSchemeCombination..UserInstallationInvalid)...SCHEME_KEYS..Scheme)...running_under_virtualenv.....)...change_root..get_major_minor_version..is_osx_framework..get_preferred_scheme..returnc.....................D.....d.t.........v.x.r...t...................x.r...t.................S.).a....Check for Apple's ``osx_framework_library`` scheme... Python distributed by Apple's Command Line Tools has this special scheme. that's used when:..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\__pycache__\base.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3771
                                          Entropy (8bit):5.23088222396282
                                          Encrypted:false
                                          SSDEEP:48:6iLYMKBXGjWf/ITtblRlZlpF3ajAR7CTJ3y1/zR5Pe1baYXDDmC5OMi:6jM6XGjFxJVliM2T1ypeUsH5OMi
                                          MD5:111DAB08D499DC094CA949DB382888CA
                                          SHA1:C9AC67EEE95C09AF98F26BF015C41D79AE7C2827
                                          SHA-256:34986A0EEE122A9E1477F8AEEAB4F5CC1FCF32151DB99B198433CB11AC60F568
                                          SHA-512:894DDBB2C495C0815E71D7175F3824863EB9799376426832A6D7158979D103905B04E30EC7E50F27760F10CEBBE608D6689F9A7829767A9F97181BE57E2A41FA
                                          Malicious:false
                                          Preview:...........f...............................U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j...................d.........Z...e.j...................d.........Z.e.e.d.<...d.e.f.d...Z.d.e.d.e.d.e.f.d...Z.d.e.f.d...Z.....e.j*..........................Z.e.j...................e.....e.d.<.....e.j4..................d...........d.e.f.d...........Z.y.#.e.$.r...e.j2..................Z.Y..0w.x.Y.w.)......N)...InstallationError)...appdirs)...running_under_virtualenv..pip..purelib..site_packages..returnc.....................<.......d.j...................t.........j.....................S.).ze. Return the major-minor version of the current Python as a string, e.g.. "3.7" or "3.10".. z.{}.{})...format..sys..version_info........UC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/locations/base.py..get_major_minor_versionr........s............7.>.>.3..+..+..,..,r......new_root..pathnamec...........................t.........j............

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\_distutils.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6009
                                          Entropy (8bit):4.6472416335794415
                                          Encrypted:false
                                          SSDEEP:96:RF98DyqqXDIMgcuWM/1DAg/K2uD3A0lgznaoi8RbdLiF4WNZCjKc9Gv:RF98DyqqsnctM/ymcoZRxj8Q26Gv
                                          MD5:E1354E87EC259E8DC27206CB2D011AA0
                                          SHA1:10CDF71B7814400226BFCE22B99AB43B5FE7C6C5
                                          SHA-256:1FD6472BFDF9ADD0D5D50B268B841E68150B8C54F831BBBA42EA151A427A4072
                                          SHA-512:7E7E1F9A020EDD0C6399495BD80F2D692E85FCD859A21935AA92EB3CE7D628663EF04679EF89D732E03D90E8D8F08F89826835632135BF10ABBF0B6C444A7072
                                          Malicious:false
                                          Preview:"""Locations where we look for configs, install stuff, etc"""..# The following comment should be removed at some point in the future..# mypy: strict-optional=False..# If pip's going to use distutils, it should not be using the copy that setuptools.# might have injected into the environment. This is done by removing the injected.# shim, if it's injected..#.# See https://github.com/pypa/pip/issues/8761 for the original discussion and.# rationale for why this is done within pip..try:. __import__("_distutils_hack").remove_shim().except (ImportError, AttributeError):. pass..import logging.import os.import sys.from distutils.cmd import Command as DistutilsCommand.from distutils.command.install import SCHEME_KEYS.from distutils.command.install import install as distutils_install_command.from distutils.sysconfig import get_python_lib.from typing import Dict, List, Optional, Union, cast..from pip._internal.models.scheme import Scheme.from pip._internal.utils.compat import WINDOWS.from pip

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\_sysconfig.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):7680
                                          Entropy (8bit):4.866991580048859
                                          Encrypted:false
                                          SSDEEP:192:JdCOcPkYiopsT6b9LstdkNBRVzXG9eSvwY33Ast:Jd5cPRiopsubhs3kvRieSFR
                                          MD5:7BB5B79402F716198A5CE0A8D07929E4
                                          SHA1:9AB439BD5F5B0F6478D0DC17DA2FA87733F01F32
                                          SHA-256:8F2355B547CC21FD26B7263E5E9D66F7243C8B0102A334955459A390DF5ADB2C
                                          SHA-512:F3AB05449D50ABCB688C6BF9BFDBC58EA8D7626093EBC98CE7E39881FFD66AE88A10C1A64CA37CF99391DC52F065E4C28D6345AD407DE3E7FFC12C6FCAC2AB32
                                          Malicious:false
                                          Preview:import logging.import os.import sys.import sysconfig.import typing..from pip._internal.exceptions import InvalidSchemeCombination, UserInstallationInvalid.from pip._internal.models.scheme import SCHEME_KEYS, Scheme.from pip._internal.utils.virtualenv import running_under_virtualenv..from .base import change_root, get_major_minor_version, is_osx_framework..logger = logging.getLogger(__name__)...# Notes on _infer_* functions..# Unfortunately ``get_default_scheme()`` didn't exist before 3.10, so there's no.# way to ask things like "what is the '_prefix' scheme on this platform". These.# functions try to answer that with some heuristics while accounting for ad-hoc.# platforms not covered by CPython's default sysconfig implementation. If the.# ad-hoc implementation does not fully implement sysconfig, we'll fall back to.# a POSIX scheme..._AVAILABLE_SCHEMES = set(sysconfig.get_scheme_names()).._PREFERRED_SCHEME_API = getattr(sysconfig, "get_preferred_scheme", None)...def _should_use_osx_fram

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\locations\base.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2556
                                          Entropy (8bit):4.7400258499487755
                                          Encrypted:false
                                          SSDEEP:48:xNd8HSftSqBN9bjWfq2KF3aAgoZri6dQWJjaRgLGhNlpLKGBfhRwnA/8OZ:Hd8ykq5jZGoTdQgygLGvl1WOZ
                                          MD5:DF3959ADC2DB3EB93E958438AD137A98
                                          SHA1:B8E2670E06883B1AC1244F41EB9D63B50704C3CE
                                          SHA-256:45088F8B5778155336071934E1D4215D9D8FAA47A58C42F67D967D498A8843BF
                                          SHA-512:81E4C30D31B670524C1BC9CDE2395F212025D6EDD14A1489932CA5220CF49423B99E4B38A76BA5243AF6931B1CB7050AA0AE4BCD09D46D403D3C7185350C8EB0
                                          Malicious:false
                                          Preview:import functools.import os.import site.import sys.import sysconfig.import typing..from pip._internal.exceptions import InstallationError.from pip._internal.utils import appdirs.from pip._internal.utils.virtualenv import running_under_virtualenv..# Application Directories.USER_CACHE_DIR = appdirs.user_cache_dir("pip")..# FIXME doesn't account for venv linked to global site-packages.site_packages: str = sysconfig.get_path("purelib")...def get_major_minor_version() -> str:. """. Return the major-minor version of the current Python as a string, e.g.. "3.7" or "3.10".. """. return "{}.{}".format(*sys.version_info)...def change_root(new_root: str, pathname: str) -> str:. """Return 'pathname' with 'new_root' prepended... If 'pathname' is relative, this is equivalent to os.path.join(new_root, pathname).. Otherwise, it requires making 'pathname' relative and then joining the. two, which is tricky on DOS/Windows and Mac OS... This is borrowed from Python's standard

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\main.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):340
                                          Entropy (8bit):4.624535788985788
                                          Encrypted:false
                                          SSDEEP:6:1REYB9HH3G5laLRIIQrHGKGX+KLELwJqWl3VY2wVdLcJ+9EWaFSQ3Z/IRkpdln:1REYB925glIRro+dCle2+LcJWGORMl
                                          MD5:0BB4FE239F44137D18D96E9ECB11195E
                                          SHA1:442943CD1FA0793DD0A43F75DA3843AE3F9C67DE
                                          SHA-256:AFE52751EF072E8E57149CFC8A74DC38E4E2BBFB313618076FA57094652594E2
                                          SHA-512:D0BC69F04490BA5B312223F10D854E8ED6BCEFF8F58E45FA0C7C0DB304B4D912A3BE565E02FE858459E49EBFCA4665677CF66A2137F6754C3A4A573076100291
                                          Malicious:false
                                          Preview:from typing import List, Optional...def main(args: Optional[List[str]] = None) -> int:. """This is preserved for old console scripts that may still be referencing. it... For additional details, see https://github.com/pypa/pip/issues/7498.. """. from pip._internal.utils.entrypoints import _wrapper.. return _wrapper(args).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4339
                                          Entropy (8bit):4.78736796617486
                                          Encrypted:false
                                          SSDEEP:96:mkwC9i3293+/9QZRaCo4gR8+Gt68rly/tRDSg:m8ieRZRaD4g8+GEYly/tVSg
                                          MD5:3A438AE5A4F53D86071F39E033A9239D
                                          SHA1:27F3DDFC360D5F981F11DAE326EDE574B7519713
                                          SHA-256:F695375B7B3EE87B6316E62159C2D36159926B38A494FBFB936C7CA7B5F51A60
                                          SHA-512:0FAE6D35237331D6875CC927E3FAE4DF680D178D66B11571B7BAB988F5244D77497209A579B0AAE837575019B013B12F0963B6E5321D768CD1DBCFA2C2DDDFA5
                                          Malicious:false
                                          Preview:import contextlib.import functools.import os.import sys.from typing import TYPE_CHECKING, List, Optional, Type, cast..from pip._internal.utils.misc import strtobool..from .base import BaseDistribution, BaseEnvironment, FilesystemWheel, MemoryWheel, Wheel..if TYPE_CHECKING:. from typing import Literal, Protocol.else:. Protocol = object..__all__ = [. "BaseDistribution",. "BaseEnvironment",. "FilesystemWheel",. "MemoryWheel",. "Wheel",. "get_default_environment",. "get_environment",. "get_wheel_distribution",. "select_backend",.]...def _should_use_importlib_metadata() -> bool:. """Whether to use the ``importlib.metadata`` or ``pkg_resources`` backend... By default, pip uses ``importlib.metadata`` on Python 3.11+, and. ``pkg_resourcess`` otherwise. This can be overridden by a couple of ways:.. * If environment variable ``_PIP_USE_IMPORTLIB_METADATA`` is set, it. dictates whether ``importlib.metadata`` is used, regardless of Python. ver

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5872
                                          Entropy (8bit):5.376753953353462
                                          Encrypted:false
                                          SSDEEP:96:pBHxwC9i3293+eNaYgrKSVf94Gtlv5rVv/75DHRm97oLwB:pBHJiedNaYKJVF4GbvRp/7txm970wB
                                          MD5:3EA05939EA98028E5C4801AAEB4BB1B1
                                          SHA1:926F20F1D0694982CF04D1C93F9A0C63892D500B
                                          SHA-256:8E34195551BB42C96C440E863A6120189A67323386C52026727F76A5AC2E1D87
                                          SHA-512:A7A17071D14462BC7A42F27CD7502FC7950FE48748F3A95C3BD8B4C068C5EEE6BC9AC290F6EC5363CB74268AFD9D5ADC234FF022D301BAED450EB68B02536A51
                                          Malicious:false
                                          Preview:...........f..........................H.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...e.r.d.d.l.m.Z.m.Z...n.e.Z.g.d...Z.d.e.f.d...Z...G.d...d.e.........Z...e.j2..................d...........d.e.f.d...........Z.d.e.f.d...Z.d.e.e.e.........d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.d.e.f.d...Z.d.e d.e.d.e.d.e.f.d...Z!y.)......N)...TYPE_CHECKING..List..Optional..Type..cast)...strtobool.....)...BaseDistribution..BaseEnvironment..FilesystemWheel..MemoryWheel..Wheel)...Literal..Protocol).r....r....r....r....r......get_default_environment..get_environment..get_wheel_distribution..select_backend..returnc.....................$.....t.........j...................t.........t.................5...t.........t.........t.........j...................d.....................c.d.d.d...........S.#.1.s.w...Y.....n.x.Y.w.t.........j...................d.k...r.y.d.d.l.}.t.........t.........|.j...................d.d.................S.).a....Whether to use the ``i

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\__pycache__\_json.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2865
                                          Entropy (8bit):5.69018489945258
                                          Encrypted:false
                                          SSDEEP:48:T9Zmmf2mPP2X8mbQlui0E7Z7XiLKRZEZvxvu3JA/6OH/haRm4wDf0s4Vk/0b:T9hf2mPpW24E7Z7yLIEZJvWJ0tfh1Dfo
                                          MD5:E4F34816736EEF24B87BEF91FCA37BE1
                                          SHA1:4CC4FBB58049AF796746E120B347A6DB5393C346
                                          SHA-256:B13B26666AE9FBBB7152236BC17518F67CC5895BDCB524F427FFF5E2798C4C08
                                          SHA-512:2904F9B5DB340F30B95360AB74CF29A353335E6828C11DFF3C8D18C53A5DDAB357F176D27CEA22885E77F5117CB910817E9588B133FBAD656C2E746FD61C78D6
                                          Malicious:false
                                          Preview:...........fC.........................n.....d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...g.d...Z.d.e.d.e.f.d...Z.d.e.d.e.e.e.f.....f.d...Z.y.)......)...Header..decode_header..make_header)...Message)...Any..Dict..List..Union).).z.Metadata-VersionF)...NameF)...VersionF)...DynamicT)...PlatformT).z.Supported-PlatformT)...SummaryF)...DescriptionF).z.Description-Content-TypeF)...KeywordsF).z.Home-pageF).z.Download-URLF)...AuthorF).z.Author-emailF)...MaintainerF).z.Maintainer-emailF)...LicenseF)...ClassifierT).z.Requires-DistT).z.Requires-PythonF).z.Requires-ExternalT).z.Project-URLT).z.Provides-ExtraT).z.Provides-DistT).z.Obsoletes-DistT..field..returnc.....................B.....|.j...........................j...................d.d.........S.).N..-.._)...lower..replace).r....s.... .UC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/metadata/_json.py..json_namer....%...s..........;.;.=.. .. ...c..*..*.......msgc...........................d.t.........t.........t...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\__pycache__\base.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):35702
                                          Entropy (8bit):5.390027974773208
                                          Encrypted:false
                                          SSDEEP:384:rbWEWQCAaUKs9GYU9UunejwQHCoDXMjLk6cVOZiqZyWWXPq5zh7QyPuAV0hDHA7W:rCAEejwQHCbjLk62OZiqVWXSxhN6h8W
                                          MD5:F985461D28BCE1ADAA6A14055734DC50
                                          SHA1:0BC83DDF5EE68CD1B87C99207AB2519DB33A1C3F
                                          SHA-256:B19F797D1E5E14B6A69ED16BDA8E7F56A1FFB3F278C8E71357DDBCC5BF64BC0A
                                          SHA-512:371BC71B877A9338ECA2B693E7AAD9A0716A5435659736EC74BB8F003757B4431DBD1C797D18A2B1DE91BC771828AB7892B37284D958808A4B201D74CD847BFB
                                          Malicious:false
                                          Preview:...........f3e........................V.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m Z m!Z!..d.d.l"m#Z#..d.d.l$m%Z%m&Z&..d.d.l'm(Z(m)Z)m*Z*..d.d.l+m,Z,..d.d.l-m.Z...d.d.l/m0Z0m1Z1..d.d.l2m3Z3..d.d.l4m5Z5..e.r.d.d.l.m6Z6..n.e7Z6e.e e!f.....Z8e.e9e.jt..................f.....Z;..e.jx..................e=........Z>..G.d...d.e6........Z?d.e.e9d.f.....d.e.e9d.f.....d.e9f.d...Z@..G.d...d.e.........ZA..G.d...d.e6........ZB..G.d...d.........ZC..G.d...d.e6........ZD..G.d ..d!eD........ZE..G.d"..d#eD........ZFy.)$.....N)...IO..TYPE_CHECKING..Any..Collection..Container..Dict..Iterable..Iterator..List..NamedTuple..Optional..Tuple..Union)...Requirement)...InvalidSpecifier..SpecifierSet)...NormalizedName..canonicalize_name)...LegacyVersion..Version)...NoneMetadataError)...site_packages..user_site)...DIRECT_URL_METADATA_NAME..DirectUrl..DirectUrlValidationError)...stdli

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\__pycache__\pkg_resources.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):15780
                                          Entropy (8bit):5.199662885404236
                                          Encrypted:false
                                          SSDEEP:192:nokrNgLQ1P7zPfMwCPcaaUiIXzKo3+b+ESaZGyjty9Z/aodjAKxqc:9BgLCP7z3Mw7NyKbeyjty9dHrxqc
                                          MD5:D7BCB7C370BC50239FF1687285C3EA38
                                          SHA1:8A5B786E5022F244D1F5DF234F5FD72F74189A40
                                          SHA-256:41BBFE744E317BDB43A76768AC84538638E656F3AA7D201A0D74358FBD17EB0D
                                          SHA-512:4E32E069AA4FF133A572F4AFAB07FD0A68C4F22040E7E4FB0E9CED991F2D3398B031F4085ECA70013105355DB24BA40AD0940F86D64494195812C030AC4CA2F2
                                          Malicious:false
                                          Preview:...........f3'........................j.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m Z ..d.d.l!m"Z"m#Z#..d.d.l$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*..g.d...Z+..e.jX..................e-........Z.d.Z/..G.d...d.e.........Z0..G.d...d.........Z1..G.d...d.e%........Z2..G.d...d.e'........Z3y.)......N)...Collection..Iterable..Iterator..List..Mapping..NamedTuple..Optional)...pkg_resources)...Requirement)...NormalizedName..canonicalize_name)...parse)...InvalidWheel..NoneMetadataError..UnsupportedWheel)...egg_link_path_from_location)...display_path..normalize_path)...parse_wheel..read_wheel_metadata_file.....)...BaseDistribution..BaseEntryPoint..BaseEnvironment..DistributionVersion..InfoPath..Wheel)...NAME..Distribution..Environmentr....c.....................,.....e.Z.d.Z.U.e.e.d.<...e.e.d.<...e.e.d.<...y.)...EntryPoint..name..value..groupN)...__name__..__module__..__qualname__..s

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\_json.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2627
                                          Entropy (8bit):4.480026694538661
                                          Encrypted:false
                                          SSDEEP:48:abXOHAkkJ29i/bARRoJ6p/GUKnPF4VZgyRfeg+q9waXmPy8qQjzaFF3TFFot:OXsAnJ2E/6RoJ6p/JiPyAYD+qwaXejqE
                                          MD5:55D212D8C700DDEB044012375AD7B560
                                          SHA1:F2089D3ECDFA459D011D166251904B1AF6CA3964
                                          SHA-256:473E4CE5C89236F213C1A4D047A35F37C4E02A033959F4F0B380FA085927A2F1
                                          SHA-512:DE07561329CD8D733A02DEEFC707467867D3EBABD945CEDDCF642CEF32F29823C47393545BD9F8745CA44BB0764F4C085EC0122B6652DFC55685F0F5E8B67A9F
                                          Malicious:false
                                          Preview:# Extracted from https://github.com/pfmoore/pkg_metadata..from email.header import Header, decode_header, make_header.from email.message import Message.from typing import Any, Dict, List, Union..METADATA_FIELDS = [. # Name, Multiple-Use. ("Metadata-Version", False),. ("Name", False),. ("Version", False),. ("Dynamic", True),. ("Platform", True),. ("Supported-Platform", True),. ("Summary", False),. ("Description", False),. ("Description-Content-Type", False),. ("Keywords", False),. ("Home-page", False),. ("Download-URL", False),. ("Author", False),. ("Author-email", False),. ("Maintainer", False),. ("Maintainer-email", False),. ("License", False),. ("Classifier", True),. ("Requires-Dist", True),. ("Requires-Python", False),. ("Requires-External", True),. ("Project-URL", True),. ("Provides-Extra", True),. ("Provides-Dist", True),. ("Obsoletes-Dist", True),.]...def json_name(field: str) -> str:. return field.l

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\base.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):25907
                                          Entropy (8bit):4.510742658726637
                                          Encrypted:false
                                          SSDEEP:384:b+/p4A7xsYUPhrlPigLnaT5/Q1DX3hTzJxsAT3ZTJXw5uajuH:8BjgbG5YdNz4ATVJXw5uF
                                          MD5:C822C339F8E7369CA654DEC33E98034F
                                          SHA1:C314E363F75351CB40444ABBB4523097079D3C6A
                                          SHA-256:9775A092EE31960AFCB38A7A7D2FB7A90E1028EA4F6D62D1C22E5DF68984146E
                                          SHA-512:EC1B4C9EF8A9651F7F89E10A444987ABDC40B89397706724BF8F5466C9E3D86C7E9DE74D29DF95B5A20EE29A4E9F5198913C47D9BE380FA30E63B7C1F9DE1894
                                          Malicious:false
                                          Preview:import csv.import email.message.import functools.import json.import logging.import pathlib.import re.import zipfile.from typing import (. IO,. TYPE_CHECKING,. Any,. Collection,. Container,. Dict,. Iterable,. Iterator,. List,. NamedTuple,. Optional,. Tuple,. Union,.)..from pip._vendor.packaging.requirements import Requirement.from pip._vendor.packaging.specifiers import InvalidSpecifier, SpecifierSet.from pip._vendor.packaging.utils import NormalizedName, canonicalize_name.from pip._vendor.packaging.version import LegacyVersion, Version..from pip._internal.exceptions import NoneMetadataError.from pip._internal.locations import site_packages, user_site.from pip._internal.models.direct_url import (. DIRECT_URL_METADATA_NAME,. DirectUrl,. DirectUrlValidationError,.).from pip._internal.utils.compat import stdlib_pkgs # TODO: Move definition here..from pip._internal.utils.egg_link import egg_link_path_from_sys_path.from pip._internal.utils.mis

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):135
                                          Entropy (8bit):4.513944228305531
                                          Encrypted:false
                                          SSDEEP:3:1L69SQoWcQNmIFL6uaFMxDdeK6EJJRFo+HrgJDhGQNs2eY3v9MolP:1LmSQzNLlDd1RJADhts2jMi
                                          MD5:994B6EDE7339C2D81DF1EC2FCF571A53
                                          SHA1:E7447ED9C17DB5DF5A9200DA03C4D0B8812CC185
                                          SHA-256:8D4522768C671DC7C84C71DA0161B51B68B97DD058925BFFB89723A36C7B5581
                                          SHA-512:91FF6287AB5B1AB4E81D92D30DC0948E6374908AF5B52CDA4B3E7B89CE84D9A81FDAAE9536914AFBDF9B69EE407425FDD458063B162BD55CE4883E152E43340A
                                          Malicious:false
                                          Preview:from ._dists import Distribution.from ._envs import Environment..__all__ = ["NAME", "Distribution", "Environment"]..NAME = "importlib".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):348
                                          Entropy (8bit):5.283285795482459
                                          Encrypted:false
                                          SSDEEP:6:LvlaicAYbwEBX44J9qXTwWeI+u6qpR2pAreKAfAb6IagwtVpcln:b8KYbzD9qDswWbb8jagEcl
                                          MD5:D517E754797276EEE5EF1099B51E8D01
                                          SHA1:5CB7AB1C6FD8559361F2273CECB268E21CA1D9B0
                                          SHA-256:5763218E2FE01400AA63ACCB61D5245AF9A4E8DC113B302295095A596B0D1346
                                          SHA-512:4C154E1E53C3E97FE30E01310FF0660FDD17827087F03C5800775E039A800774E32741104068DDB2AC160951F2446A656BAFE1E6CE9DADFE8B6E8E1CD475843A
                                          Malicious:false
                                          Preview:...........f..........................(.....d.d.l.m.Z...d.d.l.m.Z...g.d...Z.d.Z.y.)......)...Distribution)...Environment)...NAMEr....r......importlibN)..._distsr......_envsr......__all__r............bC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/metadata/importlib/__init__.py..<module>r........s........... .....1.......r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\__pycache__\_compat.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3323
                                          Entropy (8bit):5.185705519794995
                                          Encrypted:false
                                          SSDEEP:96:1fnN5ESxxn7NKTE+JGuDhv2qDrd65v18Pj:1fnN53352LDhv2Ge1Yj
                                          MD5:E974B0FF44059BB3DFEDBB7F58453519
                                          SHA1:0635418B7048C5AF28A78EF7A42227C969CE6A56
                                          SHA-256:22442C9A6EF36BC80F17F62DB175402F1A67C4014F65274F48CDE1B1EA56EAF8
                                          SHA-512:C34D2F77CF2A404AF5860923503C4750C212F6347204EEA777C23A4DB89C5CDC15F58E19DBE626D1DDAD32C703B23611E43D8C7BB307082C5F34B3D6505A7149
                                          Malicious:false
                                          Preview:...........fZ...............................d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.....G.d...d.e.........Z...G.d...d.e.........Z.d.e.j...................j...................d.e.e.....f.d...Z.d.e.j...................j...................d.e.f.d...Z.y.)......N)...Any..Optional..Protocol..castc.....................T.....e.Z.d.Z.d.e.j...................j...................d.e.d.d.f.d...Z.d.e.f.d...Z.y.)...BadMetadata..dist..reason..returnNc..................... .....|.|._.........|.|._.........y...N..r....r....)...selfr....r....s.... .aC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/metadata/importlib/_compat.py..__init__z.BadMetadata.__init__....s.........................c.....................<.....d.|.j.....................d.|.j.....................d...S.).Nz.Bad metadata in z. (..)r......r....s.... r......__str__z.BadMetadata.__str__....s........!.$.).)...B.t.{.{.m.1..=..=r....)...__name__..__module__..__qualname__..importlib..metadata..Distribution..strr....r......r....r...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\__pycache__\_dists.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13415
                                          Entropy (8bit):5.228341195969033
                                          Encrypted:false
                                          SSDEEP:192:ukio5FXozajvUwHJwPrWst6rSVyfVL+lm54+3ushCj91Ve478:ukiIF8aok+PrWKApVSm5dnhCj91wI8
                                          MD5:F8B119C0B093B82E77B9B45C73C4FF33
                                          SHA1:A8980F975C8599A57850A7C8B3BE673744672426
                                          SHA-256:9B27A66796B15E70E8549F7B66230F1AEB401E2BFD6CE8DA8A3E29E5CD64B428
                                          SHA-512:4C63979127FE6F6AC2F271E68156D6670235554E125E9C37C21F4BCCBDF7A163BA3C6A69DE7274111FFD1218DBFBB42DD8226743210DFF6599A128D67E8E03D3
                                          Malicious:false
                                          Preview:...........fi ........................4.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m Z ..d.d.l!m"Z"..d.d.l#m$Z$..d.d.l%m&Z&m'Z'..d.d.l(m)Z)m*Z*....G.d...d.e.jV..................jX..........................Z-..G.d...d.e.........Z,y.)......N)...Collection..Dict..Iterable..Iterator..Mapping..Optional..Sequence..cast)...Requirement)...NormalizedName..canonicalize_name)...parse)...InvalidWheel..UnsupportedWheel)...BaseDistribution..BaseEntryPoint..DistributionVersion..InfoPath..Wheel)...normalize_path)...TempDirectory)...parse_wheel..read_wheel_metadata_file.....)...BasePath..get_dist_namec...........................e.Z.d.Z.d.Z.d.e.e.j...................e.f.....d.e.j...................d.d.f.d...Z.e.d.e.j...................d.e.d.e.d.d.f.d...........Z.d.e.d.e.e.j.......................f.d...Z.d.e.d.e.e.....f.d...Z.y.)...WheelDistributiona....An ``importlib.metadata.Distributi

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\__pycache__\_envs.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):11170
                                          Entropy (8bit):5.4606087705741
                                          Encrypted:false
                                          SSDEEP:192:2YRtDHS4ArSYer719Rzhp0AArfoQpe3bKaHvc5wy1MO9H8xtxk2y2sCLA3vs:2Z4YYhDzhp5ArANrKaP5IMO9H8xHzcCB
                                          MD5:907D80182C1BD77136073582FBED034A
                                          SHA1:61AF9D6ABE45DCBAF88E9382F0453AB2ED6C34A5
                                          SHA-256:6AEC0C3CE79053CA0970D1AF7B8E1C3E07F82E1A9D994D0817CC83A23CC69E22
                                          SHA-512:8C6B8D0D63507B57883B9BED4DA3F4DA9E9F77F92744612AE3E1EEBAF3C8E517567F63522464DC90A9838C4CE345412CFE8B99BB073362F2570E696FCE38534F
                                          Malicious:false
                                          Preview:...........f .........................l.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m Z ..d.d.l!m"Z"....e.jF..................e$........Z%d.e&d.e'f.d...Z(..G.d...d.........Z)..e.jT..................d...........d.e.e&....d.d.f.d...........Z+..G.d...d.e.........Z,y.)......N)...Iterator..List..Optional..Sequence..Set..Tuple)...NormalizedName..canonicalize_name)...BaseDistribution..BaseEnvironment)...Wheel....deprecated)...WHEEL_EXTENSION.....)...BadMetadata..BasePath..get_dist_name..get_info_location)...Distribution..location..returnc...........................|.j...................t.................s.y.t.........j...................j...................|.........s.y.t.........j...................j...................t.........j...................j...................|.................s.y.t.........j...................|.........S.).NF)...endswithr.....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\_compat.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1882
                                          Entropy (8bit):4.602899198329515
                                          Encrypted:false
                                          SSDEEP:48:Vu5TvCOOJGAx1Mzc2qwgrdi87bF/6S118ZsCEmn:VuZeJGuwc2qDrdhX5v1gamn
                                          MD5:868E0CB17D54C2243F5F83B20268B8CB
                                          SHA1:C14B0C6281F758B43FB481B2E0AEFDB447A07E54
                                          SHA-256:1807BFA6B21F084E2253296B9EBFF67494659240554546CE89D128203ECB3E81
                                          SHA-512:2FDE33A9380FE437DD64FEDA942A9AA18EF7A16D3FE99B25851A986E7191A2287C1C803B768F1A9D74040F9A9CA81B2EA349029EC558C5500F580F04E81F7522
                                          Malicious:false
                                          Preview:import importlib.metadata.from typing import Any, Optional, Protocol, cast...class BadMetadata(ValueError):. def __init__(self, dist: importlib.metadata.Distribution, *, reason: str) -> None:. self.dist = dist. self.reason = reason.. def __str__(self) -> str:. return f"Bad metadata in {self.dist} ({self.reason})"...class BasePath(Protocol):. """A protocol that various path objects conform... This exists because importlib.metadata uses both ``pathlib.Path`` and. ``zipfile.Path``, and we need a common base for type hints (Union does not. work well since ``zipfile.Path`` is too new for our linter setup)... This does not mean to be exhaustive, but only contains things that present. in both classes *that we need*.. """.. @property. def name(self) -> str:. raise NotImplementedError().. @property. def parent(self) -> "BasePath":. raise NotImplementedError()...def get_info_location(d: importlib.metadata.Distribution) ->

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\_dists.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):8297
                                          Entropy (8bit):4.532947846517071
                                          Encrypted:false
                                          SSDEEP:96:wV/IFzf7wLao/k2oPIU58MrweBGWqD8JklAWaV8s455l6Ow51Y2Zn:wVAJc+o/BorCMrw/AxVzoJw7Ysn
                                          MD5:420DDAA2C0D5E2B00A0943680DAED63C
                                          SHA1:FBFC2FC17E02A9C351968789E159C4AAD2AC5EB9
                                          SHA-256:50F975C14BA316A8B08A5B51275B4C178D9644834ED6C4A934D958436997D269
                                          SHA-512:30415907241FA13E17FD81E8E4F174DEF734B8F38C6B0BB97B7E0483EF04D6EA573B63E2B4DBAEBBA729645CFAA5DB8BB9CFDBA960FAD80F636547ED2551A40C
                                          Malicious:false
                                          Preview:import email.message.import importlib.metadata.import os.import pathlib.import zipfile.from typing import (. Collection,. Dict,. Iterable,. Iterator,. Mapping,. Optional,. Sequence,. cast,.)..from pip._vendor.packaging.requirements import Requirement.from pip._vendor.packaging.utils import NormalizedName, canonicalize_name.from pip._vendor.packaging.version import parse as parse_version..from pip._internal.exceptions import InvalidWheel, UnsupportedWheel.from pip._internal.metadata.base import (. BaseDistribution,. BaseEntryPoint,. DistributionVersion,. InfoPath,. Wheel,.).from pip._internal.utils.misc import normalize_path.from pip._internal.utils.temp_dir import TempDirectory.from pip._internal.utils.wheel import parse_wheel, read_wheel_metadata_file..from ._compat import BasePath, get_dist_name...class WheelDistribution(importlib.metadata.Distribution):. """An ``importlib.metadata.Distribution`` read from a wheel... Although ``importlib.m

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\importlib\_envs.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):7456
                                          Entropy (8bit):4.438434499132661
                                          Encrypted:false
                                          SSDEEP:192:oL4LS4ArV0a94hpVLTUKNBo4XxcnXLBWa:o94c4hpVLYKNK+4Bz
                                          MD5:DEB78E4A0BC1E78858B6836A8697F58D
                                          SHA1:02DA419A727D5C6BAC5CCFEB9FA2B6EC90929E0C
                                          SHA-256:5D36852181113F6245D10519B8FC761138AE8176CF11C67CABC64A7A1B7A2E97
                                          SHA-512:C251C5236F859AFBAD12C563F796E469CB10E20ECED6908F02806FB3F10DF994769DA27CA4AC68F0D423C485938141D1B39A9BD336B9D4AA66A40C9390860844
                                          Malicious:false
                                          Preview:import functools.import importlib.metadata.import logging.import os.import pathlib.import sys.import zipfile.import zipimport.from typing import Iterator, List, Optional, Sequence, Set, Tuple..from pip._vendor.packaging.utils import NormalizedName, canonicalize_name..from pip._internal.metadata.base import BaseDistribution, BaseEnvironment.from pip._internal.models.wheel import Wheel.from pip._internal.utils.deprecation import deprecated.from pip._internal.utils.filetypes import WHEEL_EXTENSION..from ._compat import BadMetadata, BasePath, get_dist_name, get_info_location.from ._dists import Distribution..logger = logging.getLogger(__name__)...def _looks_like_wheel(location: str) -> bool:. if not location.endswith(WHEEL_EXTENSION):. return False. if not os.path.isfile(location):. return False. if not Wheel.wheel_file_re.match(os.path.basename(location)):. return False. return zipfile.is_zipfile(location)...class _DistributionFinder:. """Finder to loca

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\metadata\pkg_resources.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):10035
                                          Entropy (8bit):4.503412051370959
                                          Encrypted:false
                                          SSDEEP:192:wtr9aOs71L0KaDjLPddsa5Il5xNIWTbBpb373WX/FxY5of:wtBaO0AH7EFTH3UxYG
                                          MD5:897E459520E104211FC347EA05C760CF
                                          SHA1:2C5FD18665771B95A89E6C14EBE587FF3A5B4B93
                                          SHA-256:A298F0E08052A87BE27BAB1727F71B4F8DA67B28283C451F354449B96658EEC9
                                          SHA-512:2837EAFFD82F35A9DD8A5478D00E472E8E496AB8B17FE5141FFB155558652216EB1FC770C0CD17307F32F3800AAFD0DF399C4DB7E78C89A05DACD653D6C77E96
                                          Malicious:false
                                          Preview:import email.message.import email.parser.import logging.import os.import zipfile.from typing import Collection, Iterable, Iterator, List, Mapping, NamedTuple, Optional..from pip._vendor import pkg_resources.from pip._vendor.packaging.requirements import Requirement.from pip._vendor.packaging.utils import NormalizedName, canonicalize_name.from pip._vendor.packaging.version import parse as parse_version..from pip._internal.exceptions import InvalidWheel, NoneMetadataError, UnsupportedWheel.from pip._internal.utils.egg_link import egg_link_path_from_location.from pip._internal.utils.misc import display_path, normalize_path.from pip._internal.utils.wheel import parse_wheel, read_wheel_metadata_file..from .base import (. BaseDistribution,. BaseEntryPoint,. BaseEnvironment,. DistributionVersion,. InfoPath,. Wheel,.)..__all__ = ["NAME", "Distribution", "Environment"]..logger = logging.getLogger(__name__)..NAME = "pkg_resources"...class EntryPoint(NamedTuple):. name: str.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):63
                                          Entropy (8bit):4.022085131599381
                                          Encrypted:false
                                          SSDEEP:3:sJlRFQviFIaqtPjuqOfv:s7+CoJOfv
                                          MD5:F4122DF11215E5CC0F203F0C4B9238E9
                                          SHA1:AF1B34A8655A6A39832635A34DCBC060412ED6CB
                                          SHA-256:DC31D477FAB1A4FA337F3A2EA2A6BD83DB6CD42CEBE6A6877C5C5B9F1AE27A93
                                          SHA-512:C836375798F4D4BAB31E84974C93F930B7975DD126E0A6AEB4239D32D74985D091FD82EC7F9260167F243C3FF27B513681E623D74830489DEEBC20CEE9A3C3AB
                                          Malicious:false
                                          Preview:"""A package that contains models that represent entities..""".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):256
                                          Entropy (8bit):5.153225061307841
                                          Encrypted:false
                                          SSDEEP:6:LMaCCyc+CoJOh/Z6B0WltE+u6qpR2pAreKAjQ6IaYleHXlll:QaCCwCou6BvPEWbbjQjaYkH1ll
                                          MD5:754DA060A8AD6AFF38F613D0C7AB8AF2
                                          SHA1:BFD4F5990B45A51B58FE703AC3D649E96012A83B
                                          SHA-256:C505739DF6B59B74A00CAFE3D16A3998265C2EB89F8CEA780AF5095DF3638886
                                          SHA-512:1611C6A2BE9C515631DBFC8569C95DE5A0EFC2B6A71D0F3702C909F1EA8008E7AE04AE8713356744075CEE2F572644E726E96B6B329C0F4AD5AD6850520D4143
                                          Malicious:false
                                          Preview:...........f?...............................d.Z.y.).z8A package that contains models that represent entities..N)...__doc__........VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/models/__init__.py..<module>r........s..............r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\candidate.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1895
                                          Entropy (8bit):5.154890151293225
                                          Encrypted:false
                                          SSDEEP:48:OjxagUy0rnSEddyfGqfI0Xk0rw/z0rlNVk0riKaw8G0rUAqg6STqxtX+k:Oxa3SYdy+sbXF5lNVFTJ8TUQ6STqLV
                                          MD5:0BDBF3B34E6175BD830C9ABDDABE5659
                                          SHA1:F6454EF9498981F3CEA8A2C829D6F4CBE2CC0DED
                                          SHA-256:65530220EEA813F65FDBA4E704E65B71257F2BA74CE6F6B4101A92BDA583C2EF
                                          SHA-512:9A0753AD6EC120D1FBF9F50FBC5524010827085C43366541F89C78ABBDCAFA9613C996FEA375B1BEB46390B5F93482248563991BD22EE50A65FFF0448D7A2674
                                          Malicious:false
                                          Preview:...........f..........................>.....d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.........Z.y.)......)...parse)...Link)...KeyBasedCompareMixinc.....................T.......e.Z.d.Z.d.Z.g.d...Z.d.e.d.e.d.e.d.d.f...f.d...Z.d.e.f.d...Z.d.e.f.d...Z...x.Z.S.)...InstallationCandidatez4Represents a potential "candidate" for installation.....name..version..linkr....r....r......returnNc............................|.|._.........t.........|.........|._.........|.|._.........t...........|.....|.j...................|.j...................|.j...................f.t.....................y.).N)...key..defining_class).r......parse_versionr....r......super..__init__r....)...selfr....r....r......__class__s.... ..WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/models/candidate.pyr....z.InstallationCandidate.__init__....sH...............$.W..-...........................D.L.L.$.).)..4..0...............c.....................d.....d.j...................|.j...................|.j.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\direct_url.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):11189
                                          Entropy (8bit):5.126676106159939
                                          Encrypted:false
                                          SSDEEP:192:fHHqV0W5moPAf0rJbANNiIMtCf2tE7cit+Gqyzm:fHHqV0WEoYf0rJbAjf2Fit32
                                          MD5:605C29BC18E27945D769AFA483706E65
                                          SHA1:478940EDA54A8EC32BD76094A84969B8905EBC01
                                          SHA-256:760221AEBE2A84338F717779E957E3EB3232FE3F4376BAF6257077247E4E6D41
                                          SHA-512:6B32728466BF1950C5D0F4223B43EB9B1EF1ED98F1EED7741DABB167B11341804F4399B55362F65F5590DB3F86D16FA2C8FC719A923AF9534D09B58A2880C7C2
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...g.d...Z...e.d.........Z.d.Z...e.j ..................d.........Z...G.d...d.e.........Z...d.d.e.e.e.f.....d.e.e.....d.e.d.e.e.....d.e.e.....f.d...Z...d.d.e.e.e.f.....d.e.e.....d.e.d.e.e.....d.e.f.d...Z.d.e.e.d.........d.d.f.d...Z.d.e.d.e.e.e.f.....f.d...Z...G.d...d.........Z...G.d...d.........Z...G.d...d.........Z.e.e.e.e.f.....Z...G.d...d.........Z.y.).z. PEP 610 .....N)...Any..Dict..Iterable..Optional..Type..TypeVar..Union)...DirectUrl..DirectUrlValidationError..DirInfo..ArchiveInfo..VcsInfo..Tz.direct_url.jsonz.^\$\{[A-Za-z0-9-_]+\}(:\$\{[A-Za-z0-9-_]+\})?$c...........................e.Z.d.Z.y.).r....N)...__name__..__module__..__qualname__........XC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/models/direct_url.pyr....r........s.........r....r......d..expected_type..key..default..returnc.....................\.....|.|.v.r.|.S.|.|.....}.t.........|.|.........s

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\format_control.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4217
                                          Entropy (8bit):5.2312244533066306
                                          Encrypted:false
                                          SSDEEP:48:qDaQLfBUJseVokjttPxZXV9eahDswPsxhWtMM4/nG3njANsR+YCFwEnP6WYmvU3r:2Z0okptZL9ywUxctMo3cNw+n7P6WYmWp
                                          MD5:08BBE583553E98D83F398C1590D6837D
                                          SHA1:9BC85D989698EB85CB2A8F98B8FCC89172D8F7C2
                                          SHA-256:3EC5C8327EC8E962464210C1611D5E0E5E51175CA1A38C54C32595F2F0E425B2
                                          SHA-512:5E5886B54CBB52A9682FEC9DE4DDFD525FF3D2E65E293BC58C78281895D757B01B6BDB21B29A6BBF04E14CB426467B135B8063C2B22988D4BE09945401935124
                                          Malicious:false
                                          Preview:...........f..........................D.....d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.........Z.y.)......)...FrozenSet..Optional..Set)...canonicalize_name)...CommandErrorc..........................e.Z.d.Z.d.Z.d.d.g.Z.....d.d.e.e.e.........d.e.e.e.........d.d.f.d...Z.d.e.d.e.f.d...Z.d.e.f.d...Z.e.d.e.d.e.e.....d.e.e.....d.d.f.d...........Z.d.e.d.e.e.....f.d...Z.d.d...Z.y.)...FormatControlzBHelper for managing formats from which a package can be installed...no_binary..only_binaryN..returnc.....................P.....|...t.................}.|...t.................}.|.|._.........|.|._.........y...N)...setr....r....)...selfr....r....s.... .\C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/models/format_control.py..__init__z.FormatControl.__init__....s-...................I..........%.K.."......&............otherc..............................t.............j...........................s.t.........S...j.....................j...................k7..r.y.t.........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\index.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1684
                                          Entropy (8bit):5.165041156712179
                                          Encrypted:false
                                          SSDEEP:48:d+7U1jaofQjeJE/886x8wA0q7o5BZYj8V4:d6uakQjGSH6x8whP58v
                                          MD5:BE9914EDFF0AC785131E0471D3B47D6A
                                          SHA1:B68868BB742E575E78F798E6C99F18B8C77AF5C3
                                          SHA-256:1E16C9086C8F88E44EF614AAEFC329868A5E5FBA7F96733D0D1E63424ECAC747
                                          SHA-512:3A5D408E79D42BA5C0E8954727ED99D347964BCFB9EEEA20EA19251C3D51625EFB5BABA03F14FD6C9A1D196A636345E92E6E31021DE41EAEE4BD204B72F19F5B
                                          Malicious:false
                                          Preview:...........f..........................H.....d.d.l.Z...G.d...d.........Z...e.d.d...........Z...e.d.d...........Z.y.)......Nc.....................H.......e.Z.d.Z.d.Z.g.d...Z.d.e.d.e.d.d.f...f.d...Z.d.e.d.e.f.d...Z...x.Z.S.)...PackageIndexzBRepresents a Package Index and provides easier access to endpoints)...url..netloc..simple_url..pypi_url..file_storage_domainr....r......returnNc.............................t...........|...............|.|._.........t.........j...................j...................|.........j...................|._.........|.j...................d.........|._.........|.j...................d.........|._.........|.|._.........y.).N..simple..pypi)...super..__init__r......urllib..parse..urlsplitr......_url_for_pathr....r....r....)...selfr....r......__class__s.... ..SC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/models/index.pyr....z.PackageIndex.__init__....s_............................l.l..+..+.C..0..7..7.........,..,.X..6.........*..*.6..2.......$7

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\installation_report.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2262
                                          Entropy (8bit):5.222401570770334
                                          Encrypted:false
                                          SSDEEP:48:eY/mKpX2g6Y0RU1vEmFqLaGPpvhzRwLIWQGSKHOT8Dd43Zz7gsS:UnDU1vKaMh1wEWQGshE
                                          MD5:CEF3DC9D5542F6560A4D87BE095E248D
                                          SHA1:44CF27296E1B40BC85077D402D4DC599BEFF3717
                                          SHA-256:C4F07A4812C044BEC648F1ABD62BDE742664497D0E4FFAA0480D7A672CF7499C
                                          SHA-512:AE8B814331090A985A7DC277BF66A3CA8FE9DDA141664760B9A133680F665151E03FAEB57B48DB31BC70AA2158924AB63C793BB8C5BECC647FDF5FDD99C04E82
                                          Malicious:false
                                          Preview:...........f..........................P.....d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.........Z.y.)......)...Any..Dict..Sequence)...default_environment)...__version__)...InstallRequirementc.....................X.....e.Z.d.Z.d.e.e.....f.d...Z.e.d.e.d.e.e.e.f.....f.d...........Z.d.e.e.e.f.....f.d...Z.y.)...InstallationReport..install_requirementsc...........................|.|._.........y.).N)..._install_requirements)...selfr....s.... .aC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/models/installation_report.py..__init__z.InstallationReport.__init__....s.......%9....".......ireq..returnc.....................n.....|.j...................s.J.d.|...............|.j...................j...........................|.j...................|.j...................r.|.j...................j...................n.d.|.j...................|.j...........................j...................d...}.|.j...................r$|.j...................r.t.........|.j.........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\link.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):25992
                                          Entropy (8bit):5.334771286203061
                                          Encrypted:false
                                          SSDEEP:384:uNqtIOjWxGjlTN2yEARn3AXb74U10iXyZi617+mRVH4aIZT3QtL8CmVC3:fIUWkjJVEARnQXbEU10l15ROaIZzQtIA
                                          MD5:AC3B884AB4B2A3F1EAFAFD3601CCFDBE
                                          SHA1:854297B495EBD3AEA95FE85D827E0526FCBF24A2
                                          SHA-256:0226A0049FD36D6298F5165753C42DDE782FD5159CC83E6041558082102B5076
                                          SHA-512:D437C5F27A589A0F14C4ABEDB79E0BF55C44BBEC2119A6E6E40FF882A91DF003B4EFA385F45BE612B28B4041D83B71E66780E862999E2569E8F8BFC0E50D6605
                                          Malicious:false
                                          Preview:...........f)Q.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m Z ..d.d.l!m"Z"m#Z#..e.r.d.d.l$m%Z%....e.jL..................e'........Z(d.Z)..e.d.............G.d...d.................Z*..e.d.............G.d...d.................Z+d.e.e.e,e,f.........d.e.e.e,e,f.........f.d...Z-d.e,d.e,f.d...Z.d.e,d.e,f.d...Z/..e.j`..................d.e.jb..........................Z2d.e,d.e3d.e,f.d...Z4d.e,d.e,f.d...Z5..G.d...d.e ........Z6..G.d ..d!e.........Z7d"e6d.e7f.d#..Z8..e.jr..................d..$........d%e6d&e6d.e3f.d'..........Z:y.)(.....N)...dataclass)...TYPE_CHECKING..Any..Dict..List..Mapping..NamedTuple..Optional..Tuple..Union)...deprecated)...WHEEL_EXTENSION)...Hashes)...pairwise..redact_auth_from_url..split_auth_from_netloc..splitext)...KeyBasedCompareMixin)...path_to_url..url_to_path)...IndexContent)...sha512..sha384..sha256..sha22

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\scheme.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1159
                                          Entropy (8bit):5.387283603093897
                                          Encrypted:false
                                          SSDEEP:24:WCmaThRLwHUp/tlt2FCry16xOpm6O1bt/iRBmRRD/hoKhklRT:tmAhRLw0p/tQCWm96iiRiRbhrsT
                                          MD5:89BF541CEAD98DCDC4615E5CB326947C
                                          SHA1:95F09E30CBCEBCF1E52CA6AAEDAAB228491187C0
                                          SHA-256:BF048B43A38494902B63A6A1FD8D83444B1A276F13C62968023492A1DA3FB91C
                                          SHA-512:707CCC96F5F9B6D9EEFE4339A0FD96F94065138A5B63CFBE1A151609FF2D9724961CDF17EF79DD17BF5A20650AA51528FE85F79A96195B71AE9AE1B7B9924D24
                                          Malicious:false
                                          Preview:...........f..........................$.....d.Z.g.d...Z...G.d...d.........Z.y.).z..For types associated with installation schemes...For a general overview of available schemes and their context, see.https://docs.python.org/3/install/index.html#alternate-installation......platlib..purelib..headers..scripts..datac.....................4.....e.Z.d.Z.d.Z.e.Z.d.e.d.e.d.e.d.e.d.e.d.d.f.d...Z.y.)...SchemeztA Scheme holds paths which are used as the base directories for. artifacts associated with a Python package.. r....r....r....r....r......returnNc.....................J.....|.|._.........|.|._.........|.|._.........|.|._.........|.|._.........y.).Nr....)...selfr....r....r....r....r....s.... .TC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/models/scheme.py..__init__z.Scheme.__init__....s'...............................................)...__name__..__module__..__qualname__..__doc__..SCHEME_KEYS..__slots__..strr......r....r....r....r........sM................I....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\search_scope.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5078
                                          Entropy (8bit):5.311109865247903
                                          Encrypted:false
                                          SSDEEP:96:LkVEGeVpoT8SQ3ZgilOrmc1rfQyXsPlN24lUz:gVE3YT8jSVrmsrfQFNdUz
                                          MD5:7AC7C82D83A50BB83BD8D275E180885D
                                          SHA1:67352C32FFF022DDDBCA2AB2F4AB3BDC09044ABC
                                          SHA-256:9B228033D0A2B10D608108EA7CE76449B29975D8DB0222FFCE8F04E9B41FF343
                                          SHA-512:C99810EB5DFAB8A98393FFF5E972BC6F016F2FAC33FE2C3EC1BEBC2DEAA9B80A255F6F58C58761A8E2FA2EE163B8C4360404B74AC46E0B376BC47D718699A308
                                          Malicious:false
                                          Preview:...........f#..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.....e.j"..................e.........Z...G.d...d.........Z.y.)......N)...List)...canonicalize_name)...PyPI)...has_tls)...normalize_path..redact_auth_from_urlc..........................e.Z.d.Z.d.Z.g.d...Z.e.d.e.e.....d.e.e.....d.e.d.d.f.d...........Z.d.e.e.....d.e.e.....d.e.d.d.f.d...Z.d.e.f.d...Z.d.e.d.e.e.....f.d...Z.y.)...SearchScopezF. Encapsulates the locations that pip is configured to search.. ....find_links..index_urls..no_indexr....r....r......returnc..........................g.}.|.D.]P..}.|.j...................d.........r,t.........|.........}.t.........j...................j...................|.........r.|.}.|.j...................|............R..t.................s`t.........j...................|.|.........D.]G..}.t.........j...................j...................|.........}.|.j...................d.k(..s..2t.........j.........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\selection_prefs.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1841
                                          Entropy (8bit):5.389132342957939
                                          Encrypted:false
                                          SSDEEP:24:QRybOqWwftwOBQ8GYLJ/QoRI8abkJ4eMQKuIgrGIpshf/PgS08hb9Lh0QRELfU4S:QPitTu43ekdze/DznF0iAfFuiS/Vi0
                                          MD5:999B7F47F1D7AD4D648B9A9F7BD3F97F
                                          SHA1:E18C6EEAD061A773C25DF1AE56478E144E70386A
                                          SHA-256:D9460007F8049F22938D31F7AF11485E41EE7FBAA608E7F5C456C92398C7FE34
                                          SHA-512:82846A02C3FC91579C9BE5AE410E0BD0FA427D895595EDFE485B4158E79AB3A2F14847ABC2F7718CF65D8D2A32FEB75CAAA4DB8FF88163BA4961442E5758E8D8
                                          Malicious:false
                                          Preview:...........fs.........................0.....d.d.l.m.Z...d.d.l.m.Z.....G.d...d.........Z.y.)......)...Optional)...FormatControlc.....................N.....e.Z.d.Z.d.Z.g.d...Z.........d.d.e.d.e.d.e.e.....d.e.d.e.e.....d.d.f.d...Z.y.)...SelectionPreferenceszd. Encapsulates the candidate selection preferences for downloading. and installing files.. ....allow_yanked..allow_all_prereleases..format_control..prefer_binary..ignore_requires_pythonNr....r....r....r....r......returnc.....................R.....|...d.}.|.|._.........|.|._.........|.|._.........|.|._.........|.|._.........y.).aw...Create a SelectionPreferences object... :param allow_yanked: Whether files marked as yanked (in the sense. of PEP 592) are permitted to be candidates for install.. :param format_control: A FormatControl object or None. Used to control. the selection of source packages / binary packages when consulting. the index and links.. :param prefer_binary:

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\target_python.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4944
                                          Entropy (8bit):5.389472988338521
                                          Encrypted:false
                                          SSDEEP:96:/U3AIuKf+/statQpclT9TNcibB07BCjYf9KecqNna:8QIP+6l23T6it0kYfDna
                                          MD5:BAC94E3C590B5E0D826794BBB091571A
                                          SHA1:3B1C757E177AB256D0C41090A7210D2A87FB5386
                                          SHA-256:5800F52DD6DEA20311032D738FC286E1F9ACA4B86EB31A5359FE3ECF2FCE795B
                                          SHA-512:A2C7449FB2CDA52B31361BEE88F703FF9BC36D513149CE79B211D3DC19B6910DFA22764911A1A25D70AAF71CD6644CDBCC6B787BCB0DE5FF527D1F79FE3F1C7B
                                          Malicious:false
                                          Preview:...........f..........................`.....d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....G.d...d.........Z.y.)......N)...List..Optional..Set..Tuple)...Tag)...get_supported..version_info_to_nodot)...normalize_version_infoc..........................e.Z.d.Z.d.Z.g.d...Z.........d.d.e.e.e.........d.e.e.e.d.f.........d.e.e.e.........d.e.e.....d.d.f.d...Z.d.e.f.d...Z.d.e.e.....f.d...Z.d.e.e.....f.d...Z.y.)...TargetPythonzx. Encapsulates the properties of a Python interpreter one is targeting. for a package install, download, etc.. )..._given_py_version_info..abis..implementation..platforms..py_version..py_version_info.._valid_tags.._valid_tags_setNr....r.....r....r......returnc...........................|.|._.........|...t.........j...................d.d...}.n.t.........|.........}.d.j...................t.........t.........|.d.d...................}.|.|._.........|.|._.........|.|._.........|.|._.........|.|._.........d.|._.........d.|._.........y.).a<...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\__pycache__\wheel.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5770
                                          Entropy (8bit):5.457759406798809
                                          Encrypted:false
                                          SSDEEP:96:wH5zh3eUmKGhFT+p8NTyjK/GNLbcUGTm541Sp:wb3eULc8pEyjK/GRchT5O
                                          MD5:2FD08F6D3310310053687EC62F4F855D
                                          SHA1:96DA1F531528C1B942C3A068995AAF36184915E4
                                          SHA-256:E67111D0F44DBDE121190767F754B8733F3329A42F6305FB9A58C04FB6B44C19
                                          SHA-512:6288FDA334D6142A7621FCB3C83930B72C32DBA2D6799C5CA274E6776789B3A1CE64818AA64B7651B124FD90BE76ED9AF94DF4A2C5732843EE4706071564CD8F
                                          Malicious:false
                                          Preview:...........f..........................P.....d.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.........Z.y.).z`Represents a wheel file and provides access to the various parts of the.name that have meaning.......N)...Dict..Iterable..List)...Tag)...InvalidWheelFilenamec..........................e.Z.d.Z.d.Z...e.j...................d.e.j...........................Z.d.e.d.d.f.d...Z.d.e.e.....f.d...Z.d.e.e.....d.e.f.d...Z.d.e.e.....d.e.e.e.f.....d.e.f.d...Z.d.e.e.....d.e.f.d...Z.y.)...Wheelz.A wheel filez.^(?P<namever>(?P<name>[^\s-]+?)-(?P<ver>[^\s-]*?)). ((-(?P<build>\d[^-]*?))?-(?P<pyver>[^\s-]+?)-(?P<abi>[^\s-]+?)-(?P<plat>[^\s-]+?). \.whl|\.dist-info)$..filename..returnNc..........................|.j...................j...................|.........}.|.s.t.........|...d.............|.|._.........|.j...................d.........j...................d.d.........|._.........|.j...................d.........j...................d.d.........|._.........|.j........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\candidate.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):931
                                          Entropy (8bit):4.47254445210143
                                          Encrypted:false
                                          SSDEEP:24:1TLX4xHtjZk0reEeSErPYZAx07MSim0rcg0rvWbUaH:toN+0rehSEKg7E0rcg0r0UA
                                          MD5:19D6ACE84BB3505BD0C0555DFCD2D7D8
                                          SHA1:0F95933E28B70D16841D840B5025FE75F6264337
                                          SHA-256:8443EEF15746139A95012BFABCBCFE47E460879FBB2CC6DA8B58E0B6130277C3
                                          SHA-512:FC7AD543C2FAE0A914447564540F11B5E97F01E61D0160DFA054BDC1927C97F41A2A8992B2DD43D9CEBA9D8F7718D0CDD6FB21FEFD1BC758C0E580B7F21C77B4
                                          Malicious:false
                                          Preview:from pip._vendor.packaging.version import parse as parse_version..from pip._internal.models.link import Link.from pip._internal.utils.models import KeyBasedCompareMixin...class InstallationCandidate(KeyBasedCompareMixin):. """Represents a potential "candidate" for installation.""".. __slots__ = ["name", "version", "link"].. def __init__(self, name: str, version: str, link: Link) -> None:. self.name = name. self.version = parse_version(version). self.link = link.. super().__init__(. key=(self.name, self.version, self.link),. defining_class=InstallationCandidate,. ).. def __repr__(self) -> str:. return "<InstallationCandidate({!r}, {!r}, {!r})>".format(. self.name,. self.version,. self.link,. ).. def __str__(self) -> str:. return f"{self.name!r} candidate (version {self.version} at {self.link})".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\direct_url.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6889
                                          Entropy (8bit):4.5391529804609565
                                          Encrypted:false
                                          SSDEEP:192:bSpgC4yyRu1C4L9+xf2BOdcoedGIELmuP/1QtTOX3ijzL/hWLBRA2YnHS7X:bSpgC43ReC4LExfS6coedGIELmuPtR4w
                                          MD5:85AE2D81EC82E83403CC20439739F1EF
                                          SHA1:2BE67E05E637FC6DEFE87897294B4A61043223FF
                                          SHA-256:170A2E60129CA9C921EC1FA4D87DC75604618454EE905C2A892DE47EFB452D29
                                          SHA-512:A89929AE9F624C15143A15EEEE5A040EF47FFD2879CC20690538EFB71949E634E7F86A5EA45A5E27947B507AFEBCF49136E27DF76E03C96BF11374774803EB96
                                          Malicious:false
                                          Preview:""" PEP 610 """.import json.import re.import urllib.parse.from typing import Any, Dict, Iterable, Optional, Type, TypeVar, Union..__all__ = [. "DirectUrl",. "DirectUrlValidationError",. "DirInfo",. "ArchiveInfo",. "VcsInfo",.]..T = TypeVar("T")..DIRECT_URL_METADATA_NAME = "direct_url.json".ENV_VAR_RE = re.compile(r"^\$\{[A-Za-z0-9-_]+\}(:\$\{[A-Za-z0-9-_]+\})?$")...class DirectUrlValidationError(Exception):. pass...def _get(. d: Dict[str, Any], expected_type: Type[T], key: str, default: Optional[T] = None.) -> Optional[T]:. """Get value from dictionary and verify expected type.""". if key not in d:. return default. value = d[key]. if not isinstance(value, expected_type):. raise DirectUrlValidationError(. f"{value!r} has unexpected type for {key} (expected {expected_type})". ). return value...def _get_required(. d: Dict[str, Any], expected_type: Type[T], key: str, default: Optional[T] = None.) -> T:. value = _get(

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\format_control.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2486
                                          Entropy (8bit):4.3270582835610565
                                          Encrypted:false
                                          SSDEEP:48:FFgUsUhREjmTCXrEVvRdeh4D003/Y4/kkaHyron2DlWU8lUJl:n7sIYPqDaHyg2DlWU8u
                                          MD5:BDC269C3F40962AE622812360A68C3F3
                                          SHA1:22CB3E5D1D2D4921C56BEE8B25322405D75660E6
                                          SHA-256:C2DB10A922BD1DA522371404B81F82EB67958A6C3A1B8FD5405C55F7EFCA0C11
                                          SHA-512:1C7F457CDD19975A0ABA60438CC5035F6FA7561B7B0339704AEF2F7FE55104F0CFF8EC66B61BFF74BD7CBEBF3F6DF8CFB89D230775B4B3258F51E729BBDB0767
                                          Malicious:false
                                          Preview:from typing import FrozenSet, Optional, Set..from pip._vendor.packaging.utils import canonicalize_name..from pip._internal.exceptions import CommandError...class FormatControl:. """Helper for managing formats from which a package can be installed.""".. __slots__ = ["no_binary", "only_binary"].. def __init__(. self,. no_binary: Optional[Set[str]] = None,. only_binary: Optional[Set[str]] = None,. ) -> None:. if no_binary is None:. no_binary = set(). if only_binary is None:. only_binary = set().. self.no_binary = no_binary. self.only_binary = only_binary.. def __eq__(self, other: object) -> bool:. if not isinstance(other, self.__class__):. return NotImplemented.. if self.__slots__ != other.__slots__:. return False.. return all(getattr(self, k) == getattr(other, k) for k in self.__slots__).. def __repr__(self) -> str:. return f"{self.__class__.__name__}

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\index.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1030
                                          Entropy (8bit):4.660446953045376
                                          Encrypted:false
                                          SSDEEP:24:yTrPnCsK6Xlr4n7AizUQ+J/nICn8liQ2koAb911i7k2bPUMHN:yTrQ6XQZQQm78ktkoAb9O7J5t
                                          MD5:F67480DB56CF588A2EE92844959BBABF
                                          SHA1:26707B880BF178100E5A233E43832C57A4916895
                                          SHA-256:B589CBF28C468B8692356BABD261BC0C03FBAC2EB2BA16BF33024EF31C3472B2
                                          SHA-512:F8BEB8F1B1AC8A8AD038D04F1A3211A316851922083F28612F86F8CEB611354BD008F5253F8C322862894DE78BA1636BA0D4277DD20C813F043FEA0F10DC3A84
                                          Malicious:false
                                          Preview:import urllib.parse...class PackageIndex:. """Represents a Package Index and provides easier access to endpoints""".. __slots__ = ["url", "netloc", "simple_url", "pypi_url", "file_storage_domain"].. def __init__(self, url: str, file_storage_domain: str) -> None:. super().__init__(). self.url = url. self.netloc = urllib.parse.urlsplit(url).netloc. self.simple_url = self._url_for_path("simple"). self.pypi_url = self._url_for_path("pypi").. # This is part of a temporary hack used to block installs of PyPI. # packages which depend on external urls only necessary until PyPI can. # block such packages themselves. self.file_storage_domain = file_storage_domain.. def _url_for_path(self, path: str) -> str:. return urllib.parse.urljoin(self.url, path)...PyPI = PackageIndex("https://pypi.org/", file_storage_domain="files.pythonhosted.org").TestPyPI = PackageIndex(. "https://test.pypi.org/", file_storage_domain="t

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\installation_report.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2818
                                          Entropy (8bit):4.461309983570084
                                          Encrypted:false
                                          SSDEEP:48:/+9xh5cEAuWUj0liK4C4O2IAqM2AJitkt0uXU9tyrIV/QRG7c/1i1eTbnQAyS:/cxh5ctun0IZyzGJiqU9orgoRGwNi1ef
                                          MD5:09657AB688E36AE6641F732999FF5E92
                                          SHA1:8E0E2F7C9AE3D859A2F11D6DBBC5F7AEA26CC1E5
                                          SHA-256:CD1559A1ACFEDAFB2B7B38FF1F784B3A131908AF5CED36F35A00BE8CE6A50F4D
                                          SHA-512:A8BE098B587C9B3CDB530BA7D5468450AFF000843A94E5AEA689A71CCAA78E763C51EBD06CF49A9B3503CFAB3B278DC487577000EA5A6541991CB738CDAA8F96
                                          Malicious:false
                                          Preview:from typing import Any, Dict, Sequence..from pip._vendor.packaging.markers import default_environment..from pip import __version__.from pip._internal.req.req_install import InstallRequirement...class InstallationReport:. def __init__(self, install_requirements: Sequence[InstallRequirement]):. self._install_requirements = install_requirements.. @classmethod. def _install_req_to_dict(cls, ireq: InstallRequirement) -> Dict[str, Any]:. assert ireq.download_info, f"No download_info for {ireq}". res = {. # PEP 610 json for the download URL. download_info.archive_info.hashes may. # be absent when the requirement was installed from the wheel cache. # and the cache entry was populated by an older pip version that did not. # record origin.json.. "download_info": ireq.download_info.to_dict(),. # is_direct is true if the requirement was a direct URL reference (which. # includes editable requi

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\link.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):20777
                                          Entropy (8bit):4.5847812976968205
                                          Encrypted:false
                                          SSDEEP:384:UTt7OjNT51GuxMgExJAvYDr3pJYQ+ebhH4Lb3GIppfT3QBHnarT3:A7UNT51rxkxmw/ZJx+YhH4Lb3G8tzQhg
                                          MD5:EB81AAD0A35DD6B2DE4C27B643E404C7
                                          SHA1:15A3B67CF3296F1DF342BACB84F02BF3FE532234
                                          SHA-256:5E2ACE006BF58E032EEEFBBCEE4B8F6E88468FB547A7056B776AB729481540D8
                                          SHA-512:EF236F8A11582F93B856F4F9888CBEDFFC30A995E1A04F567F31128CF985831EF996581B8190E7E65E5B3A273A77176CA3DA88EB6C1867A1EC0B7121039EC73D
                                          Malicious:false
                                          Preview:import functools.import itertools.import logging.import os.import posixpath.import re.import urllib.parse.from dataclasses import dataclass.from typing import (. TYPE_CHECKING,. Any,. Dict,. List,. Mapping,. NamedTuple,. Optional,. Tuple,. Union,.)..from pip._internal.utils.deprecation import deprecated.from pip._internal.utils.filetypes import WHEEL_EXTENSION.from pip._internal.utils.hashes import Hashes.from pip._internal.utils.misc import (. pairwise,. redact_auth_from_url,. split_auth_from_netloc,. splitext,.).from pip._internal.utils.models import KeyBasedCompareMixin.from pip._internal.utils.urls import path_to_url, url_to_path..if TYPE_CHECKING:. from pip._internal.index.collector import IndexContent..logger = logging.getLogger(__name__)...# Order matters, earlier hashes have a precedence over later hashes for what.# we will pick to use.._SUPPORTED_HASHES = ("sha512", "sha384", "sha256", "sha224", "sha1", "md5")...@dataclass(frozen=True)

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\scheme.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):738
                                          Entropy (8bit):4.455127026433689
                                          Encrypted:false
                                          SSDEEP:12:QCBhJAYp5FaREQr4GtXUSd7mry13LElvv1sydX/YwcjcFCbP:DhRLwHUEdCry130sOejcQ7
                                          MD5:77B8766C2C20290FC2545CB9F68E64EB
                                          SHA1:FC639818C98AB821887BD5AE95FD49DED2D8634A
                                          SHA-256:DC4150A7F202BBFB211F5F9306A865D1002EB0A08F0C53A580715E3785E8C16B
                                          SHA-512:BE0B3E58A796077E457526ABE8C9E1EE7D3D5707B588DB4E655BA454546DE0366189C34811954680E2CFE6172F04DD4BD6AF4FEE4599BADD63FF0126A5A344EF
                                          Malicious:false
                                          Preview:""".For types associated with installation schemes...For a general overview of available schemes and their context, see.https://docs.python.org/3/install/index.html#alternate-installation.."""...SCHEME_KEYS = ["platlib", "purelib", "headers", "scripts", "data"]...class Scheme:. """A Scheme holds paths which are used as the base directories for. artifacts associated with a Python package.. """.. __slots__ = SCHEME_KEYS.. def __init__(. self,. platlib: str,. purelib: str,. headers: str,. scripts: str,. data: str,. ) -> None:. self.platlib = platlib. self.purelib = purelib. self.headers = headers. self.scripts = scripts. self.data = data.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\search_scope.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4643
                                          Entropy (8bit):4.246322915605786
                                          Encrypted:false
                                          SSDEEP:48:WxeLxlCN2huvcRLnU6rgU0Sgb6LhqqqlAeQEW4aL79B1sOp8DMUPD7iGKzK0MLwj:VxlCNRkRbJG6FSlArn4a/tIrL0Mi9
                                          MD5:3BC5A1B39721B6B06248F40CBEBB40D9
                                          SHA1:6EC69D7090B207E5B202989ACD581D0B86A0118D
                                          SHA-256:012572C99C622482F0EDB4C8555A49C7C276F773371E4E45DF78A51A7D1EF347
                                          SHA-512:8DF2CB44F070630447205681F141E457B3900C1AE4582C40B3A0ECDF666DCBC667E8EE9B1D6D60BC32AC4260BBEE697A04DDB0E689A056091AC218A5EAE355DC
                                          Malicious:false
                                          Preview:import itertools.import logging.import os.import posixpath.import urllib.parse.from typing import List..from pip._vendor.packaging.utils import canonicalize_name..from pip._internal.models.index import PyPI.from pip._internal.utils.compat import has_tls.from pip._internal.utils.misc import normalize_path, redact_auth_from_url..logger = logging.getLogger(__name__)...class SearchScope:.. """. Encapsulates the locations that pip is configured to search.. """.. __slots__ = ["find_links", "index_urls", "no_index"].. @classmethod. def create(. cls,. find_links: List[str],. index_urls: List[str],. no_index: bool,. ) -> "SearchScope":. """. Create a SearchScope object after normalizing the `find_links`.. """. # Build find_links. If an argument starts with ~, it may be. # a local file relative to a home directory. So try normalizing. # it and if it exists, use the normalized version.. # This is del

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\selection_prefs.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1907
                                          Entropy (8bit):4.375302448918886
                                          Encrypted:false
                                          SSDEEP:24:1REm/+RAsQ8GYLRvBo2qBVP2XMglzB7QMaqn7V4eMQKuIgrGIpshf/Pg7d7l05IW:SAG1iVglQONze/Y2
                                          MD5:A9FA37FF60BA1523C11FD12AF309E711
                                          SHA1:64627B9F7F60ADD87CFE2D2B107D262480AAB44E
                                          SHA-256:299762EBA82C47EFD151752BF6E7A3B2C937AE64C7AD054959E340DAC57E5526
                                          SHA-512:DA77858C1164B41B596907B9323573DE1B7870F75B434A407E3652E97B13668238EF4F1A99D77727E7DF7043F8A4C61F6965458768ADDB7AC0824C6CEAEEDBA8
                                          Malicious:false
                                          Preview:from typing import Optional..from pip._internal.models.format_control import FormatControl...class SelectionPreferences:. """. Encapsulates the candidate selection preferences for downloading. and installing files.. """.. __slots__ = [. "allow_yanked",. "allow_all_prereleases",. "format_control",. "prefer_binary",. "ignore_requires_python",. ].. # Don't include an allow_yanked default value to make sure each call. # site considers whether yanked releases are allowed. This also causes. # that decision to be made explicit in the calling code, which helps. # people when reading the code.. def __init__(. self,. allow_yanked: bool,. allow_all_prereleases: bool = False,. format_control: Optional[FormatControl] = None,. prefer_binary: bool = False,. ignore_requires_python: Optional[bool] = None,. ) -> None:. """Create a SelectionPreferences object... :param allow_yank

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\target_python.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4272
                                          Entropy (8bit):4.305122138474475
                                          Encrypted:false
                                          SSDEEP:48:kc9EQKRRanYetfd3atqSKpclTqQPEfheKckjXiOf3N08lsqHpadDPcfAzLGXN8Ln:kc7Kj7e9tatQpclTqQPLK0uVOPoKQLWV
                                          MD5:2DF3C0F383CD9A90B1C6EC3785F267EC
                                          SHA1:479A26A092F77A856B804A38331A6B8D2440CFC6
                                          SHA-256:DF8124A2BACCB91BD1A7E6E3A87289F9B38EEF59BDC5D8CDD9BF16585102D875
                                          SHA-512:83A41BA6F48A235E75B8B97EFBF64DC777B24E92E1D011E6403C326891040AF544047CE1FBE41417DBDC6EBD5755D612B3D98CC68B1729A3FAB48A545E3937F7
                                          Malicious:false
                                          Preview:import sys.from typing import List, Optional, Set, Tuple..from pip._vendor.packaging.tags import Tag..from pip._internal.utils.compatibility_tags import get_supported, version_info_to_nodot.from pip._internal.utils.misc import normalize_version_info...class TargetPython:.. """. Encapsulates the properties of a Python interpreter one is targeting. for a package install, download, etc.. """.. __slots__ = [. "_given_py_version_info",. "abis",. "implementation",. "platforms",. "py_version",. "py_version_info",. "_valid_tags",. "_valid_tags_set",. ].. def __init__(. self,. platforms: Optional[List[str]] = None,. py_version_info: Optional[Tuple[int, ...]] = None,. abis: Optional[List[str]] = None,. implementation: Optional[str] = None,. ) -> None:. """. :param platforms: A list of strings or None. If None, searches for. packages that are supported by the

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\models\wheel.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3600
                                          Entropy (8bit):4.5473966910251695
                                          Encrypted:false
                                          SSDEEP:96:LwCUcYKBjGYBcAkEOYKiKV/8N1lE/GNLnxP1:VJBiBUE/Gr1
                                          MD5:A6E4DE72BC628633E4AC9598B55EA9E7
                                          SHA1:CF55FF5F5C3457AD21CFB24F341871B7378A4197
                                          SHA-256:62A6B3A0867299AFD0D5E8C56B50BB3472904515A5BD691D2BDE9544A98305E2
                                          SHA-512:8862E0663343C8B476C1EB5BEEBD7CE0FF05B3D43772F9B221CEF20EFDF8F148D0B77B4701454647C5BFF1C7034C4FE344B8B80F094845BAB5475BB3B6361C57
                                          Malicious:false
                                          Preview:"""Represents a wheel file and provides access to the various parts of the.name that have meaning..""".import re.from typing import Dict, Iterable, List..from pip._vendor.packaging.tags import Tag..from pip._internal.exceptions import InvalidWheelFilename...class Wheel:. """A wheel file""".. wheel_file_re = re.compile(. r"""^(?P<namever>(?P<name>[^\s-]+?)-(?P<ver>[^\s-]*?)). ((-(?P<build>\d[^-]*?))?-(?P<pyver>[^\s-]+?)-(?P<abi>[^\s-]+?)-(?P<plat>[^\s-]+?). \.whl|\.dist-info)$""",. re.VERBOSE,. ).. def __init__(self, filename: str) -> None:. """. :raises InvalidWheelFilename: when the filename is invalid for a wheel. """. wheel_info = self.wheel_file_re.match(filename). if not wheel_info:. raise InvalidWheelFilename(f"{filename} is not a valid wheel filename."). self.filename = filename. self.name = wheel_info.group("name").replace("_", "-"). # we'll assume "_" means "-" due to whe

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):50
                                          Entropy (8bit):4.1288840705376355
                                          Encrypted:false
                                          SSDEEP:3:5WFVQtGSKH4F0MzDv:YQtG5YiMfv
                                          MD5:3893F116D94097C4AE72769A5F7C21F7
                                          SHA1:CC7B633895C11040D0B99E7D0575B1D031652035
                                          SHA-256:8DFE93B799D5FFBCE401106B2A88C85C8B607A3BE87A054954A51B8406B92287
                                          SHA-512:924BC4A7222FC638FC8FAB4A6E7AEA876E25DCD355AFF628AA21A77BA0ECE90E774FA75D1797CFE688B7129626AAE395662489419AD53CAB4A842367FE97BCB8
                                          Malicious:false
                                          Preview:"""Contains purely network-related utilities..""".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):244
                                          Entropy (8bit):5.15651435408453
                                          Encrypted:false
                                          SSDEEP:6:LZtaCCVmXQtG5YiMh/Z6B0WltT8u6qpR2pAreKAsShMR6IaYleHXlll:ttaCCMXVYic6BvPT8KWbblMRjaYkH1ll
                                          MD5:52037258AC85FEEA51371FC21D2450B3
                                          SHA1:BDEF3E54FFB71CC81803ED3FB25E46D4D24013B1
                                          SHA-256:E72F794BB8E9840DB9AD8BAA4BD00C0E79E96B60C178E282B357C9FA6A55829E
                                          SHA-512:75313EBF6EC533CAF708F302C3BA34B2917E791FB3DD03533A53FFA40AF92F5F82B2692B9A6AC444FF30689CB4F804A3A0DDAD2C5B5A5795708C573FCE8E9F09
                                          Malicious:false
                                          Preview:...........f2...............................d.Z.y.).z+Contains purely network-related utilities..N)...__doc__........WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/network/__init__.py..<module>r........s..............r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\auth.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):21986
                                          Entropy (8bit):5.3654149593286125
                                          Encrypted:false
                                          SSDEEP:384:m8tN0q2zfeqFDTXfadOA3Z7eNkgy/nYH8ka76wkhsMh/ccO2:ptyq2P9Tm7eNkgyb5wsMh/cF2
                                          MD5:5ACC025735B4BE8CC00B185FF7184382
                                          SHA1:23CE5ED23A163CC88184967BED9E9D116F30C1E7
                                          SHA-256:63E7E51D72F126FDBB3992FC8970DDA6F76C5773494423CFB175860CA387D81A
                                          SHA-512:5A5CBAACB50AEFA8902546A552481124C0BC56ADA72C4CF7D713B82B7D5CAE5C4561F5A4FAC31DFB2A39C9238E3D2A9CFA101DA84966F866F949BB27E85E613D
                                          Malicious:false
                                          Preview:...........f=P.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#m$Z$m%Z%m&Z&m'Z'..d.d.l(m)Z)....e!e*........Z+d.a,..G.d...d.e.........Z-..G.d...d.e.........Z...G.d...d.e.........Z/..G.d...d.e.........Z0..G.d...d.e.........Z1..e.d...........d.e2d.e.f.d...........Z3..G.d...d.e.........Z4y.).z.Network Authentication Helpers..Contains interface (MultiDomainBasicAuth) and associated glue code for.providing credentials in the context of network requests.......N)...ABC..abstractmethod)...lru_cache)...commonprefix)...Path)...Any..Dict..List..NamedTuple..Optional..Tuple)...AuthBase..HTTPBasicAuth)...Request..Response)...get_netrc_auth)...getLogger)...ask..ask_input..ask_password..remove_auth_from_url..split_auth_netloc_from_url)...AuthInfoFc.....................,.....e.Z.d.Z.U.e.e.d.<...e.e.d.<...e.e.d.<...y

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\cache.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6508
                                          Entropy (8bit):5.316566138517728
                                          Encrypted:false
                                          SSDEEP:96:WQktf0ENOtSKYrAdjB97K761ekKg7j03mgFPnB:lk90ENOpLK7Me1g7I/PB
                                          MD5:02CF072F60E4CCC1B7D68AFB8E532A6B
                                          SHA1:69A883EE18229929E625D73B2326949381292164
                                          SHA-256:56A99198BCC7F4B14FB31A037149D63278E304765467F3EA5BF71200E3BD41F5
                                          SHA-512:E8070F7BF74891ED58A336D5BC3D8928A74DF4DFF103008B7433614D5763D27013AFDACEF568F45161689E7BD619623469DA7CCC474FAEB46DC9528EDCF79A9D
                                          Malicious:false
                                          Preview:...........f_...............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.e.d.e.f.d...Z.e.d.e.d.....f.d...........Z...G.d...d.e.........Z.y.).z.HTTP cache implementation.......N)...contextmanager)...datetime)...BinaryIO..Generator..Optional..Union)...SeparateBodyBaseCache)...SeparateBodyFileCache)...Response)...adjacent_tmp_file..replace)...ensure_dir..response..returnc...........................t.........|.d.d.........S.).N..from_cacheF)...getattr).r....s.... .TC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/network/cache.py..is_from_cacher........s..........8.\.5..1..1.....).NNNc................#....4...K.......d.......y.#.t.........$.r...Y.y.w.x.Y.w...w.).zvIf we can't access the cache then we can just skip caching and process. requests as if caching wasn't enabled.. N)...OSError..r....r......suppressed_cache_errorsr........s...................................s..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\download.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8543
                                          Entropy (8bit):5.372067708072627
                                          Encrypted:false
                                          SSDEEP:192:UlJP3fTWKcFJ3YHTZteuu2QZMXlW/UTGvIyjztv3:IF3CKcFdYHuuCIWMqvZlv3
                                          MD5:35D43DFCE5E5117D922BDD15FAB631F7
                                          SHA1:B5B44F1B9737CD9B7D6AE3BF983788F13CE7F115
                                          SHA-256:0D5F26B5B0278D9423F572B954724703F4D967D7D8305899F955EF2E64151185
                                          SHA-512:D114F1585051B97A4A723AFF67FF89FD076FF1955DAE5956FAD40FA8022708E580D2C115DC06B60A2FF8873DE95C67E7710BA86DFE0633FBE1F85E4AD0A4A6DA
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m Z ....e.jB..................e"........Z#d.e.d.e.e$....f.d...Z%d.e.d.e.d.e&d.e.e'....f.d...Z(d.e&d.e&f.d...Z)d.e&d.e&d.e&f.d...Z*d.e.d.e.d.e&f.d...Z+d.e.d.e.d.e.f.d...Z,..G.d...d.........Z-..G.d...d.........Z.y.).z)Download files with progress indicators.......N)...Iterable..Optional..Tuple)...CONTENT_CHUNK_SIZE..Response)...get_download_progress_renderer)...NetworkConnectionError)...PyPI)...Link)...is_from_cache)...PipSession)...HEADERS..raise_for_status..response_chunks)...format_size..redact_auth_from_url..splitext..resp..returnc.....................h.......t.........|.j...................d.............S.#.t.........t.........t.........f.$.r...Y.y.w.x.Y.w.).Nz.content-length)...int..headers..ValueError..KeyError..TypeError).r....s.... .WC:\Users\V3NOM0u$\Desktop\p

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\lazy_wheel.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):11653
                                          Entropy (8bit):5.406417958115731
                                          Encrypted:false
                                          SSDEEP:192:HFSSKFuQcQoJ6E0zpnyIDLLh3fbpwAHWQfpOSsOB5qMTn:HFSS9Qbo3epyMLLhTpwS0SJB5qun
                                          MD5:447ED93E47DC0797DEEF78CD67412653
                                          SHA1:FE837A7BF935488F38C4E8E8F20157B5EB3E46E9
                                          SHA-256:0BA7534CD2EE9095DAC0F3BC10B6788907DDD95C10D3573696DADB9BDE709BCF
                                          SHA-512:896F6500747B68283F59FACAFEF3EF710A0A9373650A437836E25B3BDDF6C3F456ED7578AE9461ECCD65BC3637A235C4A3B0C797322225EEF2AEC011A1AC1C0E
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.g.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m Z m!Z!....G.d...d.e"........Z#d.e$d.e$d.e.d.e.f.d...Z%..G.d...d.........Z&y.).z.Lazy ZIP over HTTP..HTTPRangeRequestUnsupported..dist_from_wheel_url.....)...bisect_left..bisect_right)...contextmanager)...NamedTemporaryFile)...Any..Dict..Generator..List..Optional..Tuple)...BadZipFile..ZipFile)...canonicalize_name)...CONTENT_CHUNK_SIZE..Response)...BaseDistribution..MemoryWheel..get_wheel_distribution)...PipSession)...HEADERS..raise_for_status..response_chunksc...........................e.Z.d.Z.y.).r....N)...__name__..__module__..__qualname__........YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/network/lazy_wheel.pyr....r........s.........r .....name..url..session..returnc..........................t.........|.|.........5.}.t.........|.j................

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\session.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):18764
                                          Entropy (8bit):5.507946779071279
                                          Encrypted:false
                                          SSDEEP:384:XA5OGATqK1yo9Uhmo3ZcmrVDW34lNfouw7CIFv+hF6zrN:XA5OhUcgnfO+hFMrN
                                          MD5:7F8F24D65E3DE5E18AA431DD967D6A08
                                          SHA1:E9C63722DB1F68D673F5717F289A2376CCDCAB85
                                          SHA-256:DEFA180D221773A58C71A7A19F4D4389F7A4FAA3B7125D3BE7C33CA056BA8395
                                          SHA-512:6C24BC8D5730CFA0EE6DA939BE285683BFD0A725F337263CAA260FC58CE751BA718F34E3C39EA8785660407A75C2B40E4D4BC96DD4881E4AADAA396646049646
                                          Malicious:false
                                          Preview:...........f.I..............................U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z ..d.d.l!m"Z"m#Z#..d.d.l!m$Z%..d.d.l&m'Z'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,..d.d.l-m.Z...d.d.l/m0Z0..d.d.l1m2Z2..d.d.l3m4Z4..d.d.l5m6Z6..d.d.l7m8Z8..d.d.l9m:Z:..d.d.l;m<Z<..d.d.l=m>Z>m?Z?..d.d.l@mAZA..e.r.d.d.lBmCZC..d.d.lDmEZE....e.j...................eG........ZHe.eIeIe.e.eJeIf.........f.....ZK..e.j...................d.e.............g.d...ZMe.eK....eNd.<...d.ZOd.ePf.d...ZQd.eIf.d...ZR..G.d...d e#........ZS..G.d!..d"........ZT..G.d#..d$eTe%........Z$..G.d%..d&eTe ........Z...G.d'..d(e$........ZU..G.d)..d*e.........ZV..G.d+..d,e.j...........................ZXy.)-zhPipSession and supporting code, containing all pip-specific.network request configuration and behavior.......N)...TYPE_CHECKING..Any..Dict..Generator..List..Mapping..Optional..Sequence..Tuple..Union)...reques

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\utils.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2243
                                          Entropy (8bit):5.561556817507003
                                          Encrypted:false
                                          SSDEEP:48:gh68uaLawawkR5fTDUFH98v1U4a4IfbMkQT7g4qJYQ0n:kMwbkBQFHe64gdQg4qYQ0n
                                          MD5:19FC68F627188A10C96191BAB4187D71
                                          SHA1:A54500991C2D3AAFF316865A136DA8BC4B8881B1
                                          SHA-256:077A02751A9D8A29E3FB355C273C0EE0973E9DEEA65760F943E32308BBB1F5CC
                                          SHA-512:196BBA53AB896BAC9EAEF3CA931F2A4BE6C93E881E2315E4ECFBFAA92F871144E73A57E649AAB5C24D3B8961D471B4C4F08E6F09E254929EE33695B08EB26065
                                          Malicious:false
                                          Preview:...........f...............................U.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.i.Z.e.e.e.f.....e.d.<...d.e.d.d.f.d...Z.e.f.d.e.d.e.d.e.e.d.d.f.....f.d...Z.y.)......)...Dict..Generator)...CONTENT_CHUNK_SIZE..Response)...NetworkConnectionErrorz.Accept-Encoding..identity..HEADERS..resp..returnNc...........................d.}.t.........|.j...................t.................r...|.j...................j...................d.........}.n.|.j...................}.d.|.j...................c.x.k...r.d.k...r"n...n.|.j.....................d.|...d.|.j.......................}.n6d.|.j...................c.x.k...r.d.k...r!n...n.|.j.....................d.|...d.|.j.......................}.|.r.t.........|.|.............y.#.t.........$.r...|.j...................j...................d.........}.Y...w.x.Y.w.).N..z.utf-8z.iso-8859-1i....i....z. Client Error: z. for url: iX...z. Server Error: )...response)...isinstance..reason..bytes..decode..UnicodeDecodeError..status_code..urlr....).r......http_er

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\__pycache__\xmlrpc.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2939
                                          Entropy (8bit):5.4525448839095425
                                          Encrypted:false
                                          SSDEEP:48:PSB++JWLcdP++/1eqoZ4gsBX30SljugoDRcJ5zX60687i6llPLmR:3+JWLcc+dsdwjp3zX6z0L2
                                          MD5:720F38329F9650FC65C09860D72575C6
                                          SHA1:6EE865795F53A2290CBF3738E8A48DBF7390145E
                                          SHA-256:F5474F3EE67B5DE3BD24D3D51FC4D9CB6C0CB25B03D14F9F1052E9FB6430D58C
                                          SHA-512:88D4A55735F7D8CA2BB38CB8864EAF213E3B8D8979F21D80D4E69AECF103D50530FC240533AA0E21CA6D33AD7F3C5F91E1286351765F3046B790E256419ACE47
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.r.d.d.l.m.Z.m.Z...d.d.l.m.Z.....e.j&..................e.........Z...G.d...d.e.j,..................j...........................Z.y.).z#xmlrpclib.Transport implementation......N)...TYPE_CHECKING..Tuple)...NetworkConnectionError)...PipSession)...raise_for_status)..._HostType.._Marshallable)...SizedBufferc.....................^.......e.Z.d.Z.d.Z...d.d.e.d.e.d.e.d.d.f...f.d...Z...d.d.d.d.e.d.d.d.e.d.e.d.....f.d...Z...x.Z.S.)...PipXmlrpcTransportzRProvide a `xmlrpclib.Transport` implementation via a `PipSession`. object.. ..index_url..session..use_datetime..returnNc............................t...........|.....|...........t.........j...................j...................|.........}.|.j...................|._.........|.|._.........y.).N)...super..__init__..urllib..parse..urlparse..scheme.._scheme.._session)...selfr....r....r......index_parts..__class__s....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\auth.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):20541
                                          Entropy (8bit):4.419441847140077
                                          Encrypted:false
                                          SSDEEP:192:GaxaV08sO0OLp5haOVKX2D/k5EzOEJlRL+jqrsLRjcqsWIv3LfW7Mvi+gIQFuRnG:Gaxa1p7kSTRiOQLxlITLqNXkB64oig6O
                                          MD5:1D3CF7B4C916B82AED3878328B7A9C00
                                          SHA1:B3C8663B501DE3A9B1A17EB858C83621158A3BF3
                                          SHA-256:4C2F8E716D8A5385BA475854E2A3E0417BD51F9E1A7400A9673EAC5AAF91F4D0
                                          SHA-512:BC4BC794485A676FE44A19ECE5EFDDC8EA0F012BDEABB389BEBD0171EA9BA385CCDCD1CF5203833728D1BA2B96E24B07A825EFD020AD3321822EAECAF434DFFA
                                          Malicious:false
                                          Preview:"""Network Authentication Helpers..Contains interface (MultiDomainBasicAuth) and associated glue code for.providing credentials in the context of network requests..""".import logging.import os.import shutil.import subprocess.import sysconfig.import typing.import urllib.parse.from abc import ABC, abstractmethod.from functools import lru_cache.from os.path import commonprefix.from pathlib import Path.from typing import Any, Dict, List, NamedTuple, Optional, Tuple..from pip._vendor.requests.auth import AuthBase, HTTPBasicAuth.from pip._vendor.requests.models import Request, Response.from pip._vendor.requests.utils import get_netrc_auth..from pip._internal.utils.logging import getLogger.from pip._internal.utils.misc import (. ask,. ask_input,. ask_password,. remove_auth_from_url,. split_auth_netloc_from_url,.).from pip._internal.vcs.versioncontrol import AuthInfo..logger = getLogger(__name__)..KEYRING_DISABLED = False...class Credentials(NamedTuple):. url: str. usernam

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\cache.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3935
                                          Entropy (8bit):4.5367459930518805
                                          Encrypted:false
                                          SSDEEP:96:eatn8+Vt8CLtSKYrAdjB98ic5XENd02jagd02t/:VtjHpplcyPjaqPt/
                                          MD5:BD5623B783BCC7693C921082172F561C
                                          SHA1:2521F1CC06B3F0DC49CFAA39223E69BEA749BFA7
                                          SHA-256:E3C03DEF5A82CCA345BE46F9EEE18493BFB4C5AA8F4B41D68F6EF5D50353C645
                                          SHA-512:531BCD976F686F08C297C847D824FF2AC07AB2EB4FE4FC681D48203843A887CC31DEF5DA0BD674639A84E2DE545EAEA393AFCCE022171558A405493198024B9C
                                          Malicious:false
                                          Preview:"""HTTP cache implementation.."""..import os.from contextlib import contextmanager.from datetime import datetime.from typing import BinaryIO, Generator, Optional, Union..from pip._vendor.cachecontrol.cache import SeparateBodyBaseCache.from pip._vendor.cachecontrol.caches import SeparateBodyFileCache.from pip._vendor.requests.models import Response..from pip._internal.utils.filesystem import adjacent_tmp_file, replace.from pip._internal.utils.misc import ensure_dir...def is_from_cache(response: Response) -> bool:. return getattr(response, "from_cache", False)...@contextmanager.def suppressed_cache_errors() -> Generator[None, None, None]:. """If we can't access the cache then we can just skip caching and process. requests as if caching wasn't enabled.. """. try:. yield. except OSError:. pass...class SafeFileCache(SeparateBodyBaseCache):. """. A file based cache which is safe to use even when the target directory may. not be accessible or writable.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\download.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6086
                                          Entropy (8bit):4.535167015839178
                                          Encrypted:false
                                          SSDEEP:96:w7W+0c7gLaX0VXLCrMiZZb0r3FAlBEm+1swUGgsMtG+1sAXhxe1Nw:w7t7xA+rLZZbe+lqJ2x
                                          MD5:33EE21DB91B4122F1E32ED1E8EA926E6
                                          SHA1:69610A1F064A6FAC3514A158BB4B45A4EED5D672
                                          SHA-256:8B44E7E79083E43ED7604158DD3C6261A09FD0E69A4D0E9249C3600AC49E575E
                                          SHA-512:4F1835E1F37F586F38A6DC091FF63ACEA677B678A4B635922A7949830CC7E3B09CB6E87250A4F870D7DEF636C90CEEFF4463D6555F280FFE46B078B0C43BA2A4
                                          Malicious:false
                                          Preview:"""Download files with progress indicators..""".import email.message.import logging.import mimetypes.import os.from typing import Iterable, Optional, Tuple..from pip._vendor.requests.models import CONTENT_CHUNK_SIZE, Response..from pip._internal.cli.progress_bars import get_download_progress_renderer.from pip._internal.exceptions import NetworkConnectionError.from pip._internal.models.index import PyPI.from pip._internal.models.link import Link.from pip._internal.network.cache import is_from_cache.from pip._internal.network.session import PipSession.from pip._internal.network.utils import HEADERS, raise_for_status, response_chunks.from pip._internal.utils.misc import format_size, redact_auth_from_url, splitext..logger = logging.getLogger(__name__)...def _get_http_response_size(resp: Response) -> Optional[int]:. try:. return int(resp.headers["content-length"]). except (ValueError, KeyError, TypeError):. return None...def _prepare_download(. resp: Response,. lin

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\lazy_wheel.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):7638
                                          Entropy (8bit):4.533018537440655
                                          Encrypted:false
                                          SSDEEP:96:lmeq3Fhp8FzQpt6uga8eTs/ChNn0dutBcBU88DDrUdWPpi0PB/Ql:PyKFK6u0qs/s0IoUnzUdWPPxY
                                          MD5:4C80D4FD2859B4B10C585AACC0F95FCA
                                          SHA1:90F90B661EFB4AE55C9C0E5174C5F3F36128F344
                                          SHA-256:D8F5D576E6193C23D99244057B527519B7C725678253EF855E89C6C887F0F5E5
                                          SHA-512:AB278D291E57C3D8DA0AD3DD055A61C78D0512FECCEB3D89D12512EF5295CAEF23D0BD07E4D67EE8158B1D7A100FD9793745A327E059C82C950C5E69539954FA
                                          Malicious:false
                                          Preview:"""Lazy ZIP over HTTP"""..__all__ = ["HTTPRangeRequestUnsupported", "dist_from_wheel_url"]..from bisect import bisect_left, bisect_right.from contextlib import contextmanager.from tempfile import NamedTemporaryFile.from typing import Any, Dict, Generator, List, Optional, Tuple.from zipfile import BadZipFile, ZipFile..from pip._vendor.packaging.utils import canonicalize_name.from pip._vendor.requests.models import CONTENT_CHUNK_SIZE, Response..from pip._internal.metadata import BaseDistribution, MemoryWheel, get_wheel_distribution.from pip._internal.network.session import PipSession.from pip._internal.network.utils import HEADERS, raise_for_status, response_chunks...class HTTPRangeRequestUnsupported(Exception):. pass...def dist_from_wheel_url(name: str, url: str, session: PipSession) -> BaseDistribution:. """Return a distribution object from the given wheel URL... This uses HTTP range requests to only fetch the portion of the wheel. containing metadata, just enough for the o

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\session.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):18698
                                          Entropy (8bit):4.5751244682162
                                          Encrypted:false
                                          SSDEEP:384:yeSx8+6E6RtPmwaJDzMzK64lU61dg5cfJfWMhjP3Cn+N8Y9kMs3SZY45Y5yrGH3R:yrx5hqtPSLCqP0yG4OjH30e
                                          MD5:ED400E3CC8FE5CF4936A8A63056F2652
                                          SHA1:4AE82ECA21AF93318FBD8419A0BEF7C8350AC27B
                                          SHA-256:F6DA840C3F0989568576994E117271368F5C8D17C167A4486B4C9043FA813623
                                          SHA-512:5EA9E5BEE9E50A2E2A7C66135C313E1C6D295CC0532004B2CF4A97E041E7AE86B269F4F57C8AE6B349673E18FF22AC47B3DF0DE8B1FB8293CCF2BCB8301083EE
                                          Malicious:false
                                          Preview:"""PipSession and supporting code, containing all pip-specific.network request configuration and behavior.."""..import email.utils.import io.import ipaddress.import json.import logging.import mimetypes.import os.import platform.import shutil.import subprocess.import sys.import urllib.parse.import warnings.from typing import (. TYPE_CHECKING,. Any,. Dict,. Generator,. List,. Mapping,. Optional,. Sequence,. Tuple,. Union,.)..from pip._vendor import requests, urllib3.from pip._vendor.cachecontrol import CacheControlAdapter as _BaseCacheControlAdapter.from pip._vendor.requests.adapters import DEFAULT_POOLBLOCK, BaseAdapter.from pip._vendor.requests.adapters import HTTPAdapter as _BaseHTTPAdapter.from pip._vendor.requests.models import PreparedRequest, Response.from pip._vendor.requests.structures import CaseInsensitiveDict.from pip._vendor.urllib3.connectionpool import ConnectionPool.from pip._vendor.urllib3.exceptions import InsecureRequestWarning..from pip i

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\utils.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4073
                                          Entropy (8bit):4.467621998619944
                                          Encrypted:false
                                          SSDEEP:96:AyJmdmk/IlIqS8Jz8ZFy2u/u2EPqg9d+Ha+IIIbgmoj0:AmmYkF8JIjyJm/Pqg9d+HauJ0
                                          MD5:753632450165D0EFF8C4751A18D5CCE5
                                          SHA1:A2F5A9510319D95ADE4777BF462996CD0456E6E7
                                          SHA-256:E80E52AD42441141F16C6B5BB1CC14D8DA42CB3FB7CED883946587A51461B09F
                                          SHA-512:8549E7FC56D2D224AFA391AA6C1C884FB5B665BE38D469E139B18837A622D7E4E99CB59A827F3BB770562AD59CD9E6FB71619D786B41759ED7D9E468BD45F43C
                                          Malicious:false
                                          Preview:from typing import Dict, Generator..from pip._vendor.requests.models import CONTENT_CHUNK_SIZE, Response..from pip._internal.exceptions import NetworkConnectionError..# The following comments and HTTP headers were originally added by.# Donald Stufft in git commit 22c562429a61bb77172039e480873fb239dd8c03..#.# We use Accept-Encoding: identity here because requests defaults to.# accepting compressed responses. This breaks in a variety of ways.# depending on how the server is configured..# - Some servers will notice that the file isn't a compressible file.# and will leave the file alone and with an empty Content-Encoding.# - Some servers will notice that the file is already compressed and.# will leave the file alone, adding a Content-Encoding: gzip header.# - Some servers won't notice anything at all and will take a file.# that's already been compressed and compress it again, and set.# the Content-Encoding: gzip header.# By setting this to request only the identity encoding we're h

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\network\xmlrpc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1838
                                          Entropy (8bit):4.43781542816708
                                          Encrypted:false
                                          SSDEEP:48:yb9H7vgk5JYfH6+/1GFPzdvsJTxW9KMOWP:ap35Jya+dSP2JVQOWP
                                          MD5:48F03AE3E7D166533D1FE1C50465C95E
                                          SHA1:1B9D05D0166567A0F7B6D0295E5450CE8627CB64
                                          SHA-256:B00C7339A709F8DD4D5C63EF6A9F630B7CEE6164A79EFDC65ED811DBE13600F0
                                          SHA-512:F6F196C93BF36CA05C3B7D66F922D3278C85014F601B6A147F582A696770F146C08FA989279054AF80ACAC63FBB8A106EF8F1D87F70F2CD4870899E153B15E61
                                          Malicious:false
                                          Preview:"""xmlrpclib.Transport implementation."""..import logging.import urllib.parse.import xmlrpc.client.from typing import TYPE_CHECKING, Tuple..from pip._internal.exceptions import NetworkConnectionError.from pip._internal.network.session import PipSession.from pip._internal.network.utils import raise_for_status..if TYPE_CHECKING:. from xmlrpc.client import _HostType, _Marshallable.. from _typeshed import SizedBuffer..logger = logging.getLogger(__name__)...class PipXmlrpcTransport(xmlrpc.client.Transport):. """Provide a `xmlrpclib.Transport` implementation via a `PipSession`. object.. """.. def __init__(. self, index_url: str, session: PipSession, use_datetime: bool = False. ) -> None:. super().__init__(use_datetime). index_parts = urllib.parse.urlparse(index_url). self._scheme = index_parts.scheme. self._session = session.. def request(. self,. host: "_HostType",. handler: str,. request_body: "SizedBuff

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):187
                                          Entropy (8bit):4.78323085948874
                                          Encrypted:false
                                          SSDEEP:3:oQ4yllVO8l4sP6qpOAVcR6iVWrzLUhKALOAX4L9RwIaQHtgem/l:L4y/Vneg6qpR2pAreKAqAIZ6Iaatgemt
                                          MD5:198BE3C584ADFE2BFB0A8EC277379B95
                                          SHA1:661E9DD3A896F9C6ED679EA72AE7ECB6A806235D
                                          SHA-256:9985249FEF25D1825AAB62680E471EFE409A277BADE779BB164A7F7CB63402F0
                                          SHA-512:A8D69D4969BA2924EAB2295625F170EEF72238BD8D7DF791E29A22C3B6C5495A58EF5D55452166396525750FB499C914D4C2B7029BEC4FE5D502F6600C5C88F8
                                          Malicious:false
                                          Preview:...........f................................y.).N..r..........ZC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/operations/__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\__pycache__\check.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7569
                                          Entropy (8bit):5.618571998646788
                                          Encrypted:false
                                          SSDEEP:96:vt3UWTJ1kDjY5AxTXr1ysXCvBpvscGpyvv01aiY0//xB8a0x6qAPSu0Zbh:vtEWF1kDEE0pkcGpyvv0T7/n8aPqu0ZF
                                          MD5:79380FC312B2E2267B04599ECD6D5620
                                          SHA1:BD0B9066643C56C295EBEA8D90873CE03BB006DC
                                          SHA-256:B12164A8F73C91CD1D218DBFCB03DB8E4C27BFB6F2561EEA264625AA94A9ECD2
                                          SHA-512:16E9CC48B71CF5018630FE664DCFB479B4822B1A073B254257A9250A7677665002CB80C3E80A65DE333C5D726709D4C6A138D55F6FB2EF1C9F6DFBD68005296D
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j:..................e.........Z...G.d...d.e.........Z e.e.e f.....Z!e.e.e.f.....Z"e.e.e.e.f.....Z#e.e.e.e"....f.....Z$e.e.e.e#....f.....Z%e.e$e%f.....Z&e.e!e&f.....Z'd.e.e!e(f.....f.d...Z)..d.d.e!d.e.e.e*g.e(f.........d.e&f.d...Z+d.e.e.....d.e'f.d...Z,d.e.e.....d.e!d.e.e.....f.d...Z-d.e.e.....d.e!d.e.e.....f.d...Z.d.e!d.d.f.d...Z/y.).z'Validation of dependencies of packages......N)...Callable..Dict..List..NamedTuple..Optional..Set..Tuple)...Requirement)...LegacySpecifier)...NormalizedName..canonicalize_name)...LegacyVersion)..)make_distribution_for_install_requirement)...get_default_environment)...DistributionVersion)...InstallRequirement)...deprecatedc.....................(.....e.Z.d.Z.U.e.e.d.<...e.e.....e.d.<...y.)...PackageDetails..version..dependenciesN)...__name__..__module__

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\__pycache__\freeze.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10107
                                          Entropy (8bit):5.434530583095685
                                          Encrypted:false
                                          SSDEEP:192:RVFw9woYtQ3JHhpQ7EBNgtvWBUrHZKloatlhPpRQwKEKF:RVuOQJBpQ78CQBUrHVohPp5zKF
                                          MD5:CBC3F6A0BD642415B792B643759CB4FB
                                          SHA1:EED8761FA91AD047F4AD8D2AF705E4462B96B8D2
                                          SHA-256:9C5BF86133ECA97191253FF61BF8FAE23E74D93DEB9279D4CB7FB22D17E856F8
                                          SHA-512:C7D4CDB2F25F16BDA495752EC1F761B3EF8FBE4248EB34F5860D70D4C96534358CD7FA6A909C720EF1C5F27D5CAC353CAB19DED1CD12FEEA20452574ECADE4B6
                                          Malicious:false
                                          Preview:...........fX&........................t.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j:..................e.........Z...G.d...d.e.........Z ..............d.d.e.e.e!........d.e"d.e"d.e.e.e!........d.e"d.e"d.e.e!....d.e.e!d.d.f.....f.d...Z#d.e.d.e!f.d...Z$d.e.d.e f.d...Z%..G.d...d.........Z&y.)......N)...Container..Dict..Generator..Iterable..List..NamedTuple..Optional..Set)...canonicalize_name)...Version)...BadCommand..InstallationError)...BaseDistribution..get_environment)...install_req_from_editable..install_req_from_line)...COMMENT_RE)..%direct_url_as_pep440_direct_referencec.....................(.....e.Z.d.Z.U.e.e.d.<...e.e.....e.d.<...y.)..._EditableInfo..requirement..commentsN)...__name__..__module__..__qualname__..str..__annotations__r............XC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/operations/freeze.pyr....r........s............

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\__pycache__\prepare.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):25737
                                          Entropy (8bit):5.260884226863881
                                          Encrypted:false
                                          SSDEEP:384:CO2wKToKELCImMUGJEeDjRvnPX/XK5wxK4jL7JTKRp6dLa+4sSL5WkUDuYCOY9a:gTo9OHcEURvPXfS7AL7JTKRws/piD4Oj
                                          MD5:EE09A0FB726F7C1D5263AA888FB754DF
                                          SHA1:27E2554BD2EBE8C2BF44C2AC72343F244C0ACA94
                                          SHA-256:C440F8CE89BB60140652C64A93BE340CF6451AFBB1754FB682AA2501EA5754B2
                                          SHA-512:134EF1A642428497B1AADF4F823E750E213A7DCE7948D220EBE5F2D41D288E1CA4166150CF7C0A8526365021B8515BDFE4C702DB1FA5419A64BDF00E91244797
                                          Malicious:false
                                          Preview:...........f.m.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#..d.d.l$m%Z%m&Z&..d.d.l'm(Z(m)Z)..d.d.l*m+Z+..d.d.l,m-Z-..d.d.l.m/Z/..d.d.l0m1Z1..d.d.l2m3Z3m4Z4..d.d.l5m6Z6m7Z7..d.d.l8m9Z9..d.d.l:m;Z;m<Z<m=Z=m>Z>..d.d.l?m@Z@..d.d.lAmBZB..d.d.lCmDZD....e1eE........ZFd.e/d.e-d.e.d.eGd.eGd e.f.d!..ZHd"e!d#eId$eJd d.f.d%..ZK..G.d&..d'........ZL....d2d"e!d(e&d)e.eI....d*e.e6....d eLf.d+..ZM..d2d"e!d)e.eI....d*e.e6....d eLf.d,..ZN....d2d"e!d#eId(e&d$eJd)e.eI....d*e.e6....d e.eL....f.d-..ZO..d3d"e!d)eId*e.e6....d.eGd e.eI....f.d/..ZP..G.d0..d1........ZQy.)4z)Prepares a distribution for installation......N)...Path)...Dict..Iterable..List..Optional)...canonicalize_name)..)make_distribution_for_install_requirement)...InstalledDistribution)...DirectoryUrlHashUnsupported..HashMismatch..HashUnpinned..InstallationError..Meta

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):193
                                          Entropy (8bit):4.826091771349146
                                          Encrypted:false
                                          SSDEEP:6:L4y/Vnee6qpR2pAreKAqAIiW4R6Iaatgem/l:0CVeaWbbsiDjaatHmt
                                          MD5:4F451E31759B04E730ED5F880AC8CA75
                                          SHA1:074D7F8A2C0B64B09562C011595666D3D27A8CBD
                                          SHA-256:FDB16415371474D7C5FC5192DAFEAB0C327B86F739B86C057493B18B984BBF74
                                          SHA-512:7902C71F15B9BF12676C7252AA8F8D9CE152C83EF2E4A69E632CA791218B410FA0A6398F20355D86E9A66E9C241FF879AED7C4068D094158884416D39C38B7EA
                                          Malicious:false
                                          Preview:...........f................................y.).N..r..........`C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/operations/build/__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\build_tracker.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7813
                                          Entropy (8bit):5.344018266072529
                                          Encrypted:false
                                          SSDEEP:96:nAXtiwqhfCKD9C25qXtjYMxasmMk68VjNO3G62FUkYQjVmhe/Y:nOihhf/D96OM8VjxFUImhl
                                          MD5:ECD0C93F1DF095F11471ED9F280EE170
                                          SHA1:C7D2157F509A38EFD02E47485E5195A7DC52282A
                                          SHA-256:B0E9A8AD39A760EEB27B09989FB89F18E59832A599484FA1CB8FE121BE98DE89
                                          SHA-512:41551BC3C0AA481A1F214E7C69347A00A65026B15B6A5383583CB6882D4B1EA00B1035C26258E5708965B09405E2230AEFDB14C77E4FC373E756FBC7C3279557
                                          Malicious:false
                                          Preview:...........f..........................&.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j&..................e.........Z.e.j,..................d.e.d.e.d.....f.d...........Z.e.j,..................d.e.d.....f.d...........Z...G.d...d.e.........Z...G.d...d.........Z.y.)......N)...TracebackType)...Dict..Generator..Optional..Set..Type..Union)...Link)...InstallRequirement)...TempDirectory..changes..return..NNNc................+.......K.....t.........j...................}.t.................}.i.}.|.j...........................D.]...\...}.}...|.|.....|.|.<...|.|.|.<.........d.......|.j...........................D.]$..\...}.}.|.|.u.r.|.|.=...t.........|.t.................s.J...|.|.|.<....&..y.#.t.........$.r...|.|.|.<...Y..Tw.x.Y.w.#.|.j...........................D.]$..\...}.}.|.|.u.r.|.|.=...t.........|.t.................s.J...|.|.|.<....&..w.x.Y.w...w...N)...os..environ..object..items..KeyError..isinstance..str).r......targ

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\metadata.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1870
                                          Entropy (8bit):5.660713462270401
                                          Encrypted:false
                                          SSDEEP:24:TjCXBpNb0HZkeJvTlXI86J5ZJYZjpmlLCGi2C5b/PHeBR98/UObVaUz8zYbxDQ1A:TjCXBXWk0LhIaZjpml+L2C58Q/nxa1tK
                                          MD5:C748CDD541D655EEA00DBA0DFE6784A5
                                          SHA1:D1B57334452252190D9C460EABDF523AF9606F07
                                          SHA-256:3350070795C7132FE7C125F157F9B88CD1CCBE0A1EAC0EE08168973EEAAEEFBE
                                          SHA-512:B931884D835ADA14BCF188D2319C4A3809F40F3765233AB8FB627C5BEFC9E8072A07C6F31F14AB0EA5D20CD0CAE596A32E4A7914778E1DECDCF130D694B0B924
                                          Malicious:false
                                          Preview:...........f..........................h.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.e.d.e.d.e.d.e.f.d...Z.y.).z4Metadata generation logic for source distributions.......N)...BuildBackendHookCaller)...BuildEnvironment)...InstallationSubprocessError..MetadataGenerationFailed)...runner_with_spinner_message)...TempDirectory..build_env..backend..details..returnc.....................f.....t.........d.d...........}.|.j...................}.|.5...t.........d.........}.|.j...................|.........5.....|.j...................|.........}...d.d.d...........d.d.d...........t.........j...................j...................|...........S.#.t.........$.r.}.t.........|...........|...d.}.~.w.w.x.Y.w.#.1.s.w...Y......Ox.Y.w.#.1.s.w...Y......Sx.Y.w.).zlGenerate metadata using mechanisms described in PEP 517... Returns the generated metadata directory.. z.modern-metadataT)...kind..globally_managedz#Preparing metadata (pyproject.toml))...package_detailsN).r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\metadata_editable.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1904
                                          Entropy (8bit):5.6616187059317165
                                          Encrypted:false
                                          SSDEEP:24:tdCXBpNb0HZkeJvTlXI86J5ZJYZjpmWLCG+62PA5b/Pjo98/kdb+BRRd+oWYzYbz:tdCXBXWk0LhIaZjpmW+H62I5D/Rua1tw
                                          MD5:DB03F8FC0E0766480608BA6DED0CA15E
                                          SHA1:9AD757EECB6BBD02D88784BECE4798E189E381A6
                                          SHA-256:906646CA885129EF9A3563E9600FA2B068718D4F3EDCD9F511A2D62A71491A59
                                          SHA-512:EC6E7E3464FD9723EA16C7163CB99F113CAAE2AB0F616B3E928AFE6AE7DDD9B46D18F059F75D71E7534ED85D689CE36150D10A006AC7A8AA1324903D65EC0E13
                                          Malicious:false
                                          Preview:...........f..........................h.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.e.d.e.d.e.d.e.f.d...Z.y.).z4Metadata generation logic for source distributions.......N)...BuildBackendHookCaller)...BuildEnvironment)...InstallationSubprocessError..MetadataGenerationFailed)...runner_with_spinner_message)...TempDirectory..build_env..backend..details..returnc.....................f.....t.........d.d...........}.|.j...................}.|.5...t.........d.........}.|.j...................|.........5.....|.j...................|.........}...d.d.d...........d.d.d...........t.........j...................j...................|...........S.#.t.........$.r.}.t.........|...........|...d.}.~.w.w.x.Y.w.#.1.s.w...Y......Ox.Y.w.#.1.s.w...Y......Sx.Y.w.).zlGenerate metadata using mechanisms described in PEP 660... Returns the generated metadata directory.. z.modern-metadataT)...kind..globally_managedz,Preparing editable metadata (pyproject.toml))...package_detail

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\metadata_legacy.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3055
                                          Entropy (8bit):5.679809676764463
                                          Encrypted:false
                                          SSDEEP:48:xBhRGnLcy+K9YkJPL2P0tB5j5q1oFY+TpElN2CUyGv5JcgesigO3bHtq7:/wLcy+mJPL2iFY+TpgUPHcIsHu
                                          MD5:EC9FB50440FF7B51F0F58C930CA8F325
                                          SHA1:9589B510C8DF48FD7A96291952FA89E341106800
                                          SHA-256:59592CB1C6FDCC31CFBE79C2F25E27BAE02F5CB335DDE451651DAD3F82321E10
                                          SHA-512:347793165687E2F3F8263B0B07585A9A439FFE75F42FDEECD2E44EC6047BBA3D8C050C4F42AAE5A9F67B2F9B183FAF3F17F84E4429A22708F850F67441FD6C2B
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j"..................e.........Z.d.e.d.e.f.d...Z.d.e.d.e.d.e.d.e.d.e.d.e.f.d...Z.y.).z;Metadata generation logic for legacy source distributions.......N)...BuildEnvironment)...open_spinner)...InstallationError..InstallationSubprocessError..MetadataGenerationFailed)...make_setuptools_egg_info_args)...call_subprocess)...TempDirectory..directory..returnc.....................*.....t.........j...................|.........D...c.g.c.]...}.|.j...................d.........s...|.......}.}.|.s.t.........d.|...............t.........|.........d.kD..r.t.........d.j...................|...................t.........j...................j...................|.|.d.............S.c...c.}.w.).z.Find an .egg-info subdirectory in `directory`.z..egg-infoz No .egg-info directory found in .....z-More than one .egg-info directory found in {}r....)...os..listdir..endswith

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\wheel.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1674
                                          Entropy (8bit):5.6165752782580025
                                          Encrypted:false
                                          SSDEEP:24:QKWsvKb7k+s4vDHvS2gkuS6aStsPPebHgwr2Wyv2txl6zyDM5wt9S:QMvKbwEK2F+X6230zdY9S
                                          MD5:D947A1AA52C9679FDB56A477540968DC
                                          SHA1:5C8CDA42980DBE32B6AD59CEDAD296C8C992A2D5
                                          SHA-256:EFCEC9B8F0A6C315A09A116DFB3029DD8757F5B915695F5BDB5DDB7182FB9D43
                                          SHA-512:A978C16EE3948FAA4AADDC03C9B7257340AB115503C01F21264DD50C04EC287E24B56E415E8080580FDE102F68E1957A339A1BB624E1493371EEF6AC4ADAE804
                                          Malicious:false
                                          Preview:...........f3.........................~.....d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j...................e.........Z.d.e.d.e.d.e.d.e.d.e.e.....f.d...Z.y.)......N)...Optional)...BuildBackendHookCaller)...runner_with_spinner_message..name..backend..metadata_directory..tempd..returnc.....................R.....|...J.....t.........j...................d.|...........t.........d.|...d...........}.|.j...................|.........5...|.j...................|.|...........}.d.d.d...........t.........j...................j...................|...........S.#.1.s.w...Y......)x.Y.w.#.t.........$.r...t.........j...................d.|...........Y.y.w.x.Y.w.).z.Build one InstallRequirement using the PEP 517 build process... Returns path to wheel if successfully built. Otherwise, returns None.. Nz.Destination directory: %sz.Building wheel for z. (pyproject.toml)).r....z.Failed building wheel for %s)...logger..debugr......subprocess_runner..build_wheel..Exception..error..os..path..join).r

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\wheel_editable.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2015
                                          Entropy (8bit):5.677883274761524
                                          Encrypted:false
                                          SSDEEP:48:hZZoPzvKzxOtG2F0PSqGneUIg9qFZ0zOVw:D+b68c2CPSWPgaA
                                          MD5:5F9ED22C229FC9FC0BBB1CC84826DCD4
                                          SHA1:DADB058B1253C5DEA7553B512FD2260FC68726A6
                                          SHA-256:2F5E8345A4BFCB6CE93AF8D0CE11581F3AD7A165EDB4D0979DD3958286B6B37D
                                          SHA-512:EC6F929B82B695C3E8552A56861671C5B7717696DE56C52F0C2EB1A1E1B4A507DC7DC117D0758881AF31282CDB313400364C3268FB5A65EFFA858010D39A4E80
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.....e.j...................e.........Z.d.e.d.e.d.e.d.e.d.e.e.....f.d...Z.y.)......N)...Optional)...BuildBackendHookCaller..HookMissing)...runner_with_spinner_message..name..backend..metadata_directory..tempd..returnc...........................|...J.....t.........j...................d.|...........t.........d.|...d...........}.|.j...................|.........5.....|.j...................|.|...........}...d.d.d...........t.........j...................j...................|...........S.#.t.........$.r)}.t.........j...................d.|.|...........Y.d.}.~.d.d.d...........y.d.}.~.w.w.x.Y.w.#.1.s.w...Y......^x.Y.w.#.t.........$.r...t.........j...................d.|...........Y.y.w.x.Y.w.).z.Build one InstallRequirement using the PEP 660 build process... Returns path to wheel if successfully built. Otherwise, returns None.. Nz.Destination directory: %sz.Building editable for z. (pyproject.tom

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\__pycache__\wheel_legacy.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3919
                                          Entropy (8bit):5.62506652458114
                                          Encrypted:false
                                          SSDEEP:48:EeM+G3ATAZOGAXy+pNjws8bQZNcfwYRQammfU+S22N57a+tPZ6ksMpIIyN7RcXV9:EV3zKCUjwnaKfZR6+S2szPZrsN7cCNe
                                          MD5:A8C9F0DA11BA0EB2F9EC34A8D171A2F9
                                          SHA1:058F60434D089D39056AEE30419541FE0692B442
                                          SHA-256:B48EFC304C8E549F6B657F8DD734B29B71E8ECA3955100846842872FDE0C327A
                                          SHA-512:83A232BB4C26917AE021039B807B8313A129727226AD150388B8450706A6AAE8D7A55BACF92A98648A4FDC535E762A0401AB0838BBAF888087D2CD0209CD879C
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.....e.j...................e.........Z.d.e.e.....d.e.d.e.f.d...Z.d.e.e.....d.e.d.e.d.e.e.....d.e.d.e.e.....f.d...Z.d.e.d.e.d.e.d.e.e.....d.e.e.....d.e.d.e.e.....f.d...Z.y.)......N)...List..Optional)...open_spinner).. make_setuptools_bdist_wheel_args)...call_subprocess..format_command_args..command_args..command_output..returnc...........................t.........|.........}.d.|...d...}.|.s.|.d.z...}.|.S.t.........j...........................t.........j...................kD..r.|.d.z...}.|.S.|.j...................d.........s.|.d.z...}.|.d.|.....z...}.|.S.).z'Format command information for logging.z.Command arguments: ...z.Command output: Nonez'Command output: [use --verbose to show]z.Command output:.).r......logger..getEffectiveLevel..logging..DEBUG..endswith).r....r......command_desc..texts.... .dC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/operation

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\build_tracker.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4832
                                          Entropy (8bit):4.618328684403838
                                          Encrypted:false
                                          SSDEEP:96:IOYy0tIvdlzsjYMxasmoX2oL5QTUVan0FHPYQxai:IDywSldyiz0FHBai
                                          MD5:F96311DD96F1BE4BB365524BE991BE50
                                          SHA1:AD8A4AB522BB9F567A393CF6D0DE5ED1314CBAB7
                                          SHA-256:CFE1F90CE92765D05ADDD87656AE9504C639A8B6082A6963DA9E821992B92DCF
                                          SHA-512:D9E4F2BA33DE58F3F040D3DA293016EDB25BE0D02642F52947D0483B84E3851E644113672EA58C70123FADE9CDCE99B47239849CE0D14DE714EC1D37976FF854
                                          Malicious:false
                                          Preview:import contextlib.import hashlib.import logging.import os.from types import TracebackType.from typing import Dict, Generator, Optional, Set, Type, Union..from pip._internal.models.link import Link.from pip._internal.req.req_install import InstallRequirement.from pip._internal.utils.temp_dir import TempDirectory..logger = logging.getLogger(__name__)...@contextlib.contextmanager.def update_env_context_manager(**changes: str) -> Generator[None, None, None]:. target = os.environ.. # Save values from the target and change them.. non_existent_marker = object(). saved_values: Dict[str, Union[object, str]] = {}. for name, new_value in changes.items():. try:. saved_values[name] = target[name]. except KeyError:. saved_values[name] = non_existent_marker. target[name] = new_value.. try:. yield. finally:. # Restore original values in the target.. for name, original_value in saved_values.items():. if orig

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\metadata.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1422
                                          Entropy (8bit):4.6243304875946425
                                          Encrypted:false
                                          SSDEEP:24:Ab0HQNdptouYXrkezPAZDI8QE2jbZjpmlLCGIJtHvH5lp0y2C5FX/P66fmepkety:AnNJSkO8QLjbZjpml+VvWy2C5ocnkyE/
                                          MD5:39771CD0BE98EC2FA8E622FDA059FDF0
                                          SHA1:C816FD8F874F799A9620D92DB505598D21C82BA8
                                          SHA-256:F52D02503F14DD0A99797A7E672B7C1F1C14F74944E10AE760382BA990F30677
                                          SHA-512:578A0446D208F615FADDA5C21CAEEAF4DF744572111C6043ADE541BFC142AC6354F4DE0E24DEC4D31535F433A1A663CF661C121351DCDBCA2510D0AEAD8F8A1E
                                          Malicious:false
                                          Preview:"""Metadata generation logic for source distributions.."""..import os..from pip._vendor.pyproject_hooks import BuildBackendHookCaller..from pip._internal.build_env import BuildEnvironment.from pip._internal.exceptions import (. InstallationSubprocessError,. MetadataGenerationFailed,.).from pip._internal.utils.subprocess import runner_with_spinner_message.from pip._internal.utils.temp_dir import TempDirectory...def generate_metadata(. build_env: BuildEnvironment, backend: BuildBackendHookCaller, details: str.) -> str:. """Generate metadata using mechanisms described in PEP 517... Returns the generated metadata directory.. """. metadata_tmpdir = TempDirectory(kind="modern-metadata", globally_managed=True).. metadata_dir = metadata_tmpdir.path.. with build_env:. # Note that BuildBackendHookCaller implements a fallback for. # prepare_metadata_for_build_wheel, so we don't have to. # consider the possibility that this hook doesn't exist..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\metadata_editable.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1474
                                          Entropy (8bit):4.593686499595817
                                          Encrypted:false
                                          SSDEEP:24:Ab0HQNdptouYXrkezPAEBDI8QE2jbZjpmWLCGIJtHvH5lp9E2PA57/P66fmedQkX:AnNJSkx8QLjbZjpmW+VvLE2I5ucTQkyo
                                          MD5:E46DA46FB32FE4B45B9961E977915B95
                                          SHA1:DF9F933316C1DBFE666BFB169C6DE0D2884C74E6
                                          SHA-256:54B2FB2EF9ED284F2AC5D854744261728B45CD4B0E488F0D352D38DF150B29EC
                                          SHA-512:A25E7D52711F6FC40EB819C217CE90AF874ABA5CAE67B31272941DC7D151EAA8C57FCEF62EDB1835BE2AD6EEF6DBA0283CCA732361E7F20D7C6E4A0812D4A9E7
                                          Malicious:false
                                          Preview:"""Metadata generation logic for source distributions.."""..import os..from pip._vendor.pyproject_hooks import BuildBackendHookCaller..from pip._internal.build_env import BuildEnvironment.from pip._internal.exceptions import (. InstallationSubprocessError,. MetadataGenerationFailed,.).from pip._internal.utils.subprocess import runner_with_spinner_message.from pip._internal.utils.temp_dir import TempDirectory...def generate_editable_metadata(. build_env: BuildEnvironment, backend: BuildBackendHookCaller, details: str.) -> str:. """Generate metadata using mechanisms described in PEP 660... Returns the generated metadata directory.. """. metadata_tmpdir = TempDirectory(kind="modern-metadata", globally_managed=True).. metadata_dir = metadata_tmpdir.path.. with build_env:. # Note that BuildBackendHookCaller implements a fallback for. # prepare_metadata_for_build_wheel/editable, so we don't have to. # consider the possibility that this hook doe

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\metadata_legacy.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2198
                                          Entropy (8bit):4.514631026862264
                                          Encrypted:false
                                          SSDEEP:48:AyFTclkcBb5euAi9e6qa3h48Q4UOFY+2EVi/e2CFkyz1RJ5i:AyFTxcr13C8VFY+2lGCuRO
                                          MD5:8D1B8A2EC71166ECC0014C332636D8E2
                                          SHA1:01B6632B02F1FCA9880DACF96142556D33F159BB
                                          SHA-256:A3E794DB502CD7BE610C2EDD96E3357C927F16AA244C84A1C96A6329A2291D9C
                                          SHA-512:C6314BE4C5E87A9C7A4253DFCB26163666DF242834DFB3AE0B86CA2D2127AB39B1993FAAC474B4AC0E5A49A2B13A65C1166C2B0B72C0B0B6D3F567A375460A3D
                                          Malicious:false
                                          Preview:"""Metadata generation logic for legacy source distributions.."""..import logging.import os..from pip._internal.build_env import BuildEnvironment.from pip._internal.cli.spinners import open_spinner.from pip._internal.exceptions import (. InstallationError,. InstallationSubprocessError,. MetadataGenerationFailed,.).from pip._internal.utils.setuptools_build import make_setuptools_egg_info_args.from pip._internal.utils.subprocess import call_subprocess.from pip._internal.utils.temp_dir import TempDirectory..logger = logging.getLogger(__name__)...def _find_egg_info(directory: str) -> str:. """Find an .egg-info subdirectory in `directory`.""". filenames = [f for f in os.listdir(directory) if f.endswith(".egg-info")].. if not filenames:. raise InstallationError(f"No .egg-info directory found in {directory}").. if len(filenames) > 1:. raise InstallationError(. "More than one .egg-info directory found in {}".format(directory). ).. return

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\wheel.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1075
                                          Entropy (8bit):4.592001270993553
                                          Encrypted:false
                                          SSDEEP:24:tmdptPRVjWqaS2drOX8Sq7/P6R2TBNSSREhL:CdjP2dKXIuET3pEhL
                                          MD5:BFD26E6B7D053BEAE312119DF6233540
                                          SHA1:DCD764C358F280CC9FDB2E90AB06A9686D3F21BA
                                          SHA-256:B13D761412C0C430BAC32AC3A2B87C92F719D631B9A889C2456CF33FE5242624
                                          SHA-512:04462A2559C1FDD8815BEE2762899581B620D3035BE6CDF97BD081B9901B4DE633352C8D8D8444A13D6A549C6608C3420FD9717EDC0705BB5AFAC9F98897C6B8
                                          Malicious:false
                                          Preview:import logging.import os.from typing import Optional..from pip._vendor.pyproject_hooks import BuildBackendHookCaller..from pip._internal.utils.subprocess import runner_with_spinner_message..logger = logging.getLogger(__name__)...def build_wheel_pep517(. name: str,. backend: BuildBackendHookCaller,. metadata_directory: str,. tempd: str,.) -> Optional[str]:. """Build one InstallRequirement using the PEP 517 build process... Returns path to wheel if successfully built. Otherwise, returns None.. """. assert metadata_directory is not None. try:. logger.debug("Destination directory: %s", tempd).. runner = runner_with_spinner_message(. f"Building wheel for {name} (pyproject.toml)". ). with backend.subprocess_runner(runner):. wheel_name = backend.build_wheel(. tempd,. metadata_directory=metadata_directory,. ). except Exception:. logger.error("Failed building wheel for

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\wheel_editable.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1417
                                          Entropy (8bit):4.3101463528891335
                                          Encrypted:false
                                          SSDEEP:24:tmdp9vaPCXvF6jWqat2drOXzP7/P66R2lvFIBNDcPzsdFjyEhL:C9vHXvgjI2dKXruXlva3DssdF2EhL
                                          MD5:D481FB9C7608F878A84FB81A8A7AA2D1
                                          SHA1:1D8E256134A57F9C5FA78BB388B31B61D2D0C3CE
                                          SHA-256:C8EB681FACE9024A0A60452DAFC161CEB62790D1D0690063590D8761A7B53108
                                          SHA-512:6DFC8DD2DDBDA76D94096930883688E83D50904173BFD1F6AB4F7EC3A4BA026B879059AD5443884F558C537234D38E22D43917DF406BB072B9C2898F0D12D859
                                          Malicious:false
                                          Preview:import logging.import os.from typing import Optional..from pip._vendor.pyproject_hooks import BuildBackendHookCaller, HookMissing..from pip._internal.utils.subprocess import runner_with_spinner_message..logger = logging.getLogger(__name__)...def build_wheel_editable(. name: str,. backend: BuildBackendHookCaller,. metadata_directory: str,. tempd: str,.) -> Optional[str]:. """Build one InstallRequirement using the PEP 660 build process... Returns path to wheel if successfully built. Otherwise, returns None.. """. assert metadata_directory is not None. try:. logger.debug("Destination directory: %s", tempd).. runner = runner_with_spinner_message(. f"Building editable for {name} (pyproject.toml)". ). with backend.subprocess_runner(runner):. try:. wheel_name = backend.build_editable(. tempd,. metadata_directory=metadata_directory,. ). exc

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\build\wheel_legacy.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3064
                                          Entropy (8bit):4.513661919781371
                                          Encrypted:false
                                          SSDEEP:48:PB2BMxxA1CiycvkJAWlQprspdzSCgGZnhqaLd8VsgS2QVMaGrXbF4+g9:PB2BT6JAWyprudz+GZnwOd8igS2QSFVS
                                          MD5:3A5B36046CFE14561424A5E1EFB50CBB
                                          SHA1:30C3511EBD59DC05391D5239455C12D74E697BC0
                                          SHA-256:0BD8FAAEE920408D67FC97902E8646B8375F530CC25D287221D3D3A7A79D6CC4
                                          SHA-512:BF8AC3322DFFD7B07975E05FF212345F240325204B7A87D55CBB0AEACA7BEA38DB68BB9EFC3330C807B73677FA5B9C0AE17795E2C448CF590439F252DC0E84AA
                                          Malicious:false
                                          Preview:import logging.import os.path.from typing import List, Optional..from pip._internal.cli.spinners import open_spinner.from pip._internal.utils.setuptools_build import make_setuptools_bdist_wheel_args.from pip._internal.utils.subprocess import call_subprocess, format_command_args..logger = logging.getLogger(__name__)...def format_command_result(. command_args: List[str],. command_output: str,.) -> str:. """Format command information for logging.""". command_desc = format_command_args(command_args). text = f"Command arguments: {command_desc}\n".. if not command_output:. text += "Command output: None". elif logger.getEffectiveLevel() > logging.DEBUG:. text += "Command output: [use --verbose to show]". else:. if not command_output.endswith("\n"):. command_output += "\n". text += f"Command output:\n{command_output}".. return text...def get_legacy_build_wheel_path(. names: List[str],. temp_dir: str,. name: str,. com

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\check.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6806
                                          Entropy (8bit):4.482733839291248
                                          Encrypted:false
                                          SSDEEP:96:kWH42xp5561FL56bMEHANrxR66YyvtsXS3y5PLEuLDMqaj7/ADyRWNQTJhDxE:kWNxFMFFQMrPyyvipi/AAWNQFtS
                                          MD5:F2F39E7FF5671C534F4F335E773B9C5A
                                          SHA1:D97AC05828EE730EE5B14A6F6E28DCE98A4F0B96
                                          SHA-256:7ECA80F3C8866AA7ED0ABDAD94FDEC494DB4D824A4A0E0D1B56D0EF8953D3386
                                          SHA-512:F0BC7552E171ED2963A7B12F55E6652CF334B3FF27E57810737A73909174B58D99B216D1D9C3DE92619F6A7F08A9F59B0FFDAD1300192272B6AA7732005E66B5
                                          Malicious:false
                                          Preview:"""Validation of dependencies of packages."""..import logging.from typing import Callable, Dict, List, NamedTuple, Optional, Set, Tuple..from pip._vendor.packaging.requirements import Requirement.from pip._vendor.packaging.specifiers import LegacySpecifier.from pip._vendor.packaging.utils import NormalizedName, canonicalize_name.from pip._vendor.packaging.version import LegacyVersion..from pip._internal.distributions import make_distribution_for_install_requirement.from pip._internal.metadata import get_default_environment.from pip._internal.metadata.base import DistributionVersion.from pip._internal.req.req_install import InstallRequirement.from pip._internal.utils.deprecation import deprecated..logger = logging.getLogger(__name__)...class PackageDetails(NamedTuple):. version: DistributionVersion. dependencies: List[Requirement]...# Shorthands.PackageSet = Dict[NormalizedName, PackageDetails].Missing = Tuple[NormalizedName, Requirement].Conflicting = Tuple[NormalizedName, Distri

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\freeze.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):9816
                                          Entropy (8bit):4.064319785232956
                                          Encrypted:false
                                          SSDEEP:192:wKXwcXVX29FLZPq1gaFYD8uDMNBrVbFhZ0DID53hC/rP3Wf3WFcdbvRMuPV:wKnIMev8ue2/rueFcdlh
                                          MD5:7DD939A42B1612389F3D939F07D813B7
                                          SHA1:BFC4FAB55E20829097432E39193CDC13C99A3D10
                                          SHA-256:BAAA1E4C07FA1CE615311D948004FC37CE54668184544A1075A9FF028E9239F9
                                          SHA-512:33F913AD806204AB63A5DD080A708B24362A0ED74A9958A0357A1BC505A9BA9EA4FB1497BDE8370AB12DD8AE9B64F15642DE91A077F1194485A6CD23CDA6C86E
                                          Malicious:false
                                          Preview:import collections.import logging.import os.from typing import Container, Dict, Generator, Iterable, List, NamedTuple, Optional, Set..from pip._vendor.packaging.utils import canonicalize_name.from pip._vendor.packaging.version import Version..from pip._internal.exceptions import BadCommand, InstallationError.from pip._internal.metadata import BaseDistribution, get_environment.from pip._internal.req.constructors import (. install_req_from_editable,. install_req_from_line,.).from pip._internal.req.req_file import COMMENT_RE.from pip._internal.utils.direct_url_helpers import direct_url_as_pep440_direct_reference..logger = logging.getLogger(__name__)...class _EditableInfo(NamedTuple):. requirement: str. comments: List[str]...def freeze(. requirement: Optional[List[str]] = None,. local_only: bool = False,. user_only: bool = False,. paths: Optional[List[str]] = None,. isolated: bool = False,. exclude_editable: bool = False,. skip: Container[str] = (),.) -> Ge

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\install\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):51
                                          Entropy (8bit):4.155090479515533
                                          Encrypted:false
                                          SSDEEP:3:d/IF7CL5Dv:RI5CLdv
                                          MD5:C6F771F71FE2E186FB048050F4D2E467
                                          SHA1:C72C58E6CD7763F27AC8041D54F6390149AFC48E
                                          SHA-256:997EE1C83D863413B69851A8903437D2BFC65EFED8FCF2DDB71714BF5E387BEB
                                          SHA-512:A2A8D3F7862E8260EBC53B6670830104DCCD73A6292E1ECEF40379A167BAC510F81A3583C3AFA0EAAF6632BE771DCC54BE22F00330938B42B70B331DC42A9A0F
                                          Malicious:false
                                          Preview:"""For modules related to installing packages..""".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\install\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):256
                                          Entropy (8bit):5.150036709788435
                                          Encrypted:false
                                          SSDEEP:6:L4aCCAI5CLf/Z6B0WltI+u6qpR2pAreKAqAImZEqc6IaYleHXlll:UaCC5cLp6BvPwWbbsKYjaYkH1ll
                                          MD5:D6C05C7D733EB6F09FBD353B3B228EC1
                                          SHA1:AC0200DA758D782B996F747C30BF98F7F5C52190
                                          SHA-256:3A6725A7D934E100019904AD86601DBE68E496E42896D82CDE556AD3963649F5
                                          SHA-512:E187AB1507A06E6C1532FF77AFCD75CD59CD9F27F8BA4ADCCBD49B89961E26F0566C406C1FA537B5798CA93A50A1ADF1D9A3AFD1508DC5617D06CDB6FADBB15D
                                          Malicious:false
                                          Preview:...........f3...............................d.Z.y.).z,For modules related to installing packages..N)...__doc__........bC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/operations/install/__init__.py..<module>r........s..............r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\install\__pycache__\editable_legacy.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1807
                                          Entropy (8bit):5.636259594541373
                                          Encrypted:false
                                          SSDEEP:48:tS+qkNlXWRZR+0NtpdI1QPEz987Bs8C7CphPtIf:tRXGRn+iJkQPEz98xZhC
                                          MD5:72C90236BBAECC2A04BE9094A1863AA0
                                          SHA1:F653B5A5B3B4EFF90ECF578EA8E83039F35D42E4
                                          SHA-256:27E2F10AFF4495CF6D74DDA036402343222417A698A759C4198E6F0AABB5D737
                                          SHA-512:B969C11C6D1B5B51ABB489AA3B5D557C928D76B0F4757C01066FD9F53DE3CA1F91FC873F89247344C951D1C069CA12F6B1EE92FB7C2F20BF12B6A065B22D18FF
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j...................e.........Z.d.e.e.....d.e.e.....d.e.e.....d.e.d.e.d.e.d.e.d.e.d.e.d.d.f.d...Z.y.).z?Legacy editable installation process, i.e. `setup.py develop`.......N)...Optional..Sequence)...BuildEnvironment)...indent_log)...make_setuptools_develop_args)...call_subprocess..global_options..prefix..home..use_user_site..name..setup_py_path..isolated..build_env..unpacked_source_directory..returnc...........................t.........j...................d.|...........t.........|.|.|.|.|.|...........}.t.................5...|.5...t.........|.d.|.............d.d.d...........d.d.d...........y.#.1.s.w...Y.......x.Y.w.#.1.s.w...Y.....y.x.Y.w.).z[Install a package in editable mode. Most arguments are pass-through. to setuptools.. z.Running setup.py develop for %s).r......no_user_configr....r....r....z.python setup.py develop)...command_desc..cwdN)...logger..infor

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\install\__pycache__\wheel.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):33849
                                          Entropy (8bit):5.39353734679023
                                          Encrypted:false
                                          SSDEEP:384:oR2WOFlCE/3NJiJuhwT8o2pABLhcyoAe/rsl/d0Vkycqmeg38czAuJAl9V8:EOFlv/niACOIhpo3W1028cst9K
                                          MD5:524E46FD2BFAD8F991A91E4DF473F705
                                          SHA1:29F23C17E30DB106BBE151A09B70D674B6695BCD
                                          SHA-256:85BB98ADE226F7F24816FCC4EF5C3D87B21A1DE5EAAC3DDB6AE0D8FAB929E06C
                                          SHA-512:40F551408325354FAEAC974748E84DFE9B9991890ACFD48A0DF64B1AD8874E683DFCC2A914FDB01A6C6177CBC47383FCA8643656F7F15D18C7791E88E9DB37E1
                                          Malicious:false
                                          Preview:...........f.j.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&..d.d.l'm(Z(m)Z)..d.d.l*m+Z+..d.d.l,m-Z-..d.d.l.m/Z/..d.d.l0m1Z1..d.d.l2m3Z3..d.d.l4m5Z5m6Z6m7Z7..d.d.l8m9Z9m:Z:..d.d.l;m<Z<m=Z=..d.d.l>m?Z?m@Z@..d.d.lAmBZBmCZCmDZDmEZE..d.d.lFmGZGmHZHmIZImJZJ..d.d.lKmLZL..e.r.d.d.l.mMZM....G.d...d.eM........ZN..e.j...................eP........ZQ..e d.eR........ZSe$eSeRe%eTeRf.....f.....ZUdId.eRd.eTd.e$eReRf.....f.d...ZVd.eRd.e.eRe.f.....f.d...ZWd.eRd.eXf.d...ZYd.e.d.eXf.d ..ZZd!e5d.e$e.eReRf.....e.eReRf.....f.....f.d"..Z[d#e"eR....d.e!eR....f.d$..Z\d%e.eU....d.e.e$eReReRf.........f.d&..Z]d'eSd(eRd.eRf.d)..Z^d.eRd(eRd.eSf.d*..Z_d+e.e.eR........d,e.eSeSf.....d-e#eS....d.e.eR....d(eRd.e.eU....f.d/..Z`d0e.eReRf.....d.e.eR....f.d1..Za..G.d2..d3........Zb..G.d4..d5........Zc..G.d6..d7e1........Zdd8eRd.d.f.d9

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\install\editable_legacy.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1282
                                          Entropy (8bit):4.529425309919988
                                          Encrypted:false
                                          SSDEEP:24:6NXahpouY2vZHVY/vPXIAavFw3pm8MUUKxmml97+ZyICoUC:iXaPXvZ1savi5m8JUNZyrC
                                          MD5:DCB76A8AD093B7E45F58BE9D79106C59
                                          SHA1:61A524BDA27C4AB0F2BD898903EE87E51D34F59A
                                          SHA-256:61E47429A7565F0FD985E0B536D006D6A5481243A04461DCDB7C7E62D196ECD5
                                          SHA-512:C00A2CF22BBDBEA5D024F1F2181A0D7557675A7B2C28B9DF9D58466E1E36111A6406D9F0D1587FA4D5E5FD07081580DB08D72DC26AA5A8B83709AD3D56EDAE8D
                                          Malicious:false
                                          Preview:"""Legacy editable installation process, i.e. `setup.py develop`..""".import logging.from typing import Optional, Sequence..from pip._internal.build_env import BuildEnvironment.from pip._internal.utils.logging import indent_log.from pip._internal.utils.setuptools_build import make_setuptools_develop_args.from pip._internal.utils.subprocess import call_subprocess..logger = logging.getLogger(__name__)...def install_editable(. *,. global_options: Sequence[str],. prefix: Optional[str],. home: Optional[str],. use_user_site: bool,. name: str,. setup_py_path: str,. isolated: bool,. build_env: BuildEnvironment,. unpacked_source_directory: str,.) -> None:. """Install a package in editable mode. Most arguments are pass-through. to setuptools.. """. logger.info("Running setup.py develop for %s", name).. args = make_setuptools_develop_args(. setup_py_path,. global_options=global_options,. no_user_config=isolated,. prefix=pref

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\install\wheel.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):27311
                                          Entropy (8bit):4.642708671405098
                                          Encrypted:false
                                          SSDEEP:384:0GHMR/kRyVVi89DzT8O1WCqclVNe3nHCFvtoMWgCq2JTRH:0QI/bPnkVclVNe3H6hE1RH
                                          MD5:F885BF99952E370232B260C8B3A4A2B0
                                          SHA1:1CC61594079640CF319031BD5FD0F278ED519D1E
                                          SHA-256:F6119BD5CE1B4673C86F6146EC2B5448F7CFC6AA6B987401B702009563CD4ED1
                                          SHA-512:A16709DACFB9BAB959F2537C09B1673332F8A67DA65FF2877401E4768E83B34ABAE4B3E966A65ED1B04E7159B240AC4EFED0832E0300F396FD2F66D5B185D7D0
                                          Malicious:false
                                          Preview:"""Support for installing and building the "wheel" binary package format.."""..import collections.import compileall.import contextlib.import csv.import importlib.import logging.import os.path.import re.import shutil.import sys.import warnings.from base64 import urlsafe_b64encode.from email.message import Message.from itertools import chain, filterfalse, starmap.from typing import (. IO,. TYPE_CHECKING,. Any,. BinaryIO,. Callable,. Dict,. Generator,. Iterable,. Iterator,. List,. NewType,. Optional,. Sequence,. Set,. Tuple,. Union,. cast,.).from zipfile import ZipFile, ZipInfo..from pip._vendor.distlib.scripts import ScriptMaker.from pip._vendor.distlib.util import get_export_entry.from pip._vendor.packaging.utils import canonicalize_name..from pip._internal.exceptions import InstallationError.from pip._internal.locations import get_major_minor_version.from pip._internal.metadata import (. BaseDistribution,. FilesystemWheel,. ge

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\operations\prepare.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):28128
                                          Entropy (8bit):4.3534757921233584
                                          Encrypted:false
                                          SSDEEP:384:6wqVVk3BUI64dQw93NywZO6FK1pbSTB5wqCMrcAr4OVN3h5rgcyxK:sp8QZwZTccaqCM/rJVN3LgcmK
                                          MD5:D47E3EB660F7DBCAEC2D8BB2BC871B01
                                          SHA1:DC57A38D370F140ADFB08A5C8EDD2E35FF19EB40
                                          SHA-256:E7B3AAF3B1DFBA75F745BAA9E3B15D689AFD7076C02949BFDE0BFB5A1040A9B1
                                          SHA-512:7DF3547C12AB029CA0B7D2CF0FAC89CD65AC3273C347DACD1BE635F24FD690576015C7516326A650076D8A6507DCF0BA0D571598B2920BB4A8336435C847D3CB
                                          Malicious:false
                                          Preview:"""Prepares a distribution for installation."""..# The following comment should be removed at some point in the future..# mypy: strict-optional=False..import mimetypes.import os.import shutil.from pathlib import Path.from typing import Dict, Iterable, List, Optional..from pip._vendor.packaging.utils import canonicalize_name..from pip._internal.distributions import make_distribution_for_install_requirement.from pip._internal.distributions.installed import InstalledDistribution.from pip._internal.exceptions import (. DirectoryUrlHashUnsupported,. HashMismatch,. HashUnpinned,. InstallationError,. MetadataInconsistent,. NetworkConnectionError,. VcsHashUnsupported,.).from pip._internal.index.package_finder import PackageFinder.from pip._internal.metadata import BaseDistribution, get_metadata_distribution.from pip._internal.models.direct_url import ArchiveInfo.from pip._internal.models.link import Link.from pip._internal.models.wheel import Wheel.from pip._internal.netwo

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\pyproject.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):7152
                                          Entropy (8bit):4.544558175493023
                                          Encrypted:false
                                          SSDEEP:96:qWhBuxc89eeuB3bybJ9dlwdNHyYhf9QGpo5QZOv7Q4IY4LrMn4sNqXj/Qy8uO+ND:qWh5890mLw7ycf91SgE7QsnE/DNiMSg
                                          MD5:EA947CFEEE9C6ADD3CA6D39E9EFA3C98
                                          SHA1:E28E26069246AB43190B65A83D9A362D31623D07
                                          SHA-256:E17B33A75D7182BD76EB2CC6E816C9034A1A43D597BA16F48F251BFB2FFA94F4
                                          SHA-512:5FCF07C4A901B2D768996D1275E5B680706C6B703F7EE526A0A1EED8660C2E1F0DFC2C1564E19A07663C24F73D983FD43ACCFC3F82E57C6EC0DBB3B427436569
                                          Malicious:false
                                          Preview:import importlib.util.import os.from collections import namedtuple.from typing import Any, List, Optional..from pip._vendor import tomli.from pip._vendor.packaging.requirements import InvalidRequirement, Requirement..from pip._internal.exceptions import (. InstallationError,. InvalidPyProjectBuildRequires,. MissingPyProjectBuildRequires,.)...def _is_list_of_str(obj: Any) -> bool:. return isinstance(obj, list) and all(isinstance(item, str) for item in obj)...def make_pyproject_path(unpacked_source_directory: str) -> str:. return os.path.join(unpacked_source_directory, "pyproject.toml")...BuildSystemDetails = namedtuple(. "BuildSystemDetails", ["requires", "backend", "check", "backend_path"].)...def load_pyproject_toml(. use_pep517: Optional[bool], pyproject_toml: str, setup_py: str, req_name: str.) -> Optional[BuildSystemDetails]:. """Load the pyproject.toml file... Parameters:. use_pep517 - Has the user requested PEP 517 processing? None.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2738
                                          Entropy (8bit):4.326201740902436
                                          Encrypted:false
                                          SSDEEP:48:dovZvw6xtd2ZhedgW+FbOjm+8CdCaksbZsIwZMtTwH8AXdjW:IxD122gW+Fbp+lCaksbpwmTQjW
                                          MD5:90F6415749AEAC444FDC82A5D4A67413
                                          SHA1:CF0EAD8F5FB907FC11C71DF8CBA39D7B2A024A1A
                                          SHA-256:4C42C58193A87F796132668809558BF54ECF9615E8F4EB9FA246CC009E89D862
                                          SHA-512:B85D577F6023DA280DF94ED9719FB64D804E0665EFC6014F5B3CF223D233966FFB9457A63A5CABE9BB097566314C42F46FB17E5B56F984154965F2A5A0BB6C02
                                          Malicious:false
                                          Preview:import collections.import logging.from typing import Generator, List, Optional, Sequence, Tuple..from pip._internal.utils.logging import indent_log..from .req_file import parse_requirements.from .req_install import InstallRequirement.from .req_set import RequirementSet..__all__ = [. "RequirementSet",. "InstallRequirement",. "parse_requirements",. "install_given_reqs",.]..logger = logging.getLogger(__name__)...class InstallationResult:. def __init__(self, name: str) -> None:. self.name = name.. def __repr__(self) -> str:. return f"InstallationResult(name={self.name!r})"...def _validate_requirements(. requirements: List[InstallRequirement],.) -> Generator[Tuple[str, InstallRequirement], None, None]:. for req in requirements:. assert req.name, f"invalid to-be-installed requirement: {req}". yield req.name, req...def install_given_reqs(. requirements: List[InstallRequirement],. global_options: Sequence[str],. root: Optional[str],.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3733
                                          Entropy (8bit):5.518235105989761
                                          Encrypted:false
                                          SSDEEP:96:55bwq5cBqMwHOcprPd/kfOQqJcbPdzmwDTeZ:XP+Bq7vtPHWTi
                                          MD5:4D774477A9B3136C98D9FB7EC81FDE89
                                          SHA1:CD101500E94FE0A31D858D6D7AB3C43EC1808BAF
                                          SHA-256:D13EA61761BB600C0FC10AC550A2FF7AE8A90F06BA2E7F76A17A8A51F0D17D5D
                                          SHA-512:C4AC3666B1AA62A9F5A962A85D194EBE4FE0EC0AB7C1947FB40DB930DABF6AD658CA7A444018CECAFC2FAD1CB86F4B900E108951A285F34D7C985678378682C2
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z...e.j"..................e.........Z...G.d...d.........Z.d.e.e.....d.e.e.e.e.f.....d.d.f.....f.d...Z.d.e.e.....d.e.e.....d.e.e.....d.e.e.....d.e.e.....d.e.d.e.d.e.d.e.e.....f.d...Z.y.)......N)...Generator..List..Optional..Sequence..Tuple)...indent_log.....)...parse_requirements)...InstallRequirement)...RequirementSet).r....r....r......install_given_reqsc.....................(.....e.Z.d.Z.d.e.d.d.f.d...Z.d.e.f.d...Z.y.)...InstallationResult..name..returnNc...........................|.|._.........y.).N..r....)...selfr....s.... .SC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/req/__init__.py..__init__z.InstallationResult.__init__....s..................c.....................".....d.|.j.....................d...S.).Nz.InstallationResult(name=..)r....).r....s.... r......__repr__z.InstallationResult.__repr__....s........).$.).)...a

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\__pycache__\constructors.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):21572
                                          Entropy (8bit):5.437863994292122
                                          Encrypted:false
                                          SSDEEP:384:+t86OlUUlRfaNE2Eg/zJCG3da2kpQK3FZhYuQBnEsyuP/IuZpk:+t8LlUUjfaNEYzYIkpQaYuKEsNZZpk
                                          MD5:CEEEC37D6ADC6C7F9ADFF8A142EDC51D
                                          SHA1:25601D9CAA31D2C24F9CDCC2258E60CFDDE8F2A7
                                          SHA-256:6CFA41F90FBBD44F598878524435CC91E40595AA22A7E8C2AC1685396514F7A6
                                          SHA-512:AED9A5D3C0002ED28ACD9134A932086806AE480BDF626A89C251E855F349C0A96A080E2B2FE1E3EDFBB7AEB4034F4737CB624290DBADAC2522E246DAD246F6A5
                                          Malicious:false
                                          Preview:...........fJJ........................x.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l!m"Z"..d.d.l#m$Z$..d.d.l%m&Z&..d.d.l'm(Z(..d.d.l)m*Z*m+Z+..g.d...Z,..e.jZ..................e.........Z/e.j`..................jc..........................Z2d.e3d.e.e3e.e3....f.....f.d...Z4d.e.e3....d.e.e3....f.d...Z5d.e.d.e.e3....d.e.f.d...Z6d.e3d.e.e.e3....e3e.e3....f.....f.d...Z7d.e3d.d.f.d...Z8d.e3d.e3f.d...Z9..G.d ..d!........Z:d.e3d.e:f.d"..Z;..d?d.d#d.d.d#d#d#d.d$..d.e3d%e.e.e e3f.........d&e.e<....d'e<d(e.e.e3........d)e.e.e3e.e3....f.........d*e<d+e<d,e<d-e.e.e3e.e3e.e3....f.....f.........d.e f.d...Z=d/e3d.e<f.d0..Z>d.e3d/e3d.e.e3....f.d1..Z?d/e3d2e.e3....d.e:f.d3..Z@..d?d.d#d.d.d#d.d#d.d4..d/e3d%e.e.e3e f.........d&e.e<....d'e<d(e.e.e3........d)e.e.e3e.e3....f.........d*e<d2e.e3....d+e<d-e.e.e3e.e3e.e3....f.....f.........d.e f.d5..ZA........d@d6

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\__pycache__\req_file.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):21451
                                          Entropy (8bit):5.454640373391155
                                          Encrypted:false
                                          SSDEEP:384:8Ptil3ZckffNiknwp3k/TXzKJgwV6/Z9ArSbJ0t/okqfDO:StiVZ/I9JWTXzug5Z9Zmt/ofK
                                          MD5:55D3F5500E9A91C3714629346061E550
                                          SHA1:9B3696DD1254DAEEAD32A6CB0FFA7315D6C96CDE
                                          SHA-256:6CE9E86B65C478AFECCD170B9BD2F331CF480CF3DE8047190D379C571A843A61
                                          SHA-512:3FC4D49938A76A91FCAC7151B67D364ECA40A6757B8D54A211131E3A72A727DDBB174EA5D682BC5AF93C230EFFBDFA58673A04BE37AD8DAF9F11C91EC67DDF32
                                          Malicious:false
                                          Preview:...........f~E.............................U.d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!..e.r.d.d.l.m"Z"..d.d.l#m$Z$..d.g.Z%e.e.e&e'f.........Z(e.e'g.e.e'e.f.....f.....Z)..e.jT..................d.e.jV..........................Z,..e.jT..................d.........Z-..e.jT..................d.........Z.e.j^..................e.j`..................e.jb..................e.jd..................e.jf..................e.jh..................e.jj..................e.jl..................e.jn..................e.jp..................e.jr..................e.jt..................e.jv..................e.jx..................g.Z=e.e.d.e.j|..................f.........e?d.<...e.j...................e.j...................e.j...................g.ZCe.e.d.e.j|..................f.........e?d.<...e.j...................g.ZDe.e.d.e.j|..................f.........e?d.<...eC

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\__pycache__\req_install.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):38404
                                          Entropy (8bit):5.288174491623468
                                          Encrypted:false
                                          SSDEEP:768:mgqqB5KveWzBluXkShnSmYSpylYAw+zerW9:mgqqBcWWp1IpyqG8S
                                          MD5:BE1FA7228A6B0DFB1AF36FA6CF8A0A86
                                          SHA1:CA293328E8869C380FB74A336377F522928460AF
                                          SHA-256:B7A8F7166EA067717E14A45EFA688192A7A5288504CD5FEEC7741D7F38E0B21A
                                          SHA-512:145187E3F4FFBA61C61FB59AF58F1D289BAD94DEE1CC2B39700DFBD94C493B7B72ED7DED31072C7A68A03978554370CFA1CCAE4AC199F5F7EFD769C5BE8A3486
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#m$Z$..d.d.l%m&Z&m'Z'..d.d.l(m)Z)..d.d.l*m+Z+m,Z,m-Z-m.Z...d.d.l/m0Z0..d.d.l1m2Z2..d.d.l3m4Z4..d.d.l5m6Z6..d.d.l7m8Z8..d.d.l9m6Z:..d.d.l;m<Z=..d.d.l>m?Z?..d.d.l@mAZAmBZB..d.d.lCmDZD..d.d.lEmFZF..d.d.lGmHZH..d.d.lImJZJmKZKmLZLmMZMmNZNmOZOmPZPmQZQ..d.d.lRmSZS..d.d.lTmUZU..d.d.lVmWZWmXZX..d.d.lYmZZZ..d.d l[m\Z\..d.d!l]m^Z^....e.j...................e`........Za..G.d"..d#........Zbd$ebd%ecf.d&..Zdd'e.d(e.eb....d)ecd%eef.d*..Zfd'e.d(e.eb....d%d.f.d+..Zgy.),.....N)...Values)...Path)...Any..Collection..Dict..Iterable..List..Optional..Sequence..Union)...Marker)...Requirement)...SpecifierSet)...canonicalize_name)...Version)...parse)...BuildBackendHookCaller)...BuildEnvironment..NoOpBuildEnvironment)...InstallationError..PreviousBuildDirError).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\__pycache__\req_set.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7208
                                          Entropy (8bit):5.242766904057177
                                          Encrypted:false
                                          SSDEEP:96:MuIvP5dqlHhvbUxtcZ5H29Hpt0au0hTFYmREJGKp8lfXtktpwkT5gUNQ:MTqlBvAxaf2h0azFLy7p819k395m
                                          MD5:9FBD89F601E2E52A737CAE0B6ED10FCC
                                          SHA1:E5CB03EFFB2A51FA660D272031FADC3F9255A163
                                          SHA-256:B1CF2B5402B880011627316DB3C793A840D0E5DDB649CE7C82ECEC9F8318F9AE
                                          SHA-512:53CB8AD0326927CB664DCF2C1EEBFFB2A5CCAC1CE39676BF2C82F8D7E06929942E41BFB269E273376E3D18BFB66512E78CB229554972DD194CC690F449A39AEB
                                          Malicious:false
                                          Preview:...........f`..............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j ..................e.........Z...G.d...d.........Z.y.)......N)...OrderedDict)...Dict..List)...LegacySpecifier)...canonicalize_name)...LegacyVersion)...InstallRequirement)...deprecatedc..........................e.Z.d.Z.d.d.e.d.d.f.d...Z.d.e.f.d...Z.d.e.f.d...Z.d.e.d.d.f.d...Z.d.e.d.d.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.e.d.e.e.....f.d...........Z.e.d.e.e.....f.d...........Z.d.d...Z.y.)...RequirementSet..check_supported_wheels..returnNc.....................>.....t.................|._.........|.|._.........g.|._.........y.).z.Create a RequirementSet.N).r......requirementsr......unnamed_requirements)...selfr....s.... .RC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/req/req_set.py..__init__z.RequirementSet.__init__....s.........<G..=......&<....#.>@....!.....c..........................t.........d...|.j...................

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\__pycache__\req_uninstall.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32967
                                          Entropy (8bit):5.205210328250009
                                          Encrypted:false
                                          SSDEEP:768:tP/s8bct+8cFqeSOlkn05Mm4/uZrwG/CtFC1430Bb:tP/ZbcA1FfDAC14Ob
                                          MD5:DD1E4A985A2E25902A8BDA2AFEB83FF4
                                          SHA1:DB47FF447CD1515C21B36471D766331CB2F9ED42
                                          SHA-256:B3819DDFD04D051DB22E01D8D528742E9C549F181442320B9528CCDAF66E1B99
                                          SHA-512:B91D6D68F01DA5CB9183A1B2DEE1AE26978F5E38484410E456936B21A46B45A1BF0E0A34FA96CA9AD398529C631B7D048F9CC770F0AF2F839C6C890C1CF19308
                                          Malicious:false
                                          Preview:...........f._..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m Z m!Z!m"Z"..d.d.l#m$Z$m%Z%..d.d.l&m'Z'....e.e(........Z)d.e*d.e*d.e+d.e.e*d.d.f.....f.d...Z,d.e.d.e.e.d.d.f.....f.....d.e.d.e.e.d.d.f.....f.....f.d...Z-e-d.e.d.e.e*d.d.f.....f.d...........Z.d.e.e*....d.e.e*....f.d...Z/d.e.e*....d.e.e*....f.d...Z0d.e.e*....d.e.e.e*....e.e*....f.....f.d...Z1..G.d...d.........Z2..G.d...d.........Z3..G.d...d ........Z4y.)!.....N)...cache_from_source)...Any..Callable..Dict..Generator..Iterable..List..Optional..Set..Tuple)...UninstallationError)...get_bin_prefix..get_bin_user)...BaseDistribution)...WINDOWS)...egg_link_path_from_location)...getLogger..indent_log)...ask..normalize_path..renames..rmtree)...AdjacentTempDirectory..TempDirectory)...running_under_virtualenv..bin_dir..script_name..is_gui..returnc................#.......K.....t..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\constructors.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):19018
                                          Entropy (8bit):4.5153846504298185
                                          Encrypted:false
                                          SSDEEP:384:bYk+ErtWMTIHs16EvJT7HpPw1FZresif6kckMFvGAgBCl4q:Drw57Wtoib/tAhL
                                          MD5:18D03004D257F83A9E3D4110530F71F3
                                          SHA1:95D491FF36169C0C5FFFE9AEE67B6A6FD10BECD9
                                          SHA-256:F21958E7A8A612D84B3914709A5A322B3DD83B25F298868AB0D07A3FD7B0BCD2
                                          SHA-512:5CA7D9B1309EE20B72D63534480740CAD441571AA4AE2695157849DC263657C1AED2087FB871D8B4EC990D2AB0A1C5D593680ACD2669190FF58999987C99895B
                                          Malicious:false
                                          Preview:"""Backing implementation for InstallRequirement's various constructors..The idea here is that these formed a major chunk of InstallRequirement's size.so, moving them and support code dedicated to them outside of that class.helps creates for better understandability for the rest of the code...These are meant to be used elsewhere within pip to create instances of.InstallRequirement.."""..import copy.import logging.import os.import re.from typing import Collection, Dict, List, Optional, Set, Tuple, Union..from pip._vendor.packaging.markers import Marker.from pip._vendor.packaging.requirements import InvalidRequirement, Requirement.from pip._vendor.packaging.specifiers import Specifier..from pip._internal.exceptions import InstallationError.from pip._internal.models.index import PyPI, TestPyPI.from pip._internal.models.link import Link.from pip._internal.models.wheel import Wheel.from pip._internal.req.req_file import ParsedRequirement.from pip._internal.req.req_install import InstallRequ

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\req_file.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):17790
                                          Entropy (8bit):4.538498148383151
                                          Encrypted:false
                                          SSDEEP:384:u0aYhgUFZckXTdrk01YlroGD5CIPwSwiwv2+90P:uwZ/jdfs1tPwS/HP
                                          MD5:236D5B49A91A74A3AD27F50FA3FA2C3C
                                          SHA1:3BA2944C19D21912A4DA5ECFAF37EA692CCF1AC3
                                          SHA-256:33CB6D3992FE3F0023EEC70F125856DD90F68620FD9A6FFA14900621BC00CC42
                                          SHA-512:DCF14E141C1A2239E9CB3D0D1AFD89E2A6DCF1D3BA8F01D59D318382F2082CD4F4077948F4FB97C3318C6CF1993D4C4B1FFD9570D82B5B6C69C15B500AA122B5
                                          Malicious:false
                                          Preview:""".Requirements file parsing."""..import logging.import optparse.import os.import re.import shlex.import urllib.parse.from optparse import Values.from typing import (. TYPE_CHECKING,. Any,. Callable,. Dict,. Generator,. Iterable,. List,. Optional,. Tuple,.)..from pip._internal.cli import cmdoptions.from pip._internal.exceptions import InstallationError, RequirementsFileParseError.from pip._internal.models.search_scope import SearchScope.from pip._internal.network.session import PipSession.from pip._internal.network.utils import raise_for_status.from pip._internal.utils.encoding import auto_decode.from pip._internal.utils.urls import get_url_scheme..if TYPE_CHECKING:. # NoReturn introduced in 3.6.2; imported only for type checking to maintain. # pip compatibility with older patch versions of Python 3.6. from typing import NoReturn.. from pip._internal.index.package_finder import PackageFinder..__all__ = ["parse_requirements"]..ReqFileLines = Itera

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\req_install.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):35460
                                          Entropy (8bit):4.349820575274182
                                          Encrypted:false
                                          SSDEEP:384:z+M0Pf6CKYptCGjRZMBm5m3ojz2JQw9u3W/3:zm6mptCWUqz2J9J/3
                                          MD5:DA54C14920379FE466FF0DA19B7028AC
                                          SHA1:9C22316E093B009D97FE5D36431C31099BF5CCA7
                                          SHA-256:C2D38FC64C9148CF1CA264E4B3CA0BD46A76A321AA6C7EC9C080D1722D9088F9
                                          SHA-512:F9DBEB8B249146AC2EA96C6BA277EA0F182E134DC8FC0570FC09642151E92E50A44626E90B5E4FBD52BE77C8DB48486C038063580B2065AAD954069336E41BDF
                                          Malicious:false
                                          Preview:import functools.import logging.import os.import shutil.import sys.import uuid.import zipfile.from optparse import Values.from pathlib import Path.from typing import Any, Collection, Dict, Iterable, List, Optional, Sequence, Union..from pip._vendor.packaging.markers import Marker.from pip._vendor.packaging.requirements import Requirement.from pip._vendor.packaging.specifiers import SpecifierSet.from pip._vendor.packaging.utils import canonicalize_name.from pip._vendor.packaging.version import Version.from pip._vendor.packaging.version import parse as parse_version.from pip._vendor.pyproject_hooks import BuildBackendHookCaller..from pip._internal.build_env import BuildEnvironment, NoOpBuildEnvironment.from pip._internal.exceptions import InstallationError, PreviousBuildDirError.from pip._internal.locations import get_scheme.from pip._internal.metadata import (. BaseDistribution,. get_default_environment,. get_directory_distribution,. get_wheel_distribution,.).from pip._inter

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\req_set.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4704
                                          Entropy (8bit):4.216083028637518
                                          Encrypted:false
                                          SSDEEP:48:yqtq84IDbgjQvJUjASvpC319hi9uDh4FoN7z+ULtYKP/g23syOygj:dX73g+J2XI319sih20a2d/jlOyU
                                          MD5:0ADC2DA9F4F72B393701262DF03D5961
                                          SHA1:49A3ABAB94A935BDC119F167997A24FBF9417B41
                                          SHA-256:88C603513A12824C45CAB3FF3AB4ED3D2830E1DC234721910E91A8A13A9E0386
                                          SHA-512:DF5B6A8A61C2CBA426339D5633E81E29CD52C8DA8639D2E72BC0EF99E7AD29AF3597D71852C9BF963F15E7752BE6D3793C8B92BD86ACD74378D1F97BC1F0FD88
                                          Malicious:false
                                          Preview:import logging.from collections import OrderedDict.from typing import Dict, List..from pip._vendor.packaging.specifiers import LegacySpecifier.from pip._vendor.packaging.utils import canonicalize_name.from pip._vendor.packaging.version import LegacyVersion..from pip._internal.req.req_install import InstallRequirement.from pip._internal.utils.deprecation import deprecated..logger = logging.getLogger(__name__)...class RequirementSet:. def __init__(self, check_supported_wheels: bool = True) -> None:. """Create a RequirementSet.""".. self.requirements: Dict[str, InstallRequirement] = OrderedDict(). self.check_supported_wheels = check_supported_wheels.. self.unnamed_requirements: List[InstallRequirement] = [].. def __str__(self) -> str:. requirements = sorted(. (req for req in self.requirements.values() if not req.comes_from),. key=lambda req: canonicalize_name(req.name or ""),. ). return " ".join(str(req.req) for

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\req\req_uninstall.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):24551
                                          Entropy (8bit):4.372446389382628
                                          Encrypted:false
                                          SSDEEP:384:hd/9msLNLjyO1XZ8RvFuSjEiRMFfiGf0zdTjtAttm5QqglW:hd0sLpTGjECWqGf01jattm57glW
                                          MD5:17F5E081F34812C1B3BDFCCAB3FBE0E7
                                          SHA1:E3549EC01B2680F073048E2198EEBA53FAA5EEA5
                                          SHA-256:9E6BD341A4420B48AEFB94F0D1D8E55C98528FA5A6A8746F4F7AA4904742DF91
                                          SHA-512:A7414A1007A7845891F0C7CD6E5489CBB37BDF8F7BF72E8E0D2A7C788C4884D392A70C0DE121319C8A1F6E04996C3EC8E47ADAF27370D99D004A8D583688A5AD
                                          Malicious:false
                                          Preview:import functools.import os.import sys.import sysconfig.from importlib.util import cache_from_source.from typing import Any, Callable, Dict, Generator, Iterable, List, Optional, Set, Tuple..from pip._internal.exceptions import UninstallationError.from pip._internal.locations import get_bin_prefix, get_bin_user.from pip._internal.metadata import BaseDistribution.from pip._internal.utils.compat import WINDOWS.from pip._internal.utils.egg_link import egg_link_path_from_location.from pip._internal.utils.logging import getLogger, indent_log.from pip._internal.utils.misc import ask, normalize_path, renames, rmtree.from pip._internal.utils.temp_dir import AdjacentTempDirectory, TempDirectory.from pip._internal.utils.virtualenv import running_under_virtualenv..logger = getLogger(__name__)...def _script_names(. bin_dir: str, script_name: str, is_gui: bool.) -> Generator[str, None, None]:. """Create the fully qualified name of the files created by. {console,gui}_scripts for the given ``d

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):187
                                          Entropy (8bit):4.79326854367904
                                          Encrypted:false
                                          SSDEEP:3:oQ4yllVO8l4sP6qpOAVcR6iVWrzLUhKALOQRL+wQRwIaQHtgem/l:L4y/Vneg6qpR2pAreKAyECP6Iaatgemt
                                          MD5:C32E5E5DDF7C69829917EEEC155930ED
                                          SHA1:48B6672D8FEAB72590323EEF67214E1B6402FD25
                                          SHA-256:BA120EADE74AA267F4DB9AED8D7FCFAD9102DF67F39413CC52A7A7311D194DF7
                                          SHA-512:CBFFACC82B91047E25AF1D4447898739AB6F30797DCA07485D8E30C8DC2D4A257B3041398409F8944681C30770713CC0E97B87124081F1389EE07BA1F06761F3
                                          Malicious:false
                                          Preview:...........f................................y.).N..r..........ZC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/resolution/__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\__pycache__\base.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1175
                                          Entropy (8bit):5.263324468247956
                                          Encrypted:false
                                          SSDEEP:24:UngE2mUXesnxgrqjfbYS6egO5lV3JElqbHFhs2DplJOn3EVuYf54hQ:BEjUXhBjMOzbEefvd7lVuY4Q
                                          MD5:022D438C224B1379A842978B79DAFD06
                                          SHA1:FC65373A31508A76E24761508312E47F77BE5BCE
                                          SHA-256:7797308FA0DF6A0F7CC4DBA2E91159BA176E2425CEDE2ECFEA7E9EDD025B50B8
                                          SHA-512:CE1FDD28EE8A207E1F7997848FE542B7B9ACD9FA5509A5AE5295114DD241657460BAB4929594135E0E9275BB54AEA8CC159887B56271E41079FF7FBCDB122790
                                          Malicious:false
                                          Preview:...........fG.........................\.....d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.e.e.e.....g.e.f.....Z...G.d...d.........Z.y.)......)...Callable..List..Optional)...InstallRequirement)...RequirementSetc.....................<.....e.Z.d.Z.d.e.e.....d.e.d.e.f.d...Z.d.e.d.e.e.....f.d...Z.y.)...BaseResolver..root_reqs..check_supported_wheels..returnc...........................t.....................N....NotImplementedError)...selfr....r....s.... .VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/resolution/base.py..resolvez.BaseResolver.resolve..............."..#..#.......req_setc...........................t...................r....r....).r....r....s.... r......get_installation_orderz#BaseResolver.get_installation_order....r....r....N)...__name__..__module__..__qualname__r....r......boolr....r....r......r....r....r....r........s@.........$.....0..1....$.KO....$.......$....$..%....$..... ..!....$r....r....N)...typingr....r....r......pip._internal.req.req_installr.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\base.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):583
                                          Entropy (8bit):4.579538678497288
                                          Encrypted:false
                                          SSDEEP:12:1REYB1/qMDgYSYqMWKiQFi3RHWkuGn4U4jSXxTZ2cfnU6ZKo7CGN2yQfny:1REq/cYIU8RHvuG4UCSXBZ2cPOCN25Py
                                          MD5:BBFA436B355A45AA3393C1E1AC9033F2
                                          SHA1:BB0A50E2866D29BB4C616CF2900FA3EB8EED3051
                                          SHA-256:AA59A1DF6E520557EF1BA31EF6073936C879B1DC07070CC706AE9A117B4AB0B0
                                          SHA-512:4AFE1CB158E4CA8FA05DE5B664CED2E6F3CA5126CEF3F124DB0A17FF95786FAA21434C11AF603774184264E5AD47D82E621E16FF78DDAF290DB2967331B530DB
                                          Malicious:false
                                          Preview:from typing import Callable, List, Optional..from pip._internal.req.req_install import InstallRequirement.from pip._internal.req.req_set import RequirementSet..InstallRequirementProvider = Callable[. [str, Optional[InstallRequirement]], InstallRequirement.]...class BaseResolver:. def resolve(. self, root_reqs: List[InstallRequirement], check_supported_wheels: bool. ) -> RequirementSet:. raise NotImplementedError().. def get_installation_order(. self, req_set: RequirementSet. ) -> List[InstallRequirement]:. raise NotImplementedError().

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\legacy\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):194
                                          Entropy (8bit):4.817095046607809
                                          Encrypted:false
                                          SSDEEP:6:L4y/Vnen5jD6qpR2pAreKAyECGQ6Iaatgem/l:0CVenZxWbbcGQjaatHmt
                                          MD5:DA94E45B5FE14706BA89E0EFAB148A2C
                                          SHA1:864FD1651DFBAF870357A94F184BC5420EFA079F
                                          SHA-256:F46896375416C92A71CD550447349A50BE2CC53D0BEABC2EF601C10DF181B540
                                          SHA-512:D0F296FC817AB712AD1A90373D3DF17CA77D82781CD31B239CFE25E4F30F3F3C76CEC3EE4F70AB91B8C76733A7A2A7FDAA1F9366EE52F512A6A36127A53DD7A1
                                          Malicious:false
                                          Preview:...........f................................y.).N..r..........aC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/resolution/legacy/__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\legacy\__pycache__\resolver.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):22429
                                          Entropy (8bit):5.4307716504123675
                                          Encrypted:false
                                          SSDEEP:384:D4Htag8gKFiaXwHN0pv+WPfVriO8TiDMCYK5viGfFitz+myUttVyR:0Htag8g8Atyv+WP9+uZdFitz0UttoR
                                          MD5:634CC1B833866FB3D0EFD57F6FECD3B5
                                          SHA1:94AB1AE6BDB910EC999770DDD536C353B5495AFB
                                          SHA-256:CD3F067766475461F350D51F330C3BDF8886061C729FDFF1B3D8BA15553B5F4D
                                          SHA-512:74DC9573D189DD8BAD0272FA62C6CCC354CE7861808BB3C60F6F9AC56570292726C95F875C4B1363CBBA1A7EB45683255FC4F7DA9D865BDC06004A1CE2AD62C8
                                          Malicious:false
                                          Preview:...........f.].............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#..d.d.l$m%Z%..d.d.l&m'Z'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,m-Z-..d.d.l.m/Z/..d.d.l0m1Z1..d.d.l2m3Z3..d.d.l4m5Z5..d.d.l6m7Z7..d.d.l8m9Z9....e.jt..................e;........Z<e.e=e.e'....f.....Z>..d.d.e.d.e.e?e?e?f.....d.e@d.d.f.d...ZA..G.d...d.e,........ZBy.) ay...Dependency Resolution..The dependency resolution in pip is performed as follows:..for top-level requirements:. a. only one spec allowed per project, regardless of conflicts or not.. otherwise a "double requirement" exception is raised. b. they override sub-dependency requirements..for sub-dependencies. a. "first found, wins" (where the order is breadth first)......N)...defaultdict)...chain)...DefaultDict..Iterable..List..Optional..Set..Tuple)...specifiers)...Requirement)...WheelCache).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\legacy\resolver.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):24025
                                          Entropy (8bit):4.301715348590666
                                          Encrypted:false
                                          SSDEEP:384:4RHF/Uag88q0Dd/GZuutMCAK1iG/yNbdwXMm5QUl0:+lUag8/0DdegGRyNbdwcm5Qb
                                          MD5:9CD40F9B233AE35B269FE58D69CEBCB5
                                          SHA1:28A0853F100C0B441801B09796CEB2C032FFBC7A
                                          SHA-256:5E4DB88D0EB61AF2EBE0C73B22337FAA23BCF2AA740489B35663C8173F502CE1
                                          SHA-512:522A333673276A6101870E195F18D6B29B50F4B51B841DFA33422A77EF60805E0BE76CF3D2E7E611C75660C58ACD11072E6239063DCD041C009DC646B0967D3D
                                          Malicious:false
                                          Preview:"""Dependency Resolution..The dependency resolution in pip is performed as follows:..for top-level requirements:. a. only one spec allowed per project, regardless of conflicts or not.. otherwise a "double requirement" exception is raised. b. they override sub-dependency requirements..for sub-dependencies. a. "first found, wins" (where the order is breadth first)."""..# The following comment should be removed at some point in the future..# mypy: strict-optional=False..import logging.import sys.from collections import defaultdict.from itertools import chain.from typing import DefaultDict, Iterable, List, Optional, Set, Tuple..from pip._vendor.packaging import specifiers.from pip._vendor.packaging.requirements import Requirement..from pip._internal.cache import WheelCache.from pip._internal.exceptions import (. BestVersionAlreadyInstalled,. DistributionNotFound,. HashError,. HashErrors,. InstallationError,. NoneMetadataError,. UnsupportedPythonVersion,.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):198
                                          Entropy (8bit):4.814535491964722
                                          Encrypted:false
                                          SSDEEP:6:L4y/Vneyu6qpR2pAreKAyECOTE6Iaatgem/l:0CVeyKWbbc8EjaatHmt
                                          MD5:EAD13C2948C0A6DF626572AA92C5A60E
                                          SHA1:6412E4DCF5E5D9B42B9206559E5759D0B9B43E4F
                                          SHA-256:E60FFC298DD08D55B77179E610C2864170376B2833B04E90D0A7A01CA62BB9C3
                                          SHA-512:1E81DE1D89A4C44620538B6A2903577EDF1E8CDC30FA6DCB09EE69502AF0AFE29D98D1713AD1FBD5787989D8D37D904004E40D71F1008410B38599193CF3A964
                                          Malicious:false
                                          Preview:...........f................................y.).N..r..........eC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/resolution/resolvelib/__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\base.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8327
                                          Entropy (8bit):5.128857929633167
                                          Encrypted:false
                                          SSDEEP:192:24kTVXkbAo1Vziyd+O6f3N62MtejbpaWGecYfaQhZ0KYWc:2jXkUo/dy3Mm7GeFfLhe3
                                          MD5:B8236D5EA10D470CCA01C9A1136B5E57
                                          SHA1:57508EABCC613B029B5AF727EB5403AD72914F82
                                          SHA-256:87D948A67B73C3D6C5354401B8509B2BE317538E96A7CF5A588C56A1A314C754
                                          SHA-512:E15805CE2429AC63C36B231375EC012ACF98C2B6FB03FA040B16CF956E986C028950BB65F0B8751636FBC41DC5466CDBC97781EAFE8D646773BF06DDE024F27F
                                          Malicious:false
                                          Preview:...........f5...............................d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.e.d.....e.e.....f.....Z.e.e.e.f.....Z.d.e.d.e.e.....d.e.f.d...Z...G.d...d.........Z...G.d...d.........Z.d.e.d.d.d.e.f.d...Z...G.d...d.........Z.y.)......)...FrozenSet..Iterable..Optional..Tuple..Union)...SpecifierSet)...NormalizedName)...LegacyVersion..Version)...Link..links_equivalent)...InstallRequirement)...Hashes..Candidate..project..extras..returnc.....................N.....|.s.|.S.d.j...................t.........|.................}.|...d.|...d...S.).N..,..[..])...join..sorted).r....r......extras_exprs.... .aC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/resolution/resolvelib/base.py..format_namer........s/.................(.(.6.&.>..*.K....Y.a...}.A..&..&.....c..........................e.Z.d.Z.d.e.d.e.d.e.e.....d.d.f.d...Z.e.d.d...........Z.e.d.e.d.d.f.d...........Z.d.e.f.d...Z.d.e.d.d.f.d...Z.d.d.d.e.f.d

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\candidates.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):30388
                                          Entropy (8bit):5.139885520338595
                                          Encrypted:false
                                          SSDEEP:768:pQCEJR0v0wf4hOVCycZaMIF5++Ay8kMTB:p7R4hOgZYrFx8Ht
                                          MD5:07CEEF010921AF811F3AE6C3CEE84206
                                          SHA1:44403886DCBB20369F3E6EAA5B3FF159A91AD238
                                          SHA-256:89EC7D4FE21A3BBED086A39A7AA801C358D05C54C98B82C63245673A755A16EA
                                          SHA-512:BF1A7B5748DEAB82E76A1E5D38444275C5D280B93E858BD46D231825832CD6F83E49463DD2496EBC6A6F2647485392E93B4BD95E3D3D7382716932630175ADD3
                                          Malicious:false
                                          Preview:...........f<R..............................d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#..d.d.l$m%Z%m&Z&m'Z'm(Z(..e.r.d.d.l)m*Z*....e.jV..................e,........Z-e.d.....Z...e.e.d.........Z/d.e%d.e.e.....f.d...Z0d.e.d.e.d.e.f.d...Z1d.e.d.e.d.e.f.d...Z2d.e.d.e.d.e.f.d...Z3..G.d...d.e%........Z4..G.d...d.e4........Z5..G.d...d e4........Z6..G.d!..d"e%........Z7..G.d#..d$e%........Z8..G.d%..d&e%........Z9y.)'.....N)...TYPE_CHECKING..Any..FrozenSet..Iterable..Optional..Tuple..Union..cast)...NormalizedName..canonicalize_name)...Version)...HashError..InstallationSubprocessError..MetadataInconsistent)...BaseDistribution)...Link..links_equivalent)...Wheel)...install_req_from_editable..install_req_from_line)...InstallRequirement)...direct_url_from_link)...normalize_version_info.....)...Candidate..CandidateVersion..Requirement..format_name)...Fa

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\factory.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32104
                                          Entropy (8bit):5.498868353541976
                                          Encrypted:false
                                          SSDEEP:768:polbgJlDBsTzD4rvoP/Gn5pkiA6585mhSI99DY:pSsDonQ5pkiz8zIk
                                          MD5:07FD2755949B8D32112F44C0E90BCDAF
                                          SHA1:E21C03AAE3CC62ADE02B9171190A97C420CDD38E
                                          SHA-256:E0C415936E6B3E833C4A472CB7E204DCD939C0AC010E6FEE45BE882327E2C521
                                          SHA-512:FBAA5BB226D2ABBA6C0195F8343A7BAC85C0DFDB29DBDBEDE00F3F348C9D503E10ACD3A2EDE8BFA0DD74EFF2FB3AA4748F75D01CFBA7D61E37A6ED1F5A87F2A6
                                          Malicious:false
                                          Preview:...........f$~........................R.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m Z m!Z!m"Z"m#Z#..d.d.l$m%Z%..d.d.l&m'Z'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,..d.d.l-m.Z...d.d.l/m0Z0m1Z1..d.d.l2m3Z3m4Z4..d.d.l5m6Z6..d.d.l7m8Z8..d.d.l9m:Z:..d.d.l;m<Z<..d.d.l=m>Z>..d.d.l?m@Z@mAZAmBZBmCZC..d.d.lDmEZEmFZFmGZGmHZHmIZImJZJmKZK..d.d.lLmMZMmNZN..d.d.lOmPZPmQZQmRZRmSZSmTZT..e.r.d.d.l.mUZU....G.d...d.eU........ZV..e.j...................eX........ZY..e.d.........ZZe.e*eZf.....Z[..G.d...d.e.........Z\..G.d ..d!........Z]y.)".....N)...TYPE_CHECKING..Dict..FrozenSet..Iterable..Iterator..List..Mapping..NamedTuple..Optional..Sequence..Set..Tuple..TypeVar..cast)...InvalidRequirement)...SpecifierSet)...NormalizedName..canonicalize_name)...ResolutionImpossible)...CacheEntry..WheelCache)...DistributionNotFound..InstallationError..MetadataInconsistent..UnsupportedPythonVersion..Unsupporte

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\found_candidates.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6198
                                          Entropy (8bit):5.529361751111793
                                          Encrypted:false
                                          SSDEEP:96:zzr4lqxqBYYHPogUa1WM8Z+7vI32Xs3VkeezQkgSgjt+7L7NE987i7Mu7vh7kht8:EH3goqyvI3lTRkLnNE9uMj9Gv9u
                                          MD5:D2EA8080A6EF17D243013F43CFD34014
                                          SHA1:9EAFCBD50FD16E06A6F518E3E4A938D067C3F4FF
                                          SHA-256:696B63CBD31EACB6F5C87FE124F0FF74141422944243F9060F041F142921FAFB
                                          SHA-512:397E614E3882C4D68EB6D873B514BC91DD4ACC96550D7347203AF0D9DE329E49C131D5ED8E6B795CD4FA559CA2637A5339C2EAE760B8A73082F4625CA9B4A0BB
                                          Malicious:false
                                          Preview:...........fI...............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.e.e.g.e.e.....f.....f.....Z.e.r.e.e.....Z.n.e.Z.d.e.e.....d.e.e.....f.d...Z.d.e.d.e.e.....d.e.e.....f.d...Z.d.e.d.e.e.....d.e.e.....f.d...Z...G.d...d.e.........Z.y.).a....Utilities to lazily create and visit candidates found...Creating and visiting a candidate is a *very* costly operation. It involves.fetching, extracting, potentially building modules from source, and verifying.distribution metadata. It is therefore crucial for performance to keep.everything here lazy all the way down, so we only touch candidates that we.absolutely need, and not "download the world" when we only need one version of.something.......N)...Sequence)...TYPE_CHECKING..Any..Callable..Iterator..Optional..Set..Tuple)..._BaseVersion.....)...Candidate..infos..returnc................#....|...K.....t.................}.|.D.])..\...}.}.|.|.v.r.....|.........}.|.....|.......|.j.............

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\provider.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10368
                                          Entropy (8bit):5.642007001325482
                                          Encrypted:false
                                          SSDEEP:192:aDUGNeHLzUx0E5TJ6yIXxOUyoZmQMW/U8zTdVAhs+RlLq6mPVB5W:aQk2g/gXUoZdLTc4dS
                                          MD5:E4F58957D2EFC00D3DA1882BA61FEDB6
                                          SHA1:9EE7C8C31F99B26BE59CB30104C5E308A43DB69C
                                          SHA-256:2A3A819DA7CAD4330D16E57285C6568DC32B6C6DFA685EB1DA295D006FFA495D
                                          SHA-512:279D94E645CB5EA7BCB9AFD5A0A5E3ECCDC935976D83B251229BF5C02070AF5426063D4E2B232D0F25ED79BF2675911C37534659AD2060835E555B8E555D8734
                                          Malicious:false
                                          Preview:...........f`&..............................d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.r.d.d.l.m.Z...d.d.l.m.Z...e.e.e.f.....Z.e.e.e.e.f.....Z.n.e.Z...e.d.........Z...e.d.........Z.d.e.e.e.f.....d.e.d.e.d.e.e.e.f.....f.d...Z...G.d...d.e.........Z.y.)......N)...TYPE_CHECKING..Dict..Iterable..Iterator..Mapping..Sequence..TypeVar..Union)...AbstractProvider.....)...Candidate..Constraint..Requirement)...REQUIRES_PYTHON_IDENTIFIER)...Factory)...Preference)...RequirementInformation..D..V..mapping..identifier..default..returnc.....................X.....|.|.v.r.|.|.....S.|.j...................d.........\...}.}.}.|.r.|.|.v.r.|.|.....S.|.S.).ai...Get item from a package name lookup mapping with a resolver identifier... This extra logic is needed when the target mapping is keyed by package. name, which cannot be directly looked up with an identifier (which may. contain requested extras). Additional logic is added to al

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\reporter.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4925
                                          Entropy (8bit):5.273828209845299
                                          Encrypted:false
                                          SSDEEP:96:CZAc2byUey8Tl7eodtBzCLs2rhlnpqIkAzqzpybHQioc+Qc:6sePl6od+fsXgwioX
                                          MD5:AF04E5410F826511E4CC2E200D3440B4
                                          SHA1:E271887545C673FA5BF6E07739A5BDB2BDBEE5C1
                                          SHA-256:789C68577D8BC4576CF2F8328AC73FDFB43A7A9DD80B4B9D93265AEF7E8E5322
                                          SHA-512:B87D7C99D4E303C7C3E79F4A683BA48EC3510A74CDA264D0451FEBF65157C670DA0D93CFB9015FC2B6C4821822DF7BBDB61B10F66CAC07E5ECEB3A52263894A1
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.....e.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.y.)......)...defaultdict)...getLogger)...Any..DefaultDict)...BaseReporter.....)...Candidate..Requirementc.....................(.....e.Z.d.Z.d.d...Z.d.e.d.e.d.d.f.d...Z.y.)...PipReporter..returnNc.....................B.....t.........t.................|._.........d.d.d.d...|._.........y.).Nz.pip is looking at multiple versions of {package_name} to determine which version is compatible with other requirements. This could take a while.z.pip is still looking at multiple versions of {package_name} to determine which version is compatible with other requirements. This could take a while.z.This is taking longer than usual. You might need to provide the dependency resolver with stricter constraints to reduce runtime. See https://pip.pypa.io/warnings/backtracking for guidance. If you want to abort this run, press Ctrl + C.).r.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\requirements.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):11419
                                          Entropy (8bit):4.861932878772515
                                          Encrypted:false
                                          SSDEEP:96:XzgdpKTa3IUkVkjMm79c69AiXEmDNJdojSj6CcHp+0yRxwraWixUi9zuv/gbkVnY:Xc5D9tAON5ToA7nwrgxpIqSVUmQ
                                          MD5:0AC7716021BAFD8214CEAA230868E0E3
                                          SHA1:CBFCF828A53D87B6377510C7849146847C55C357
                                          SHA-256:132C39C862FA3684841A0765096274EEE125C2D7683F4A85D4D805E8B0E04F14
                                          SHA-512:2B18BB6B0F5BC4FCD1E165B129873C9F50A4BA59D3AEE6035D8E4443035BBD96EE89C8EEFC9CD1ED2F21C55A514C2C2C3766ED7EB9F0D2A2CA08100D92F6F6D5
                                          Malicious:false
                                          Preview:...........f@..............................d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.....G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.y.)......)...SpecifierSet)...NormalizedName..canonicalize_name)...install_req_drop_extras)...InstallRequirement.....)...Candidate..CandidateLookup..Requirement..format_namec..........................e.Z.d.Z.d.e.d.d.f.d...Z.d.e.f.d...Z.d.e.f.d...Z.e.d.e.f.d...........Z.e.d.e.f.d...........Z.d.e.f.d...Z.d.e.f.d...Z.d.e.d.e.f.d...Z.y.)...ExplicitRequirement..candidate..returnNc...........................|.|._.........y...N..r........selfr....s.... .iC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_internal/resolution/resolvelib/requirements.py..__init__z.ExplicitRequirement.__init__....s........".........c.....................,.....t.........|.j...........................S.r....)...strr......r....s.... r......__str__z.ExplicitRequirement.__str__....s.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\__pycache__\resolver.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):12341
                                          Entropy (8bit):5.537501422423546
                                          Encrypted:false
                                          SSDEEP:192:xQdzXGFSCGhbQfIdUJ3MbYJbYcliYxGh314LCLpifHCJU1Pf:ULwUbQwCYYxvliYIx1BpifHCJMPf
                                          MD5:F554CFCC377DF46D6BCC88FDA36BDB6E
                                          SHA1:A9B9162D396FDD8CC58280E8338EA3C530CDB4CC
                                          SHA-256:909656DB9EA553D30F42B72079F9853D2EC4285E970849A44C88D1E5F0C046F2
                                          SHA-512:E2F1D5BBBD4BAE0DECB21B7911E4E00F7C6127AD1B5247F56C4F0E02A8CCA35935BF7541270C19D2FEA594D34DF20DD8FBD0056A9F45C50AB6E7F88CB2767194
                                          Malicious:false
                                          Preview:...........f01..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m Z ..d.d.l!m"Z"m#Z#..d.d.l$m%Z%..d.d.l&m'Z'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,m-Z-..d.d.l.m/Z/..e.r.d.d.l0m1Z2..e2e-e,e3f.....Z1..e.jh..................e5........Z6..G.d...d.e"........Z.d.d.d.e.e3....d.e.e.e3....e7f.....f.d...Z8d.e.e3e.f.....d.e.e.e3....e7f.....d.e.e7e3f.....f.d...Z9y.)......N)...TYPE_CHECKING..Dict..List..Optional..Set..Tuple..cast....canonicalize_name)...BaseReporter..ResolutionImpossible)...Resolver)...DirectedGraph)...WheelCache)...PackageFinder)...RequirementPreparer)...install_req_extend_extras)...InstallRequirement)...RequirementSet)...BaseResolver..InstallRequirementProvider)...PipProvider)...PipDebuggingReporter..PipReporter)...get_requirement.....)...Candidate..Requirement)...Factory)...Resultc............................e.Z.d.Z.h.d...Z..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\base.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5173
                                          Entropy (8bit):4.645730040215515
                                          Encrypted:false
                                          SSDEEP:96:GKgz+pKea9Gmpnhf5iSyYdTrVBgk29G7edvdssT6F4NgkQbpKDgkUq1us57IxCXO:OzWwGmpnhf5iSyYdTrVmcenjOu0+baqU
                                          MD5:0F2D852DECDCE2078DCA1F3144E0242E
                                          SHA1:15B46DD6A5E1D47D7D12E4F5C7FC7DCC10A468FC
                                          SHA-256:8E0E423A61CB86604828E47EE2CA5D243DE3C942D86B505DB2A881BB66099C9E
                                          SHA-512:757B7C156AAC53F65B29995FD00F1A0A4A7D22E5DA679667AEF1DDFF230ED830537A07B1799BCC103C8E1852183FCF611FB9292CFC9E7A32E4ED6B979A090926
                                          Malicious:false
                                          Preview:from typing import FrozenSet, Iterable, Optional, Tuple, Union..from pip._vendor.packaging.specifiers import SpecifierSet.from pip._vendor.packaging.utils import NormalizedName.from pip._vendor.packaging.version import LegacyVersion, Version..from pip._internal.models.link import Link, links_equivalent.from pip._internal.req.req_install import InstallRequirement.from pip._internal.utils.hashes import Hashes..CandidateLookup = Tuple[Optional["Candidate"], Optional[InstallRequirement]].CandidateVersion = Union[LegacyVersion, Version]...def format_name(project: NormalizedName, extras: FrozenSet[NormalizedName]) -> str:. if not extras:. return project. extras_expr = ",".join(sorted(extras)). return f"{project}[{extras_expr}]"...class Constraint:. def __init__(. self, specifier: SpecifierSet, hashes: Hashes, links: FrozenSet[Link]. ) -> None:. self.specifier = specifier. self.hashes = hashes. self.links = links.. @classmethod. def empt

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\candidates.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):21052
                                          Entropy (8bit):4.512854307945884
                                          Encrypted:false
                                          SSDEEP:192:UVLfjKLbZ4P7blhTn7AT70VWPPIyBTrMM/cRVBZSPGt48G1LGQvdLsJBBMaz6DwB:Uw54Pnr7i70OVTkvN48yDdYV6wFNWWJf
                                          MD5:CD398AAF4525485F7972AB17AEE950C8
                                          SHA1:2BB311BBD7F8883F2F818863093863106280D462
                                          SHA-256:D7D2A2F753E8F8C4B10649C621F38691A5A415D3B39CDD16FE72AFEE32F6F0BD
                                          SHA-512:4E9731E8DB9AB343F7F228744C4F3F8975432EFAC8697F348C4EFDE92A2560E5152DD38C858FAC15DB430046E7ED6043EA5C7F3F2C9713C2A1A59A1CB6F4FEC9
                                          Malicious:false
                                          Preview:import logging.import sys.from typing import TYPE_CHECKING, Any, FrozenSet, Iterable, Optional, Tuple, Union, cast..from pip._vendor.packaging.utils import NormalizedName, canonicalize_name.from pip._vendor.packaging.version import Version..from pip._internal.exceptions import (. HashError,. InstallationSubprocessError,. MetadataInconsistent,.).from pip._internal.metadata import BaseDistribution.from pip._internal.models.link import Link, links_equivalent.from pip._internal.models.wheel import Wheel.from pip._internal.req.constructors import (. install_req_from_editable,. install_req_from_line,.).from pip._internal.req.req_install import InstallRequirement.from pip._internal.utils.direct_url_helpers import direct_url_from_link.from pip._internal.utils.misc import normalize_version_info..from .base import Candidate, CandidateVersion, Requirement, format_name..if TYPE_CHECKING:. from .factory import Factory..logger = logging.getLogger(__name__)..BaseCandidate = Union[.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\factory.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):32292
                                          Entropy (8bit):4.255055335176978
                                          Encrypted:false
                                          SSDEEP:384:68JR56HreGl3X0Cp7IiSCqaSbOJZHqtWSZ9pkqhYACZ1Y7X3vH24k:6H/p7I67KnLOGX3vH2
                                          MD5:3F53DA705335C523B60CE428CA6DF3D6
                                          SHA1:4F32A162518B6317878FAC1FB01B8647F715D940
                                          SHA-256:BEAAA4FA18DC85D85287059575E5B6FC0FB965B94B844FE70BFBF7321CF84AF7
                                          SHA-512:0E6E78F6F6A28FDF87DFA162A7E7919C8E17DAE539210E381B10139D4A582DA45BF10B6DBA00C0B0B8A4C287BCC395D71B1191B3FE217370CA685EF7B02BD4B3
                                          Malicious:false
                                          Preview:import contextlib.import functools.import logging.from typing import (. TYPE_CHECKING,. Dict,. FrozenSet,. Iterable,. Iterator,. List,. Mapping,. NamedTuple,. Optional,. Sequence,. Set,. Tuple,. TypeVar,. cast,.)..from pip._vendor.packaging.requirements import InvalidRequirement.from pip._vendor.packaging.specifiers import SpecifierSet.from pip._vendor.packaging.utils import NormalizedName, canonicalize_name.from pip._vendor.resolvelib import ResolutionImpossible..from pip._internal.cache import CacheEntry, WheelCache.from pip._internal.exceptions import (. DistributionNotFound,. InstallationError,. MetadataInconsistent,. UnsupportedPythonVersion,. UnsupportedWheel,.).from pip._internal.index.package_finder import PackageFinder.from pip._internal.metadata import BaseDistribution, get_default_environment.from pip._internal.models.link import Link.from pip._internal.models.wheel import Wheel.from pip._internal.operations.prepare im

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\found_candidates.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5705
                                          Entropy (8bit):4.505216978095506
                                          Encrypted:false
                                          SSDEEP:96:Ur4l0ct8kYS/bHXBRln6cYzjAfMuMcM8Z+79jAfLuMcXs3VkeezJrW4jAfrc3gwR:Bfz3yeTxcQ7ZQ7x
                                          MD5:D849F61FDD0534F82B95C28C80FBCC53
                                          SHA1:6E872AD864F5642639E2E2C625C0005269D472BD
                                          SHA-256:86F2F71E86BD55A628FAA10E664062D88AB0DB9D540F13F3FAE30755A5A62E91
                                          SHA-512:6FD6D88439B8E00BC0F1198B7F971EEC248EF5870016CB1ED1B52FDC376202E217D6B21E904A774ABEBFF481862A2ECE8FE087EDF7C55CB0D70AC48F997E1D0D
                                          Malicious:false
                                          Preview:"""Utilities to lazily create and visit candidates found...Creating and visiting a candidate is a *very* costly operation. It involves.fetching, extracting, potentially building modules from source, and verifying.distribution metadata. It is therefore crucial for performance to keep.everything here lazy all the way down, so we only touch candidates that we.absolutely need, and not "download the world" when we only need one version of.something.."""..import functools.from collections.abc import Sequence.from typing import TYPE_CHECKING, Any, Callable, Iterator, Optional, Set, Tuple..from pip._vendor.packaging.version import _BaseVersion..from .base import Candidate..IndexCandidateInfo = Tuple[_BaseVersion, Callable[[], Optional[Candidate]]]..if TYPE_CHECKING:. SequenceCandidate = Sequence[Candidate].else:. # For compatibility: Python before 3.9 does not support using [] on the. # Sequence class.. #. # >>> from collections.abc import Sequence. # >>> Sequence[str]. #

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\provider.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):9824
                                          Entropy (8bit):4.433835668397495
                                          Encrypted:false
                                          SSDEEP:192:vsVpuo0z0KlrlTlWD/7UrXQSgj6WyoZmQbEKzl6lCEPCACW:v2ujyD/7HSgmJoZFECZACW
                                          MD5:273EFD245287D4EC323A02EF05E983F7
                                          SHA1:76C0F41ACA7E9F66646B58EC015C160EF21E4A36
                                          SHA-256:E2DDB78AF8EBBAA33A84A057D4AA46893B7E3381C68517199C62D5D1CD352BB5
                                          SHA-512:E99EC829AF19E4E0B29B16C5B9B9F4856A9578EA6239AE07A328A59F09DA490E6E9B130D0BD704BD87F23B6883BC22B86EA63E722B9A6B324A7D9503A2106342
                                          Malicious:false
                                          Preview:import collections.import math.from typing import (. TYPE_CHECKING,. Dict,. Iterable,. Iterator,. Mapping,. Sequence,. TypeVar,. Union,.)..from pip._vendor.resolvelib.providers import AbstractProvider..from .base import Candidate, Constraint, Requirement.from .candidates import REQUIRES_PYTHON_IDENTIFIER.from .factory import Factory..if TYPE_CHECKING:. from pip._vendor.resolvelib.providers import Preference. from pip._vendor.resolvelib.resolvers import RequirementInformation.. PreferenceInformation = RequirementInformation[Requirement, Candidate].. _ProviderBase = AbstractProvider[Requirement, Candidate, str].else:. _ProviderBase = AbstractProvider..# Notes on the relationship between the provider, the factory, and the.# candidate and requirement classes..#.# The provider is a direct implementation of the resolvelib class. Its role.# is to deliver the API that resolvelib expects..#.# Rather than work with completely abstract "requirement" and "can

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\reporter.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3100
                                          Entropy (8bit):4.472154934320961
                                          Encrypted:false
                                          SSDEEP:96:/PodCLtMjcwsHohgChCUG06SZh6HohRzorohcu:noIEb
                                          MD5:669B50941F26A76BD2F0110DA53829E4
                                          SHA1:E297B2B1FE62E181946180F25D71BEC8D7F2EF90
                                          SHA-256:6059BD850BF3E031426E365E153439EA14F3DC073E9830671E478D455BCC1CB6
                                          SHA-512:E0F46E49ABBC8E4BF295D2D7C2DCEDFD87588806E56B75EC111F2DDAAD0B237DA888A383B1004F771985F3C1AE9FA4B89072CE0A5D7341A7CA3F5B7254062D3F
                                          Malicious:false
                                          Preview:from collections import defaultdict.from logging import getLogger.from typing import Any, DefaultDict..from pip._vendor.resolvelib.reporters import BaseReporter..from .base import Candidate, Requirement..logger = getLogger(__name__)...class PipReporter(BaseReporter):. def __init__(self) -> None:. self.reject_count_by_package: DefaultDict[str, int] = defaultdict(int).. self._messages_at_reject_count = {. 1: (. "pip is looking at multiple versions of {package_name} to ". "determine which version is compatible with other ". "requirements. This could take a while.". ),. 8: (. "pip is still looking at multiple versions of {package_name} to ". "determine which version is compatible with other ". "requirements. This could take a while.". ),. 13: (. "This is taking longer than usual. You might need to provide ".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\requirements.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5696
                                          Entropy (8bit):4.5531229702159175
                                          Encrypted:false
                                          SSDEEP:96:k6ipKl5ohERsedlikilikBrbpKboohw6eabbpKpoh5S8pqRdvOlxwukbqm7hkL4j:AX0kkaYwe0MYjsnVW
                                          MD5:4E1972F212E51EF4A6C710CEF867B53D
                                          SHA1:2D0AE87422662F0C8DA9367FC8DFC8D3237A1913
                                          SHA-256:FA424E34FD168C37DD4EF040B36BD45CF8009CEC8D2011005D8E1BEF6A20B4F1
                                          SHA-512:6010B5B7226CE8478E8AA8AC2E0CAED3C543E72E2D2C689CA655EC4FF5469B59FF7C7614302B595DB2BA541A46A9519B4E1D7B9F41E4D02E953E14782360485D
                                          Malicious:false
                                          Preview:from pip._vendor.packaging.specifiers import SpecifierSet.from pip._vendor.packaging.utils import NormalizedName, canonicalize_name..from pip._internal.req.constructors import install_req_drop_extras.from pip._internal.req.req_install import InstallRequirement..from .base import Candidate, CandidateLookup, Requirement, format_name...class ExplicitRequirement(Requirement):. def __init__(self, candidate: Candidate) -> None:. self.candidate = candidate.. def __str__(self) -> str:. return str(self.candidate).. def __repr__(self) -> str:. return f"{self.__class__.__name__}({self.candidate!r})".. @property. def project_name(self) -> NormalizedName:. # No need to canonicalize - the candidate did this. return self.candidate.project_name.. @property. def name(self) -> str:. # No need to canonicalize - the candidate did this. return self.candidate.name.. def format_for_error(self) -> str:. return self.candidate.forma

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\resolution\resolvelib\resolver.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):12592
                                          Entropy (8bit):4.328792455404742
                                          Encrypted:false
                                          SSDEEP:192:gN0R+Ax5l1HPLlZ/pS9DBFYcIaJbY0FRB314LCLbo2s8T4EBdvMuhz:gN0R+cLpS1BRxXX1BbYm4ydku9
                                          MD5:C966A718961B0E444857373050B09EE2
                                          SHA1:1FD155FCFA0A1547F514E35C4013A1C214E64D6D
                                          SHA-256:9CB24EB15304562DA0414549A1414A31901EBB67FB19132318CBCD496CB3D017
                                          SHA-512:AAFC4B6926C19AD425864209D0BD84EC4B8DA84EFDD9C08E8607D83B06603950E030E9833618375C3CEC50895512563B9C912DDD0E06F5FE751049A29C062190
                                          Malicious:false
                                          Preview:import contextlib.import functools.import logging.import os.from typing import TYPE_CHECKING, Dict, List, Optional, Set, Tuple, cast..from pip._vendor.packaging.utils import canonicalize_name.from pip._vendor.resolvelib import BaseReporter, ResolutionImpossible.from pip._vendor.resolvelib import Resolver as RLResolver.from pip._vendor.resolvelib.structs import DirectedGraph..from pip._internal.cache import WheelCache.from pip._internal.index.package_finder import PackageFinder.from pip._internal.operations.prepare import RequirementPreparer.from pip._internal.req.constructors import install_req_extend_extras.from pip._internal.req.req_install import InstallRequirement.from pip._internal.req.req_set import RequirementSet.from pip._internal.resolution.base import BaseResolver, InstallRequirementProvider.from pip._internal.resolution.resolvelib.provider import PipProvider.from pip._internal.resolution.resolvelib.reporter import (. PipDebuggingReporter,. PipReporter,.).from pip._inte

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\self_outdated_check.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):8378
                                          Entropy (8bit):4.5483528725345925
                                          Encrypted:false
                                          SSDEEP:192:8A4VU/4+r8L9DC8PVjXC6gAiOlYNyT1mgC5tlyspvIIjN5U:8A4VU/PriPVjXC6xGT5tndnU
                                          MD5:CA21C210EFA5760DB395D16076E1ABE5
                                          SHA1:34B9904DA71D74F6EE47026974C5B4134789ABA4
                                          SHA-256:B1AC502C1F14CC816D31272ABB2B46D744CE4EC61514943F9A45B5358FB8EB01
                                          SHA-512:7F848DCFFF740A943A036D086571E0CD6979F08C293C92745770A40A5050343C3263ECD38E2E42EE16BEEA975A11BE6E0C8B0E61DEE8A7F35E207E3ED53E9A69
                                          Malicious:false
                                          Preview:import datetime.import functools.import hashlib.import json.import logging.import optparse.import os.path.import sys.from dataclasses import dataclass.from typing import Any, Callable, Dict, Optional..from pip._vendor.packaging.version import parse as parse_version.from pip._vendor.rich.console import Group.from pip._vendor.rich.markup import escape.from pip._vendor.rich.text import Text..from pip._internal.index.collector import LinkCollector.from pip._internal.index.package_finder import PackageFinder.from pip._internal.metadata import get_default_environment.from pip._internal.metadata.base import DistributionVersion.from pip._internal.models.selection_prefs import SelectionPreferences.from pip._internal.network.session import PipSession.from pip._internal.utils.compat import WINDOWS.from pip._internal.utils.entrypoints import (. get_best_invocation_for_this_pip,. get_best_invocation_for_this_python,.).from pip._internal.utils.filesystem import adjacent_tmp_file, check_path_ow

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\appdirs.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1665
                                          Entropy (8bit):4.720039128708989
                                          Encrypted:false
                                          SSDEEP:48:xnB0TGLm/yMUR2o0vmQhaMf4ugRpS1Y9Ft5Xi:xrmqnRg5IMAugRpoY9F/i
                                          MD5:C165A5743C1F307CCCD2419071932098
                                          SHA1:2F7D46108F0818D083EC0FDEF4BEF65AC5977583
                                          SHA-256:B3081C4CA3A6DDD68B7974D6EAFE41512D938B646F1271914181FFC835E4940A
                                          SHA-512:855626248CC0F836F31E63FF01E9F4C09C9BD856A9CE160AF776A652EA791073569E773F8A0B57349659F1CE0BA0152112BE5D2CAEFB91D2EFC2DC576C4F8539
                                          Malicious:false
                                          Preview:""".This code wraps the vendored appdirs module to so the return values are.compatible for the current pip code base...The intention is to rewrite current usages gradually, keeping the tests pass,.and eventually drop this after all usages are changed.."""..import os.import sys.from typing import List..from pip._vendor import platformdirs as _appdirs...def user_cache_dir(appname: str) -> str:. return _appdirs.user_cache_dir(appname, appauthor=False)...def _macos_user_config_dir(appname: str, roaming: bool = True) -> str:. # Use ~/Application Support/pip, if the directory exists.. path = _appdirs.user_data_dir(appname, appauthor=False, roaming=roaming). if os.path.isdir(path):. return path.. # Use a Linux-like ~/.config/pip, by default.. linux_like_path = "~/.config/". if appname:. linux_like_path = os.path.join(linux_like_path, appname).. return os.path.expanduser(linux_like_path)...def user_config_dir(appname: str, roaming: bool = True) -> str:.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\compat.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1884
                                          Entropy (8bit):4.898660610096103
                                          Encrypted:false
                                          SSDEEP:48:rqA9ydI6zdCdm9HG5FAY/Lne1MOoToPtIWL6wEv:rFX6zEotG5JyVosPt6Vv
                                          MD5:AF88D940B9DAABD00B97A3CF427B26E6
                                          SHA1:29D3D00672CB363BC71BDF0769EC4FE9841AE318
                                          SHA-256:002C817CB823DFF5C6FA2039A26103AD7A833347102B38BC87C1D10489F31BA4
                                          SHA-512:6A4B4E2A3037D259C6B388EDEA0E9BB615A6D69BBC4FEFF7B35527CD1740DAE2D99F42E1130813C87E78B2832AEF31634D2F965DD78E9C0CC55F6876424AF5D7
                                          Malicious:false
                                          Preview:"""Stuff that differs in different Python versions and platform.distributions."""..import logging.import os.import sys..__all__ = ["get_path_uid", "stdlib_pkgs", "WINDOWS"]...logger = logging.getLogger(__name__)...def has_tls() -> bool:. try:. import _ssl # noqa: F401 # ignore unused.. return True. except ImportError:. pass.. from pip._vendor.urllib3.util import IS_PYOPENSSL.. return IS_PYOPENSSL...def get_path_uid(path: str) -> int:. """. Return path's uid... Does not follow symlinks:. https://github.com/pypa/pip/pull/935#discussion_r5307003.. Placed this function in compat due to differences on AIX and. Jython, that should eventually go away... :raises OSError: When path is a symlink or can't be read.. """. if hasattr(os, "O_NOFOLLOW"):. fd = os.open(path, os.O_RDONLY | os.O_NOFOLLOW). file_uid = os.fstat(fd).st_uid. os.close(fd). else: # AIX and Jython. # WARNING: time of check vulnerab

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\compatibility_tags.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5377
                                          Entropy (8bit):4.623716321322792
                                          Encrypted:false
                                          SSDEEP:96:wcBTxRtuL5CUowd1J+GQfP2qJ25Lv+ENJADraBcUchJFoHcmjfXYMXcvrO:HFxDuL5EkjoGqs5pAD2D1H/ADrO
                                          MD5:964CA22D0609D7722001D792568DAF84
                                          SHA1:DFBADA13EBA8EF63D4BC33A652ADA480E3E06B42
                                          SHA-256:C9D8A7F101BC047A9846C3D8E0E2FA7266F8E026EA5E5D53D31C52F7B5611E49
                                          SHA-512:AA278E6157336DA7DC24A60F7E50376C2BAE4F919B828CBF325457935A26A4CCD9F014B32779D5A98CE4C78B64F85B70FD2D07AA233565AF53D5E0CCC537F837
                                          Malicious:false
                                          Preview:"""Generate and work with PEP 425 Compatibility Tags.."""..import re.from typing import List, Optional, Tuple..from pip._vendor.packaging.tags import (. PythonVersion,. Tag,. compatible_tags,. cpython_tags,. generic_tags,. interpreter_name,. interpreter_version,. mac_platforms,.).._osx_arch_pat = re.compile(r"(.+)_(\d+)_(\d+)_(.+)")...def version_info_to_nodot(version_info: Tuple[int, ...]) -> str:. # Only use up to the first two numbers.. return "".join(map(str, version_info[:2]))...def _mac_platforms(arch: str) -> List[str]:. match = _osx_arch_pat.match(arch). if match:. name, major, minor, actual_arch = match.groups(). mac_version = (int(major), int(minor)). arches = [. # Since we have always only checked that the platform starts. # with "macosx", for backwards-compatibility we extract the. # actual prefix provided by the user in case they provided. # something like "macosxcustom_".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\datetime.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):242
                                          Entropy (8bit):4.397332469335865
                                          Encrypted:false
                                          SSDEEP:6:tj57fw86Cx/McP81xqwXJhA7p8BsjD7QpCJbhy9/oXEcvg:P086CxH8+gW7p8qD0pCJFo/oFY
                                          MD5:913AB688B48547F157B5D13B3E854813
                                          SHA1:442DC5866A60DAC7CA2578CD773C147E9E1C063A
                                          SHA-256:9B6D58DF002D41CFA38BA55E6FA93F33983A034672148E1E81C853767C21FA94
                                          SHA-512:F927ACA09E61B6DDB212C234727488AD92E4AC77131BB61AA9D9F4527FBA9877A1819B4DF12D7810DAA882C7BA08D8B3E1D041E6AF689210DE905C2F4AFD20AC
                                          Malicious:false
                                          Preview:"""For when pip wants to check the date or time.."""..import datetime...def today_is_later_than(year: int, month: int, day: int) -> bool:. today = datetime.date.today(). given = datetime.date(year, month, day).. return today > given.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\deprecation.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3627
                                          Entropy (8bit):4.513871213115879
                                          Encrypted:false
                                          SSDEEP:96:zzE7PJcqlskEQsCWMeuOCykDPEuIf2XwB0W:zIjRWnuOl116W
                                          MD5:816175BFD9D11C2EE8C609B102953156
                                          SHA1:8C790F62DB12BB362628DB33E4992188A1D893DD
                                          SHA-256:34AA3C56A2E2A09E279D75C6996E0A75AB3117DD04147919687797D5F4F4F02F
                                          SHA-512:754C7FB0D46AF13CCA0C05663A2DB9775C8C0A16BE6D8D166F4FA2FA494985A33D22B267D32AC1D267A049CDAE1B3FAF25CBA924641A2B167406EB0A196CAE06
                                          Malicious:false
                                          Preview:""".A module that implements tooling to enable easy warnings about deprecations.."""..import logging.import warnings.from typing import Any, Optional, TextIO, Type, Union..from pip._vendor.packaging.version import parse..from pip import __version__ as current_version # NOTE: tests patch this name...DEPRECATION_MSG_PREFIX = "DEPRECATION: "...class PipDeprecationWarning(Warning):. pass..._original_showwarning: Any = None...# Warnings <-> Logging Integration.def _showwarning(. message: Union[Warning, str],. category: Type[Warning],. filename: str,. lineno: int,. file: Optional[TextIO] = None,. line: Optional[str] = None,.) -> None:. if file is not None:. if _original_showwarning is not None:. _original_showwarning(message, category, filename, lineno, file, line). elif issubclass(category, PipDeprecationWarning):. # We use a specially named logger which will handle all of the. # deprecation messages for pip.. logger = loggi

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\direct_url_helpers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3206
                                          Entropy (8bit):4.41721615869807
                                          Encrypted:false
                                          SSDEEP:48:jpU715//QnXpoT2/vGwQhFDd5K6gte3baYiOXaoS31oMYS96KDJGY/7T:jpdme6xLiOgFoMF9R4Y/7T
                                          MD5:3D5E258E0C3E2552C1BA4254BA2CC40B
                                          SHA1:DD92E884DF95195217318DB385B1DBD399D50D0C
                                          SHA-256:E85D6D736ADC29A0999A07D5C2C13A39B21EFCFBB1DB799455803ED83F700857
                                          SHA-512:6D2B54978F0915BB3F8509E29A58624AF1C20BDB288752D5845AB714DDE64C5D06DA0F98FAB93715D2C49C75150E73C88C15AE656480C03356D300206ED35FE6
                                          Malicious:false
                                          Preview:from typing import Optional..from pip._internal.models.direct_url import ArchiveInfo, DirectUrl, DirInfo, VcsInfo.from pip._internal.models.link import Link.from pip._internal.utils.urls import path_to_url.from pip._internal.vcs import vcs...def direct_url_as_pep440_direct_reference(direct_url: DirectUrl, name: str) -> str:. """Convert a DirectUrl to a pip requirement string.""". direct_url.validate() # if invalid, this is a pip bug. requirement = name + " @ ". fragments = []. if isinstance(direct_url.info, VcsInfo):. requirement += "{}+{}@{}".format(. direct_url.info.vcs, direct_url.url, direct_url.info.commit_id. ). elif isinstance(direct_url.info, ArchiveInfo):. requirement += direct_url.url. if direct_url.info.hash:. fragments.append(direct_url.info.hash). else:. assert isinstance(direct_url.info, DirInfo). requirement += direct_url.url. if direct_url.subdirectory:. fragments.append("sub

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\egg_link.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2463
                                          Entropy (8bit):4.582459566567463
                                          Encrypted:false
                                          SSDEEP:48:da7JM7wQ1OP1d7wrNSd3O01iXD563sI4dMfqtpCY2MmaLKo9LXIx5u:dl7DONtw+3O8kD568I4dFS+m2XIx5u
                                          MD5:779E46DB7BBC718A77B123CF76078CE1
                                          SHA1:7F16CAC0927CDF0A044E03F617A9E94A427B859E
                                          SHA-256:D0578F6685182AFE11190DADEB1EF0E59E36EF06C0FD4A375999C092B82CBAAA
                                          SHA-512:A2B7F6CBD31DFA7DF5C014E14BFB7FDB33EE41363E7E4531842C3B6F14DACF60DEECFB4F57346AE2072A48F7A1AFEC88DCFDC6DB1B0BA326E4FEB58F329E9FEA
                                          Malicious:false
                                          Preview:import os.import re.import sys.from typing import List, Optional..from pip._internal.locations import site_packages, user_site.from pip._internal.utils.virtualenv import (. running_under_virtualenv,. virtualenv_no_global,.)..__all__ = [. "egg_link_path_from_sys_path",. "egg_link_path_from_location",.]...def _egg_link_names(raw_name: str) -> List[str]:. """. Convert a Name metadata value to a .egg-link name, by applying. the same substitution as pkg_resources's safe_name function.. Note: we cannot use canonicalize_name because it has a different logic... We also look for the raw name (without normalization) as setuptools 69 changed. the way it names .egg-link files (https://github.com/pypa/setuptools/issues/4167).. """. return [. re.sub("[^A-Za-z0-9.]+", "-", raw_name) + ".egg-link",. f"{raw_name}.egg-link",. ]...def egg_link_path_from_sys_path(raw_name: str) -> Optional[str]:. """. Look for a .egg-link file for project name, by

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\encoding.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1169
                                          Entropy (8bit):5.000664368044061
                                          Encrypted:false
                                          SSDEEP:24:9dJ6f/5kaXMOvjjmuZF5wSy/WGLiT/RpqwaphPaw/baVY9g4e8+Kv:Hg/5jcOvjjmuN8ejNUjiw/2h47
                                          MD5:71781AF636DF2088D9C6FA15B8248724
                                          SHA1:31C2038B64DD5D3DD3C4CF560E354E4471B144A0
                                          SHA-256:AAAB170ED8B03088D730488855268E8F01F96268AB09A2BE748CDBEBE5C9B0BD
                                          SHA-512:A6D65005137278C217BDAE67FC2A971B22066DD5D8B307A96C0B40550BAD32E11870DC89411969290D2C3BAABDE8650CE34DC4CE58A0C22438DAB36733A53155
                                          Malicious:false
                                          Preview:import codecs.import locale.import re.import sys.from typing import List, Tuple..BOMS: List[Tuple[bytes, str]] = [. (codecs.BOM_UTF8, "utf-8"),. (codecs.BOM_UTF16, "utf-16"),. (codecs.BOM_UTF16_BE, "utf-16-be"),. (codecs.BOM_UTF16_LE, "utf-16-le"),. (codecs.BOM_UTF32, "utf-32"),. (codecs.BOM_UTF32_BE, "utf-32-be"),. (codecs.BOM_UTF32_LE, "utf-32-le"),.]..ENCODING_RE = re.compile(rb"coding[:=]\s*([-\w.]+)")...def auto_decode(data: bytes) -> str:. """Check a bytes string for a BOM to correctly detect the encoding.. Fallback to locale.getpreferredencoding(False) like open() on Python3""". for bom, encoding in BOMS:. if data.startswith(bom):. return data[len(bom) :].decode(encoding). # Lets check the first two lines as in PEP263. for line in data.split(b"\n")[:2]:. if line[0:1] == b"#" and ENCODING_RE.search(line):. result = ENCODING_RE.search(line). assert result is not None. encoding = result.gr

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\entrypoints.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3064
                                          Entropy (8bit):4.680639595700007
                                          Encrypted:false
                                          SSDEEP:48:TvlkosG2/35jkXM50XK1gFIsSBbn1fUcZya9EvZOWwam3rKZSKtZ9dPr9S9ybIA:TvlkosTKXM5GDFIzZ1fJya9EvZOWwa3h
                                          MD5:6824909158AACEE9DF77A01C1783AF2E
                                          SHA1:DF1011DF89A89E8E184B38CF4232CC1B15446CC0
                                          SHA-256:62584B4D1976A07040BAA85CFB398BED4492EBB4CF5951C89A3780407ADE6534
                                          SHA-512:6BA7233C1F1EF34F5BF4FCF4FD0A420CADBDCB8A75C32EDC83AAE81C36E7503C569E786F61E03B55B57C6AEE70ED041B7E9FB1D889E18FCD2085AF09A1A727EF
                                          Malicious:false
                                          Preview:import itertools.import os.import shutil.import sys.from typing import List, Optional..from pip._internal.cli.main import main.from pip._internal.utils.compat import WINDOWS.._EXECUTABLE_NAMES = [. "pip",. f"pip{sys.version_info.major}",. f"pip{sys.version_info.major}.{sys.version_info.minor}",.].if WINDOWS:. _allowed_extensions = {"", ".exe"}. _EXECUTABLE_NAMES = [. "".join(parts). for parts in itertools.product(_EXECUTABLE_NAMES, _allowed_extensions). ]...def _wrapper(args: Optional[List[str]] = None) -> int:. """Central wrapper for all old entrypoints... Historically pip has had several entrypoints defined. Because of issues. arising from PATH, sys.path, multiple Pythons, their interactions, and most. of them having a pip installed, users suffer every time an entrypoint gets. moved... To alleviate this pain, and provide a mechanism for warning users and. directing them to an appropriate place for help, we now define all of. our

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\filesystem.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script text executable Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5122
                                          Entropy (8bit):4.553153847418192
                                          Encrypted:false
                                          SSDEEP:96:zVW6uMIojkzH5WrQXbsB4RTN8D+aQuaOAL7hELnDGVv:zVuMTkzZW0XAB4RTN8DcJOAXSL6Vv
                                          MD5:DEEE0A94B232580C4DAC9C3741A00528
                                          SHA1:7E4452EE2A28E0E3E10D02D1BA115870E9540E4F
                                          SHA-256:4613085D468D54C1A3737AE1B036A1590E0C6AFBC440376A5EA82AF85E9FA70F
                                          SHA-512:A55B030CD406095F34A7772C448901141CD95EC0E9FD04DDB0F42D7DE950BF32DB091353A407EC7E844DDFDFAA25730BBD21D3A7B7AB56D3981AF6E71159BFA3
                                          Malicious:false
                                          Preview:import fnmatch.import os.import os.path.import random.import sys.from contextlib import contextmanager.from tempfile import NamedTemporaryFile.from typing import Any, BinaryIO, Generator, List, Union, cast..from pip._vendor.tenacity import retry, stop_after_delay, wait_fixed..from pip._internal.utils.compat import get_path_uid.from pip._internal.utils.misc import format_size...def check_path_owner(path: str) -> bool:. # If we don't have a way to check the effective uid of this process, then. # we'll just assume that we own the directory.. if sys.platform == "win32" or not hasattr(os, "geteuid"):. return True.. assert os.path.isabs(path).. previous = None. while path != previous:. if os.path.lexists(path):. # Check if path is writable by current user.. if os.geteuid() == 0:. # Special handling for root user in order to handle properly. # cases where users use sudo without -H flag.. try:.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\filetypes.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):716
                                          Entropy (8bit):5.128064341013586
                                          Encrypted:false
                                          SSDEEP:12:cELEYBRrGB2BLZYnBLZ3CLaBLZXWYaBLZYKsBnJTeeG8WbJVw57eMF5YooXHv:cFYq2BmnBU2BBWYaBmT7yeG8WbJOF5ni
                                          MD5:DAAE55F86E9BAE3D0AFFC1181F6ACD85
                                          SHA1:B75E13EF5D44699F0AF4AE12882321E63045B936
                                          SHA-256:8BC5C04347850A8836E85C3DC95D186F5CA002A298075C3D0B3F67D1F8FC8195
                                          SHA-512:AFEDC5779F8E90FCF5840FFE49E7916971AA461B6056FB434078018518AFFFE834C9BD6A9DCE10D886361B1340807E09B7CD47F8D51C9FA8183C3EB759B59ABC
                                          Malicious:false
                                          Preview:"""Filetype information.."""..from typing import Tuple..from pip._internal.utils.misc import splitext..WHEEL_EXTENSION = ".whl".BZ2_EXTENSIONS: Tuple[str, ...] = (".tar.bz2", ".tbz").XZ_EXTENSIONS: Tuple[str, ...] = (. ".tar.xz",. ".txz",. ".tlz",. ".tar.lz",. ".tar.lzma",.).ZIP_EXTENSIONS: Tuple[str, ...] = (".zip", WHEEL_EXTENSION).TAR_EXTENSIONS: Tuple[str, ...] = (".tar.gz", ".tgz", ".tar").ARCHIVE_EXTENSIONS = ZIP_EXTENSIONS + BZ2_EXTENSIONS + TAR_EXTENSIONS + XZ_EXTENSIONS...def is_archive_file(name: str) -> bool:. """Return True if `name` is a considered as an archive file.""". ext = splitext(name)[1].lower(). if ext in ARCHIVE_EXTENSIONS:. return True. return False.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\glibc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3113
                                          Entropy (8bit):4.827361926561468
                                          Encrypted:false
                                          SSDEEP:48:ZMNMpeTLWUrUbFOt6eI0J3PeIOwea072T5ECUtGL7xMcIko/VKY:ZMNZTLWUr+wR1LOZ72TweKzF/VKY
                                          MD5:A806CD4E60BF0FECAF532A9B5B31EB5B
                                          SHA1:993BE097901608F3160F7E3FAFECCD7D1D21CA27
                                          SHA-256:31EB31C6083704BC6178B671F9D49FDF46FA80AA4E81D557C3A5BEFAE1D2B334
                                          SHA-512:8C182D639D0E8FA33357CFEE3368372D06EC0EAA393E61E77697F81D67D811A978FD4F90C220B10BF41BFA3D4BA4A132DCE55B9392E7B93E0A5185652D934C8C
                                          Malicious:false
                                          Preview:import os.import sys.from typing import Optional, Tuple...def glibc_version_string() -> Optional[str]:. "Returns glibc version string, or None if not using glibc.". return glibc_version_string_confstr() or glibc_version_string_ctypes()...def glibc_version_string_confstr() -> Optional[str]:. "Primary implementation of glibc_version_string using os.confstr.". # os.confstr is quite a bit faster than ctypes.DLL. It's also less likely. # to be broken or missing. This strategy is used in the standard library. # platform module:. # https://github.com/python/cpython/blob/fcf1d003bf4f0100c9d0921ff3d70e1127ca1b71/Lib/platform.py#L175-L183. if sys.platform == "win32":. return None. try:. gnu_libc_version = os.confstr("CS_GNU_LIBC_VERSION"). if gnu_libc_version is None:. return None. # os.confstr("CS_GNU_LIBC_VERSION") returns a string like "glibc 2.17":. _, version = gnu_libc_version.split(). except (AttributeError, OSErr

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\hashes.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5118
                                          Entropy (8bit):4.517865882857644
                                          Encrypted:false
                                          SSDEEP:96:fvrEB0PsuMoLSGXoTV+HmGX8s6yIibhrHLNdbf8+EH0Kj:7ELbG4TV+HmO8smi1rHJ9fMHfj
                                          MD5:EA92F1296B5F78FF606AB11DD214F312
                                          SHA1:F88BDEA46699ABB220C1F5720B4652629CB16B28
                                          SHA-256:3233A2802EF9CFAAA844C9201E21EAA2DEDEAB17F00D94AB11F94930F9BE6C71
                                          SHA-512:D1707C0A8775A1C7621C81E7ACBCF308E01F4684B3AB45350E777F39FB0B5B0F64ADC78DD181F4DFF3B36F4D41906FACCCE10DAD3A7F3E430D1559004ECC4DCA
                                          Malicious:false
                                          Preview:import hashlib.from typing import TYPE_CHECKING, BinaryIO, Dict, Iterable, List, Optional..from pip._internal.exceptions import HashMismatch, HashMissing, InstallationError.from pip._internal.utils.misc import read_chunks..if TYPE_CHECKING:. from hashlib import _Hash.. # NoReturn introduced in 3.6.2; imported only for type checking to maintain. # pip compatibility with older patch versions of Python 3.6. from typing import NoReturn...# The recommended hash algo of the moment. Change this whenever the state of.# the art changes; it won't hurt backward compatibility..FAVORITE_HASH = "sha256"...# Names of hashlib algorithms allowed by the --hash option and ``pip hash``.# Currently, those are the ones at least as collision-resistant as sha256..STRONG_HASHES = ["sha256", "sha384", "sha512"]...class Hashes:. """A wrapper that builds multiple hashes at once and checks them against. known-good values.. """.. def __init__(self, hashes: Optional[Dict[str, List[str]]] = No

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\logging.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):11603
                                          Entropy (8bit):4.446627443976613
                                          Encrypted:false
                                          SSDEEP:192:qiZ5NF0lNQR6DWUDZr2Huat0L1Si2hx5pVADOrliz19UIMAcEzZnz+:qiZ5NePQR6XZKKLQDpVaAgzZMAbzZC
                                          MD5:0AD835A23492444085B4AED4A530E370
                                          SHA1:6CFC66CC5325E5E0D1DE8C31202EB486D71EBC0F
                                          SHA-256:7DDB6E649F802A4AB00D300D0EF19C044A6CB0BF1E97B4F58E7C24D429D99776
                                          SHA-512:C472B6D25C98EAA39C49ACE5F37A624988BA999D2379077945F9D8974A207AF04BD136018FF7FA34D56DDA95907269DD18D7157850CF7CC5D91E52889567F464
                                          Malicious:false
                                          Preview:import contextlib.import errno.import logging.import logging.handlers.import os.import sys.import threading.from dataclasses import dataclass.from io import TextIOWrapper.from logging import Filter.from typing import Any, ClassVar, Generator, List, Optional, TextIO, Type..from pip._vendor.rich.console import (. Console,. ConsoleOptions,. ConsoleRenderable,. RenderableType,. RenderResult,. RichCast,.).from pip._vendor.rich.highlighter import NullHighlighter.from pip._vendor.rich.logging import RichHandler.from pip._vendor.rich.segment import Segment.from pip._vendor.rich.style import Style..from pip._internal.utils._log import VERBOSE, getLogger.from pip._internal.utils.compat import WINDOWS.from pip._internal.utils.deprecation import DEPRECATION_MSG_PREFIX.from pip._internal.utils.misc import ensure_dir.._log_state = threading.local().subprocess_logger = getLogger("pip.subprocessor")...class BrokenStdoutLoggingError(Exception):. """. Raised if BrokenPipeError oc

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\misc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):23623
                                          Entropy (8bit):4.7563719569294
                                          Encrypted:false
                                          SSDEEP:384:6dRrq8/RVgKgUkgpDvxLUcK/Mi3R2AlEvPOu/O0CYkjQE0RAEqibCGMbuVWP3/vN:6dRrq85tFLWb/vB2UUOzUQQEibCNCUP9
                                          MD5:E6A83F5B8D0DD3744860E95B00F165E1
                                          SHA1:872DF28D996A12A42EE287A09E0C88386C6C4FE4
                                          SHA-256:7CD5F069E7A292F9D4B7808F30520BE3E2106D90F1C638F88C3A730A2E19B0EC
                                          SHA-512:3F91620184643000F8278F4D2965F4D022324FC133933336C7860A835DEF9072CA0D659EC095834FABBEE11163F8BE98D8D79519CE2F448A022327091053B084
                                          Malicious:false
                                          Preview:import contextlib.import errno.import getpass.import hashlib.import io.import logging.import os.import posixpath.import shutil.import stat.import sys.import sysconfig.import urllib.parse.from functools import partial.from io import StringIO.from itertools import filterfalse, tee, zip_longest.from pathlib import Path.from types import FunctionType, TracebackType.from typing import (. Any,. BinaryIO,. Callable,. ContextManager,. Dict,. Generator,. Iterable,. Iterator,. List,. Optional,. TextIO,. Tuple,. Type,. TypeVar,. Union,. cast,.)..from pip._vendor.packaging.requirements import Requirement.from pip._vendor.pyproject_hooks import BuildBackendHookCaller.from pip._vendor.tenacity import retry, stop_after_delay, wait_fixed..from pip import __version__.from pip._internal.exceptions import CommandError, ExternallyManagedEnvironment.from pip._internal.locations import get_major_minor_version.from pip._internal.utils.compat import WINDOWS.from

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_internal\utils\models.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1193
                                          Entropy (8bit):4.604961326505357
                                          Encrypted:false
                                          SSDEEP:24:GYV8VwJAxxFcyTQeQbnmSjmjg/yCXryJIIv:D2wJocOWpjmsqCXrEII
                                          MD5:2CEC238042EBD1D49C71C8901BBCB028
                                          SHA1:3DD814E8C7938BFDBBBFEA5EFB457EB59FCD0F2D
                                          SHA-256:E46A18539F3A4ABC5444CBC39FF8C13092278ADBE2260E0EE7E88E53EE88D166
                                          SHA-512:8A85DAAE5682CEA6BFECE76F9249CA9C93165174D02143FF8C36EC911E651820F852A0CE3E00F8EA06DFFD95B4DCF43178A9B49D0030A3D3F1F26ABEBFDEF342
                                          Malicious:false
                                          Preview:"""Utilities for defining models."""..import operator.from typing import Any, Callable, Type...class KeyBasedCompareMixin:. """Provides comparison capabilities that is based on a key""".. __slots__ = ["_compare_key", "_defining_class"].. def __init__(self, key: Any, defining_class: Type["KeyBasedCompareMixin"]) -> None:. self._compare_key = key. self._defining_class = defining_class.. def __hash__(self) -> int:. return hash(self._compare_key).. def __lt__(self, other: Any) -> bool:. return self._compare(other, operator.__lt__).. def __le__(self, other: Any) -> bool:. return self._compare(other, operator.__le__).. def __gt__(self, other: Any) -> bool:. return self._compare(other, operator.__gt__).. def __ge__(self, other: Any) -> bool:. return self._compare(other, operator.__ge__).. def __eq__(self, other: Any) -> bool:. return self._compare(other, operator.__eq__).. def _compare(self, other: Any, meth

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4993
                                          Entropy (8bit):4.706048155714618
                                          Encrypted:false
                                          SSDEEP:96:OrHde0hpbiPzsYl1tQdWftXBaIrpOnnd7RbQ/bjXOVSKYg9QMAq8BcQZwycyP:Orr5inPQdIRBrpyMP
                                          MD5:E757A0BEA2E10105518C3F9B5E1DA457
                                          SHA1:D18AD681EBF3B0D236945512222A28AF4EAD58F7
                                          SHA-256:539D4D3F05DD03EC173A200D2109DC62370CA7AB7181E38BE671F192C25EC9AB
                                          SHA-512:87CAB1B6AD7259234C88357ED7A98297C9B440287BEDB7B25B9AF86908A33EB214CE088D7F6A4E13C8E75116AA3E0490DC27EB74992686E456EE251269E604F3
                                          Malicious:false
                                          Preview:""".pip._vendor is for vendoring dependencies of pip to prevent needing pip to.depend on something external...Files inside of pip._vendor should be considered immutable and should only be.updated to versions from upstream..""".from __future__ import absolute_import..import glob.import os.path.import sys..# Downstream redistributors which have debundled our dependencies should also.# patch this value to be true. This will trigger the additional patching.# to cause things like "six" to be available as pip..DEBUNDLED = False..# By default, look in this directory for a bunch of .whl files which we will.# add to the beginning of sys.path before attempting to import anything. This.# is done to support downstream re-distributors like Debian and Fedora who.# wish to create their own Wheels for our dependencies to aid in debundling..WHEEL_DIR = os.path.abspath(os.path.dirname(__file__))...# Define a small helper function to alias our vendored modules to the real ones.# if the vendored ones do n

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4683
                                          Entropy (8bit):5.431577580052828
                                          Encrypted:false
                                          SSDEEP:96:NBDCa5RDq0Cmhxz+Gl5v75U1y/uzrGzBWJxML58M6LzWsUahOeSt:NBDrzCmhp/GOeSt
                                          MD5:8C205EFFE22ED87F43B6CA9FA5BBF5B3
                                          SHA1:383290B37622E10031683149FA2447915554D794
                                          SHA-256:A8BB203A7ABCC284AE03764ED4711D01EB037E574AC497442C563A3D932FACB7
                                          SHA-512:996BE5B0EDAC904198ED16257727B55A037CE6B0EE122628AECC021C8E356ECA5C8535937E93F7B4E3E561B82479042CADD4BDFE97BB117CA86260DDB181DC01
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.Z.e.j...................j...................e.j...................j...................e.................Z.d...Z.e...r'..e.j...................e.j...................j...................e.d.................e.j...................z...e.j...................d.d.....e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d.............e.d ............e.d!............e.d"............e.d#............e.d$............e.d%............e.d&............e.d'............e.d(............e.d)............e.d*............e.d+............e.d,............e.d-............e.d.............e.d/..........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\__pycache__\six.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):41260
                                          Entropy (8bit):5.5508481035194075
                                          Encrypted:false
                                          SSDEEP:768:HuAEeI8FfH+2cNDDMVyJewpZ68elBVgsfmCfS+/xIQu6kVWNt6jSQ:HuAEiFfHQNDD9Jewp0llBVHfmCfSsGb9
                                          MD5:B4C26592B2D13ED7406789D67D069BBC
                                          SHA1:4D31F196D4B6AF97170E23E136E87EA8507C887F
                                          SHA-256:CBAADEA061F4AEE324C96D62026AD34F2C80F8C615086BC98CB894D037161DC8
                                          SHA-512:5805DF595253046316F7EE3599B9365EF3B8BE44C2C36F2FCFF890F74268744CE88F88B2EE97E859AABE4BD13747F867D647D61B63FCC54B8631DBA5EC144020
                                          Malicious:false
                                          Preview:...........f..........................N.....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.Z.d.Z.e.j...................d.....d.k(..Z.e.j...................d.....d.k(..Z.e.j...................d.d...d.k\..Z.e.r.e.f.Z.e.f.Z.e.f.Z.e.Z.e.Z.e.j...................Z.n_e.f.Z.e.e.f.Z.e.e.j6..................f.Z.e.Z.e.Z.e.j:..................j=..................d.........r...e.d.........Z.n"..G.d...d.e.........Z ....e!..e ....................e.d.........Z.[ e.r.d.d.l#m$Z$..n.d.Z$d...Z%d...Z&..G.d...d.e.........Z'..G.d...d.e'........Z(..G.d...d.e.jR..........................Z*..G.d...d.e'........Z+..G.d...d.e.........Z,..e,e-........Z...G.d...d.e*........Z/g...e+d.d.d.d.............e+d d!d"d#d ............e+d$d!d!d%d$............e+d&d'd"d(d&............e+d)d'd*............e+d+d!d"d,d+............e+d-d.d.d/d-............e+d0d.d.d-d0............e+d1d2d3............e+d4d'd"d5d4............e+d6d'e.r.d7n.d8d9............e+d:d'd;............e+d<d=d>d?............e+d.d.d.............e+d@d@dA..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\__pycache__\typing_extensions.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):122040
                                          Entropy (8bit):5.316005692394718
                                          Encrypted:false
                                          SSDEEP:1536:g7cigam7YX256nAeW9pKgpGY6SIlSkHsIMNitc8F9g1plMmdB/qyAEi5fPwpwqc/:ggdZc25znKiGY6SPkH7MWPUPAEQqcg3A
                                          MD5:BC4BB0B465EBBD24BFCA6545D137085B
                                          SHA1:98850D6A978D86667A87628D955A7AAC686BBFC9
                                          SHA-256:D0FE9ABD54BD03995278B3ABB77BAD425C075F1A98361A62DF1E2D18030DB5E1
                                          SHA-512:0643EA4F6C578E4FD3CBB81FF9DAEA875F945FD5E5D43558B06CE72161B75320FD623B550487E522AB929E4437FA4B295807BAE1BDEA77ADE9A3A72B7CFC3353
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.g.d...Z.d.Z.e.Z...G.d...d.........Z...e.........Z.e.f.d...Z.e.j$..................d.k\..r.d...Z.n.e.j$..................d.k\..r.d...Z.n.d...Z.d.d...Z.e.j*..................Z...e.j,..................d.........Z...e.j,..................d.........Z...e.j,..................d.........Z...e.j,..................d.d...........Z...e.j,..................d.d...........Z.e.j$..................d.k\..r.d.d.l.m.Z...n...G.d...d.e.........Z...G.d...d.e...........Z.e.j<..................Z...G.d...d.e.j>..................d...........Z ..e!e.d.........r.e.j$..................d.d...d k\..r.e.jD..................Z"n...G.d!..d"e d...........Z#..e#d.d#.$........Z"e.j$..................d.k\..r.e.jH..................Z$n.d%..Z$d&..Z%e.j$..................d'k\..r.e.jL..................Z&n3d(..Z'd)..Z(..G.d*..d+e.jR..................d...........Z*..G.d,..d-e d...........Z+..e+d..$........Z&e.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1476
                                          Entropy (8bit):4.724060252133051
                                          Encrypted:false
                                          SSDEEP:24:mFd8dDXoPPzFm2Hpm4fX5syOrheytw/1uZMeheyo/1uZMeQyKS/1uZMJY4yb/1u+:mgdDXoPPzE2Hpm4fX5qhY/wiehS/wieW
                                          MD5:845D1D5F5662F331494544E6C660FCCC
                                          SHA1:94FF1A360C3481CDACD76582FC7BD9AA36C4A4C5
                                          SHA-256:7D5BD2893CEBDBE44CE88B235A38F87E468EB433A00E1516BFAB00F7D768E024
                                          SHA-512:B2C6E49B0DCCF1BFA8BD938D9737FE92D5E67A7F3C3556E17B4B0500EB787E8F47021F2777E5EE6430B7E0B8A0B7D1B695C9E29987E3BB657DF2FD3BA1C9E456
                                          Malicious:false
                                          Preview:"""Main entry point.""".from __future__ import annotations..from pip._vendor.platformdirs import PlatformDirs, __version__..PROPS = (. "user_data_dir",. "user_config_dir",. "user_cache_dir",. "user_state_dir",. "user_log_dir",. "user_documents_dir",. "user_downloads_dir",. "user_pictures_dir",. "user_videos_dir",. "user_music_dir",. "user_runtime_dir",. "site_data_dir",. "site_config_dir",. "site_cache_dir",.)...def main() -> None:. """Run main entry point.""". app_name = "MyApp". app_author = "MyCompany".. print(f"-- platformdirs {__version__} --") # noqa: T201.. print("-- app dirs (with optional 'version')") # noqa: T201. dirs = PlatformDirs(app_name, app_author, version="1.0"). for prop in PROPS:. print(f"{prop}: {getattr(dirs, prop)}") # noqa: T201.. print("\n-- app dirs (without optional 'version')") # noqa: T201. dirs = PlatformDirs(app_name, app_author). for prop in PROPS:. print(f"{prop}:

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):18020
                                          Entropy (8bit):5.342913975232867
                                          Encrypted:false
                                          SSDEEP:384:AcMOCDJOOXiDOTbRdzOyLOjjdfPrOho32EqP3lRs4so4gFQed43C:AcyR6eDYY9d43C
                                          MD5:0D13803E223F09982E17A3E136926803
                                          SHA1:64B106B7A550471119805AD941DF09FA89AB7C0E
                                          SHA-256:79D95580BA1204D7F692AEB086FFC2295201B855274465BF3E140086DFFE1E65
                                          SHA-512:781F1E64BABA2575BA7F3C25B712ECB84905D8D38CC3CE30BD664C20D7C024EA68C0C3439026BBD6823189F0B06D4678B6E4E3F7C3DC8473B65613764C61D9DB
                                          Malicious:false
                                          Preview:...........f.N..............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.r"d.d.l.m.Z...e.j...................d.k\..r.d.d.l.m.Z...n.d.d.l.m.Z...d*d...Z...e.........Z.e.Z...........d+......................d,d...Z...........d+......................d-d...Z...........d+......................d,d...Z...........d+......................d-d...Z...........d.......................d/d...Z...........d.......................d/d...Z...........d+......................d,d...Z...........d.......................d/d...Z.d0d...Z.d0d...Z.d0d...Z.d0d...Z d0d...Z!..........d.......................d/d...Z"..........d+......................d1d...Z#..........d+......................d2d...Z$..........d+......................d1d...Z%..........d+......................d2d...Z&..........d.......................d3d...Z'..........d.......................d3d ..Z(..........d+......................d1d!..Z)..........d.......................d3d"..Z*d4d#..Z+d4d$..Z,d4d%..Z-

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\__main__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1937
                                          Entropy (8bit):5.5097126063557695
                                          Encrypted:false
                                          SSDEEP:24:XpulvnGZVPugbKpLygm3YmAZWml8mBzb8KY+xbcjWYBYavXmsrrNlPq:XpuRGZVPugbKLzb8KY+2jWYBDvX5X7q
                                          MD5:8D9F7D2FC323CAF0C15112673333AD4E
                                          SHA1:DF05BD3FE64D59D380257939D3CF92B7523987F6
                                          SHA-256:EAF3562CA1DDC94D82C460DF4A2A396B5C8C5E16B75620EBBAEB54B2AD7F0191
                                          SHA-512:49148157231FF21E038B7302C0538665D0CB820F6FAFD92CE09582C4423A0102D7FF02204972A3466421E6E854E923C885ED2C9AFB3F709A9BFC1135D36D6176
                                          Malicious:false
                                          Preview:...........f..........................J.....d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.Z.d.d...Z.e.d.k(..r...e...........y.y.).z.Main entry point......)...annotations)...PlatformDirs..__version__)...user_data_dir..user_config_dir..user_cache_dir..user_state_dir..user_log_dir..user_documents_dir..user_downloads_dir..user_pictures_dir..user_videos_dir..user_music_dir..user_runtime_dir..site_data_dir..site_config_dir..site_cache_dirc...........................d.}.d.}.t.........d.t...........d.............t.........d...........t.........|.|.d...........}.t.........D.]...}.t.........|...d.t.........|.|...........................t.........d...........t.........|.|.........}.t.........D.]...}.t.........|...d.t.........|.|...........................t.........d...........t.........|.........}.t.........D.]...}.t.........|...d.t.........|.|...........................t.........d...........t.........|.d...........}.t.........D.]...}.t.........|...d.t.........|.|...........................y.).z.Run main ent

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\android.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9435
                                          Entropy (8bit):5.24773703744835
                                          Encrypted:false
                                          SSDEEP:192:nxJ/yKfyqItKHYfBSlfSUgHWTKW6pOK3MmaJ9ZTQs:nxJ/Zfyq9xls2GW6pl3MjJXT/
                                          MD5:A5D493B1DE31C05CE9B93B76E7321B88
                                          SHA1:B9526BF69EFB3023FB9AFF75C5E0A0B70307D790
                                          SHA-256:15403A42B156A3E56A82F9073602870EFF8C73ECD318C3B3997C6775B82C64E4
                                          SHA-512:8E04BA322BA7DF214F2B51EE9F0CE749DCE0D2CB046F81EFEEC1EEC97981FBB7ACA29AD54262F4BA9A5A9EB91E03524C7090F6766E6A3690E16C8032443D3836
                                          Malicious:false
                                          Preview:...........f+.........................,.....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.........Z...e.d...........d.d...........Z...e.d...........d.d...........Z...e.d...........d.d...........Z...e.d...........d.d...........Z...e.d...........d.d...........Z...e.d...........d.d...........Z.d.g.Z.y.).z.Android......)...annotationsN)...lru_cache)...cast.....)...PlatformDirsABCc...........................e.Z.d.Z.d.Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.y.)...Androida$.... Follows the guidance `from here <https://android.stackexchange.com/a/216132>`_. Makes use of the. `appname <platformdirs.api.PlatformDirsABC.appname>`,. `version <platformdirs.api.PlatformDirsABC.version>`,. `ensure_exists <platformdirs.api.PlatformDirsABC

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\api.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9663
                                          Entropy (8bit):5.05027902139737
                                          Encrypted:false
                                          SSDEEP:192:KWGnD0BCIGjpgRhUWqEpUBo9B6++mj8dvHxLfcSWAhzg:K9nD0BlKoAk8xHxRjzg
                                          MD5:7E68C9B280C3AEE5470B4165D23E00A8
                                          SHA1:152E46DCFFFE922DD5517463D5FF3BBFCA5F5968
                                          SHA-256:DDF056CDCC86600FD9DD954CA8F8148DFA9CF56414E40AE5F41E9B3C37BD0CAF
                                          SHA-512:C4488BA80B2D09CDE7FA26F24B4E1208A7787307CDE2F1C7E9A76474A35C73032D88CE057EA80F47B074B2CEF1455CD8B9E8784099ED819FFFE709F74A9F7B39
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.r d.d.l.Z.e.j...................d.k\..r.d.d.l.m.Z...n.d.d.l.m.Z.....G.d...d.e.........Z.y.).z.Base API......)...annotationsN)...ABC..abstractmethod)...Path)...TYPE_CHECKING)...........)...Literalc...........................e.Z.d.Z.d.Z...............d"..............................d#d...Z.d$d...Z.d%d...Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.e.d&d...................Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z.e.d'd...........Z e.d'd........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\macos.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5628
                                          Entropy (8bit):5.119053675725944
                                          Encrypted:false
                                          SSDEEP:96:Yp7FCcbHAE9nmnUGNI2ngsOUHIJtvv3KnRc:UxCcbHAE1GN0sOqIfb
                                          MD5:A7218105BEDF769F192523ACF455F027
                                          SHA1:4D9ECB5A8496CBC4C04BBD7B258EA635EE710CBA
                                          SHA-256:EE355F7CDC3CAFDD3ADA3F7539479494589016C62DF82D6441484033254D0669
                                          SHA-512:DD9726D79FDE2C16A9A9FB8626350D618B14FA9117269A8E6AE3EED39F88B512C1E3B3EF0530A2216FDF45D7177196CBEE0CBD4B21433D4F317354AE205FBEDA
                                          Malicious:false
                                          Preview:...........f^.........................D.....d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.....G.d...d.e.........Z.d.g.Z.y.).z.macOS......)...annotationsN.....)...PlatformDirsABCc...........................e.Z.d.Z.d.Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.y.)...MacOSa..... Platform directories for the macOS operating system. Follows the guidance from `Apple documentation. <https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/MacOSXDirectories/MacOSXDirectories.html>`_.. Makes use of the `appname <platformdirs.api.PlatformDirsABC.appname>`,. `version <platformdirs.api.PlatformDirsABC.version>`,. `ensure_exists <platformdirs.api.PlatformDirsABC.ensure_exists>`.. c.....................^.....|.j...................t...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\unix.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):12432
                                          Entropy (8bit):5.280296174915316
                                          Encrypted:false
                                          SSDEEP:192:gYn+H5wHxeffr8/EmlCIY3gqZbDvyKdXpYJ:n+HQx0z8/EnIYQeHvXdXpYJ
                                          MD5:84DCED6650BCADEF18CC89CC526F23E6
                                          SHA1:54BC3BC3F6B70028DB2CD64E0FDA59123E1326EB
                                          SHA-256:492BC127CFFAAA776B4AA5D43947444A7DD636970039CF456E3E2F5730513621
                                          SHA-512:EBE7EF53C862B613682E41AFC0BA53E111FE2E406B3AE1EA8725723A4CD66C70A6E6E278EFD6AC4E2B0875BD1A0E6BC082BF04518E83B202C52B7D4515E4D4FD
                                          Malicious:false
                                          Preview:...........fi".............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.j...................d.k(..r.d.d...Z.n.d.d.l.m.Z.....G.d...d.e.........Z.d.d...Z.d.d...Z.d.g.Z.y.).z.Unix......)...annotationsN)...ConfigParser)...Path.....)...PlatformDirsABC..win32c...........................d.}.t.........|...........).Nz.should only be used on Unix)...RuntimeError)...msgs.... .VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/platformdirs/unix.py..getuidr........s........+......3...........).r....c.....................R.....e.Z.d.Z.d.Z.e.d.d...........Z.e.d.d...........Z.d.d...Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.d.d...Z.y.)...Unixa..... On Unix/Linux, we follow the. `XDG Basedir Spec <https://specific

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\version.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):302
                                          Entropy (8bit):5.360769800330234
                                          Encrypted:false
                                          SSDEEP:6:LrtOsSITnIflyrtW3D6WNAQ9ACWu6qpR2pAreasGH5aylehK6Z+vYq:ftOSIf4GmWJWKWbafH5aylehK6wZ
                                          MD5:C1CDB80A4B6086AB357FBE0341940D88
                                          SHA1:5DAD3DD714AEF43B801C87A5572EA80A47BC06D5
                                          SHA-256:B8DE441070300CDD8430055437DD7DB2168EEA3C5D4E72BBBD356C7EB7AE2F3B
                                          SHA-512:424A5AAAA0E54CB30FC0EDE84F31AAE8C995C5E16E86AF8F38A3E5FA50AB921D6E1835F39B5D9F9D529E3E96693D7573DC0609CEF1B7AE3BEB828A14B4CC3D56
                                          Malicious:false
                                          Preview:...........f................................d.x.Z.Z.d.x.Z.Z.y.).z.3.8.1)................N)...__version__..version..__version_tuple__..version_tuple........YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/platformdirs/version.py..<module>r........s............. ......g.$-..-....Mr....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\platformdirs\__pycache__\windows.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):12990
                                          Entropy (8bit):5.239159926094749
                                          Encrypted:false
                                          SSDEEP:192:DEcYrwBXxIgB+DuMofny+hU85erYOaqsgcXk:DEcYrwBXxIlDEPygUUerFvSk
                                          MD5:5A153A17A087711E782EEBFE4F8072AA
                                          SHA1:84CE7E67D9C53276E58DA9CD19A4B8AB66ED3AB8
                                          SHA-256:E2F070DAB1D47EB5C5651D1542A0876BF45161E5C7EE4A10C7C0B1533A1DEECC
                                          SHA-512:F8D9088F4C10C7607CA51B19CBCE92DF1D7FC091A82FD0507EA12C8B48557F1C7D0B53D24089F426F08E0469F35E529C7C8F52DED45D8CEF285A0209B022230E
                                          Malicious:false
                                          Preview:...........fe%..............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...e.r.d.d.l.m.Z.....G.d...d.e.........Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.d.d...Z.....e.d.............e.................Z.d.g.Z.y.).z.Windows......)...annotationsN)...lru_cache)...TYPE_CHECKING.....)...PlatformDirsABC)...Callablec...........................e.Z.d.Z.d.Z.e.d.d...........Z.d.d...d.d...Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.e.d.d...........Z.y.)...Windowsa..... `MSDN on where to store app data files. <http://support.microsoft.com/default.aspx?scid=kb;en-us;310294#XSLTH3194121123120121120120>`_.. Makes use of the. `appname <platformdirs.api.PlatformDirsABC.appname>`,. `appauthor <platformdirs.api.PlatformDirsABC.appauthor>`,. `version <platformdirs.api.PlatformDirsABC

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2983
                                          Entropy (8bit):4.615037148370751
                                          Encrypted:false
                                          SSDEEP:48:4H4DMeNykEe7yMQTleKpKSGErxGpYWiywW6UiGkNyWkggGoHtLj1sfywL2niXGkM:4H4DtykEe7HswKpKSziYx9/NvUNtsFyp
                                          MD5:CDD01A44CB801A2AF69D0D75DB8D1E13
                                          SHA1:9B2DBD30889307DDA6766E27E21D9E5BE91E0801
                                          SHA-256:E80B8396342DBDFF3D0D3354C9633B937A1494FFE5ABBD0D53E20D28AB5E3816
                                          SHA-512:5A5461FC5B40A9931F8CD9893EDA2F6F09FCBDD79E555CD07D8E38729299776C60922BA8A877B5BD927B36BDE9D5C5CF17769F51F105D9A83F38747C3AE8AD31
                                          Malicious:false
                                          Preview:""". Pygments. ~~~~~~~~.. Pygments is a syntax highlighting package written in Python... It is a generic syntax highlighter for general use in all kinds of software. such as forum systems, wikis or other applications that need to prettify. source code. Highlights are:.. * a wide range of common languages and markup formats is supported. * special attention is paid to details, increasing quality by a fair amount. * support for new languages and formats are added easily. * a number of output formats, presently HTML, LaTeX, RTF, SVG, all image. formats that PIL supports, and ANSI sequences. * it is usable as a command-line tool and as a library. * ... and it highlights even Brainfuck!.. The `Pygments master branch`_ is installable with ``easy_install Pygments==dev``... .. _Pygments master branch:. https://github.com/pygments/pygments/archive/master.zip#egg=Pygments-dev.. :copyright: Copyright 2006-2023 by the Pygments team, see AUTHO

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):353
                                          Entropy (8bit):4.920011790990273
                                          Encrypted:false
                                          SSDEEP:6:Y6ejA2UeqOUcMrqA1Akssu9IuH8HodrC1QATkTAFMuwdlEkc:Y6epArqA1bssqn8HodmCVYMHd/c
                                          MD5:10FA0A45A3D060D07E1C9E502923E13A
                                          SHA1:2B06C1D0254222D69A45DB8451D6C5A884285E5A
                                          SHA-256:7ACF0428CBD78F9C93A087D0FA97F70EFE539C879E33AB0C1342D6FA7E1E707A
                                          SHA-512:031F304CA66A48AF4B064B92DBD79189E5164380E6D5B877042B40A59839217156581D7CBAF20B5F0C082EE65EC3936E26A58C33B3EDC7D4CFDB3A0CAD61BD7C
                                          Malicious:false
                                          Preview:""". pygments.__main__. ~~~~~~~~~~~~~~~~~.. Main entry point for ``python -m pygments``... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import sys.from pip._vendor.pygments.cmdline import main..try:. sys.exit(main(sys.argv)).except KeyboardInterrupt:. sys.exit(1).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3480
                                          Entropy (8bit):5.4926019089626115
                                          Encrypted:false
                                          SSDEEP:96:KAH4DtykEe7HswKpKSCNYpCMUhMuzNKUNTMdbCeobUS:KltykEe7jNbQUqdbC7p
                                          MD5:BF36476F82FD1340200C17C296BF8814
                                          SHA1:E6FD81081A2A29A670FE92C3EB0C6AD74577F125
                                          SHA-256:26D531FD96D5D783CDEFBC2835328A962FC908062D502318C6D6B3C2994D1BBC
                                          SHA-512:56881B25C82975E46E4BADA08FFD316DA60579C936B22301BC42C2145AADD62ADDF41EA56A77FE70129E6EA3059A406B4246C64AEB045D4FD88A4BD8B26035F1
                                          Malicious:false
                                          Preview:...........f..........................>.....d.Z.d.d.l.m.Z.m.Z...d.Z.d.Z.g.d...Z.d...Z.d.d...Z.d.d...Z.y.).a..... Pygments. ~~~~~~~~.. Pygments is a syntax highlighting package written in Python... It is a generic syntax highlighter for general use in all kinds of software. such as forum systems, wikis or other applications that need to prettify. source code. Highlights are:.. * a wide range of common languages and markup formats is supported. * special attention is paid to details, increasing quality by a fair amount. * support for new languages and formats are added easily. * a number of output formats, presently HTML, LaTeX, RTF, SVG, all image. formats that PIL supports, and ANSI sequences. * it is usable as a command-line tool and as a library. * ... and it highlights even Brainfuck!.. The `Pygments master branch`_ is installable with ``easy_install Pygments==dev``... .. _Pygments master branch:. https://github.com/pygments/pygme

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\__main__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):726
                                          Entropy (8bit):5.578823001234315
                                          Encrypted:false
                                          SSDEEP:12:cJSBcKh6FHvVyi6epArqA1bssqs4ZxIAOyfnEWbaM3ajq12nMuNjytEHzK:e+gz6epAGAoq+IERbfqjJjlHzK
                                          MD5:7887137CECA469CA3BD303DB8C70E155
                                          SHA1:9DD02408004260BEF595658C083E0113E0D055A5
                                          SHA-256:A30A702328D8EB4307588CE70A1AFE9E078D0F7C61B18E8CE3855CA31F1E22CC
                                          SHA-512:3A4CC58473496E5DD95C28B3F8B2E0BAA6E6C367701A302AAF78243006FCC115F8C70C5184B16670AC34CF1224136C446A865802AB3F90AA3FF3CFC31E3AAD7E
                                          Malicious:false
                                          Preview:...........fa..............................d.Z.d.d.l.Z.d.d.l.m.Z.......e.j.....................e.e.j.....................................y.#.e.$.r.....e.j...................d...........Y.y.w.x.Y.w.).z.. pygments.__main__. ~~~~~~~~~~~~~~~~~.. Main entry point for ``python -m pygments``... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...main.....)...__doc__..sys..pip._vendor.pygments.cmdliner......exit..argv..KeyboardInterrupt........VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/__main__.py..<module>r........sI....................-.........C.H.H.T.#.(.(.^................C.H.H.Q.K......s....."1...A.....A..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\cmdline.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):26597
                                          Entropy (8bit):5.522793955266907
                                          Encrypted:false
                                          SSDEEP:768:bgjiKwUWfCPHhz7nnJqxUgXU4ZF8GBcRP6W2xUOy:EDw5CPBz7nGUgXU4ZGP72Kt
                                          MD5:2594B99B575815D424790A35B89FFF9A
                                          SHA1:382780FC4F6286341EC7C0DACB11FB0D729C2B26
                                          SHA-256:3D9BC190CE2A4E645543F162562458E9E279B667DC7F35F129929FF2FF5D6D31
                                          SHA-512:D4010D54F22D44D6A9547252D37A0BA8AE3F25DF297EAB76D7AC03F28EC5ADB1C65C751114BB50BE43BC2E3976491E8CD9D2BF8B907274411BE081A4E7432468
                                          Malicious:false
                                          Preview:...........f.\........................h.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m Z m!Z!m"Z"m#Z#..d.d.l$m%Z%..d.d.l&m'Z'm(Z(..d.d.l)m*Z*m+Z+..d.d.l,m-Z-m.Z...d...Z/d...Z0d...Z1d...Z2d...Z3d...Z4..G.d...d.e.jj..........................Z5e.jl..................f.d...Z7y.).z.. pygments.cmdline. ~~~~~~~~~~~~~~~~.. Command line interface... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...dedent)...__version__..highlight)...ClassNotFound..OptionError..docstring_headline..guess_decode..guess_decode_from_terminal..terminal_encoding..UnclosingTextIOWrapper)...get_all_lexers..get_lexer_by_name..guess_lexer..load_lexer_from_file..get_lexer_for_filename..find_lexer_class_for_filename)...TextLexer)...LatexEmbeddedLexer..LatexFormatter)...get_all_formatters..get_formatter_by_name..load

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\console.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2618
                                          Entropy (8bit):5.6274093619334815
                                          Encrypted:false
                                          SSDEEP:48:wANaUGlGGwdCsxS6CLPO+EwHO64tabBZQkKd+g2viSv2m5I37pd:sVkNCoS6CjOs8e7dvi+Uj
                                          MD5:10D19FB248B26F13BBF5D596238BB5F6
                                          SHA1:E599881E86E672CE0EC70BF001608C8679CE8358
                                          SHA-256:3EA081A7095DE36BA5D8CE074165D9F82D498763DB05955EFBAF333000625937
                                          SHA-512:A2AAFF0B47E3710F362E80C08AF70548ACA7F47D11436490299489FB64C46C5603A499AD395F9C1C1E9CCCB73022FB84F6BAB9B95EC0D08CCAB196FFAC73DF1F
                                          Malicious:false
                                          Preview:...........f..........................$.....d.Z.d.Z.i.Z.d.e.d.<...e.d.z...e.d.<...e.d.z...e.d.<...e.d.z...e.d.<...e.d.z...e.d.<...e.d.z...e.d.<...e.d.z...e.d.<...e.d.z...e.d.<...g.d...Z.g.d...Z.d.Z...e.e.e.........D.]#..\...Z.Z.e.d.e.z...z...e.e.<...e.d.d.e.z...z...z...e.e.<...e.d.z...Z..%..[.[.[.e.d.....e.d.<...d...Z.d...Z.d...Z.y.).z.. pygments.console. ~~~~~~~~~~~~~~~~.. Format colored console output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details..z..[..z.39;49;00m..reset..01m..bold..02m..faint..03m..standout..04m..underline..05m..blink..06m..overline)...black..red..green..yellow..blue..magenta..cyan..gray)...brightblack..brightred..brightgreen..brightyellow..brightblue..brightmagenta..brightcyan..white.....z.%im.<........r....c...........................t.........d.....S...Nr........codes........UC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/console.py..reset_colorr*...(...s..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\filter.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3224
                                          Entropy (8bit):5.216662103512147
                                          Encrypted:false
                                          SSDEEP:48:GCaaSGZUGtuBWdyzLXitxOvKaWp1+erceh4ev5Yne8a6i/go3qveLPzGxqUkAA:GhaSkUIuMyfKbUW4M58u6MChjA
                                          MD5:A098F092C36195ED2D421CF8224C1F5D
                                          SHA1:7B7F46A19CE41CD3A884AB49B4E3107B9DE6A8E6
                                          SHA-256:C77E42E9F56F666543B81F335D3D61BCA698041AC6E3A6DE9589D000EF9DEB05
                                          SHA-512:7DE016201FDFCF6FBB26816DE8FBC7ED4F3AF665F90EE81A2B201266F1BCD35457600D04605243452D5F06088F9E167EF849C6F6829DE24BC98A39E0FD584BA3
                                          Malicious:false
                                          Preview:...........f..........................@.....d.Z.d.d...Z.d...Z...G.d...d.........Z...G.d...d.e.........Z.y.).z.. pygments.filter. ~~~~~~~~~~~~~~~.. Module that implements the default filter... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details..Nc.....................2.........f.d...}.|.D.]...}...|.|.|.........}.....|.S.).z.. Use this method to apply an iterable of filters to. a stream. If lexer is given it's forwarded to the. filter, otherwise the filter receives `None`.. c................3....F.....K.....|.j.....................|.........E.d.{.............y.7.....w...N)...filter)...filter_..stream..lexers.... ..TC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/filter.py.._applyz.apply_filters.<locals>._apply....s..............>.>.%....0..0..0.s......!.......!...).r......filtersr....r....r....s.... ` r......apply_filtersr........s(..........1.......)...........(......)....M..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\formatter.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4561
                                          Entropy (8bit):5.243419938443461
                                          Encrypted:false
                                          SSDEEP:96:NCppXxc3BBmgwGvCt798FkwMv/6ypXRIqF9Osqy0:NfH88Fk/7RIUOsY
                                          MD5:02B27AD43E17480EEBF227486A13CE55
                                          SHA1:5349E2C442DA4173000311D5A0224563E57BD9D0
                                          SHA-256:92E60B522F10309C512440530AD80E7C69FE8FAAF9CFAD2EE5967052A402B6B1
                                          SHA-512:8604BD81707849EB3AC5BCD669441B79F884EDEF6E9B75E9421911E710C291B2C97AF8A4CB4E5E83F91CF7278BF825CDC99409E30A3D39C7F6BA12757279A316
                                          Malicious:false
                                          Preview:...........fR.........................H.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.g.Z.d...Z...G.d...d.........Z.y.).z.. pygments.formatter. ~~~~~~~~~~~~~~~~~~.. Base formatter class... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...get_bool_opt)...get_style_by_name..Formatterc.....................<.....t.........|.t.................r.t.........|.........S.|.S.).N)...isinstance..strr....)...styles.... .WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/formatter.py.._lookup_styler........s..........%....... ....'..'....L.....c.....................4.....e.Z.d.Z.d.Z.d.Z.g.Z.g.Z.d.Z.d...Z.d.d...Z.d...Z.y.).r....a..... Converts a token stream to text... Formatters should have attributes to help selecting them. These. are similar to the corresponding :class:`~pygments.lexer.Lexer`. attributes... .. autoattribute:: name. :no-value:.. .. autoattribute:: aliases

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\lexer.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):38321
                                          Entropy (8bit):5.498231719515866
                                          Encrypted:false
                                          SSDEEP:768:etyVs+HKAeM7MyKZ6fDc4Dv0oXGFoYywXvLRp638kh:eeTcZ64OGFqwfLS3X
                                          MD5:31AE9263F8917C7914FD101B69EE61D4
                                          SHA1:4CDC4E1638EC9D49F1FC3DF81E82BBA516FFADA1
                                          SHA-256:7D4B1FE998A4A7739D4253EBFD00E3444F8029E6D48697A20FDAB25C33C1F3EA
                                          SHA-512:93E137F9CFEBF568614D711D872FBEF4F2E81A1D2F684027E137AD53DF681B4E6BA3E375E6D15C13AF422676DFB498CBE196A945D4AA95398DA028718059B2C5
                                          Malicious:false
                                          Preview:...........f:.........................X.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...g.d...Z...e.j2..................d.........Z.g.d...Z...e.d...........Z...G.d...d.e.........Z...G.d...d.e...........Z ..G.d...d.e ........Z!..G.d...d.e"........Z#..G.d...d.........Z$..e$........Z%..G.d...d.e&........Z'..G.d...d.........Z(d...Z)..G.d...d.........Z*..e*........Z+d...Z,..G.d...d ........Z-..G.d!..d"e.........Z...G.d#..d$e.........Z/..G.d%..d&e e/..........Z0..G.d'..d(........Z1..G.d)..d*e0........Z2d+..Z3..G.d,..d-e/........Z4..G.d...d/e0e4..........Z5y.)0z.. pygments.lexer. ~~~~~~~~~~~~~~.. Base lexer classes... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...apply_filters..Filter)...get_filter_by_name)...Error..Text..Other..Whitespace.._TokenType)...get_bool_opt..get_int_opt..get_list_opt..make_analysator..Future..guess

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\modeline.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1560
                                          Entropy (8bit):5.573385444608913
                                          Encrypted:false
                                          SSDEEP:24:4rkx/GAoq3qk8/7Yi2wYFNbfoSCt5mQkB4r2ZVpamaN81ajAnG4ZrKI6id7wx:4rkx/GJ6FBs5mQkVVy8U4ZrsiFwx
                                          MD5:74D902C46741FAB2E131737486040EA9
                                          SHA1:ACA7ED0C7FB8ACC6E6D6D3BDEDE54BA8FC23BC13
                                          SHA-256:46663999FAAD2BEB421C289C118FA9749C12BD9C83DE20EB6BB02D5F72639C0D
                                          SHA-512:F785F9AE17424B1FFE8E6B930F53E1F73CAA05B8993A48F9E547B0CB6C86756390FC5E183FD5E667EFB5C29A841B1F6C1C63CB8B894ABD8A134945AA9CD4525D
                                          Malicious:false
                                          Preview:...........f..........................^.....d.Z.d.d.l.Z.d.g.Z...e.j...................d.e.j...........................Z.d...Z.d.d...Z.y.).z.. pygments.modeline. ~~~~~~~~~~~~~~~~~.. A simple modeline parser (based on pymodeline)... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N..get_filetype_from_bufferze. (?: vi | vim | ex ) (?: [<=>]? \d* )? :. .* (?: ft | filetype | syn | syntax ) = ( [^:\s]+ ).c.....................T.....t.........j...................|.........}.|.r.|.j...................d.........S.y.).N.....)...modeline_re..search..group)...l..ms.... .VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/modeline.py..get_filetype_from_liner........s(...............1....A.......w.w.q.z.............c...........................|.j...........................}.|.d.|...d.z...d.......D.]...}.t.........|.........}.|.s...|.c...S...t.........|.d.d.........D.]%..}.|.t.........|....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\plugin.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3388
                                          Entropy (8bit):5.525900002568577
                                          Encrypted:false
                                          SSDEEP:48:ZWOhRbZ6mQ4Aa4vRpmCgVVGtEUc5dSs+yBMRMbdDCwPTVGBRPKuomiAAiyyiiXAT:LhRbZ6rNLvOCWVOEUcx5CQ0BVpoT
                                          MD5:1E8FA0A046F7BC360D9C0F2D01DDDEC9
                                          SHA1:BBE86D554AED341C11146F5287A11EED3DB1C87B
                                          SHA-256:7BA941789580A9FA07457B1BD1FD0C9DEB8754AF4BE0DC29CF4814435DDBBC57
                                          SHA-512:CA457CE27787E80BF8AC9814AAC746A41A8CD449E84DA80C1A5666C74AF1CB7C5411851FF87A3CBA03A8DD07C813191477DA24DC62CD1AA41F009C1D5D53C611
                                          Malicious:false
                                          Preview:...........f..........................6.....d.Z.d.Z.d.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.).a..... pygments.plugin. ~~~~~~~~~~~~~~~.. Pygments plugin interface. By default, this tries to use. ``importlib.metadata``, which is in the Python standard. library since Python 3.8, or its ``importlib_metadata``. backport for earlier versions of Python. It falls back on. ``pkg_resources`` if not found. Finally, if ``pkg_resources``. is not found either, no plugins are loaded at all... lexer plugins::.. [pygments.lexers]. yourlexer = yourmodule:YourLexer.. formatter plugins::.. [pygments.formatters]. yourformatter = yourformatter:YourFormatter. /.ext = yourformatter:YourFormatter.. As you can see, you can define extensions for the formatter. with a leading slash... syntax plugins::.. [pygments.styles]. yourstyle = yourstyle:YourStyle.. filter plugin::.. [pygments.filter]. yourfilter = y

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\regexopt.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4073
                                          Entropy (8bit):5.584515851540386
                                          Encrypted:false
                                          SSDEEP:96:0ZeDiTrACsTJsoV/MsH54Q1uuu1woeFpBFaxP2MN1OU:EoCsTJsoNV5Kuu1HIBgxP2MN1OU
                                          MD5:6CC7B651397BB7C612F92A5D05569700
                                          SHA1:495496CA1DA96BCE7B0BE5AE0E4B04BDA33FAC85
                                          SHA-256:2AEF4C1032A37E78C139FCF21412B7A2AF31485CADCF2BD5184F0E9B72CD678D
                                          SHA-512:AA5EA89DD2D60144EE01459281EEECD41BB27ED20882A94F3C9C132AFA04D2723DBA6F3BF615FF7E103907AC8D58364D5186BEACE1D6CB5CDBDA2D03E8CE9F87
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j...................d.........Z...e.d.........Z.d...Z.d...Z.d.d...Z.y.).a..... pygments.regexopt. ~~~~~~~~~~~~~~~~~.. An algorithm that generates optimized regexes for matching long lists of. literal strings... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...escape)...commonprefix)...groupby)...itemgetterz.[\[\^\\\-\]]c.....................Z.....d.t.........j...................d...d.j...................|.................z...d.z...S.).N..[c.....................(.....d.|.j...........................z...S.).N..\)...group)...ms.... .VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/regexopt.py..<lambda>z.make_charset.<locals>.<lambda>....s.................)9...........])...CS_ESCAPE..sub..join)...letterss.... r......make_charsetr........s'................9.2.7.7.7.;K..L..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\scanner.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4748
                                          Entropy (8bit):5.019107370790453
                                          Encrypted:false
                                          SSDEEP:96:lEit5EKk57OMcVwMM/h97ffyk/gIzQ0Aj4NPcwpqzve:mitnwcVwMMX73yzIqjePvYz2
                                          MD5:CE1BAA2B6737210FAA354241DD8DEA3A
                                          SHA1:A91C87F663FB05F279B22D2C51A2C02DBFF2155E
                                          SHA-256:FE47D11ABFBFDDA53BDE5D56FD61C32E417BF88A5A21D363DCFCF8B06DACD8A3
                                          SHA-512:76DD6726F8FED7B4D43360756E8B6DC6873938866405B9E93291CD018ADCD74C905CAC77D2904674E252DB70C20988D7F1631970C4DEDCA3EBC8762CC4E2997F
                                          Malicious:false
                                          Preview:...........f..........................:.....d.Z.d.d.l.Z...G.d...d.e.........Z...G.d...d.........Z.y.).a..... pygments.scanner. ~~~~~~~~~~~~~~~~.. This library implements a regex based scanner. Some languages. like Pascal are easy to parse but have some keywords that. depend on the context. Because of this it's impossible to lex. that just by using a regular expression lexer like the. `RegexLexer`... Have a look at the `DelphiLexer` to get an idea of how to use. this scanner... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......Nc...........................e.Z.d.Z.d.Z.y.)...EndOfTextzZ. Raise if end of text is reached and the user. tried to call a match function.. N)...__name__..__module__..__qualname__..__doc__........UC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/scanner.pyr....r........s...........r....r....c.....................b.....e.Z.d.Z.d.Z.d.d...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\sphinxext.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):11038
                                          Entropy (8bit):5.343159530321098
                                          Encrypted:false
                                          SSDEEP:192:vMxMGaRyuY4EkU5eTs3iCB7Pe7FS5OTiecqyLGp40pQvsXEAfyOcW2cRtQRr4AFa:E2EWUYVfMz0zVQkXEAfWuRtQoJpO+
                                          MD5:6780F13F938C80B2509DC7578586AEAB
                                          SHA1:37458BF514F3F6F809108F0A4961CC269974E45C
                                          SHA-256:8DF4F8E89915F9C7B2C5A1B4EECF519484E7185A754CCCE4130630BCFC7D5001
                                          SHA-512:1DB42A6FDA6F2B3376F32BE54BFAC6EBACFA7D0E34B317E38649F960751C4930584D9F320A0787E38F56F6242E8D93648D364E408E86C9634C680D5F20090C12
                                          Malicious:false
                                          Preview:...........f..........................l.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d.Z.d.Z...G.d...d.e.........Z.d...Z.y.).a..... pygments.sphinxext. ~~~~~~~~~~~~~~~~~~.. Sphinx extension to generate automatic documentation of lexers,. formatters and filters... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...nodes)...ViewList)...Directive)...nested_parse_with_titlesz.... module:: %s..%s.%s.zX... class:: %s.. :Short names: %s. :Filenames: %s. :MIME types: %s.. %s..zA... class:: %s.. :Short names: %s. :Filenames: %s.. %s..z'... class:: %s.. :Name: %s.. %s..c.....................B.....e.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.i.Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.)...PygmentsDoczn. A directive to collect all lexers/formatters/filters and generate. autoclass directives for them.. F.....r....c..........................t.................|._.........|.j.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\style.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6666
                                          Entropy (8bit):5.780439848654084
                                          Encrypted:false
                                          SSDEEP:96:COWbtBrxXaCpLr/0GDQQ6btRuTRt6vov+6H6N0+ClMTYAzin05adK:dkqiv/0Gs4TfJkbCdn05aU
                                          MD5:3D8EFAE097F230C5F56BCC89E07498B1
                                          SHA1:69865EC0806CAC587A42A63EEEFACD2D75963DDF
                                          SHA-256:DFDADC9CB0A8530D4346211B172391D02F07B6CA93A6B66F2414CBDABB982A53
                                          SHA-512:6705B92E9CFD6404A294CE70CC3525819C9C07AEF98D2C0C7E043AF4C75515311C18D46F21EDD062EC0E4FE13E687BDD3087F707884B02A03E58C2D6D8B052D6
                                          Malicious:false
                                          Preview:...........fq...............................d.Z.d.d.l.m.Z.m.Z...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..Z.i.d#d...d$d...d%d...d&d...d'd...d(d...d)d...d*d...d+d...d,d...d-d...d.d...d/d...d0d...d1d...d2d!..Z...e.e.........Z...G.d3..d4e.........Z...G.d5..d6e..7........Z.y8)9z.. pygments.style. ~~~~~~~~~~~~~~.. Basic style object... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Token..STANDARD_TYPES..ansiblack..000000..ansired..7f0000..ansigreen..007f00..ansiyellow..7f7fe0..ansiblue..00007f..ansimagenta..7f007f..ansicyan..007f7f..ansigray..e5e5e5..ansibrightblack..555555..ansibrightred..ff0000..ansibrightgreen..00ff00..ansibrightyellow..ffff00..ansibrightblue..0000ff..ansibrightmagenta..ff00ff..ansibrightcyan..00ffff..ansiwhite..ffffffz.#ansiblackz.#ansidarkredz.#ansidarkgreenz.#ansibrownz.#ansidarkbluez.#ansipurplez.#ansitealz.#ansilightgrayz.#ans

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\token.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8134
                                          Entropy (8bit):5.198457848275421
                                          Encrypted:false
                                          SSDEEP:192:sm4Auxsd5PK/T/nEOE2c9t1KjediXJrMLF88o:YAuxy9ST3E2c9tGediZro88o
                                          MD5:9FB88C48560946D99D39CB8F9AE3A1F7
                                          SHA1:848A47EA70889354ED59FE5300FF20D2376393ED
                                          SHA-256:DEA4C4D5C044D1821ED5B5266276BA85B2BE46A555C9DAB94C93D41B6591DB32
                                          SHA-512:F65A085ACC47AAAD636A02C31FEED33DF4C8A5B065E10F1D27A2BCE6103007BD1A64B81EE8767568D075DA204CC06D0E5A16CB99C8E72CE256A9423AB36F4310
                                          Malicious:false
                                          Preview:...........f(...............................d.Z...G.d...d.e.........Z...e.........Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j...................Z.e.j ..................Z.e.j"..................Z.e.e._.........e.e._.........e.e._.........d...Z.d...Z.i.e.d...e.d...e.d...e.d...e.d...e.d...e.d...e.j(..................d...e.j*..................d...e.j,..................d...e.j...................d...e.j0..................d...e.j2..................d...e.d...e.j4..................d...e.j6..................d...e.j6..................j...................d...i.e.j8..................d...e.j(..................d...e.j:..................d...e.j<..................d...e.j>..................d...e.j@..................d...e.j@..................jB..................d...e.jD..............

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\unistring.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32980
                                          Entropy (8bit):6.290712858025236
                                          Encrypted:false
                                          SSDEEP:768:JGqAJsUe2glKVaCxJNmJAokJE5l2o5VTq9iU/:JXAOfWVaCxJ/JE5lZTq3
                                          MD5:7BA290210B15B45B4FC877873D08B28D
                                          SHA1:185B10F760C88C0193395195590161C5F423DCE8
                                          SHA-256:234EAFE02D3FD76766FB28C4D286F2965BCA3083D444183F6B513378769B5DB9
                                          SHA-512:B79C4B3CBD714349FEF08C18FE1ED7368323E47701AFA3D7878BE978D98768FD9E7758EB834212ABD35E2642364066367EC74FC282E39CEFBC71FB1BA98DFE45
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d Z g.d!..Z!d"..Z"d#..Z#d$..Z$e%d%k(....r.d&d'l&Z&g.g.d(..Z'..e(e)d).*........5.Z*e*jW..........................Z,d'd'd'..........e,d'e,j[..................d+..........Z.e,e,j[..................d,........d'..Z/..e0d-........D.]...Z1..e2e1........Z3..e&jh..................e3........Z5..e6e3........d.k(..r.d/e3z...Z3n...e6e3........d0v.r.d/e3z...Z3e'jo..................e5g.........jq..................e3..........e3js..........................r.e'd1....jq..................e3..........d2e3z...js..........................s...e'd3....jq..................e3................e(e)d4d).*........5.Z*e*ju..................e.............e;e'........D.]3..Z5d5jy....................e$e'e5....................Z=e*ju..................e5..d6e=..d7.............5....e;e'........Z!e!j}..................d1..........e!j}..................d3..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\__pycache__\util.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13973
                                          Entropy (8bit):5.46582593874116
                                          Encrypted:false
                                          SSDEEP:384:zH1bp5yTrzIm3UMWXHfV3IphWK8X9WISw8jEGARH:D1bcr0GU1/VYHWK8XUTw8wGARH
                                          MD5:8649CFD04322DEAFF6FCB05AC31D6ADE
                                          SHA1:289E945FA0E83CBA7BDFB63AF8BDF0C4E8D9E238
                                          SHA-256:55545EA7332581DC6538140013CFF29B8BB37CD2BD77A39773F5234CC7555833
                                          SHA-512:3C85FBB61B2992B7545A035301374240331B5C2CF2F95A51D8F5D9234998C48FE083FC107A2A74483E2DBBE2BDA0955502FF11B813264FC4BCC6599C24679522
                                          Malicious:false
                                          Preview:...........f.'..............................d.Z.d.d.l.Z.d.d.l.m.Z.....e.j...................d.........Z...e.j...................d.e.j...................e.j...................z...e.j...................z...........Z...e.j...................d.e.j...................e.j...................z...e.j...................z...........Z...e.j...................d.e.j...........................Z...G.d...d.e.........Z...G.d...d.e.........Z.d d...Z.d!d...Z.d!d...Z.d!d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.i.Z.d...Z.d...Z.d"d...Z.d#d...Z...G.d...d.........Z d...Z!d...Z"d...Z#..G.d...d.e.........Z$y.)$z.. pygments.util. ~~~~~~~~~~~~~.. Utility functions... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...TextIOWrapperz.[/\\ ]z.. <!DOCTYPE\s+(. [a-zA-Z_][a-zA-Z0-9]*. (?: \s+ # optional in HTML5. [a-zA-Z_][a-zA-Z0-9]*\s+. "[^"]*")?. ). [^>]*>.z.<(.+?)(\s.*?)?>.*?</.+?>z.\s*<\?xml[^>]*\?>c..........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\cmdline.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):23685
                                          Entropy (8bit):4.340463405573033
                                          Encrypted:false
                                          SSDEEP:384:iJqsoXfnnzl4Z0TSEjXNnocCVPbloBSYdqbazFd7j:iJqdnnzl4ZISoocCVPZoBSYdjzD7j
                                          MD5:06DD41C17DFB35881CE4E23C30534863
                                          SHA1:375F2C67E11155E43CD3C847DFA0F47E10F9F449
                                          SHA-256:6F2C58269F609E355ECA1465677513320A3F2E191787569FBCDF30241B4071CF
                                          SHA-512:2F9EA61F311437DEE840E7CE10C3EAFDAD68D9D0A1DB2FB2EAFFC2B81ABA24A4931045A7BCA3CE71C84F9ABF817B83D713A1B9671D91EC33D29C1B7692263930
                                          Malicious:false
                                          Preview:""". pygments.cmdline. ~~~~~~~~~~~~~~~~.. Command line interface... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import os.import sys.import shutil.import argparse.from textwrap import dedent..from pip._vendor.pygments import __version__, highlight.from pip._vendor.pygments.util import ClassNotFound, OptionError, docstring_headline, \. guess_decode, guess_decode_from_terminal, terminal_encoding, \. UnclosingTextIOWrapper.from pip._vendor.pygments.lexers import get_all_lexers, get_lexer_by_name, guess_lexer, \. load_lexer_from_file, get_lexer_for_filename, find_lexer_class_for_filename.from pip._vendor.pygments.lexers.special import TextLexer.from pip._vendor.pygments.formatters.latex import LatexEmbeddedLexer, LatexFormatter.from pip._vendor.pygments.formatters import get_all_formatters, get_formatter_by_name, \. load_formatter_from_file, get_formatter_for_filename, find_formatter_class.from

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\console.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1697
                                          Entropy (8bit):4.779934860652409
                                          Encrypted:false
                                          SSDEEP:48:YlGG1dsgllfLnfvZCofuIih1XXkabBZAGFkvJkbZ/gulgY:YkgyglljfBCquIU1XXpq24uCY
                                          MD5:450B87DD5878B793336B090297EC6309
                                          SHA1:8630C1C81F6D8B641F7C3711441EDD186B0B1657
                                          SHA-256:DB06795BE53A4EE7490F5FCD2D4C237253296E898533DD6536FD75FFAD2C7C66
                                          SHA-512:BE126F818E4F2B1639D8F55C30B245A82D8BED28E71FC79D48A513E65F6A5AE5C3F86C147E30B82140C1E2E5461BDA07B8B978E8F89A889096E46E8C8255AD5B
                                          Malicious:false
                                          Preview:""". pygments.console. ~~~~~~~~~~~~~~~~.. Format colored console output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..esc = "\x1b["..codes = {}.codes[""] = "".codes["reset"] = esc + "39;49;00m"..codes["bold"] = esc + "01m".codes["faint"] = esc + "02m".codes["standout"] = esc + "03m".codes["underline"] = esc + "04m".codes["blink"] = esc + "05m".codes["overline"] = esc + "06m"..dark_colors = ["black", "red", "green", "yellow", "blue",. "magenta", "cyan", "gray"].light_colors = ["brightblack", "brightred", "brightgreen", "brightyellow", "brightblue",. "brightmagenta", "brightcyan", "white"]..x = 30.for d, l in zip(dark_colors, light_colors):. codes[d] = esc + "%im" % x. codes[l] = esc + "%im" % (60 + x). x += 1..del d, l, x..codes["white"] = codes["bold"]...def reset_color():. return codes["reset"]...def colorize(color_key, text):. return codes[color_key] + text

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\filter.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1938
                                          Entropy (8bit):4.488825294219764
                                          Encrypted:false
                                          SSDEEP:48:YaSGaQSjtuBmyy0TLLy09/jxOQUX+ibnM8abOS2DowxWw5Ro:YaS5QSRugyzHLy09/jBlibM8A3wU
                                          MD5:B9D28DC447A3D3AB9116636D683039A5
                                          SHA1:87FEDEAF657DD9DC7C191B1C3C9461B59514239D
                                          SHA-256:8F968B33D6BDC12C7A787D68CB8EF7A12909D3684658DA6D065568E2CD60FF7D
                                          SHA-512:DEEAFC1AD7D38F93EBBC06838E758390D1550A048052E59A5A5AB65096D7C45E2AE073BFDA6F0132626EC319902E4AAE375B90C71AB568EBED182BBFE9189196
                                          Malicious:false
                                          Preview:""". pygments.filter. ~~~~~~~~~~~~~~~.. Module that implements the default filter... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""...def apply_filters(stream, filters, lexer=None):. """. Use this method to apply an iterable of filters to. a stream. If lexer is given it's forwarded to the. filter, otherwise the filter receives `None`.. """. def _apply(filter_, stream):. yield from filter_.filter(lexer, stream). for filter_ in filters:. stream = _apply(filter_, stream). return stream...def simplefilter(f):. """. Decorator that converts a function into a filter::.. @simplefilter. def lowercase(self, lexer, stream, options):. for ttype, value in stream:. yield ttype, value.lower(). """. return type(f.__name__, (FunctionFilter,), {. '__module__': getattr(f, '__module__'),. '__doc__': f.__doc__,. 'funct

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\filters\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):40386
                                          Entropy (8bit):3.934104313489659
                                          Encrypted:false
                                          SSDEEP:384:qCFI4li9kb1xljrGSV+vjecMcyZb77zQIB39yMR8nEzNXeA++QNecS4tOKBYnV:qCF5DjEvfWtIR0KmV
                                          MD5:CB08F0D464B3AFAD4348A007FCD2583E
                                          SHA1:C166F4460E3DA0CEA2FFE9F54CBDE12801EE53F6
                                          SHA-256:87F928624505A3E1455318ECE7AE091D4033ECEDF226957023A7CA377318CC6D
                                          SHA-512:6D76C1A33D2838A38ED5CA188F5E1ADCE7FE03C5EA7FFEBE9653B0D352725AB1E5D9EBA71CC1B68104E8BDD1EEF47D79D52E9F76CC99DA0BDD68AA35D545887A
                                          Malicious:false
                                          Preview:""". pygments.filters. ~~~~~~~~~~~~~~~~.. Module containing filter lookup functions and default. filters... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re..from pip._vendor.pygments.token import String, Comment, Keyword, Name, Error, Whitespace, \. string_to_tokentype.from pip._vendor.pygments.filter import Filter.from pip._vendor.pygments.util import get_list_opt, get_int_opt, get_bool_opt, \. get_choice_opt, ClassNotFound, OptionError.from pip._vendor.pygments.plugin import find_plugin_filters...def find_filter_class(filtername):. """Lookup a filter by name. Return None if not found.""". if filtername in FILTERS:. return FILTERS[filtername]. for name, cls in find_plugin_filters():. if name == filtername:. return cls. return None...def get_filter_by_name(filtername, **options):. """Return an instantiated filter... Options are passed to the filt

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\filters\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):37928
                                          Entropy (8bit):6.103200332299957
                                          Encrypted:false
                                          SSDEEP:768:vPbx+b28PUaojniUBbf06K+P7VozxFRpYy1YKJ0D:vPbsd8aorRD0z+P7VIFR6y1zi
                                          MD5:6778CDBE325C3A83094EEA4C44BEFA1A
                                          SHA1:52AE3E85AB89EA3285B4AA778CA9E81F9BFE7939
                                          SHA-256:D1D461C21ABA120F648B6B8BCE6E014060CA607654175CBC54A7B46E96DAB39A
                                          SHA-512:4894FF58A7DFF6AA476B513B404DE38BB6924ED36E470037CE88249A35EFDB5BC12DE596CF10D8194852B7F3C504670FC85EF13EE2CAED538D1F8FE54AFB9B5B
                                          Malicious:false
                                          Preview:...........f.........................f.....d.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d...Z.d...Z.d...Z.d...f.d...Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z ..G.d...d.e.........Z!..G.d...d.e.........Z"e.e.e.e.e e!e"e.d...Z#y.).z.. pygments.filters. ~~~~~~~~~~~~~~~~.. Module containing filter lookup functions and default. filters... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...String..Comment..Keyword..Name..Error..Whitespace..string_to_tokentype)...Filter)...get_list_opt..get_int_opt..get_bool_opt..get_choice_opt..ClassNotFound..OptionError)...find_plugin_filtersc.....................\.....|.t.........v.r.t.........|.....S.t.................D.]...\...}.}.|.|.k(..s...|.c...S...y.).z2Lookup a filter by name. Return None if not

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatter.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4178
                                          Entropy (8bit):4.486813538347638
                                          Encrypted:false
                                          SSDEEP:96:YpHGIEg/jcBmgwGvCt798i2m7DtfC9ykwMWleXyQBD:87w88i2Etf5NKy2
                                          MD5:3F62A4A5E7ABBF52681F7B46CC465322
                                          SHA1:2FF27F2B5A03AD1018882E6303BF8BF39CEFB6B6
                                          SHA-256:27D38BF615CB24A664EE6A1480AC298D6F4735FE16949160FE8FFE67F4BFB536
                                          SHA-512:C8CABE60100DBBDF22B0A172CE02FDBC01FED3354C363627001528086E98F4DA23040A9107EB95330EC759ED8CDDE8EE0F316A70BAF45CAC344BF6A9E5611B27
                                          Malicious:false
                                          Preview:""". pygments.formatter. ~~~~~~~~~~~~~~~~~~.. Base formatter class... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import codecs..from pip._vendor.pygments.util import get_bool_opt.from pip._vendor.pygments.styles import get_style_by_name..__all__ = ['Formatter']...def _lookup_style(style):. if isinstance(style, str):. return get_style_by_name(style). return style...class Formatter:. """. Converts a token stream to text... Formatters should have attributes to help selecting them. These. are similar to the corresponding :class:`~pygments.lexer.Lexer`. attributes... .. autoattribute:: name. :no-value:.. .. autoattribute:: aliases. :no-value:.. .. autoattribute:: filenames. :no-value:.. You can pass options as keyword arguments to the constructor.. All formatters accept these basic options:.. ``style``. The style to use, can be a string

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5424
                                          Entropy (8bit):4.59109295075211
                                          Encrypted:false
                                          SSDEEP:96:YBfHDbvQt81zSRZk1pHl88YSuLLd+BFX/f9gIEd0zKmmd+ueISQZwTNu:2ZzSRy3FySA+FvamCSXu
                                          MD5:64EB306A20C0A8FC578C8680565823D1
                                          SHA1:15ADB89D224CA7E4D293CFF1AE2C6B0B29C7C198
                                          SHA-256:FF180071D14AAF440D63087F8BDF0053D86F7CFDD7DB0024844945711445DD4A
                                          SHA-512:4E36DB75BEC47E857227414F96FB7DE281626839AAD2F5581666E447E46629CCC3710506566FC721C31CDDCCEC1484045230AAE89984B293D04DDA1CC4EDB599
                                          Malicious:false
                                          Preview:""". pygments.formatters. ~~~~~~~~~~~~~~~~~~~.. Pygments formatters... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re.import sys.import types.import fnmatch.from os.path import basename..from pip._vendor.pygments.formatters._mapping import FORMATTERS.from pip._vendor.pygments.plugin import find_plugin_formatters.from pip._vendor.pygments.util import ClassNotFound..__all__ = ['get_formatter_by_name', 'get_formatter_for_filename',. 'get_all_formatters', 'load_formatter_from_file'] + list(FORMATTERS).._formatter_cache = {} # classes by name._pattern_cache = {}...def _fn_matches(fn, glob):. """Return whether the supplied file name fn matches pattern filename.""". if glob not in _pattern_cache:. pattern = _pattern_cache[glob] = re.compile(fnmatch.translate(glob)). return pattern.match(fn). return _pattern_cache[glob].match(fn)...def _load_formatters(module_name):.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6918
                                          Entropy (8bit):5.523626673818778
                                          Encrypted:false
                                          SSDEEP:96:Rd0rBfNaf8m++okhfOtIKJ1mIPYsMbAA0LLd+B0G47JnU9gIEd0KzQ7T2QkNEmmj:38mvqtZoXtW+qJnDM7T2bN3CaOw+
                                          MD5:364F1D78D99AABEF2AC767CCC7FC2034
                                          SHA1:1EF3A7E59881E0EF232AE733DC45B030A88FD755
                                          SHA-256:96EE49C57BDBCAA0847B2FE20CFB44CBE27FBF3758515D7BAC519F7277341082
                                          SHA-512:19AE2FCB0BD287967FBE19D52AF16D9EDE96156EED650313A18372701495DC61D52A8CCEC0D11757EF368D4D445A89D5EB3E25394E5A83B677E85EC14B294780
                                          Malicious:false
                                          Preview:...........f0.........................v.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d.....e.e.........z...Z.i.Z.i.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z...G.d...d.e.j0..........................Z.e.j4..................e.....Z...e.e.........Z.e.j<..................j?..................e.j<............................e.e.j4..................e.<...e.`.e.`.e.`.e.`.y.).z.. pygments.formatters. ~~~~~~~~~~~~~~~~~~~.. Pygments formatters... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...basename)...FORMATTERS)...find_plugin_formatters)...ClassNotFound)...get_formatter_by_name..get_formatter_for_filename..get_all_formatters..load_formatter_from_filec...........................|.t.........v.rBt.........j...................t.........j...................|.................x.}.t.........|.<...|.j...................|.........S.t.........|.....j...................|..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\_mapping.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4207
                                          Entropy (8bit):5.456527266419378
                                          Encrypted:false
                                          SSDEEP:96:edCj0uAjP5CsEGJVd5rdhOsq56zLr8X3VZJKXXSM+F8OPt:ZyfHgTm2FdPt
                                          MD5:3E5A3E5D234514D7BAC0F9E6C7C92B5D
                                          SHA1:585E4E69E0D796FF6C0B813042C59F3E8820AB52
                                          SHA-256:85C15E90D3EEFB125E9A28B59B2197ADE1E968B2843D66B4F54E8C2DE4980609
                                          SHA-512:6C8908A500B05A4866072AF2727555525B9A41AC13BBCA6EEB066056097A373040DC51BCE8B1A75186C5A5863A33C3EA00A72EBAFE9092467C9C6819376DE962
                                          Malicious:false
                                          Preview:...........fP.........................v.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#i...Z.y$)%..BBCodeFormatter).z.pygments.formatters.bbcode..BBCode)...bbcode..bb..z.Format tokens with BBcodes. These formatting codes are used by many bulletin boards, so you can highlight your sourcecode with pygments before posting it there...BmpImageFormatter)...pygments.formatters.img..img_bmp)...bmp..bitmap).z.*.bmpzwCreate a bitmap image from source code. This uses the Python Imaging Library to generate a pixmap from the source code...GifImageFormatter).r......img_gif)...gif).z.*.gifztCreate a GIF image from source code. This uses the Python Imaging Library to generate a pixmap from the source code...GroffFormatter).z.pygments.formatters.groff..groff).r......troff..roffr....zFFormat tokens with groff escapes to change their color and font style...HtmlFormatter).z.pygments.formatters.html..HTML)...html).z.*.htmlz.*.htmz.Format toke

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\bbcode.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4186
                                          Entropy (8bit):5.57657043537895
                                          Encrypted:false
                                          SSDEEP:96:rhxSRvak0bBcWu+pHt3kQ7RbUqqlHIpv9Oo8CQ:oakMBcW/z3whKVO8Q
                                          MD5:195B2DF1FA2BB50677A742CA92006EE1
                                          SHA1:7F1D83BC0EA937D6F0D284BA37088320F1EB7B0D
                                          SHA-256:0FEA8847140108CE6095B58B856F01E87B170FAA9BC6BEDF0FCAE4CCD998A67D
                                          SHA-512:9D579458D19EFB94CE87D540249FA579999DE0EE2975B899FEA4E912CD926AD587592403E8DCA4BA86FD2C29EC876AA9F874D91E0D6143A12C1ADD9C5F687310
                                          Malicious:false
                                          Preview:...........f..........................<.....d.Z.d.d.l.m.Z...d.d.l.m.Z...d.g.Z...G.d...d.e.........Z.y.).z.. pygments.formatters.bbcode. ~~~~~~~~~~~~~~~~~~~~~~~~~~.. BBcode formatter... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter)...get_bool_opt..BBCodeFormatterc.....................2.....e.Z.d.Z.d.Z.d.Z.d.d.g.Z.g.Z.d...Z.d...Z.d...Z.y.).r....a..... Format tokens with BBcodes. These formatting codes are used by many. bulletin boards, so you can highlight your sourcecode with pygments before. posting it there... This formatter has no support for background colors and borders, as there. are no common BBcode tags for that... Some board systems (e.g. phpBB) don't support colors in their [code] tag,. so you can't use the highlighting together with that tag.. Text in a [code] tag usually is shown with a monospace font (which this. formatter can do with the ``monofont``

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\groff.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7256
                                          Entropy (8bit):5.372249750527733
                                          Encrypted:false
                                          SSDEEP:96:bahj6bB18e/+BFvxHZ2gvSxO0bjFHRkNN1sVV2lNRv3W/VCI4VzXf1GYwB6o9O5d:bEmB1/2BF5ogK00bd7R4VzXfKB6+O5d
                                          MD5:9C9AA0E7B958C7C05B663E6F1685FF3B
                                          SHA1:6B9C5782FE22A0C5788045790D3A3E25FDC49249
                                          SHA-256:4286DC99013105438AD18D06F0BB3DCA99B8ECA1B7BD285FED1895A49C893F9A
                                          SHA-512:A905D9DB06035EF951F86AB5C244B4557965F39CCD693651F1C1903F62931571A9FF13FA69235D5A16F2D751915AC0A1747DA43F1FACC5947CF3C392C339BD5D
                                          Malicious:false
                                          Preview:...........f..........................H.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.g.Z...G.d...d.e.........Z.y.).z.. pygments.formatters.groff. ~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for groff output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...Formatter)...get_bool_opt..get_int_opt..GroffFormatterc.....................J.....e.Z.d.Z.d.Z.d.Z.g.d...Z.g.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.).r....a..... Format tokens with groff escapes to change their color and font style... .. versionadded:: 2.11.. Additional options accepted:.. `style`. The style to use, can be a string or a Style subclass (default:. ``'default'``)... `monospaced`. If set to true, monospace font will be used (default: ``true``)... `linenos`. If set to true, print the line numbers (default: ``false``)... `wrap`. Wrap lines to the specified number of characters. Disa

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\html.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):40564
                                          Entropy (8bit):5.603089405202114
                                          Encrypted:false
                                          SSDEEP:768:yf5FhEEBGxIFiME72GTonhrlVuPaOF0D8EHg3YaovU/gwUvPlOfvGzjfV29dvqGj:mhp0Iiz2/nhCaIV3/oecyqG64
                                          MD5:5006C828FB019EF5BB21E2D6FD9F01CF
                                          SHA1:CEC2900C0AD1BDC2399AA5B95CFB8D0C15C4B21C
                                          SHA-256:CA5D970C32B8CA24F18B58B3D3347F8D054697026883B7B2B0F8406313D36223
                                          SHA-512:7785B060395FAB32889C5D49D17AD2F0F3AA666417CF62C77D31A7176F014832F8DE62213F48DFE9D8EB4A979565F99EEC08C05B12FDAD4F0EF97FC84123AD02
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.....d.d.l.Z.d.g.Z...e.d.........d...e.d.........d...e.d.........d...e.d.........d...e.d.........d.i.Z.e.f.d...Z.d...Z.d...Z.d.Z.d.e.z...d.z...Z.d.Z.d.Z...G.d...d.e.........Z.y.#.e.$.r...d.Z.Y..[w.x.Y.w.).z.. pygments.formatters.html. ~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for HTML output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...StringIO)...Formatter)...Token..Text..STANDARD_TYPES)...get_bool_opt..get_int_opt..get_list_opt..HtmlFormatter..&z.&amp;..<z.&lt;..>z.&gt;.."z.&quot;..'z.&#39;c.....................$.....|.j...................|.........S.).z<Escape &, <, > as well as single and double quotes for HTML.)...translate)...text..tables.... .]C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/formatters/html.py..escape_htmlr....&.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\img.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):27035
                                          Entropy (8bit):5.367603130030667
                                          Encrypted:false
                                          SSDEEP:768:SRWDVW1jqsbTTFr25tzbypikv68RqoALWm:D49qexCOFBqoAim
                                          MD5:BB5ABD76D5F1215B51EB8D99CC728059
                                          SHA1:36752693995BB5FDAB0100CCEFB5E1BDB994A90B
                                          SHA-256:3565CBDE442D17535C6E06ACCA90120CD0995F317FEEE7166A3E48A354699FEF
                                          SHA-512:C65E3B86384EA97CC32B9CEBB82C2609B03C95D319D3621759697035CA438097C9F1B9330D84A87D6F85664F2F0D504C9FC7DB7EFD59BC5FE74D8E2DEFD85826
                                          Malicious:false
                                          Preview:...........f.U.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.Z...d.d.l.m.Z.m.Z.m.Z...d.Z...d.d.l.Z.g.d...Z.g.d...d.d.g.d.g.d.d.g.d...Z.d.Z.d.Z.d.Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d e.........Z.y.#.e.$.r...d.Z.Y..sw.x.Y.w.#.e.$.r.....d.d.l.Z.n.#.e.$.r...d.Z.Y.n.w.x.Y.w.Y...w.x.Y.w.)!z.. pygments.formatters.img. ~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for Pixmap output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...Formatter)...get_bool_opt..get_int_opt..get_list_opt..get_choice_opt)...Image..ImageDraw..ImageFontTF)...ImageFormatter..GifImageFormatter..JpgImageFormatter..BmpImageFormatter).....Roman..Book..Normal..Regular..Medium..Oblique..Italic..Boldz.Bold Obliquez.Bold Italic)...NORMAL..ITALIC..BOLD..BOLDITALICz.DejaVu Sans Monoz.Courier New..Menloc....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\irc.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6057
                                          Entropy (8bit):5.623343378842264
                                          Encrypted:false
                                          SSDEEP:96:kx2XvFaQMcJCrlleCzxGj+39K+vG/c38lanaJr49v9Ok+kz/XLy+4OEOdNve0cl:kxm7k8o139K+u/dcaJM9VOe/+BOr2Jl
                                          MD5:7496750DD3BE6977850F46C7B53029CE
                                          SHA1:5DB80806FCD5D7887B3DAB3825C57032552677C4
                                          SHA-256:4E2B57E56D45BD9611E85AA0FB00BB066A4FC3F183F56126657D85DE3A981AE1
                                          SHA-512:3EC5A8026FABEC50DD788DFA8D76FABBAAF23C3FF05DCFA9218E70DEE4726B6A23F267B70D056F03BC12C7DA81C8524B7233A1A70A0D915A7C5BF53A08F74A63
                                          Malicious:false
                                          Preview:...........fu...............................d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.g.Z.i.e.d...e.d...e.d...e.j"..................d...e.d...e.j$..................d...e.j&..................d...e.j(..................d...e.j*..................d...e.j,..................d...e.j...................d...e.j0..................d...e.j2..................d...e.j4..................d...e.j6..................d...e.j8..................d...e.j:..................d...e.d.e.d.e.j<..................d.e.j>..................d.e.j@..................d.e.jB..................d.e.j...................d.e.d.i...Z"i.d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..d%d$..d&d'..d(d)..d*d)..d+d,..d-d...d/d...d0d1..d2d3..d4d5d.....Z#d6..Z$..G.d7..d.e.........Z%y8)9z.. pygments.formatters.irc. ~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for IRC output.. :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter)

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\latex.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):19946
                                          Entropy (8bit):5.670636587105289
                                          Encrypted:false
                                          SSDEEP:384:DL4YYRRO4YF/oB/ltm2QDDCNA0DhGmD0aJxTQRhB8jqdX800sLeinPtfT:UO4AoBNgDWNA0HIafQRz8jqdj0VinPt7
                                          MD5:D2964BA7B903325F599562B17F1F9858
                                          SHA1:4A07D9C9BAD5D1ED0210D78687A1DABF07CCD564
                                          SHA-256:3D712277ED5F399C1979ADB3E3656171F62966391428AFD24F72538C1C42178C
                                          SHA-512:613DC1FB019B8E48F52C4EFEC1C7A0E9E54BE2DF63EA16F978C79F1A55D123AED36D130A25F14498136C403F78B772E4B6CCE7221D61004E7D9EA3795CC73DC5
                                          Malicious:false
                                          Preview:...........f.K.............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z...d.g.Z.d...Z.d.Z.d.Z.d...Z...G.d...d.e.........Z...G.d...d.e.........Z.y.).z.. pygments.formatters.latex. ~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for LaTeX fancyvrb output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...StringIO)...Formatter)...Lexer..do_insertions)...Token..STANDARD_TYPES)...get_bool_opt..get_int_opt..LatexFormatterc..........................|.j...................d.d.........j...................d.d.........j...................d.d.........j...................d.d.|.z...........j...................d.d.|.z...........j...................d.d.|.z...........j...................d.d.|.z...........j...................d.d.|.z...........j...................d.d.|.z...........j...................d.d.|.z...........j...................d.d.|.z...........j...................d.d.|.z....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\other.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6876
                                          Entropy (8bit):5.4038221833794715
                                          Encrypted:false
                                          SSDEEP:192:Tg/IysUOJ3M14OxB2VWVAWj3smmqvDg7yu:Tg/IfUMEXxYVWVAWDmqvc7yu
                                          MD5:734049887842E7ED9B733B12C287DF77
                                          SHA1:1031BE08C534EB40A4FB098FDA7375B7B747A447
                                          SHA-256:7497CB6484DCFADF919C7ABFE30CA8A0B14A5BAB242AC0031433180635307827
                                          SHA-512:83DCF528C4ACA04FA1D2FB0FD771B3350E89C0BCE4E9C742441904B7BC17431B3E7496D6F1C4257CC94CBB86F8CE32D702A1176A737C6E72578AA60E996E5901
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z...G.d...d.e.........Z...G.d...d.e.........Z.d.Z.d.Z...G.d...d.e.........Z.y.).z.. pygments.formatters.other. ~~~~~~~~~~~~~~~~~~~~~~~~~.. Other formatters: NullFormatter, RawTokenFormatter... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter)...get_choice_opt)...Token)...colorize)...NullFormatter..RawTokenFormatter..TestcaseFormatterc.....................(.....e.Z.d.Z.d.Z.d.Z.d.d.g.Z.d.g.Z.d...Z.y.).r....z;. Output the text unchanged without any formatting.. z.Text only..text..nullz.*.txtc..........................|.j...................}.|.D.]9..\...}.}.|.r!|.j...................|.j...................|....................)|.j...................|............;..y...N)...encoding..write..encode)...self..tokensource..outfile..enc..ttype..values.... .^C:\Users\V3NOM0u$\Desktop\python312\

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\pangomarkup.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2922
                                          Entropy (8bit):5.727854928630388
                                          Encrypted:false
                                          SSDEEP:48:+Ya8WGy+55h7q/DfoBHFop0+5N6/u80849rK9P0b4Y+9I:4dZ+xqcfw5Nn249O9P0b4DI
                                          MD5:6F7DDAAEDECBF6FDF0DF5AFB3905DCF2
                                          SHA1:655A5EA95088C496A89ADED25EF76B8D76FE7EFC
                                          SHA-256:6995A66B35974B62E83626B655CAE7DC8A0327E699035B9F6E510522E6EEA08E
                                          SHA-512:879D3FAB3BE33FF2719AC42378520979BA23D1AA0BE13C3FFCA2248895289AC2B5F666D50F8BD518139E0AEE6098A13763127B246BA2E429A3E2692DDD7E79C7
                                          Malicious:false
                                          Preview:...........f..........................^.....d.Z.d.d.l.m.Z...d.g.Z...e.d.........d...e.d.........d.i.Z.e.f.d...Z...G.d...d.e.........Z.y.).z.. pygments.formatters.pangomarkup. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for Pango markup output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter..PangoMarkupFormatter..&z.&amp;..<z.&lt;c.....................$.....|.j...................|.........S.).z Escape & and < for Pango Markup.)...translate)...text..tables.... .dC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/formatters/pangomarkup.py..escape_special_charsr........s..........>.>.%.. .. .....c.....................,.....e.Z.d.Z.d.Z.d.Z.d.d.g.Z.g.Z.d...Z.d...Z.y.).r....zk. Format tokens as Pango Markup code. It can then be rendered to an SVG... .. versionadded:: 2.9. z.Pango Markup..pango..pangomarkupc...........................t.........j...................|

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\rtf.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6118
                                          Entropy (8bit):5.512733136070887
                                          Encrypted:false
                                          SSDEEP:96:mEFFytmsO7DspbB2lya6jIx+IS7KgIvsRusJDJwNtwXxdO4Who+49Oy8B:mEupO7IBB27YI8ISegIvs1XO45OZ
                                          MD5:E9899E5BF81FFCF81C3ABF490527EA83
                                          SHA1:2966972E63D5AF0EB3BDC633687ADE997F607EC9
                                          SHA-256:D392D69D79C5D9C1C4AD563EED653B4590EE269DEE5AB487CA19B6D0366912D9
                                          SHA-512:C18AEF10C4495514C1081D634C80A26AE0BF1295FEFBEDE3A0550E684D6DF973E640B069882A8C87D67399F3A41390A6C8C4F48E8700AAA14C0B3B39B8C582EF
                                          Malicious:false
                                          Preview:...........f..........................@.....d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.g.Z...G.d...d.e.........Z.y.).z.. pygments.formatters.rtf. ~~~~~~~~~~~~~~~~~~~~~~~.. A formatter that generates RTF files... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter)...get_int_opt..surrogatepair..RtfFormatterc.....................8.....e.Z.d.Z.d.Z.d.Z.d.g.Z.d.g.Z.d...Z.d...Z.d...Z.d...Z.y.).r....a..... Format tokens as RTF markup. This formatter automatically outputs full RTF. documents with color information and other useful stuff. Perfect for Copy and. Paste into Microsoft(R) Word(R) documents... Please note that ``encoding`` and ``outencoding`` options are ignored.. The RTF format is ASCII natively, but handles unicode characters correctly. thanks to escape sequences... .. versionadded:: 0.6.. Additional options accepted:.. `style`. The style to use, can be a string or a S

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\svg.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9058
                                          Entropy (8bit):5.569953010439754
                                          Encrypted:false
                                          SSDEEP:192:/LpHUoqWLfpqnpjzjgaoFDXtjrEDThEHOSa37s4jnTAVOvc:/lHUoqQpejzxmt3+EH2Y4eF
                                          MD5:D57A6B4AF2A007B67620D5A700CCA1EF
                                          SHA1:86168909C383AF757FF054ECA55811F3F4E0E0C3
                                          SHA-256:E496D077273BA278495FFFBF4D9E99E793E5FEF92617F1E2F6DF8ADA68CDEC96
                                          SHA-512:8D25D05807FBE033589193635280D24D9BF963654139DD6E939F6C3A07E8D4BE240E6B72F8A30BE3BE0E81978E1A0AB0696E14EF09BB8BC5B953AF47DD22C33F
                                          Malicious:false
                                          Preview:...........f..........................V.....d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.g.Z.d...Z.i.Z...G.d...d.e.........Z.y.).z.. pygments.formatters.svg. ~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for SVG output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter)...Comment)...get_bool_opt..get_int_opt..SvgFormatterc..........................|.j...................d.d.........j...................d.d.........j...................d.d.........j...................d.d.........j...................d.d.........S.).z<Escape &, <, > as well as single and double quotes for HTML...&z.&amp;..<z.&lt;..>z.&gt;.."z.&quot;..'z.&#39;)...replace)...texts.... .\C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pygments/formatters/svg.py..escape_htmlr........sE.........<.<...W..%........V..$........V..$........X..&........W..%....&.....c.....................2.....e.Z.d.Z.d.Z.d.Z.d.g.Z.d.g.Z.d...Z.d...Z

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\terminal.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5821
                                          Entropy (8bit):5.466298826950619
                                          Encrypted:false
                                          SSDEEP:96:EJHe+FajECwfjJClv1vGEQxR+t33biKBUV/Kr/9OZ0XLyvMfqimu:EJHhOEnNm1u3apBe/KrlOZ0+umu
                                          MD5:E34487C1A59696EB4ADF041E45626C60
                                          SHA1:94EE8E668B8F1A8B18A3875B9CCF22758093CF5C
                                          SHA-256:1DA9D3219930ACDA3666FC7B4CE5A71E5F8512931EED5AFE57AB5519A1E16EA2
                                          SHA-512:3970B5822CABA61D9BA019AF16C43E4C8E0C1FD67DCA1FAC870215C113EB4678E387BDB1E075807A71248764CCE32B3DD099C520B044AF706CEA7BD235309A4A
                                          Malicious:false
                                          Preview:...........fB..............................d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z.i.e.d...e.d...e.d...e.j&..................d...e.d...e.j(..................d...e.j*..................d...e.j,..................d...e.j...................d...e.j0..................d...e.j2..................d...e.j4..................d...e.j6..................d...e.j8..................d...e.j:..................d...e.j<..................d...e.j>..................d...e.d.e.d.e.j@..................d.e.jB..................d.e.jD..................d.e.jF..................d.e.jH..................d.e.j...................d.e.d.i...Z%..G.d...d.e.........Z&y.).z.. pygments.formatters.terminal. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for terminal output with ANSI sequences... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter)...Keyword..Name..Comment..String..Error..Number..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\__pycache__\terminal256.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):15149
                                          Entropy (8bit):5.136479348930358
                                          Encrypted:false
                                          SSDEEP:384:N/OtlZXjDwBUBE5MrL0JKRVMX0BK2gq/w3:NYlZXj0BUGy0JKTMEBU4w3
                                          MD5:6D97CCC06B4209201E05F88C635F41C6
                                          SHA1:0DF43BA57E52CF21D39F9A6F55CB4FA961D1C231
                                          SHA-256:C32FE3BAF1205B3F49543E81479C77EA794C1C39D28291E804F563F0CF50DF63
                                          SHA-512:BC810E414765E5298CDD6D38F2543D8DC5E0DB8957B28DBEA12CC8F9C4797E31ECD04788BD325BA22816A37166BAA410CFE35A5189E5C4EA479889E773169E26
                                          Malicious:false
                                          Preview:...........f.-........................t.....d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.g.Z...G.d...d.........Z...G.d...d.e.........Z...G.d...d.e.........Z.y.).a..... pygments.formatters.terminal256. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for 256-color terminal output with ANSI sequences... RGB-to-XTERM color conversion routines adapted from xterm256-conv. tool (http://frexx.de/xterm-256-notes/data/xterm256-conv2.tar.bz2). by Wolfgang Frisch... Formatter version 1... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...Formatter)...codes)...ansicolors..Terminal256Formatter..TerminalTrueColorFormatterc.....................,.....e.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.y.)...EscapeSequenceNc.....................J.....|.|._.........|.|._.........|.|._.........|.|._.........|.|._.........y...N)...fg..bg..bold..underline..italic)...selfr....r....r....r....r....s.... .dC:\Users\V3NOM0u$\Deskto

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\_mapping.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with very long lines (341)
                                          Category:dropped
                                          Size (bytes):4176
                                          Entropy (8bit):4.849249007004006
                                          Encrypted:false
                                          SSDEEP:96:aVN0VVz+V6ZVLVbsEbVxVnAwaVH/VRncVKgVLafVkVYlssVd16zLVz8XXVsZ+Vgl:aO0mBFbvJCtzcrof6tsbYLSX0+ETx
                                          MD5:75B034B791DB82C44433D5F0E25287A8
                                          SHA1:70C2241423F14E151908D1E41ED0F70154F1858B
                                          SHA-256:D42C37EC5B9094D69C9F144A9AD94F5F89F22E85FDFEDB64A39670B1C354659E
                                          SHA-512:07ACFFC0C0FDFB6C2E14FBC7CEECD127EF14FF64955E729C5DAB7CADBCB1640207094413B59DF9620BDDDF89692FDBE5D3E031B6DB5F68107C0FD564B7A7C9CF
                                          Malicious:false
                                          Preview:# Automatically generated by scripts/gen_mapfiles.py..# DO NOT EDIT BY HAND; run `tox -e mapfiles` instead...FORMATTERS = {. 'BBCodeFormatter': ('pygments.formatters.bbcode', 'BBCode', ('bbcode', 'bb'), (), 'Format tokens with BBcodes. These formatting codes are used by many bulletin boards, so you can highlight your sourcecode with pygments before posting it there.'),. 'BmpImageFormatter': ('pygments.formatters.img', 'img_bmp', ('bmp', 'bitmap'), ('*.bmp',), 'Create a bitmap image from source code. This uses the Python Imaging Library to generate a pixmap from the source code.'),. 'GifImageFormatter': ('pygments.formatters.img', 'img_gif', ('gif',), ('*.gif',), 'Create a GIF image from source code. This uses the Python Imaging Library to generate a pixmap from the source code.'),. 'GroffFormatter': ('pygments.formatters.groff', 'groff', ('groff', 'troff', 'roff'), (), 'Format tokens with groff escapes to change their color and font style.'),. 'HtmlFormatter': ('pygments

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\bbcode.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3314
                                          Entropy (8bit):4.362666351747487
                                          Encrypted:false
                                          SSDEEP:48:YhGEoEbqI2SlHv7obkmjkeBWKoxGPfabS2dlum1HxWRFRi7LH+W6fV6HgW6f1l:YhFDoSRvak0bBG8nErx1gR+eWy6AWyl
                                          MD5:4350BFE3B4B875BAC9B50B13F0A4E028
                                          SHA1:A3D39FE035B11FE1A67BDFB935A8106150D29267
                                          SHA-256:AF56FBC33593268B800C32E1F99D758918B8890C43D09289D6A1E5EA6398C6C0
                                          SHA-512:CB6E19FEFEFF30C68D2FA7B05ED8F9BDF4658815ADC0E436E7C6B8BBAF9781DDCF9CA30BBBC33BDF48C17B6BE9B867B5ACEE3AEA5877EA739EEE88107C28E77E
                                          Malicious:false
                                          Preview:""". pygments.formatters.bbcode. ~~~~~~~~~~~~~~~~~~~~~~~~~~.. BBcode formatter... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""...from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.util import get_bool_opt..__all__ = ['BBCodeFormatter']...class BBCodeFormatter(Formatter):. """. Format tokens with BBcodes. These formatting codes are used by many. bulletin boards, so you can highlight your sourcecode with pygments before. posting it there... This formatter has no support for background colors and borders, as there. are no common BBcode tags for that... Some board systems (e.g. phpBB) don't support colors in their [code] tag,. so you can't use the highlighting together with that tag.. Text in a [code] tag usually is shown with a monospace font (which this. formatter can do with the ``monofont`` option) and no spaces (which you. need for indentation)

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\groff.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5094
                                          Entropy (8bit):4.254468602206663
                                          Encrypted:false
                                          SSDEEP:96:YhHiDbbB18RnWEQUiGszU9r/75XpNS6nbeN5EQz7oFLb1D6:lB1InxiGL9rxpNSzpz7opxD6
                                          MD5:1EF0AC9570D12DBA0DEA78E067D93510
                                          SHA1:BA7EBFF6BEF1B782BBAC83582552213B1C815E48
                                          SHA-256:C72F197F7B573A8E8C5AB5E1EF23C65B1DE5544920FC3858E02C66B036F4215A
                                          SHA-512:0CB5A9CF1D2442DD3F9BAB521454256383B99C63637E14F6B1FE31ACAC21BD7B16C3A66E3A88926FB103B540B854F54C70E1BED85605CEC81F0F3FFBCFC2BE2A
                                          Malicious:false
                                          Preview:""". pygments.formatters.groff. ~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for groff output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import math.from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.util import get_bool_opt, get_int_opt..__all__ = ['GroffFormatter']...class GroffFormatter(Formatter):. """. Format tokens with groff escapes to change their color and font style... .. versionadded:: 2.11.. Additional options accepted:.. `style`. The style to use, can be a string or a Style subclass (default:. ``'default'``)... `monospaced`. If set to true, monospace font will be used (default: ``true``)... `linenos`. If set to true, print the line numbers (default: ``false``)... `wrap`. Wrap lines to the specified number of characters. Disabled if set to 0. (default: ``0``).. """.. name = 'groff'. aliases =

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\html.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):35610
                                          Entropy (8bit):4.3963797496228
                                          Encrypted:false
                                          SSDEEP:768:VD05FhEEBGxIFiME72GTcnHS2bQt08aYUcfZHDwwMLF1AM0zxYP:Vwhp0Iiz2NnHSF08pBjEZEi
                                          MD5:ABE92D7FFA4F592BA33C4B980A8FAC86
                                          SHA1:CA4496D1DF41B8AA27158C66E63F640AB511D654
                                          SHA-256:3C8CC0CA294DA9A4F34923F6B250C6D950CB137A8D8A85B2DAB82D492A2F8AE2
                                          SHA-512:DD0BE30C9AAE21529F79E0B7815F53F55432537A056E0BF14BE77638C8F013B14957DD83C5B83E09459E24F12F5E2484CEB98F170D85D40FE2168F55094FEA59
                                          Malicious:false
                                          Preview:""". pygments.formatters.html. ~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for HTML output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import functools.import os.import sys.import os.path.from io import StringIO..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.token import Token, Text, STANDARD_TYPES.from pip._vendor.pygments.util import get_bool_opt, get_int_opt, get_list_opt..try:. import ctags.except ImportError:. ctags = None..__all__ = ['HtmlFormatter']..._escape_html_table = {. ord('&'): '&amp;',. ord('<'): '&lt;',. ord('>'): '&gt;',. ord('"'): '&quot;',. ord("'"): '&#39;',.}...def escape_html(text, table=_escape_html_table):. """Escape &, <, > as well as single and double quotes for HTML.""". return text.translate(table)...def webify(color):. if color.startswith('calc') or color.startswith('var'):. return color. else:. retu

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\img.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):21938
                                          Entropy (8bit):4.413503161579316
                                          Encrypted:false
                                          SSDEEP:384:vIljThi956+foyyYhVeYfKaC9A/TSpdTVZbX:vIl/65ObYhg4TaTZbX
                                          MD5:DF7E2179349901F00DDBEBF6F9D9DAFE
                                          SHA1:D5FBA1A1563D08268E0B6B6032F9EAF231BF534B
                                          SHA-256:5CA5E6836FD738DAD1E26B6ADA37C453C5C2B28967DD54864F0F94622128932B
                                          SHA-512:402341810CEDA6849C380ED9CD50B84DEAD9978E1660AF4FBC8FA872B629613E117161F93DA064B797C59468C960F1BCCCC0BCFE7B0487672DBCF0E6FAA8593A
                                          Malicious:false
                                          Preview:""". pygments.formatters.img. ~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for Pixmap output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import os.import sys..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.util import get_bool_opt, get_int_opt, get_list_opt, \. get_choice_opt..import subprocess..# Import this carefully.try:. from PIL import Image, ImageDraw, ImageFont. pil_available = True.except ImportError:. pil_available = False..try:. import _winreg.except ImportError:. try:. import winreg as _winreg. except ImportError:. _winreg = None..__all__ = ['ImageFormatter', 'GifImageFormatter', 'JpgImageFormatter',. 'BmpImageFormatter']...# For some unknown reason every font calls it something different.STYLES = {. 'NORMAL': ['', 'Roman', 'Book', 'Normal', 'Regular', 'Medium'],. 'ITALIC': ['Oblique', 'Italic'],. 'BOLD':

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\irc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4981
                                          Entropy (8bit):4.605688600636415
                                          Encrypted:false
                                          SSDEEP:96:YvjDbE7kDiPMairm3UhwJ7T5TccSCuyoCbnR2NtotF/mvy50y+xvGv2Edcrjx7kT:ixRmcXFWRcCrmvy50y+xuve573jfvo
                                          MD5:C3510AB1404908F9C672053BE75354B0
                                          SHA1:5B8318E11DA76CA37C2CB38946024C206A0637DA
                                          SHA-256:129FA6F23777BE814EE85BF9EDC506166CFA25503AEC8120CA204EC2FD0DE1AD
                                          SHA-512:28FFD4CA8F93ED7C002CF5DF21C6F8E968963892B0F8B948FB2ABEB55FD195FD73EC827BA76B21984DF994E8A2643E745DCDADF04EC5BC40D357D31B79BAA038
                                          Malicious:false
                                          Preview:""". pygments.formatters.irc. ~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for IRC output.. :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.token import Keyword, Name, Comment, String, Error, \. Number, Operator, Generic, Token, Whitespace.from pip._vendor.pygments.util import get_choice_opt...__all__ = ['IRCFormatter']...#: Map token types to a tuple of color values for light and dark.#: backgrounds..IRC_COLORS = {. Token: ('', ''),.. Whitespace: ('gray', 'brightblack'),. Comment: ('gray', 'brightblack'),. Comment.Preproc: ('cyan', 'brightcyan'),. Keyword: ('blue', 'brightblue'),. Keyword.Type: ('cyan', 'brightcyan'),. Operator.Word: ('magenta', 'brightcyan'),. Name.Builtin: ('cyan', 'brightcyan'),. Nam

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\latex.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):19351
                                          Entropy (8bit):4.494553765676379
                                          Encrypted:false
                                          SSDEEP:384:XgU1RQ98hoPWa4YFjB/ltd0kgE/5+sFElmKJ+uW5zzJ:XRQ98hJa4GBNvV/5+sqYKArt
                                          MD5:E5EE23B49F2EB7EC4FF2D668A515EBBA
                                          SHA1:9C53C6B35022251DC6EDDA5D00CF905953F789C0
                                          SHA-256:146CC9F98A924C4F33FEFA163DDCEF2D8E53ABC8C4FF28231A333A757649F3E9
                                          SHA-512:A68EFCCBE00F2BF93E0735939ABBAB0934F46AB7ACB0D1E757FFB3A53556DC94E0BCDC23BAE3E7986225C1AD6C8169D0574A01FEB37CCE7ABEF6971FD20AE67A
                                          Malicious:false
                                          Preview:""". pygments.formatters.latex. ~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for LaTeX fancyvrb output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from io import StringIO..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.lexer import Lexer, do_insertions.from pip._vendor.pygments.token import Token, STANDARD_TYPES.from pip._vendor.pygments.util import get_bool_opt, get_int_opt...__all__ = ['LatexFormatter']...def escape_tex(text, commandprefix):. return text.replace('\\', '\x00'). \. replace('{', '\x01'). \. replace('}', '\x02'). \. replace('\x00', r'\%sZbs{}' % commandprefix). \. replace('\x01', r'\%sZob{}' % commandprefix). \. replace('\x02', r'\%sZcb{}' % commandprefix). \. replace('^', r'\%sZca{}' % commandprefix). \. replace('_', r'\%sZus{}' % commandprefix). \.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\other.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5073
                                          Entropy (8bit):4.485076089343685
                                          Encrypted:false
                                          SSDEEP:96:YcjDxbl10ZQy43M14Q4EJmBa8D+wPjzwPS3YD02iZ9Eeo74EWH1N4u:Hv0j43M14QfynyS3YD0HNoPWn
                                          MD5:8FB3EFA99D9F5AF4B315C815EE8AF643
                                          SHA1:04C749953F070666BD0A2F22C93B8A95522D9111
                                          SHA-256:80FC6493905D0335930A06C41E0D65A4B8BED45E993E1E40FDAA2D80B5C79F38
                                          SHA-512:00674E7D34C4367EC586C92A136202968CAEB7E7115C81F588AF6A087340131807402250B6D8145F33C933ECC8A66181F9A7E79000461A76697C4604151EA513
                                          Malicious:false
                                          Preview:""". pygments.formatters.other. ~~~~~~~~~~~~~~~~~~~~~~~~~.. Other formatters: NullFormatter, RawTokenFormatter... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.util import get_choice_opt.from pip._vendor.pygments.token import Token.from pip._vendor.pygments.console import colorize..__all__ = ['NullFormatter', 'RawTokenFormatter', 'TestcaseFormatter']...class NullFormatter(Formatter):. """. Output the text unchanged without any formatting.. """. name = 'Text only'. aliases = ['text', 'null']. filenames = ['*.txt'].. def format(self, tokensource, outfile):. enc = self.encoding. for ttype, value in tokensource:. if enc:. outfile.write(value.encode(enc)). else:. outfile.write(value)...class RawTokenFormatter(Formatter):. r""". Format tokens

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\pangomarkup.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2212
                                          Entropy (8bit):4.3980651718244275
                                          Encrypted:false
                                          SSDEEP:48:Y8WGUZDeRICvBlcYdfabNyZ6dWNFRi7vQWVbRRKWVbxfJv:YdjFeaCvfcqENWzNRWV2WVFh
                                          MD5:D59D5EBAF8BC5790E74F867760E9FFC8
                                          SHA1:9956F2778A8B2C934849F005E7E752E22B524FCC
                                          SHA-256:E8B2A741CF32878F5FF34D9B174B0FBDBCDC938422BCC62AAA85C03DA60FF2E5
                                          SHA-512:43B95EA6DAA2BAFDDC66AE91891B4016396CE418A400B15285639D7FC792AE5BFB86F31552D6EC28D3B4B067893FAA5C413CE597E44DD63DB01176E4965C6774
                                          Malicious:false
                                          Preview:""". pygments.formatters.pangomarkup. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for Pango markup output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.formatter import Formatter...__all__ = ['PangoMarkupFormatter']..._escape_table = {. ord('&'): '&amp;',. ord('<'): '&lt;',.}...def escape_special_chars(text, table=_escape_table):. """Escape & and < for Pango Markup.""". return text.translate(table)...class PangoMarkupFormatter(Formatter):. """. Format tokens as Pango Markup code. It can then be rendered to an SVG... .. versionadded:: 2.9. """.. name = 'Pango Markup'. aliases = ['pango', 'pangomarkup']. filenames = [].. def __init__(self, **options):. Formatter.__init__(self, **options).. self.styles = {}.. for token, style in self.style:. start = ''. end = ''. if style['color']:.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\rtf.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5014
                                          Entropy (8bit):4.3942932168278555
                                          Encrypted:false
                                          SSDEEP:96:YFyjDdsO7DspbB2oleCa6jbaoMIq2PL822ov30fW2c8u6:8O7IBB2o2YmQqWL82zEr
                                          MD5:B87C660D8F39001B1FB3C6D3B2C53524
                                          SHA1:E63A50CBCCCF45CE2E9AFFDA76CC00F670D155F8
                                          SHA-256:680D2FFE9B16E8A648DCDD7C4CA0E27F178BEA6705F040D770F5C3588E2F8554
                                          SHA-512:4052B721AC723A9AA24275E906FBB12183E24DF55F240C189D58E2A34B2158C2D30A96A514A2F97D9AB205CCBD745ED3F5406E2A8F3D4819A327342D95EFCBEE
                                          Malicious:false
                                          Preview:""". pygments.formatters.rtf. ~~~~~~~~~~~~~~~~~~~~~~~.. A formatter that generates RTF files... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.util import get_int_opt, surrogatepair...__all__ = ['RtfFormatter']...class RtfFormatter(Formatter):. """. Format tokens as RTF markup. This formatter automatically outputs full RTF. documents with color information and other useful stuff. Perfect for Copy and. Paste into Microsoft(R) Word(R) documents... Please note that ``encoding`` and ``outencoding`` options are ignored.. The RTF format is ASCII natively, but handles unicode characters correctly. thanks to escape sequences... .. versionadded:: 0.6.. Additional options accepted:.. `style`. The style to use, can be a string or a Style subclass (default:. ``'default'``)... `fontface`.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\svg.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):7335
                                          Entropy (8bit):4.583952729263398
                                          Encrypted:false
                                          SSDEEP:192:ePWE6uUoqWLfpqnpjzjxK2jhE8kYqc3eTU+:enUoqQpejzNKgE8fZkR
                                          MD5:A4CB418CECBD1B90E53469555FA3F5C5
                                          SHA1:0FB3AC6EF25F83DB9877B5BB296C16149F01BC5F
                                          SHA-256:75038D5B2A5BCDFBF31820ED769DCCFCD25AC12709BCCD838876F1D64FB0C3B8
                                          SHA-512:B2F34BCA13E79B2E918E236B202EA8B360C409114454CBBF57C5AA65F93DF85E0DCA93E9CE47A26B9805C5CB6780CEF85748769EA9AC8E496C6FE5DA5979C6DB
                                          Malicious:false
                                          Preview:""". pygments.formatters.svg. ~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for SVG output... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.token import Comment.from pip._vendor.pygments.util import get_bool_opt, get_int_opt..__all__ = ['SvgFormatter']...def escape_html(text):. """Escape &, <, > as well as single and double quotes for HTML.""". return text.replace('&', '&amp;'). \. replace('<', '&lt;'). \. replace('>', '&gt;'). \. replace('"', '&quot;'). \. replace("'", '&#39;')...class2style = {}..class SvgFormatter(Formatter):. """. Format tokens as an SVG graphics file. This formatter is still experimental.. Each line of code is a ``<text>`` element with explicit ``x`` and ``y``. coordinates containing ``<tspan>`` elements with the individual token sty

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\terminal.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4674
                                          Entropy (8bit):4.525673767034789
                                          Encrypted:false
                                          SSDEEP:96:Y+jDbE78oDCPMECairm3UhwJ7T5TccSCw/dev1vGESZREaRq0vlCDDdGXhcz7cF2:J2GwmcXT41uxa0vM/z7cND8r
                                          MD5:553F6C2A6AC4B0BF992FE22D97475324
                                          SHA1:AB7A1B9467ADF12A34D845776267A048D375ABAB
                                          SHA-256:146FABA6346916636988607837322E72FC6AEAC4085C1DC7393A3699E4CAB6B5
                                          SHA-512:DD66F018855E5DCC7297EE5AD153917AB1AB1466A1B98346F3018CA109555C1837CA7EC3A1908C782C580EC72C4B7ED6F855DBBB5D8DFBDA18D75CC8F9BD615A
                                          Malicious:false
                                          Preview:""". pygments.formatters.terminal. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for terminal output with ANSI sequences... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.formatter import Formatter.from pip._vendor.pygments.token import Keyword, Name, Comment, String, Error, \. Number, Operator, Generic, Token, Whitespace.from pip._vendor.pygments.console import ansiformat.from pip._vendor.pygments.util import get_choice_opt...__all__ = ['TerminalFormatter']...#: Map token types to a tuple of color values for light and dark.#: backgrounds..TERMINAL_COLORS = {. Token: ('', ''),.. Whitespace: ('gray', 'brightblack'),. Comment: ('gray', 'brightblack'),. Comment.Preproc: ('cyan', 'brightcyan'),. Keyword: ('blue', 'brightblue'),. Keyword.Type: ('cyan', 'brightcyan'),. Operator.Word:

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\formatters\terminal256.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):11753
                                          Entropy (8bit):4.44812529232476
                                          Encrypted:false
                                          SSDEEP:192:NBt0HK4hMdr0JqwBjc2wfoUlh6d/09pJLDSz79UaSUzaUz30BXeqJL/:54K0MPwBjcEdc94x0BXeS
                                          MD5:C4A9E20559C4424271DC1EE03FC4411E
                                          SHA1:9758CA0D25790D178FE0B9CFC3F8CA012D46841E
                                          SHA-256:D77489DC3E6915DA99F7344E13A1DB5A7043C07BCE184F0696C9AA1A1A6B469E
                                          SHA-512:E23C22338A0014541CA759E3717C957A2DF6F98F51DD6252E48FFEC181E4E27C276CD96951CF606D0D1C3A41D85A5974B5AE411BB7270C6E4D3D7ABBF69C0B20
                                          Malicious:false
                                          Preview:""". pygments.formatters.terminal256. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. Formatter for 256-color terminal output with ANSI sequences... RGB-to-XTERM color conversion routines adapted from xterm256-conv. tool (http://frexx.de/xterm-256-notes/data/xterm256-conv2.tar.bz2). by Wolfgang Frisch... Formatter version 1... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..# TODO:.# - Options to map style's bold/underline/italic/border attributes.# to some ANSI attrbutes (something like 'italic=underline').# - An option to output "style RGB to xterm RGB/index" conversion table.# - An option to indicate that we are running in "reverse background".# xterm. This means that default colors are white-on-black, not.# black-on-while, so colors like "white background" need to be converted.# to "white background, black foreground", etc.....from pip._vendor.pygments.formatter import Formatter.from pip._v

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\lexer.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):34618
                                          Entropy (8bit):4.190746563497643
                                          Encrypted:false
                                          SSDEEP:768:s3Nf24IDmMl4cZtM65YqtXwXNBZwahT+66o:sdf24M7RZtzYqwGahT+6l
                                          MD5:682751F490E0EE1C872A7F13B387CBCB
                                          SHA1:A7630EAC5CAB404716A0ABBEBC7CCBA1985AF756
                                          SHA-256:D81A6A2E54F6131BCE3A2EEF9E32B99C1E05A7E9B9DA57623DA5CCA31E6EC2E8
                                          SHA-512:60B9EEAC99107794B083697693C691E0AA3B5AD58873BCB29AD6E874C0CF03BADF87D65FEDE82B9D2F938B45152AAB231DDAFC7340C0760697A6EEAD0CC85D4E
                                          Malicious:false
                                          Preview:""". pygments.lexer. ~~~~~~~~~~~~~~.. Base lexer classes... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re.import sys.import time..from pip._vendor.pygments.filter import apply_filters, Filter.from pip._vendor.pygments.filters import get_filter_by_name.from pip._vendor.pygments.token import Error, Text, Other, Whitespace, _TokenType.from pip._vendor.pygments.util import get_bool_opt, get_int_opt, get_list_opt, \. make_analysator, Future, guess_decode.from pip._vendor.pygments.regexopt import regex_opt..__all__ = ['Lexer', 'RegexLexer', 'ExtendedRegexLexer', 'DelegatingLexer',. 'LexerContext', 'include', 'inherit', 'bygroups', 'using', 'this',. 'default', 'words', 'line_re']..line_re = re.compile('.*?\n').._encoding_map = [(b'\xef\xbb\xbf', 'utf-8'),. (b'\xff\xfe\0\0', 'utf-32'),. (b'\0\0\xfe\xff', 'utf-32be'),. (b'\xff\xfe', '

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\lexers\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):12130
                                          Entropy (8bit):4.5541396999823425
                                          Encrypted:false
                                          SSDEEP:192:yzahzSRS39vCmomv5pmv/qmwIXRJwUpFd5LEabrrHEbQHsmmk5zcjklSSiu:yzaCS39vCZUHUCpER9F54urItCjS4
                                          MD5:922BF9ADD1A73680FAF6F6EBBE8AB329
                                          SHA1:C976A3EBEDFF96FE93CC3EDBFD805250A73BA77C
                                          SHA-256:8F92848B93BF550E464B9F47E3D97ED7483350E9162B197019E54C9463B630C9
                                          SHA-512:AD30AD5999E0186DFD3D5A04079ECE2EECA23179BBD0400A87DBD00E283E27E7F1CF810CAD8FB8A14A73BD47D7BCA378753E1DDECBAA77DC6C2BC7933F1F4C71
                                          Malicious:false
                                          Preview:""". pygments.lexers. ~~~~~~~~~~~~~~~.. Pygments lexers... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re.import sys.import types.import fnmatch.from os.path import basename..from pip._vendor.pygments.lexers._mapping import LEXERS.from pip._vendor.pygments.modeline import get_filetype_from_buffer.from pip._vendor.pygments.plugin import find_plugin_lexers.from pip._vendor.pygments.util import ClassNotFound, guess_decode..COMPAT = {. 'Python3Lexer': 'PythonLexer',. 'Python3TracebackLexer': 'PythonTracebackLexer',.}..__all__ = ['get_lexer_by_name', 'get_lexer_for_filename', 'find_lexer_class',. 'guess_lexer', 'load_lexer_from_file'] + list(LEXERS) + list(COMPAT).._lexer_cache = {}._pattern_cache = {}...def _fn_matches(fn, glob):. """Return whether the supplied file name fn matches pattern filename.""". if glob not in _pattern_cache:. pattern = _pattern_cache[glob] = re.c

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\lexers\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):14644
                                          Entropy (8bit):5.52373436954583
                                          Encrypted:false
                                          SSDEEP:192:PhwcQ8mb5UMD78Bmq5isJnOXRKipvP5ZlddHEunTxYSbeZRDWSiQLt1:qf54BPQsJnGRKg5Zld/TxYS8RDCQ51
                                          MD5:C26A6C835BCBEFB3A7E718A93896E272
                                          SHA1:126521DE0097A0F9DCFBD686B66AB715E06360F1
                                          SHA-256:C1C309D67EDEE1AA44A93D83F1F3841A40EB2DD6908FF00FEB524A7463E61E15
                                          SHA-512:A73A7A5D7D68BA74D9A0532EE83F2C5C38E87B4C08E47AF22FE46FAA1EA8E0485BC403F8B431E85080ED60F24C44352DB8A0FEEE665DD459C6900C25115B6AF3
                                          Malicious:false
                                          Preview:...........fb/..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.d...Z.g.d.....e.e.........z.....e.e.........z...Z.i.Z.i.Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.d.d...Z.d...Z d...Z!..G.d...d.e.jD..........................Z#e.jH..................e%....Z&..e#e%........Z'e'jP..................jS..................e&jP............................e'e.jH..................e%<...e'`'e'`&e'`.e'`.y.).z.. pygments.lexers. ~~~~~~~~~~~~~~~.. Pygments lexers... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...basename)...LEXERS)...get_filetype_from_buffer)...find_plugin_lexers)...ClassNotFound..guess_decode..PythonLexer..PythonTracebackLexer)...Python3Lexer..Python3TracebackLexer)...get_lexer_by_name..get_lexer_for_filename..find_lexer_class..guess_lexer..load_lexer_from_filec...........................|.t.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\lexers\__pycache__\_mapping.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):64396
                                          Entropy (8bit):5.981456289558947
                                          Encrypted:false
                                          SSDEEP:768:gAeiyMKm3ySJGP+ZPQ7MfIqdNXPxxL9yVASYNIoggZl/8rz7XMKTXSWg2k6fvMPW:gbVE3ywGp+PWD/rsKTgBWMEJv
                                          MD5:90748AA294608671F08031F51F7E54B6
                                          SHA1:AF67E80E390EC8BAEB09DE0C6B928C3F95CB64DD
                                          SHA-256:9D7EAD896EE584D5109CC79DEEB344165A86404FA44A5F1B8A5B49D7176E7F97
                                          SHA-512:DBE73C98004C7B929166632126C7931287E47F357AE631D3C6133B18611303143E14BFC4B94ADC6DD4512BE16CD21FCC816940E2270CD936B8C7A0B775B5FD6A
                                          Malicious:false
                                          Preview:...........fY...............................i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..i.d"d#..d$d%..d&d'..d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC....i.dDdE..dFdG..dHdI..dJdK..dLdM..dNdO..dPdQ..dRdS..dTdU..dVdW..dXdY..dZd[..d\d]..d^d_..d`da..dbdc..ddde....i.dfdg..dhdi..djdk..dldm..dndo..dpdq..drds..dtdu..dvdw..dxdy..dzd{..d|d}..d~d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d..d.d....i.d.d..d.d..d.d..d.d...d.d...d.d...d.d...d.d...d.d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....i...d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...d.....d...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\lexers\__pycache__\python.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):42631
                                          Entropy (8bit):5.891905449227817
                                          Encrypted:false
                                          SSDEEP:768:FqDydI70oECe//hA4tj5O4qAFsSXnekabgCLku2umqo+wUglZn:FqDydIIoze//e4qAsSXnKbgCLk0No+UZ
                                          MD5:A12D4D718D4A880E16F166722ED07258
                                          SHA1:B168685EA66EFED977F11DE824DAC2833373A52C
                                          SHA-256:A4CE94546C80985E3CE36C80B65343C3DBE4ECDB6FF079B34A4C42884CCD3E81
                                          SHA-512:484FD85D98C52F6E3F815320DEA8F63601649064C87B9701FBD9347690838C045769D847E169BFA256F658C28CD1F0A34740C6BAD33853F1F851DB3FFFC08817
                                          Malicious:false
                                          Preview:...........f..........................z.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l m!Z"..g.d...Z#..G.d...d.e.........Z$e$Z%..G.d...d.e.........Z&..G.d...d.e.........Z'..G.d...d.e.........Z(..G.d...d.e.........Z)e)Z*..G.d...d.e.........Z+..G.d...d.e.........Z,..G.d...d.e.........Z-..G.d...d.e$........Z.y.).z.. pygments.lexers.python. ~~~~~~~~~~~~~~~~~~~~~~.. Lexers for Python and related languages... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......N)...DelegatingLexer..Lexer..RegexLexer..include..bygroups..using..default..words..combined..do_insertions..this..line_re)...get_bool_opt..shebang_matches)...Text..Comment..Operator..Keyword..Name..String..Number..Punctuation..Generic..Other..Error..Whitespace)...unistring)...PythonLexer..PythonConsoleLexer..PythonTracebackLexer..Python2Lexer..Python2T

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\lexers\_mapping.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with very long lines (371)
                                          Category:dropped
                                          Size (bytes):72281
                                          Entropy (8bit):4.940249409955633
                                          Encrypted:false
                                          SSDEEP:768:9Rrzm8jB8WD/b8Wqu9Pf/EiNdfMGoMCtzeaxoNgBUE8:n59H/LjoMKzeaxQgBUf
                                          MD5:54CC01AC45B6392658DFC66616D6956F
                                          SHA1:ED7FE41CE6FE8446D6C4DDF9A230CD1CC2861B2C
                                          SHA-256:1EDB38AFF650F2271FB4633B82404F7840F9972552BF869F7C5817604E80A74E
                                          SHA-512:165A8816E6804053635CBEF59CCB1410E84D99041FE5EA026728E693B77F839DE03799EB20E67BCBEA9FF0B6036E1A8495F2689AD20D30B208E307FBF5880405
                                          Malicious:false
                                          Preview:# Automatically generated by scripts/gen_mapfiles.py..# DO NOT EDIT BY HAND; run `tox -e mapfiles` instead...LEXERS = {. 'ABAPLexer': ('pip._vendor.pygments.lexers.business', 'ABAP', ('abap',), ('*.abap', '*.ABAP'), ('text/x-abap',)),. 'AMDGPULexer': ('pip._vendor.pygments.lexers.amdgpu', 'AMDGPU', ('amdgpu',), ('*.isa',), ()),. 'APLLexer': ('pip._vendor.pygments.lexers.apl', 'APL', ('apl',), ('*.apl', '*.aplf', '*.aplo', '*.apln', '*.aplc', '*.apli', '*.dyalog'), ()),. 'AbnfLexer': ('pip._vendor.pygments.lexers.grammar_notation', 'ABNF', ('abnf',), ('*.abnf',), ('text/x-abnf',)),. 'ActionScript3Lexer': ('pip._vendor.pygments.lexers.actionscript', 'ActionScript 3', ('actionscript3', 'as3'), ('*.as',), ('application/x-actionscript3', 'text/x-actionscript3', 'text/actionscript3')),. 'ActionScriptLexer': ('pip._vendor.pygments.lexers.actionscript', 'ActionScript', ('actionscript', 'as'), ('*.as',), ('application/x-actionscript', 'text/x-actionscript', 'text/actionscript'

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\lexers\python.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):53424
                                          Entropy (8bit):4.641604482748351
                                          Encrypted:false
                                          SSDEEP:1536:2wdxZ60UuYZO/o45VqLkddHZ6L+p8HUWpqLHPtNOfj1AGSvM:3hUuYZOF5VqiK+p83q8AM
                                          MD5:AB99BADC8C34B2ADC7F7F12888A3A0F9
                                          SHA1:8CAC7E5D493ED6185EEC6C8B1628109F888F28C1
                                          SHA-256:73B8E798A154F432F14C95B451BC17B7A67D149A9B06556C580D50AFDC5203FC
                                          SHA-512:883CB64AAC1D0DAFACD1FC7A88DF310E4AF05192979A527B7DA7A162CE555CF41CC9DDF761E34BD706EB951DE7791506FDD4B85296BF731B935A93B2DDB4FBD6
                                          Malicious:false
                                          Preview:""". pygments.lexers.python. ~~~~~~~~~~~~~~~~~~~~~~.. Lexers for Python and related languages... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re.import keyword..from pip._vendor.pygments.lexer import DelegatingLexer, Lexer, RegexLexer, include, \. bygroups, using, default, words, combined, do_insertions, this, line_re.from pip._vendor.pygments.util import get_bool_opt, shebang_matches.from pip._vendor.pygments.token import Text, Comment, Operator, Keyword, Name, String, \. Number, Punctuation, Generic, Other, Error, Whitespace.from pip._vendor.pygments import unistring as uni..__all__ = ['PythonLexer', 'PythonConsoleLexer', 'PythonTracebackLexer',. 'Python2Lexer', 'Python2TracebackLexer',. 'CythonLexer', 'DgLexer', 'NumPyLexer']...class PythonLexer(RegexLexer):. """. For Python source code (version 3.x)... .. versionadded:: 0.10.. .. versionchanged:: 2.5.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\modeline.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):986
                                          Entropy (8bit):4.678227732447655
                                          Encrypted:false
                                          SSDEEP:24:Yx/GAoh8vJgdj8/7Yd2TOR81a3/TFGNXu:Yx/G4vI3NR8O/Twu
                                          MD5:D3E1EE4B236E922D813DDAEB2D7C41FA
                                          SHA1:5DD98A164720F0A9E9009C4F6496E4C712C25EFC
                                          SHA-256:785DAF3B82E9386A0FBC828A91B3DF9F2BADF214F852279B64FA5BF8160641D2
                                          SHA-512:07E8C333AD40BFF9667C917B5A0BA7E379D4589DFD7940E7CD39D841DD8506DBCEB86A1B52DDECE03F34A5420252B9EFAFA827EDEDA0FCF7D3721C4AF7342435
                                          Malicious:false
                                          Preview:""". pygments.modeline. ~~~~~~~~~~~~~~~~~.. A simple modeline parser (based on pymodeline)... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re..__all__ = ['get_filetype_from_buffer']...modeline_re = re.compile(r'''. (?: vi | vim | ex ) (?: [<=>]? \d* )? :. .* (?: ft | filetype | syn | syntax ) = ( [^:\s]+ ).''', re.VERBOSE)...def get_filetype_from_line(l):. m = modeline_re.search(l). if m:. return m.group(1)...def get_filetype_from_buffer(buf, max_lines=5):. """. Scan the buffer for modelines and return filetype if one is found.. """. lines = buf.splitlines(). for l in lines[-1:-max_lines-1:-1]:. ret = get_filetype_from_line(l). if ret:. return ret. for i in range(max_lines, -1, -1):. if i < len(lines):. ret = get_filetype_from_line(lines[i]). if ret:. return ret.. return None.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\plugin.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2591
                                          Entropy (8bit):4.726117618854269
                                          Encrypted:false
                                          SSDEEP:48:YhRbZ6mQ4Aa4vRpmCgVVGs+LzXLXc2cKAbWQukkTWmB/OvvKvkAE:YhRbZ6rNLvOCWVH+Lz7Xrkb1doNB/OH1
                                          MD5:4EE97EFA46A09BC0DB7804732A21E6A7
                                          SHA1:A228E13247816E21675FB132A0FC79F983565F9C
                                          SHA-256:8F5161DF5D116D5D8343D9EF92692ABE58F7F20772B982A594B9C6C5B73CB093
                                          SHA-512:4701DC530F1EA8D8B50A3E6BA34C75F67B120D5AE7A40662F303BB6C42636BDBF4A2CB1F7F3FEFB087EE92685FE4F6E8B9F5E95EE6CEAB20BE515C09E99B61EE
                                          Malicious:false
                                          Preview:""". pygments.plugin. ~~~~~~~~~~~~~~~.. Pygments plugin interface. By default, this tries to use. ``importlib.metadata``, which is in the Python standard. library since Python 3.8, or its ``importlib_metadata``. backport for earlier versions of Python. It falls back on. ``pkg_resources`` if not found. Finally, if ``pkg_resources``. is not found either, no plugins are loaded at all... lexer plugins::.. [pygments.lexers]. yourlexer = yourmodule:YourLexer.. formatter plugins::.. [pygments.formatters]. yourformatter = yourformatter:YourFormatter. /.ext = yourformatter:YourFormatter.. As you can see, you can define extensions for the formatter. with a leading slash... syntax plugins::.. [pygments.styles]. yourstyle = yourstyle:YourStyle.. filter plugin::.. [pygments.filter]. yourfilter = yourfilter:YourFilter... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :l

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\regexopt.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3072
                                          Entropy (8bit):4.501618524220782
                                          Encrypted:false
                                          SSDEEP:48:YeG4aXu83xvydcb7cttfb8HZ/W1X1orYrdhNc/tJB7EghskXCch19MMhvugBu6j:YeHal3xvyuGQ5AXV8AuvHjNcc
                                          MD5:6D8F778A626089EE1F3324EFFE8C3139
                                          SHA1:495022FA953387139FBD39FA16586D6FDDE7CA2D
                                          SHA-256:8E0D402E881C60653DE93412F62B0197A742AEFC39CB9FBE04FFCAFAE164FFCB
                                          SHA-512:7E039FF20E146755041EB572156440F2BB5E1DBAE6E99DC12F1C8F80C070B9D48995EC30DF40FDE59929694876F7FF24DE67096CBD4515B0EF2E301A73B31729
                                          Malicious:false
                                          Preview:""". pygments.regexopt. ~~~~~~~~~~~~~~~~~.. An algorithm that generates optimized regexes for matching long lists of. literal strings... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re.from re import escape.from os.path import commonprefix.from itertools import groupby.from operator import itemgetter..CS_ESCAPE = re.compile(r'[\[\^\\\-\]]').FIRST_ELEMENT = itemgetter(0)...def make_charset(letters):. return '[' + CS_ESCAPE.sub(lambda m: '\\' + m.group(), ''.join(letters)) + ']'...def regex_opt_inner(strings, open_paren):. """Return a regex that matches any string in the sorted list of strings.""". close_paren = open_paren and ')' or ''. # print strings, repr(open_paren). if not strings:. # print '-> nothing left'. return ''. first = strings[0]. if len(strings) == 1:. # print '-> only 1 string'. return open_paren + escape(first) + close_paren. i

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\scanner.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3092
                                          Entropy (8bit):4.332795149986856
                                          Encrypted:false
                                          SSDEEP:96:YEit5Ec3S39ich97fOMMbGgrcG4NPcwYMobHKS:Xit3C39iU7sLrJePvaHKS
                                          MD5:9C0E01E94CCC6829A47A1CA12327EC20
                                          SHA1:C1EDC8470764067799D4AC97E13BC0C088456526
                                          SHA-256:6FF9EEE7F7F71C2812769E52FDA351050D4C4829B86630F079CD8E993462724C
                                          SHA-512:C9AB0F787EFEE674D1FA8A6B87CA996E54FB9CC494D45B61BD12C266A760BCBF0399B5A9D666AE044F087E8FDD21C45EE9BA59465C1286DF27F9E69376BFE3E8
                                          Malicious:false
                                          Preview:""". pygments.scanner. ~~~~~~~~~~~~~~~~.. This library implements a regex based scanner. Some languages. like Pascal are easy to parse but have some keywords that. depend on the context. Because of this it's impossible to lex. that just by using a regular expression lexer like the. `RegexLexer`... Have a look at the `DelphiLexer` to get an idea of how to use. this scanner... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details..""".import re...class EndOfText(RuntimeError):. """. Raise if end of text is reached and the user. tried to call a match function.. """...class Scanner:. """. Simple scanner.. All method patterns are regular expression strings (not. compiled expressions!). """.. def __init__(self, text, flags=0):. """. :param text: The text which should be scanned. :param flags: default regular expression flags. """. self.da

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\sphinxext.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6882
                                          Entropy (8bit):4.501142767387457
                                          Encrypted:false
                                          SSDEEP:96:Y8HHCiYBsfeyCqEaXMTCksxrf/kOiD3RcRM1J9nEJITTZc82geqLxXV+:R9YB5y5EzahkOv+Txk
                                          MD5:829572F07739757E94EE77937738BCAA
                                          SHA1:33DD28B3E9AD132BDD7061FE54E4974D0822BA3E
                                          SHA-256:C011589B5F34A9E6BD24AB7FFD4CE14653513617333C31436AA183DB5B1BBACA
                                          SHA-512:9ACA4C1B20790D7EA6DBBCD40D1F304BD4355387703AF88847BC4D4DC409F37C3B40C6B65E9C87596A30D3522A4A341C4E8DBCC1BF71A560A4A6152E716E24ED
                                          Malicious:false
                                          Preview:""". pygments.sphinxext. ~~~~~~~~~~~~~~~~~~.. Sphinx extension to generate automatic documentation of lexers,. formatters and filters... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import sys..from docutils import nodes.from docutils.statemachine import ViewList.from docutils.parsers.rst import Directive.from sphinx.util.nodes import nested_parse_with_titles...MODULEDOC = '''... module:: %s..%s.%s.'''..LEXERDOC = '''... class:: %s.. :Short names: %s. :Filenames: %s. :MIME types: %s.. %s..'''..FMTERDOC = '''... class:: %s.. :Short names: %s. :Filenames: %s.. %s..'''..FILTERDOC = '''... class:: %s.. :Name: %s.. %s..'''...class PygmentsDoc(Directive):. """. A directive to collect all lexers/formatters/filters and generate. autoclass directives for them.. """. has_content = False. required_arguments = 1. optional_arguments = 0. final_argument_whitespa

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\style.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6257
                                          Entropy (8bit):4.24089828992328
                                          Encrypted:false
                                          SSDEEP:96:Ytjbx1ewk5pZCCYbVXHCVBbm7TjV63vmZ7RwTWwzOfppGK/l+5bmhpzNHzM7VC40:sTyKmxuTjV63vmZlcy/UYDNyk
                                          MD5:A05E45FDA259362F1407D294CDB11BC6
                                          SHA1:D48162A00E73B97C0480333914810D5F98F61A03
                                          SHA-256:0B8AB2A09AD44E4ABE395DE23BEF15CF752D598A49C124DD879FEF94608674D4
                                          SHA-512:F06CD361E396E0828205FF33EF242162652A10C6EBBD45DB0D50C089BC93B53CFA9C0117FEEA495AABE97176EEEC9C8C146B950F5037B2574AE7A27761AE2008
                                          Malicious:false
                                          Preview:""". pygments.style. ~~~~~~~~~~~~~~.. Basic style object... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.token import Token, STANDARD_TYPES..# Default mapping of ansixxx to RGB colors.._ansimap = {. # dark. 'ansiblack': '000000',. 'ansired': '7f0000',. 'ansigreen': '007f00',. 'ansiyellow': '7f7fe0',. 'ansiblue': '00007f',. 'ansimagenta': '7f007f',. 'ansicyan': '007f7f',. 'ansigray': 'e5e5e5',. # normal. 'ansibrightblack': '555555',. 'ansibrightred': 'ff0000',. 'ansibrightgreen': '00ff00',. 'ansibrightyellow': 'ffff00',. 'ansibrightblue': '0000ff',. 'ansibrightmagenta': 'ff00ff',. 'ansibrightcyan': '00ffff',. 'ansiwhite': 'ffffff',.}.# mapping of deprecated #ansixxx colors to new color names._deprecated_ansicolors = {. # dark. '#ansiblack': 'ansiblack',. '#ansidarkred': 'ansired',. '#ansidarkgreen': 'ansigreen',.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\styles\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3700
                                          Entropy (8bit):4.765716195149535
                                          Encrypted:false
                                          SSDEEP:96:YhhjaTBfCtchGEhZAcX/rPesS9eRqjOEJ2zg:lB6tchJHPCeg
                                          MD5:504FC26BC1867F96329F33FF849E7119
                                          SHA1:76A719FB4C7EF7B5C52EDF2F31A33824CB21B803
                                          SHA-256:85EEC78D0C7BB02D1DDA47D354B8D4B34275E66B53A0933A3356EBC089BDFBE4
                                          SHA-512:FDE51769F61E116E83FC2766C44BA72AECEE013CBE8473546F169C199E0B4207FA11F52144C38CD33CE60B8068E14A89102B01A17BCC4BA3ADDAC0F706D7ADA7
                                          Malicious:false
                                          Preview:""". pygments.styles. ~~~~~~~~~~~~~~~.. Contains built-in styles... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..from pip._vendor.pygments.plugin import find_plugin_styles.from pip._vendor.pygments.util import ClassNotFound..#: A dictionary of built-in styles, mapping style names to.#: ``'submodule::classname'`` strings..STYLE_MAP = {. 'default': 'default::DefaultStyle',. 'emacs': 'emacs::EmacsStyle',. 'friendly': 'friendly::FriendlyStyle',. 'friendly_grayscale': 'friendly_grayscale::FriendlyGrayscaleStyle',. 'colorful': 'colorful::ColorfulStyle',. 'autumn': 'autumn::AutumnStyle',. 'murphy': 'murphy::MurphyStyle',. 'manni': 'manni::ManniStyle',. 'material': 'material::MaterialStyle',. 'monokai': 'monokai::MonokaiStyle',. 'perldoc': 'perldoc::PerldocStyle',. 'pastie': 'pastie::PastieStyle',. 'borland': 'borland::BorlandStyle',. 'trac': 'trac::T

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\styles\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4440
                                          Entropy (8bit):6.049792090956873
                                          Encrypted:false
                                          SSDEEP:96:rKhhyNZAZwvXRzSB61/OBdh4qDnpPjOdB1GrUZAHfim:NNKZwvXde6oBdh5AZQim
                                          MD5:069676ED9117827602F3B16A420E322E
                                          SHA1:FE8AB5F85E83306CC1AD6849494A5C5EA3EE79E1
                                          SHA-256:6ABFE296D240510762368DFF7459CFA2CEB67729E7638B943045EA3FC39543F0
                                          SHA-512:789B6DC52A6AD8F4203BC5232E49704F937401DB296C46D713CD53E0A5D9CBAC8452437D5F0419F53D279CF893C57953F3662EACE4BEC48BFE521673B66A927A
                                          Malicious:false
                                          Preview:...........ft.........................".....d.Z.d.d.l.m.Z...d.d.l.m.Z...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d!..d"d#..d$d%..i.d&d'..d(d)..d*d+..d,d-..d.d/..d0d1..d2d3..d4d5..d6d7..d8d9..d:d;..d<d=..d>d?..d@dA..dBdC..dDdE..dFdG....dHdIdIdJdKdLdMdNdOdPdQdRdSdTdU....Z.dV..Z.dW..Z.yX)Yz.. pygments.styles. ~~~~~~~~~~~~~~~.. Contains built-in styles... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.......)...find_plugin_styles)...ClassNotFound..defaultz.default::DefaultStyle..emacsz.emacs::EmacsStyle..friendlyz.friendly::FriendlyStyle..friendly_grayscalez*friendly_grayscale::FriendlyGrayscaleStyle..colorfulz.colorful::ColorfulStyle..autumnz.autumn::AutumnStyle..murphyz.murphy::MurphyStyle..manniz.manni::ManniStyle..materialz.material::MaterialStyle..monokaiz.monokai::MonokaiStyle..perldocz.perldoc::PerldocStyle..pastiez.pastie::PastieStyle..borlandz.borland::BorlandS

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\token.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6184
                                          Entropy (8bit):4.104488169596893
                                          Encrypted:false
                                          SSDEEP:96:YYlvDjqgwTGiDBdEnE2cwdOEr8gewUVbNrv8ikM4q8wrwTKMBG0Y0ML6viXy6cBd:JZw6PE2cwdzuGGL6V
                                          MD5:B5268388890E89F2C2B1979520D938AB
                                          SHA1:6F402016A74D090B88CC9BBEE0405F42443BFC05
                                          SHA-256:B1E36C99C721F4E1075D88AB87C3A897BC3CC4385F3536CB8F9AC7002FA073FA
                                          SHA-512:898B6980918C040D54E858C9CC2B51C417CDAFAD48E2FEFEB4142907CFC12D7AC6655E8B8BFFC1A9FDD2B3162DF8B87D26E6BAB051AE0BE3A0A25C1EED2C8DF0
                                          Malicious:false
                                          Preview:""". pygments.token. ~~~~~~~~~~~~~~.. Basic token types and the standard tokens... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""...class _TokenType(tuple):. parent = None.. def split(self):. buf = []. node = self. while node is not None:. buf.append(node). node = node.parent. buf.reverse(). return buf.. def __init__(self, *args):. # no need to call super.__init__. self.subtypes = set().. def __contains__(self, val):. return self is val or (. type(val) is self.__class__ and. val[:len(self)] == self. ).. def __getattr__(self, val):. if not val or not val[0].isupper():. return tuple.__getattribute__(self, val). new = _TokenType(self + (val,)). setattr(self, val, new). self.subtypes.add(new). new.parent = self. return new.. def __repr_

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\unistring.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with very long lines (10457)
                                          Category:dropped
                                          Size (bytes):63223
                                          Entropy (8bit):4.139122109033449
                                          Encrypted:false
                                          SSDEEP:768:Tr/qYI7ziJJ7MFjasklc2CqQiKlvCuybmiZVoFD7TimSFqcaJPhCgQTyM7r2PTbK:HiYI7ziH7RyqQWuP9TWzaVhCt+33pZb6
                                          MD5:A3BBB41C5DD21FC0235A7ED7AE80D3BB
                                          SHA1:4A4A8A85179B27A74B15D7150730C10DD789B1B7
                                          SHA-256:15A51F1B5E0D04910A2D0A18F6A8FA258797AE961C2E62AE96085DC4E18568E7
                                          SHA-512:71BA17D0DDC6815A35FCBDA2BA3B99560F50795327C29CF7D555AB96FBE4EFCBE8213F5774FE100D8982ABDD84F619C27CCF40CB55D494E9E36CA7E287559324
                                          Malicious:false
                                          Preview:""". pygments.unistring. ~~~~~~~~~~~~~~~~~~.. Strings of all Unicode characters of a certain category.. Used for matching in Unicode-aware languages. Run to regenerate... Inspired by chartypes_create.py from the MoinMoin project... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..Cc = '\x00-\x1f\x7f-\x9f'..Cf = '\xad\u0600-\u0605\u061c\u06dd\u070f\u08e2\u180e\u200b-\u200f\u202a-\u202e\u2060-\u2064\u2066-\u206f\ufeff\ufff9-\ufffb\U000110bd\U000110cd\U0001bca0-\U0001bca3\U0001d173-\U0001d17a\U000e0001\U000e0020-\U000e007f'..Cn = '\u0378-\u0379\u0380-\u0383\u038b\u038d\u03a2\u0530\u0557-\u0558\u058b-\u058c\u0590\u05c8-\u05cf\u05eb-\u05ee\u05f5-\u05ff\u061d\u070e\u074b-\u074c\u07b2-\u07bf\u07fb-\u07fc\u082e-\u082f\u083f\u085c-\u085d\u085f\u086b-\u089f\u08b5\u08be-\u08d2\u0984\u098d-\u098e\u0991-\u0992\u09a9\u09b1\u09b3-\u09b5\u09ba-\u09bb\u09c5-\u09c6\u09c9-\u09ca\u09cf-\u09d6\u09d8-\u09db\u09de\u09e4-\u09

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pygments\util.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):10230
                                          Entropy (8bit):4.673119780722134
                                          Encrypted:false
                                          SSDEEP:192:6aZUBSPTM96yiA3T1jWthar2zSUU8dAvqIAp+NlaG7hEwA:3ZrTm3BOzRdAvqmeG7u7
                                          MD5:1C23AD75B86808830E887C883470BBBA
                                          SHA1:2D7CA5A0F7D31ECB4EBE340F3649FD149F7726EC
                                          SHA-256:004558D2AA27CB210C82FE03A3674836BAEA500C149365D84AA1CCEB9D2ECDE9
                                          SHA-512:B7E42E7CEA62D75022B77403BBBF403AD796136795D86612660EE28271DBDA3785F627868CFF49C91279DDC0B13E6D8ADA8CDD69B24907B0F30928352B8352C2
                                          Malicious:false
                                          Preview:""". pygments.util. ~~~~~~~~~~~~~.. Utility functions... :copyright: Copyright 2006-2023 by the Pygments team, see AUTHORS.. :license: BSD, see LICENSE for details.."""..import re.from io import TextIOWrapper...split_path_re = re.compile(r'[/\\ ]').doctype_lookup_re = re.compile(r'''. <!DOCTYPE\s+(. [a-zA-Z_][a-zA-Z0-9]*. (?: \s+ # optional in HTML5. [a-zA-Z_][a-zA-Z0-9]*\s+. "[^"]*")?. ). [^>]*>.''', re.DOTALL | re.MULTILINE | re.VERBOSE).tag_re = re.compile(r'<(.+?)(\s.*?)?>.*?</.+?>',. re.IGNORECASE | re.DOTALL | re.MULTILINE).xml_decl_re = re.compile(r'\s*<\?xml[^>]*\?>', re.I)...class ClassNotFound(ValueError):. """Raised if one of the lookup functions didn't find a matching class."""...class OptionError(Exception):. """. This exception will be raised by all option processing functions if. the type or value of the argument is not correct.. """..def get_choice_opt(options, optname, allowed, default=Non

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):9116
                                          Entropy (8bit):4.974975272378704
                                          Encrypted:false
                                          SSDEEP:192:QwQHTFk4g4LXEKMPtUJHJkh8iJFMYy5hwJVcTFA+YpaZVT17t3gkHwt:TKGDYEBPtr/vPy5hwJSTFgpaZVT1tgky
                                          MD5:54BDE372F6FA7D187103AB99F7F41E16
                                          SHA1:8278D2C0279CD14EB27B1F487BBE415B7E7E620D
                                          SHA-256:F66D496C4D894CB7411B431BE81D2511A663D7CD56C7972E3D7669B1B1C46201
                                          SHA-512:3E4ACA49007B813DCC513BCA0FA7F20D516C1B2A722B46FB0750698E953B4A7D6F7DA926311561104839D51E6B583ECDB19BD8DEECB49E656A599CF5C304756B
                                          Malicious:false
                                          Preview:# module pyparsing.py.#.# Copyright (c) 2003-2022 Paul T. McGuire.#.# Permission is hereby granted, free of charge, to any person obtaining.# a copy of this software and associated documentation files (the.# "Software"), to deal in the Software without restriction, including.# without limitation the rights to use, copy, modify, merge, publish,.# distribute, sublicense, and/or sell copies of the Software, and to.# permit persons to whom the Software is furnished to do so, subject to.# the following conditions:.#.# The above copyright notice and this permission notice shall be.# included in all copies or substantial portions of the Software..#.# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT..# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY.# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7903
                                          Entropy (8bit):5.680833714730815
                                          Encrypted:false
                                          SSDEEP:192:j349k4g4LXEKMPtUJHJkh8F4Exe1jHLx+MieM:jhDYEBPtrM01jrx+M/M
                                          MD5:6F56DFCEE67E0B7DD8F6721B87E226F1
                                          SHA1:DEC6094E6F9BAF5FDD4D390DD546D37929F7DDA2
                                          SHA-256:19A7053BE2CA5E9A71D1F913AD4762CB50435F8FDD2008128FAA258A58078D64
                                          SHA-512:A5B8AFE14706AA0EDFF664D9136922085306B753DAE4B7105372866E5A8284E6433495677689F3DC0DB790D42F529E00C8A76A20B597483D83ABCA42FC0E6E75
                                          Malicious:false
                                          Preview:...........f.#........................T.....d.Z.d.d.l.m.Z.....G.d...d.e.........Z...e.d.d.d.d.d.........Z.d.Z.e.j...................Z.e.Z.d.Z.d.d.l.....d.d.l.....d.d.l.....d.d.l.m.Z.m.Z...d.d.l.....d.d.l.....d.d.l.m.Z...d.d.l.....d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d...e.........v.r.e.Z.d...e.........v.r.e.Z.d...e.........v.r.e.Z.e.e.e.z...z...Z.g.d...Z.y.).a.....pyparsing module - Classes and methods to define and execute parsing grammars.=============================================================================..The pyparsing module is an alternative approach to creating and.executing simple grammars, vs. the traditional lex/yacc approach, or the.use of regular expressions. With pyparsing, you don't need to learn.a new syntax for defining grammars or matching expressions - the parsing.module provides a library of classes that you use to construct the.grammar directly in Python...Here is a program to parse "Hello, World!" (or any greeting of the form.``"<sa

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\actions.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):8387
                                          Entropy (8bit):5.447448296799996
                                          Encrypted:false
                                          SSDEEP:96:OMRQ0Dr89x+qZ1PnLNXuXVS8/asbSRKScTluFOPhTJJ2M/HgScYGZhM9j74SnVJA:OLVLMJo2XjFYk7Q7u/NGX/T
                                          MD5:671BC18ED9AC89FF6E292BFEBB69EB81
                                          SHA1:CF1F3C901125830440DAC47F81948F4EFB9E958E
                                          SHA-256:BCFA44FAF083F33EB1F9A739679D3D76CE6003D6D70F49586DF2E1CE9E108D58
                                          SHA-512:26ADBF4DEDD03355A2CCD5483AF1A904BFE3B43D93430AA9DB887BF25C020BBCA73DD6EC585476971812A5770B4B85E01760609E355817FBA3A2F16DBDB94AA0
                                          Malicious:false
                                          Preview:...........f................................d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.........Z.d...Z.d...Z.d...Z.d...Z...e.........e._.........d.d...Z...e.e.........d...........Z...e.e.........d...........Z...e.e.........d...........Z...e.e.........d...........Z...e.e.........d...........Z.y.)......)...ParseException)...col..replaced_by_pep8c.....................".....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.y.)...OnlyOncezI. Wrapper for parse actions, to ensure they are only called once.. c.....................8.....d.d.l.m.}.....|.|.........|._.........d.|._.........y.).Nr....)..._trim_arityF)...corer......callable..called)...self..method_callr....s.... .VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyparsing/actions.py..__init__z.OnlyOnce.__init__....s........%..#.K..0................c.....................l.....|.j...................s.|.j...................|.|.|.........}.d.|._.........|.S.t.........|.|.d...........).NTz.OnlyOnce obj called multiple times w/out reset)

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\common.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13406
                                          Entropy (8bit):5.7283725039778775
                                          Encrypted:false
                                          SSDEEP:192:Mu2M/HYVaL/xpkZEzbTg39xnsUMY92Yd8mld3ZH:pAabxpkZEzbTgNCvGDZH
                                          MD5:7370D49C019A3AB25903CBF47D2232F2
                                          SHA1:9113CFC0B7BBD1BF1A6827AA5782212D5673F9F3
                                          SHA-256:3DF5EAC287BEF2C1A9E38D9AA262293B43947472FE7D261F0050BFABC40B187F
                                          SHA-512:BAD9CCC61FF63E28108506228F7A8715602EFBA1A51D1F71A271D47965C6D21DBE7E820EE211FBA8FC258027A2E6F03E635D9BDC1C71D6C464F1065924335AAF
                                          Malicious:false
                                          Preview:...........fK4.............................d.d.l.....d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.........Z...e.e.........j...........................D...c.g.c.]...}...e.|.e.........s...|.......c.}.Z.y.c...c.}.w.)......)...*)...DelimitedList..any_open_tag..any_close_tag.....)...datetimec..........................e.Z.d.Z.d.Z...e.e.........Z.....e.e.........Z.....e.e.........j...................d.........j...................e.........Z.....e.e.........j...................d.........j.....................e.e.d.................Z.....e.d.........j...................d.........j...................e.........Z.....e.........j...................e.........d.z.....e.........j...................e.........z...j...................d.........Z...e.j'..................d.............e.e...e...e.d.........j+..........................e.z...........z...z...j...................d.........Z...e.j'..................e.............e.d.........j...................d.........j...................e.........Z.....e.d....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\core.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):267700
                                          Entropy (8bit):5.492484883556306
                                          Encrypted:false
                                          SSDEEP:6144:CYdVmwhqO+MwZo/04nh9xx8ZvOFGY6EXWg+5mLTnYw:DBtTFXV3/R
                                          MD5:0C1EE7DD3FDE7E47CB20475E4AD2188B
                                          SHA1:3EBC4E80248C123F9F509F3C4860644E0505C657
                                          SHA-256:82750F17923BC1876B3003162C334A5174887695801EA335490BA33C0A2D310A
                                          SHA-512:031A84CAE81D52376EFB149B69AAD1171AAD0A34E0FEDE9B53E853AA63788CE13622F4E9871EB3E93359A731F5FAF7F6ECAB1A72700C36185ED7088CF84469B7
                                          Malicious:false
                                          Preview:...........f.l..............................U.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m Z ..d.d.l!m"Z"..d.d.l#m$Z$..d.d.l%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z.m/Z0m1Z1..d.d.l2....d.d.l3....d.d.l4m5Z5m6Z6..d.d.l7m8Z8..e.jr..................Z:e;e<f.Z=e.e>d.f.....e?d.<...e.j...................d.k\..r.d.d.l.mAZA..n...G.d...d.........ZA..G.d...d.e(........ZB..G.d...d.e(........ZC..G.d...d.e.........ZDd.eDd.d.f.d...ZEd.eDd.d.f.d...ZFd.d ..ZG[(d!e.j4..................e;....d"e.j...................e;....d.eIf.d#..ZJ..eJe.j...................e.j...................j...................d$................r...eG..........eNeOePeQeReSeTeUeVeWeXh.ZYe.j...................Z[e.e\e.f.....Z]e.e5e.e5....f.....Z^e.e.g.e.f.....e.e5g.e.f.....e.e\e5g.e.f.....e.e;e\e5g.e.f.....f.....Z_e.e.g.eIf.....e.e5g.eIf.....e.e\e5g.eIf.....e.e;e\e5g.eIf.....f.....Z`e.e;e\d%eag.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\exceptions.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):12986
                                          Entropy (8bit):5.300798375914054
                                          Encrypted:false
                                          SSDEEP:192:VHJF/iVovk/Q2TXTeScmcrbwSavk/OYLP3kAXnQloP1DTmuu:VHJF/iTQ1S3Gblb5MAXn7PpNu
                                          MD5:29D0FD8591F8BDE22088E9EE614265F0
                                          SHA1:DFDBB2CB99F523D30D745F6F426037A3B61A6191
                                          SHA-256:A897C0B7DE03D24E0232BEDF6615760BF10138FA44A6AC09A7F305677F577BCA
                                          SHA-512:4024752CC123C46A2BA1154C6927C827DEBB627630D359C6C1BC94B1C9F32506E8881E2CD7E9C60EA7F5751683594390FEA6B7C4399EF14EA294F4C997126AC5
                                          Malicious:false
                                          Preview:...........f3%.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....G.d...d.e.j...................e.j...................e.j...................e.j...................e.j ..........................Z...e.e.j$..........................Z...e.j(..................d.e.z...d.z...........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.y.)......N.....)...col..line..lineno.._collapse_string_to_ranges..replaced_by_pep8)...pyparsing_unicodec...........................e.Z.d.Z.y.)...ExceptionWordUnicodeN)...__name__..__module__..__qualname__........YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyparsing/exceptions.pyr....r........s.........r....r....z.([z.]{1,16})|.c...........................e.Z.d.Z.U.d.Z.e.e.d.<...e.e.d.<...e.e.d.<...e.j...................e.d.<...e.j...................e.e.e.j...................e.....f.....e.d.<...d.Z.......d.d.e.d.e.d.e.j...................e.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\helpers.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):48493
                                          Entropy (8bit):5.535156161658681
                                          Encrypted:false
                                          SSDEEP:768:G4xqkgtBp1U0UHMYDqHCdVozNGwxMAOrKPMntbj34TqQmMxODX/mR:bxOtD6DHTHdVozNGyMHeq2x
                                          MD5:5D59F555067873B4D015B1C91D7FFAB3
                                          SHA1:A73989B4AA4DA32D68579A6E9C5AF76A0AAC3A2B
                                          SHA-256:DCCEC4E2D74BD66B65F89DD1ADEB9FBE7C14C2C36CB29F60CAFFC983DC1E9F93
                                          SHA-512:2E93326F7720264BBC04DA45628F8142AFAF66753E433B83DA8001B873B2A0356BF9DA9452506C25BE2C6714FF22F4D9B4EC168A0F83E1D0452268FB2D611F43
                                          Malicious:false
                                          Preview:...........f...............................U.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.....d.d.l.m.Z.m.Z.m.Z.m.Z.....dcd.d...d.e.d.e.j...................e.....d.e.j...................e.....d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.......ddd.d.d...d.e.e.j&..................e.....e.f.....d.e.d.e.d.e.d.e.d.e.d.e.f.d...Z.d.e.d.e.d.e.f.d...Z...ded.d...d.e.d.e.d.e.d.e.f.d...Z.d.e.d.e.f.d...Z.d.e.d.e.f.d ..Z.d!d"d...e.........f...e.........d#..d$e.e.e.f.....d%e.e.e.f.....d&e.j...................e.....d'e.d(e.d.e.f.d)..Z...e.d*..........e.d+........f.d,..Z.d-e.e.e.f.....d.e.e.e.f.....f.d...Z d-e.e.e.f.....d.e.e.e.f.....f.d/..Z!e.e"d0<...e.e"d1<.....e ..e#e$e%d2z...........jM..................d3................\...Z'Z(e.jR..................jT..................jW..........................D.....c.i.c.]...\...}.}.|.jY..................d4........|.......c.}.}.Z-..e.d5d6j_..................e-........z...d7z...........jM..................d8........Z0d9..Z1..G.d:..d;e2........Z3e.e.e.e.e.e.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\results.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):34102
                                          Entropy (8bit):5.357355084610718
                                          Encrypted:false
                                          SSDEEP:768:nK8EfUpFfbxFi57O9euql15LMB8tIRMW1UdK:nrEfgxO7O9euqlHLldW1UdK
                                          MD5:9C76A7AE0ABD9442E2500E11FA540056
                                          SHA1:08CDA4E70F223824152C4796CB84089194B2E8F5
                                          SHA-256:6AB5D2613A96D8C47069B628C071B55F1BC6FB53E6F4DE5AEC8E6694CDCEC11C
                                          SHA-512:73CBD7A01BFC1DFA1AB1DA2CFE7506FD2D7C8E40A8899E8F49F7A9627851B857FCF2FCB5AA4CD991C70A29862F0E9589856D9FC9153718D605B5316199BA2782
                                          Malicious:false
                                          Preview:...........fDh..............................U.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...e.e.f.Z.e.e.d.f.....e.d.<.....e.d...d.D.................Z...G.d...d.........Z...G.d...d.........Z...e.j,..................e.............e.j,..................e...........y.)......)...MutableMapping..Mapping..MutableSequence..Iterator..Sequence..ContainerN)...Tuple..Any..Dict..Set..List...str_typec................#.... ...K.....|.]...}.|...........y...w...N..)....0.._s.... .VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyparsing/results.py..<genexpr>r........s............a.....s........r....c.....................J.....e.Z.d.Z.U.e.d.e.f.....e.d.<...d.g.Z.d.d.d.e.f.d...Z.d...Z.d...Z.d...Z.y.)..._ParseResultsWithOffset..ParseResults..tup..p1..p2c...........................|.|.f.|._.........y.r......r....)...selfr....r....s.... r......__init__z _ParseResultsWithOffset.__init__....s........0.".X.........c..................... .....|.j...................|..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\testing.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):17180
                                          Entropy (8bit):5.437640486483214
                                          Encrypted:false
                                          SSDEEP:384:nxnip/k8x5Nb71JoQdBi7fAwNz4ULU6vf6tGukrHMpv/v/qIErc:nxnIpJolRzBvfMGuqo/Hq9rc
                                          MD5:81A015D33C1B17010D830E81A2CFBF37
                                          SHA1:8C93CBCA599B8DFA56178129CEA055E3B228594A
                                          SHA-256:54B4E50485274509E267CDABBDFF1403D39292F0D17E4454CADA533DDDBAB6C5
                                          SHA-512:79FC641B36FDAEF3C17AE5B3D1C4238934BDFF441A0B83A8C458F0F08C8A8887955643D3EB34E232079DDF201CBB547C9039D3455CC48C0BDC88DEFFF3BB5980
                                          Malicious:false
                                          Preview:...........f.4........................H.....d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....G.d...d.........Z.y.)......)...contextmanagerN.....)...ParserElement..ParseException..Keyword..__diag__..__compat__c...........................e.Z.d.Z.d.Z...G.d...d.........Z...G.d...d.........Z.e.............d.d.e.d.e.j...................e.....d.e.j...................e.....d.e.d.e.d.e.j...................e.....d.e.j...................e.....d.e.f.d...........Z.y.)...pyparsing_testzB. namespace class for classes useful in writing unit tests. c.....................4.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.)..&pyparsing_test.reset_pyparsing_contexta..... Context manager to be used when writing unit tests that modify pyparsing config values:. - packrat parsing. - bounded recursion parsing. - default whitespace characters.. - default keyword characters. - literal string auto-conversion class. - __diag__ settings.. Example::

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\unicode.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13176
                                          Entropy (8bit):5.40374658801203
                                          Encrypted:false
                                          SSDEEP:192:eJ7eq9bn+mGPDqY2xhPVVUksf1c3uI1GNkGFaYAln8WPaRoYw36G075re8APPNYX:eJ73pxcDM1UxrMwoYZp7LYF8
                                          MD5:83935409AFFBF5B2C9039F6052511D81
                                          SHA1:32551CA90575C0B6942422784CBA18DA722FEDA2
                                          SHA-256:EACF77C1C85CA32608C5E22E09F5AB7DAE44ACF09D3AEFEDF74AB082CC5EF7FE
                                          SHA-512:D06AAAAEC292BB6318D257D0C1B2FDAE1759FA8AD4FC73BBE5C77C7166FE97FA78ADAEB7A4B00D87A7ACBCC8D72C46F69B8D54D396789C98794006C211A39B5C
                                          Malicious:false
                                          Preview:...........f.).............................d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....G.d...d.........Z.e.e.e.e.e.f.....e.e.....f.........Z...G.d...d.........Z...G.d...d.e.........Z.y.)......N)...filterfalse)...List..Tuple..Unionc...........................e.Z.d.Z.d...Z.d...Z.y.)..._lazyclasspropertyc.....................V.....|.|._.........|.j...................|._.........|.j...................|._.........y.).N)...fn..__doc__..__name__)...selfr....s.... .VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyparsing/unicode.py..__init__z._lazyclassproperty.__init__....s.................z.z....................c.....................(...........t.........|...........t...........d.........r!t...........f.d.....j...................d.d...D.................r.i..._.........|.j...................j...................}.|...j...................v.r.|.j...............................j...................|.<.....j...................|.....S.).N.._internc................3....P.....K....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\__pycache__\util.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):14896
                                          Entropy (8bit):5.198106170219171
                                          Encrypted:false
                                          SSDEEP:192:hvukHfLsQDxv9xjOfbUTAMQ5xsU2PB/tGxCZU13tvTLxgq/EOkd6MO7Zm:NukHfLTQxsbPBYxC6n4jeZm
                                          MD5:940888AAC6542804B03671D47A2C6FE2
                                          SHA1:F13D1A847E4DFD661599AD6231A173621E22294C
                                          SHA-256:C97C843EC0172B55C2CE44DFD3C9D020AF8FE51603943B40353842CEF6920F04
                                          SHA-512:125E16980360FA40CB84F1CEE30010FAC38B782678F8E4BF5D9BF594CF0A1F88896FB2FB6A5B22A081F2207FD4194961B223F9E16789850CC007C32C6F6A7210
                                          Malicious:false
                                          Preview:...........f.!..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.....e.d.........Z...e.d.e...........Z...G.d...d.........Z...e.d...........d.e.d.e.d.e.f.d...........Z...e.d...........d.e.d.e.d.e.f.d...........Z...e.d...........d.e.d.e.d.e.f.d...........Z...G.d...d.........Z...G.d...d.........Z...G.d...d.........Z...G.d...d.e.........Z.d.e.d.e.f.d...Z...d#d.e.e.e.e.....f.....d.e.d.e.f.d...Z.d.e d.e f.d...Z!d.e.d e.d.e.f.d!..Z"d e.d.e.e.g.e.f.....f.d"..Z#y.)$.....N)...lru_cache..wraps)...Callable..List..Union..Iterable..TypeVar..cast.\.....C)...boundc.....................r.....e.Z.d.Z.U.d.Z.g.Z.e.e.....e.d.<...g.Z.e.e.....e.d.<...d.Z.e.d...........Z...e.d...........Z...e.d...........Z.y.)...__config_flagsz=Internal class for defining compatibility and debugging flags.._all_names.._fixed_names..configurationc.....................>.....|.|.j...................v.rYt.........j...................|.j.....................d.|...d.|

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\actions.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6567
                                          Entropy (8bit):4.704950034201965
                                          Encrypted:false
                                          SSDEEP:96:HIb2SjGNsVS8/asbyQKScTYeFOPhTJJ2M/HgScYGZhl7Zz74SnVJB39uDBvQ:HRNUJyQ28NjFY/Zz7V39utQ
                                          MD5:97193C1C00ED32DF51CF2E57385B514E
                                          SHA1:9C417653572B6956BE49AFB31BFED33F25E51E0D
                                          SHA-256:D39B9A20F3B39C93D0ED5811766182986E2C0E750FB7082FE6A39822A6CBD946
                                          SHA-512:4F246D6F4178F297B2AD1E613D149BCADF00824401357EF5C84D1140FF2398A7482FB5544313667372A78ABB903B68E4824C7EF6365258349E5F55F5AA6E9C00
                                          Malicious:false
                                          Preview:# actions.py..from .exceptions import ParseException.from .util import col, replaced_by_pep8...class OnlyOnce:. """. Wrapper for parse actions, to ensure they are only called once.. """.. def __init__(self, method_call):. from .core import _trim_arity.. self.callable = _trim_arity(method_call). self.called = False.. def __call__(self, s, l, t):. if not self.called:. results = self.callable(s, l, t). self.called = True. return results. raise ParseException(s, l, "OnlyOnce obj called multiple times w/out reset").. def reset(self):. """. Allow the associated parse action to be called once more.. """.. self.called = False...def match_only_at_col(n):. """. Helper method for defining parse actions that require matching at. a specific column in the input text.. """.. def verify_col(strg, locn, toks):. if col(locn, strg) != n:. raise ParseException(

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\common.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):13387
                                          Entropy (8bit):4.8693639130340305
                                          Encrypted:false
                                          SSDEEP:384:gAabxpkZEzbTgNfLZcQ0YwZaV1HRWk8nTtp:gpvSNYZqWkop
                                          MD5:168A86BEE8A62563BD1B46047449F40C
                                          SHA1:693942EDCC014F997CB8BF451270C01A025B4D0C
                                          SHA-256:A7EDDCF37139F838E5905DF91B43BDFA48D0469A1E8CFFB6FF3D21C59F9EA25E
                                          SHA-512:8D0E5D4AE8EF116372B33B54D5039C99896B43EC800A63C8FF71AF3E5C544B5E779A7EDB9BB7EBAD2D7B3DC156B61AA19FC3F8106B9BF30A253DBA242F1D7CA5
                                          Malicious:false
                                          Preview:# common.py.from .core import *.from .helpers import DelimitedList, any_open_tag, any_close_tag.from datetime import datetime...# some other useful expressions - using lower-case class name since we are really using this as a namespace.class pyparsing_common:. """Here are some common low-level expressions that may be useful in. jump-starting parser development:.. - numeric forms (:class:`integers<integer>`, :class:`reals<real>`,. :class:`scientific notation<sci_real>`). - common :class:`programming identifiers<identifier>`. - network addresses (:class:`MAC<mac_address>`,. :class:`IPv4<ipv4_address>`, :class:`IPv6<ipv6_address>`). - ISO8601 :class:`dates<iso8601_date>` and. :class:`datetime<iso8601_datetime>`. - :class:`UUID<uuid>`. - :class:`comma-separated list<comma_separated_list>`. - :class:`url`.. Parse actions:.. - :class:`convert_to_integer`. - :class:`convert_to_float`. - :class:`convert_to_date`. - :class:`convert_to_dat

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\core.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):224445
                                          Entropy (8bit):4.478174379962787
                                          Encrypted:false
                                          SSDEEP:6144:8K6XzXqrQE0EYwyoy5uXhT2xnPyGGO8WWUe/LYJp2VdcxrF+yPCZjW:bBGGBUe8jLyW
                                          MD5:2A9FD56192E64C5710762B67AD987F43
                                          SHA1:5E8FFC7AE9B2BE2FA70C726FCD183ED8D9588CE0
                                          SHA-256:CAFB9194BA57485F26824F908625B73952EA0FD4F4AEC8FDB5B89B8511F861AC
                                          SHA-512:F3FF27FE9D6618CD3FC45C3AD3A0C6B2C75B0B568136998CD8FC1C9B758FF03441875C635A79B1447CE8BE11012A56488153AD06572A6FC18076596AA0EC9F6E
                                          Malicious:false
                                          Preview:#.# core.py.#..from collections import deque.import os.import typing.from typing import (. Any,. Callable,. Generator,. List,. NamedTuple,. Sequence,. Set,. TextIO,. Tuple,. Union,. cast,.).from abc import ABC, abstractmethod.from enum import Enum.import string.import copy.import warnings.import re.import sys.from collections.abc import Iterable.import traceback.import types.from operator import itemgetter.from functools import wraps.from threading import RLock.from pathlib import Path..from .util import (. _FifoCache,. _UnboundedCache,. __config_flags,. _collapse_string_to_ranges,. _escape_regex_range_chars,. _bslash,. _flatten,. LRUMemo as _LRUMemo,. UnboundedMemo as _UnboundedMemo,. replaced_by_pep8,.).from .exceptions import *.from .actions import *.from .results import ParseResults, _ParseResultsWithOffset.from .unicode import pyparsing_unicode.._MAX_INT = sys.maxsize.str_type: Tuple[type, ...] = (str, bytes)..#.# Copy

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\diagram\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):24215
                                          Entropy (8bit):4.458805804079613
                                          Encrypted:false
                                          SSDEEP:384:LLzwwHHRVUeF/RTkSFAX3EQVbCrq614OPtL5cMKrEG6AvS+Cn:LLzwwHx2eF/RTkS6X3EQp21BNcMI/662
                                          MD5:4D006D53065A73CAEF44E879DC744F0D
                                          SHA1:6E1A3C885FBC3D5DEC270791AB81C64D9660EC8B
                                          SHA-256:9F19833A8605F4D5EE2DA198CB4D6D2858E4351796265AC616E24D584893A3CE
                                          SHA-512:572E8A1E5EF6180967A04460DE9A70465983C379E97C2EB7D4ED51BEE8055C5A7C052B7E5DC260572B5AC90AFB4C3DCAE0CEC3F7849E6CE65712BB78AB0AFE93
                                          Malicious:false
                                          Preview:# mypy: ignore-errors.import railroad.from pip._vendor import pyparsing.import typing.from typing import (. List,. NamedTuple,. Generic,. TypeVar,. Dict,. Callable,. Set,. Iterable,.).from jinja2 import Template.from io import StringIO.import inspect...jinja2_template_source = """\.{% if not embed %}.<!DOCTYPE html>.<html>.<head>.{% endif %}. {% if not head %}. <style>. .railroad-heading {. font-family: monospace;. }. </style>. {% else %}. {{ head | safe }}. {% endif %}.{% if not embed %}.</head>.<body>.{% endif %}.{{ body | safe }}.{% for diagram in diagrams %}. <div class="railroad-group">. <h1 class="railroad-heading">{{ diagram.title }}</h1>. <div class="railroad-description">{{ diagram.text }}</div>. <div class="railroad-svg">. {{ diagram.svg }}. </div>. </div>.{% endfor %}.{% if not embed %}.</body>.</html>.{% endif %}."""..template = Template(ji

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\diagram\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):26805
                                          Entropy (8bit):5.197529238169471
                                          Encrypted:false
                                          SSDEEP:384:MGrIKW6twfAPsed+Y0bCe+ItMyo7jyN4OPpFMZrdPB4b:M8IKW6taAPsDpbp6yUjiLSdPBe
                                          MD5:BED5A04A22D026ACB5707A94905963FD
                                          SHA1:5341892EC8F53A9A86B92B28556143B2304E9B8F
                                          SHA-256:8E7A2DBCF7FCF45C8A324E52B315F7E4FB2FD5EEFFAF4A1CA404FE97CC1F49DF
                                          SHA-512:D17E98970773974C94994B24AE27E2C1A5DC2D59C7F0E48B760194DDB3667EECB3150618F547959F5F6BEB3D19ED7701F8A2659E3A1EDB79ECF4B2F3685F0583
                                          Malicious:false
                                          Preview:...........f.^..............................d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.Z...e.e.........Z...e.d.d.e.f.d.e.j(..................e.j*......................f.d.e.f.g.........Z.....e.d.........Z...G.d...d.e.j2..........................Z...G.d...d.e.j2..........................Z...G.d...d.e.e.............Z.d,d.e.e.....d.e.f.d...Z.d.d.d.e.f.d...Z.........d-d.e.j>..................d.e.j(..................e ....d.e.d.e!d.e!d.e.e.....f.d...Z"d.e.d.e.e.j>......................d.e!f.d ..Z#..G.d!..d"........Z$..G.d#..d$........Z%d.e.j>..................d.e!f.d%..Z&d&..Z'd.e.e.j>......................f.d'..Z(e'............d.d.e.j>..................d(e.j(..................e.....d)e%d.e.d.e.d*e.d.e!d.e!d.e.j(..................e.....f.d+..........Z)y.)/.....N)...pyparsing)...List..NamedTuple..Generic..TypeVar..Dict..Callable..Set..Iterable)...Template)...StringIOa....{% if not embed %}.<!DOCTYPE html>.<html>.<head>.{% endif %}.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\exceptions.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):9523
                                          Entropy (8bit):4.350560699979647
                                          Encrypted:false
                                          SSDEEP:192:AwQZVA6dvk/Rh5ULmzBBMbVxtzvk/OYHtolo2:AjZVN+RvUKjMhobj2
                                          MD5:D766F5ADC5EEA0117932CCE82A2574A5
                                          SHA1:33F826B5F61CB81EACA0761A76D4C5BF3FD29DED
                                          SHA-256:E8973A5B5783641CF216ED49D18ADC74D155042F9120DBA3666BDE4A707C471C
                                          SHA-512:6974C8D151ECEF30145FE784D0BA61A68B2C67EDE5C686241232192D6BE0D01301B3C2B9363A4C20D3383BD8250AE51A75764B4ABB033532A3B0F08DDC6983AE
                                          Malicious:false
                                          Preview:# exceptions.py..import re.import sys.import typing..from .util import (. col,. line,. lineno,. _collapse_string_to_ranges,. replaced_by_pep8,.).from .unicode import pyparsing_unicode as ppu...class ExceptionWordUnicode(ppu.Latin1, ppu.LatinA, ppu.LatinB, ppu.Greek, ppu.Cyrillic):. pass..._extract_alphanums = _collapse_string_to_ranges(ExceptionWordUnicode.alphanums)._exception_word_extractor = re.compile("([" + _extract_alphanums + "]{1,16})|.")...class ParseBaseException(Exception):. """base exception class for all parsing runtime exceptions""".. loc: int. msg: str. pstr: str. parser_element: typing.Any # "ParserElement". args: typing.Tuple[str, int, typing.Optional[str]].. __slots__ = (. "loc",. "msg",. "pstr",. "parser_element",. "args",. ).. # Performance tuning: we construct a *lot* of these, so keep this. # constructor as small and fast as possible. def __init__(. self,. pstr: st

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\helpers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):38646
                                          Entropy (8bit):4.656417128130297
                                          Encrypted:false
                                          SSDEEP:768:8ukgqBqNGJZreajVVlz8DoGQxMntYl8XqDBroDe76Y:8CqgNGJZreajV7zmFSDl8Xqtci
                                          MD5:AFA5F059CAF348C09B7C940BDB477F16
                                          SHA1:9C5C1546309D245E734F49C2FA0AF6050E992C66
                                          SHA-256:059247080F124B4A588A8DF428641373DC36A8C39A2B862967B85CBC76E74E09
                                          SHA-512:F61AB3627F105345BDAE9C1EDFE225D648987D424EA0CF76FC50CEF2A5941E5CD05BEACFBE3620F537944812E0627D0D1DD40E004DC69099FA8297C8150E84A6
                                          Malicious:false
                                          Preview:# helpers.py.import html.entities.import re.import sys.import typing..from . import __diag__.from .core import *.from .util import (. _bslash,. _flatten,. _escape_regex_range_chars,. replaced_by_pep8,.)...#.# global helpers.#.def counted_array(. expr: ParserElement,. int_expr: typing.Optional[ParserElement] = None,. *,. intExpr: typing.Optional[ParserElement] = None,.) -> ParserElement:. """Helper to define a counted list of expressions... This helper defines a pattern of the form::.. integer expr expr expr..... where the leading integer tells how many expr expressions follow.. The matched tokens returns the array of expr tokens as a list - the. leading count token is suppressed... If ``int_expr`` is specified, it should be a pyparsing expression. that produces an integer value... Example::.. counted_array(Word(alphas)).parse_string('2 ab cd ef') # -> ['ab', 'cd'].. # in this parser, the leading integer value is give

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\results.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):26692
                                          Entropy (8bit):4.204400723970669
                                          Encrypted:false
                                          SSDEEP:384:GmJUTRSwOjIST4QY67UNkeEbf7CLulGcvb2HgmxbHc/IWhKRz:GmJUTn167Oke0jl1vbOgMY/Ix
                                          MD5:502DA695A726CFE3CB2735CC31B56A3E
                                          SHA1:BE84B1B49E3828EC37D7F4B2FFE52F7BFC997815
                                          SHA-256:F5DCAA43EC373237E6C566C5B7C2843D4E887D77B245DA16A763A0F34DAB5106
                                          SHA-512:396E5F5060778AFC4EB9FC8373F6041707E74085A4DD714A8A8734F26635BFE511499642C931DB311E10A268E91E817FC322A5440C9A64FE09BE125C4AFED20E
                                          Malicious:false
                                          Preview:# results.py.from collections.abc import (. MutableMapping,. Mapping,. MutableSequence,. Iterator,. Sequence,. Container,.).import pprint.from typing import Tuple, Any, Dict, Set, List..str_type: Tuple[type, ...] = (str, bytes)._generator_type = type((_ for _ in ()))...class _ParseResultsWithOffset:. tup: Tuple["ParseResults", int]. __slots__ = ["tup"].. def __init__(self, p1: "ParseResults", p2: int):. self.tup: Tuple[ParseResults, int] = (p1, p2).. def __getitem__(self, i):. return self.tup[i].. def __getstate__(self):. return self.tup.. def __setstate__(self, *args):. self.tup = args[0]...class ParseResults:. """Structured parse results, to provide multiple means of access to. the parsed data:.. - as a list (``len(results)``). - by list index (``results[0], results[1]``, etc.). - by attribute (``results.<results_name>`` - see :class:`ParserElement.set_results_name`).. Example::.. integer = Word(

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\testing.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):13488
                                          Entropy (8bit):4.1543808981423656
                                          Encrypted:false
                                          SSDEEP:192:Zz3aqFdLGsdiBvo9NdnzV6SSMj7QT1hsq1aNnm58fyI1hY/rMi5lXSy1+DuT0x:Zz35FWho93L7QTNw1hwrHD+ST0x
                                          MD5:090655DAAB366F55D2D0B8BFFEB969B7
                                          SHA1:0F2A7BAA07027F68D8A500B4184FE593C2299BDD
                                          SHA-256:7899DC834A7CDF39B51533EF33D6AE353EA86AF22F5DA89B9911437F5AA6C246
                                          SHA-512:12F5BE3D6C675CD669E4C7A1804540F3E8D2A5E117863FAB0E61E9363AA54EF7E177265D2B95370C2D0769F46982E094CDA9322BD5FE94ED1D4D4EDA4CB9A23B
                                          Malicious:false
                                          Preview:# testing.py..from contextlib import contextmanager.import typing..from .core import (. ParserElement,. ParseException,. Keyword,. __diag__,. __compat__,.)...class pyparsing_test:. """. namespace class for classes useful in writing unit tests. """.. class reset_pyparsing_context:. """. Context manager to be used when writing unit tests that modify pyparsing config values:. - packrat parsing. - bounded recursion parsing. - default whitespace characters.. - default keyword characters. - literal string auto-conversion class. - __diag__ settings.. Example::.. with reset_pyparsing_context():. # test that literals used to construct a grammar are automatically suppressed. ParserElement.inlineLiteralsUsing(Suppress).. term = Word(alphas) | Word(nums). group = Group('(' + term[...] + ')').. # assert that the '()' characte

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\unicode.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):10646
                                          Entropy (8bit):4.603560836419799
                                          Encrypted:false
                                          SSDEEP:192:XZ/nCtDWwPb9kcY1beTSxgRMnUM7/eyI+I3ZKJlyoAARXs/HpieVslhNoRC:XRCtD5zigeUM7Wyr6ZME5klYC
                                          MD5:C597338A8AB008CD21175E408E19F830
                                          SHA1:EF897E3A62B1D972E1DD3525DADF04A6DFE7B791
                                          SHA-256:7C03DDB098804456E43C08A1E8D918AF2D1DA63E233EA7A5195325138C16156F
                                          SHA-512:F93EB2349DDB5D932D8BCD9F17DF6929BA0ACF644F0FCE2CE8C4F34F682B4DEABBB5F6815A9ABA56651B6A74BF817762484E77D7B0C37B911E620088D4CE244B
                                          Malicious:false
                                          Preview:# unicode.py..import sys.from itertools import filterfalse.from typing import List, Tuple, Union...class _lazyclassproperty:. def __init__(self, fn):. self.fn = fn. self.__doc__ = fn.__doc__. self.__name__ = fn.__name__.. def __get__(self, obj, cls):. if cls is None:. cls = type(obj). if not hasattr(cls, "_intern") or any(. cls._intern is getattr(superclass, "_intern", []). for superclass in cls.__mro__[1:]. ):. cls._intern = {}. attrname = self.fn.__name__. if attrname not in cls._intern:. cls._intern[attrname] = self.fn(cls). return cls._intern[attrname]...UnicodeRangeList = List[Union[Tuple[int, int], Tuple[int]]]...class unicode_set:. """. A set of Unicode characters, for language-specific strings for. ``alphas``, ``nums``, ``alphanums``, and ``printables``.. A unicode_set is defined by a list of ranges in the Unicode character. set, in a class

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyparsing\util.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):8670
                                          Entropy (8bit):4.52628162624378
                                          Encrypted:false
                                          SSDEEP:192:6mujyjYUceklDJfctkDB/7kkcNb/IjEoAHukt/nTaj:B8uUIkcOjzXz
                                          MD5:98446240BEF4E0F94DD082E933FFC8ED
                                          SHA1:D3A1B5E8AC661F741153B0757CE509530F59DDE5
                                          SHA-256:BD33334DDC120F257C77F75282AB944DD5A0045A00FD6DF49DFC44243B2C8514
                                          SHA-512:02EE65A2FA37B4D7C635E477DBFDE790BE69393DF69F87C743780A314896995827FC00FA3390FF80623D7368BB399344A19670B5716CA2692D3E2D2DC058913B
                                          Malicious:false
                                          Preview:# util.py.import inspect.import warnings.import types.import collections.import itertools.from functools import lru_cache, wraps.from typing import Callable, List, Union, Iterable, TypeVar, cast.._bslash = chr(92).C = TypeVar("C", bound=Callable)...class __config_flags:. """Internal class for defining compatibility and debugging flags""".. _all_names: List[str] = []. _fixed_names: List[str] = []. _type_desc = "configuration".. @classmethod. def _set(cls, dname, value):. if dname in cls._fixed_names:. warnings.warn(. f"{cls.__name__}.{dname} {cls._type_desc} is {str(getattr(cls, dname)).upper()}". f" and cannot be overridden",. stacklevel=3,. ). return. if dname in cls._all_names:. setattr(cls, dname, value). else:. raise ValueError(f"no such {cls._type_desc} {dname!r}").. enable = classmethod(lambda cls, name: cls._set(name, True)). disable =

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):491
                                          Entropy (8bit):4.738310974542705
                                          Encrypted:false
                                          SSDEEP:12:iRdkQf0RaPpNmJiAiQmlPR/cRfPRM8OepOik3wHNdzmlPMgUfPMqZJR:Ig0pNmTiVPREZPRAepOikAt8PBoPz3R
                                          MD5:80C061091A6382818848B1B371DC2EB8
                                          SHA1:DF65D428064B7C8E03726669E00C2E42450C227C
                                          SHA-256:9027A19B2D146816BDA15303ED9219AE7B307E73F72D767996F9CD2402F92413
                                          SHA-512:680DF062D390CF1092B0A13D8FC1013F557C272C26F58C8EBD79A8CF625741705FC7517C47BDF019F866E75D8B9F16A1E0FF44CC1FE462DB6C3C6CE55EF160BA
                                          Malicious:false
                                          Preview:"""Wrappers to call pyproject.toml-based build backend hooks.."""..from ._impl import (. BackendInvalid,. BackendUnavailable,. BuildBackendHookCaller,. HookMissing,. UnsupportedOperation,. default_subprocess_runner,. quiet_subprocess_runner,.)..__version__ = '1.0.0'.__all__ = [. 'BackendUnavailable',. 'BackendInvalid',. 'HookMissing',. 'UnsupportedOperation',. 'default_subprocess_runner',. 'quiet_subprocess_runner',. 'BuildBackendHookCaller',.].

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):605
                                          Entropy (8bit):5.466498834556104
                                          Encrypted:false
                                          SSDEEP:12:RJSBdxLzRdPziupFP0mlPGUfPXtvnxOs1nDWbaFFjaOtCJ6:RJ61riupFPhPRPHOnbrOtCg
                                          MD5:3AEA2BC4F89D676F49A62E33CC777696
                                          SHA1:9F248FEA748C51E45A313CFC7F0BCBBB07B3D2F4
                                          SHA-256:760FC30CC79ABD77576497A4330C5C1B0D64769505A79E8266CB93D0185D2B7F
                                          SHA-512:B8308C7A319E96DDCD86EE5BFC035CAFDF8EF38574701A94A555075CCF910B308C97AE53BBCAD9290E780453DA4E129A72912159D37323AB9081B8D826CFE836
                                          Malicious:false
                                          Preview:...........f..........................8.....d.Z.d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.Z.g.d...Z.y.).z;Wrappers to call pyproject.toml-based build backend hooks.......)...BackendInvalid..BackendUnavailable..BuildBackendHookCaller..HookMissing..UnsupportedOperation..default_subprocess_runner..quiet_subprocess_runnerz.1.0.0).r....r....r....r....r....r....r....N)...__doc__.._implr....r....r....r....r....r....r......__version__..__all__........]C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyproject_hooks/__init__.py..<module>r........s'..........................................r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\__pycache__\_compat.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):366
                                          Entropy (8bit):5.25285865948225
                                          Encrypted:false
                                          SSDEEP:6:Lr1SBHJcyJieMtvlcicdFO4a6qpR2pAreaF5f0aptM3F3Er:n1SBHSy05ui8WWbaF5f0ajM13i
                                          MD5:8C9069B8D7F6DD3D99BB7EE593494677
                                          SHA1:5719C7FA0A6327C5E3CC2E25A0E7EE2A3E75CEEA
                                          SHA-256:FEAFD187C511D64A0E594B77F5DFC09C645A7FF082C7E8BCF5126778E17F214A
                                          SHA-512:104ED55E3A5A1F6BDAC4542094EDAA157D5950B4E93AD5272E28798AEFFC5CE111EABD706754087012DA265E4922E8A598EBF2752EDBEA5CF823E9D9B1834990
                                          Malicious:false
                                          Preview:...........f..........................D.....d.Z.d.d.l.Z.e.j...................d.k\..r.d.d.l.Z.y.d.d.l.m.Z...y.).)...tomllib.....N)...........)...tomli)...__all__..sys..version_infor......pip._vendorr............\C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyproject_hooks/_compat.py..<module>r........s!..........................w........,r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\__pycache__\_impl.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):14717
                                          Entropy (8bit):5.306824406461385
                                          Encrypted:false
                                          SSDEEP:384:sHZWAjaI7lEiubTqSlqWcpUU/IfgcYlFVQq1mZHe:sHAnClL52cdQfHqEZ+
                                          MD5:BC43D3E3ABB82335098319C9A08CD561
                                          SHA1:0E7CE6D02A43692419E38C03AC3FFA5E44A89215
                                          SHA-256:2EAFE9454743C9181E5238C60855676191046458159DDDE8A7C35F8D293B0397
                                          SHA-512:370049F5B7775E3B83222C2C6677B2C5C8C370AB0702D29B5C3E13B25E683B04DA167AFD0E4312D856A87349AAFA6F2C01B4E93A4E9685311468F6BEB35AE9AE
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d...Z.d...Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.d.d...Z.d.d...Z.d...Z...G.d...d.........Z.y.)......N)...contextmanager)...abspath)...join)...STDOUT..check_call..check_output.....)..._in_proc_script_pathc.....................x.....t.........|.d.d...........5.}.t.........j...................|.|.f.i.|.......d.d.d...........y.#.1.s.w...Y.....y.x.Y.w.).N..w..utf-8....encoding)...open..json..dump)...obj..path..kwargs..fs.... .ZC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyproject_hooks/_impl.py..write_jsonr........s8.........d.C.'..*....$.a........#.q..#.F..#....$....$....$.s......0...9.c.....................r.....t.........|.d...........5.}.t.........j...................|.........c.d.d.d...........S.#.1.s.w...Y.....y.x.Y.w.).Nr....r....).r....r......load).r....r....s.... r

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\_compat.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):138
                                          Entropy (8bit):4.385609497824286
                                          Encrypted:false
                                          SSDEEP:3:UFoNJJJQJFyCFYTFLCbQWgVHXMoQewMPsWAffDXKqTA8gXRe1+CRK5Pn:U6HJQJFyG+uQNHcoQ34sHfWoMeGn
                                          MD5:6D627346B01079D32B8133AE1C9B6E4E
                                          SHA1:9141192D3B9BB789D002285A8CBFD788642AACEE
                                          SHA-256:6F2E9EBEB627AA48AC88CF8C41CBCE2ACE5B80333394E4A066A44736A7F4E331
                                          SHA-512:90E0E380125496F78FCC9DC2AE56892937D1079CBED280B7B02D875058DF172457F519EE7C6CE1C77E2514A45B671D544FD2C58D7187A24C0063981BCEAACEEA
                                          Malicious:false
                                          Preview:__all__ = ("tomllib",)..import sys..if sys.version_info >= (3, 11):. import tomllib.else:. from pip._vendor import tomli as tomllib.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\_impl.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):11920
                                          Entropy (8bit):4.494420623569677
                                          Encrypted:false
                                          SSDEEP:192:su1MmfbQ8wn3F3FQzUu/89q4gyqfy1ahERxn:su1zbQ8wnJS4u/89q4gyqfy1H
                                          MD5:7006214C597EC31BD685C4C7A809EDF7
                                          SHA1:1E5A9D8DC86AF078F0C244032DB980B0FD11C34C
                                          SHA-256:EB5189C73422A742089E1B8EEBD648E466CD43CD97103501FF51A0E7F2AD5287
                                          SHA-512:116B645B6699211DD08E27EC87A2613CF72CF5CDF92F47EAD33FB36CA9BFA72B4EE02222DEE9AA783D83AF074A1932C3E550B8E63825790401D31246534106AC
                                          Malicious:false
                                          Preview:import json.import os.import sys.import tempfile.from contextlib import contextmanager.from os.path import abspath.from os.path import join as pjoin.from subprocess import STDOUT, check_call, check_output..from ._in_process import _in_proc_script_path...def write_json(obj, path, **kwargs):. with open(path, 'w', encoding='utf-8') as f:. json.dump(obj, f, **kwargs)...def read_json(path):. with open(path, encoding='utf-8') as f:. return json.load(f)...class BackendUnavailable(Exception):. """Will be raised if the backend cannot be imported in the hook process.""". def __init__(self, traceback):. self.traceback = traceback...class BackendInvalid(Exception):. """Will be raised if the backend is invalid.""". def __init__(self, backend_name, backend_path, message):. super().__init__(message). self.backend_name = backend_name. self.backend_path = backend_path...class HookMissing(Exception):. """Will be raised on missing hooks (if a

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):546
                                          Entropy (8bit):4.551389317479523
                                          Encrypted:false
                                          SSDEEP:12:EaZbaCAUTvAsJUxViQg9SViwsgQ095BeA0M5L35Buo1OQ6mLv:9fTv9utiSVxQKn0M5JrTv
                                          MD5:44AE0A51F674AF325CF2B1913EE32DB7
                                          SHA1:D594EACE41476837A85468E99AF3A31514CFA7C4
                                          SHA-256:F604004E9B5B1647A5908CB439F5851000B3AB15C93100D6087F6B04E0195704
                                          SHA-512:7A9886DBC641ABED170F179C9CED022665D87159DC90A8FE9014D0E8DD20250548DF80B8687B6439D51EC493BA853BDE088A05848CC72E406E543C3719DF1B0F
                                          Malicious:false
                                          Preview:"""This is a subpackage because the directory is on sys.path for _in_process.py..The subpackage should stay as empty as possible to avoid shadowing modules that.the backend might import.."""..import importlib.resources as resources..try:. resources.files.except AttributeError:. # Python 3.8 compatibility. def _in_proc_script_path():. return resources.path(__package__, '_in_process.py').else:. def _in_proc_script_path():. return resources.as_file(. resources.files(__package__).joinpath('_in_process.py')).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1072
                                          Entropy (8bit):5.03140956025625
                                          Encrypted:false
                                          SSDEEP:24:xrNfTv9uudz1Hbn6C7kaqkj2tYl5Bq4zo:xrNfpuej1qkyYl5B5c
                                          MD5:89B59E4F3C439FAFBE018F8A1CD56B68
                                          SHA1:D8615C492829F1E515C6ABEF206D09D554AA54FF
                                          SHA-256:8F9292AF9AD7A6F60157917D7FAEBA6AAEFCB6CCD5FF1BA291A70E794C348FDA
                                          SHA-512:96F09B78B98E8943379F9D9E38C9056E9C4A565A16536116F3FC8CB546DA65875BA81F9782456D20456167DDE9F6C4971CB9D3A779FA9FAE050F1DCCC35BB875
                                          Malicious:false
                                          Preview:...........f".........................P.....d.Z.d.d.l.m.Z.....e.j.....................d...Z.y.#.e.$.r...d...Z.Y.y.w.x.Y.w.).z.This is a subpackage because the directory is on sys.path for _in_process.py..The subpackage should stay as empty as possible to avoid shadowing modules that.the backend might import.......Nc.....................x.....t.........j...................t.........j...................t.................j...................d.................S...Nz._in_process.py)...resources..as_file..files..__package__..joinpath........iC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/pyproject_hooks/_in_process/__init__.py.._in_proc_script_pathr........s/.......... .. ....O.O.K..(..1..1.2B..C....E.....E.r....c.....................6.....t.........j...................t.........d.........S.r....).r......pathr....r....r....r....r....r........s..........~.~.k.+;..<..<r....)...__doc__..importlib.resourcesr....r....r......AttributeErrorr....r....r......<module>r........s8....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\__pycache__\_in_process.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):14389
                                          Entropy (8bit):5.295049467536098
                                          Encrypted:false
                                          SSDEEP:192:L4LdtLiw2duY1ZeDMqlJEiJD/x+h3c9ph3G+7X5t4PyGCow:LktMdp144KJbJD/xe3+jG1t1w
                                          MD5:1810A14F794798ABCAAF8503221AE848
                                          SHA1:482B36B7EAC860BF542C94475BB4C474BB035C7A
                                          SHA-256:65220CE6ED0DE2B53CAAAE7BF7CC2641C89A5AF94EAC80079C11002258BF16DD
                                          SHA-512:A53F3A8AF95C1078F228690E253C37E07516A080AABE9B4ABE9E031006F00B681AA7AFB81EE95EB40DB9786ED1735568413561C5D8B1583445874A27A5FA8BDC
                                          Malicious:false
                                          Preview:...........f.*........................b.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.Z.d...Z.d...Z.d...Z.d$d...Z.d$d...Z.d...Z ..G.d...d.e.........Z!..G.d...d.e.........Z"d ..Z#h.d!..Z$d"..Z%e&d#k(..r...e%..........y.y.)%ag...This is invoked in a subprocess to call the build backend hooks...It expects:.- Command line args: hook_name, control_dir.- Environment variables:. PEP517_BUILD_BACKEND=entry.point:spec. PEP517_BACKEND_PATH=paths (separated with os.pathsep).- control_dir/input.json:. - {"kwargs": {...}}..Results:.- control_dir/output.json. - {"return_val": ...}......N)...glob)...import_module)...joinc.....................x.....t.........|.d.d...........5.}.t.........j...................|.|.f.i.|.......d.d.d...........y.#.1.s.w...Y.....y.x.Y.w.).N..w..utf-8....encoding)...open..json..dump)...obj.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\pyproject_hooks\_in_process\_in_process.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):10927
                                          Entropy (8bit):4.737449442563281
                                          Encrypted:false
                                          SSDEEP:192:mdQeWwXEbynViulapd+jJ/lBR0lJHgCPu+NORhUh0RMzlwUtn8pM:SQ62+Jt0lJnxNOpYtn8a
                                          MD5:4D0D470C8151CA2901F01D696E0E3F8B
                                          SHA1:B188AAE41334AB7DED5AA1C9C992779FEA0127EB
                                          SHA-256:9B66F7E1CF75EC85B9A3E43FE936081E5B0AF6549494D8B2AC84D3507FF3C1EC
                                          SHA-512:4BD82327241C5E7F70DF26F92E388C4B284A42CFE1DA085F492EFD862B58522438C877F5E5CF42B318526AEA593BA832CAA1A53836614AE9F28D28724E0FD5E3
                                          Malicious:false
                                          Preview:"""This is invoked in a subprocess to call the build backend hooks...It expects:.- Command line args: hook_name, control_dir.- Environment variables:. PEP517_BUILD_BACKEND=entry.point:spec. PEP517_BACKEND_PATH=paths (separated with os.pathsep).- control_dir/input.json:. - {"kwargs": {...}}..Results:.- control_dir/output.json. - {"return_val": ...}.""".import json.import os.import os.path.import re.import shutil.import sys.import traceback.from glob import glob.from importlib import import_module.from os.path import join as pjoin..# This file is run as a script, and `import wrappers` is not zip-safe, so we.# include write_json() and read_json() from wrappers.py....def write_json(obj, path, **kwargs):. with open(path, 'w', encoding='utf-8') as f:. json.dump(obj, f, **kwargs)...def read_json(path):. with open(path, encoding='utf-8') as f:. return json.load(f)...class BackendUnavailable(Exception):. """Raised if we cannot import the backend""". def __i

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5169
                                          Entropy (8bit):4.874553924231789
                                          Encrypted:false
                                          SSDEEP:96:7peYVGivM4SAAAmo7146JlABKAF2rrK2As4+A+I+AxQSEsNiZi0Xoy2Psv:7bMS7deeWP1Z1R+Exk/
                                          MD5:CB08F1B2F9A15B532E967790852650C1
                                          SHA1:A86FD9B261BD085B254467C9B7AE83C0E7E1B7C2
                                          SHA-256:A30BA3A1BE1D938E528B2E0462D6C2291EB0705A61EC4D386BFBFF3AE01A7010
                                          SHA-512:6F2E92DB6E04F14F945309368C7706A29D6C33F8B68571DD16E13B240EFC3EDA55093821557FA719A5AAC76D3D1BE6B70A60E55331DA949A4C15431A5B991E3B
                                          Malicious:false
                                          Preview:# __.# /__) _ _ _ _ _/ _.# / ( (- (/ (/ (- _) / _).# /..""".Requests HTTP Library.~~~~~~~~~~~~~~~~~~~~~..Requests is an HTTP library, written in Python, for human beings..Basic GET usage:.. >>> import requests. >>> r = requests.get('https://www.python.org'). >>> r.status_code. 200. >>> b'Python is a programming language' in r.content. True..... or POST:.. >>> payload = dict(key1='value1', key2='value2'). >>> r = requests.post('https://httpbin.org/post', data=payload). >>> print(r.text). {. .... "form": {. "key1": "value1",. "key2": "value2". },. .... }..The other HTTP methods are supported - see `requests.api`. Full documentation.is at <https://requests.readthedocs.io>...:copyright: (c) 2017 by Kenneth Reitz..:license: Apache 2.0, see LICENSE for more details.."""..import warnings..from pip._vendor import urllib3..from .exceptions import RequestsDependencyWarning..charset_normalizer_version = None..try:. fro

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5445
                                          Entropy (8bit):5.856070309976944
                                          Encrypted:false
                                          SSDEEP:96:cynPj0meYVGivMKF/Ih2mpNgSdAhotrsCxwD49bWQXaN4yIoajQ3a2Kpf:cyLjMKmLgSehS9q09vqN7h3a2Kpf
                                          MD5:107AA93C726631A6555D199043F933BE
                                          SHA1:7A1C7340C1223D052BFB8655319033C4566DCFC1
                                          SHA-256:E6586BCCA1939D3CB588FDD33380B2FF075D2406D8A0918F06B045CF830C9A03
                                          SHA-512:405B05892FC061AD7BE198CE3C1D421A29A786F0F131B40013F9EA33E34307CE212F18305A7B89D65043D04A844A80FC055973125CF9B8DD5498FDA926C5AB47
                                          Malicious:false
                                          Preview:...........f1.........................F.....d.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z...d.d.l.m.Z...d...Z.d...Z.....e.e.j...................e.e.............d.d.l.m.Z...e.s...e.d.............d.d.l.Z...e.e.d.d.........s%d.d.l.m.Z.....e.j.............................d.d.l.m.Z.....e.e...........d.d.l.m.Z.....e.j8..................d.e...........d.d.l.Z.d.d.l.m.Z...d.d.l.m Z m!Z!..d.d.l.m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m.Z...d.d.l+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3..d.d.l.m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;m<Z<m=Z=..d.d.l>m?Z?m@Z@mAZA..d.d.lBmCZCmDZD..d.d.lEmFZF....e.j...................eH........j.....................e.....................e.j8..................d.e6d.............y.#.e.$.r...d.Z.Y....-w.x.Y.w.#.e.e.f.$.r2....e.j...................d.j!..................e.j...................e.e.........e...........Y....Nw.x.Y.w.#.e.$.r...d.Z.Y....Fw.x.Y.w.#.e.$.r...Y....#w.x.Y.w.).a.....Requests HTTP Library.~~~~~~~~~~~~~~~~~~~~~..Requests is an HTTP library, written in Python, for human beings..B

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\__version__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):576
                                          Entropy (8bit):5.763263276014906
                                          Encrypted:false
                                          SSDEEP:12:vHkzJSsU8ReRyu7msv7SAV5b4StJzcAFAu63WcWWKWbai9aduDhll:glPOyqmsvp5TJzcAFAu6pJ7b/cduN/
                                          MD5:649EFCF49434B1A455A6703140C340F4
                                          SHA1:4B899400819BB423CE1594BEF0A477B23D977DEB
                                          SHA-256:5883BD66014DCC290786E52925DE95540B85F088EA3104119A8726169C0A13A8
                                          SHA-512:52B8BEC303AD63D310FF6DD274D1BF82F5888C2833C6894E0AC9B47B2B059BA9334FDDCBCF619CE7C3A18633D9B7A27033626215EE9A84072F88510F4797FF1E
                                          Malicious:false
                                          Preview:...........f..........................,.....d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.y.)...requestsz.Python HTTP for Humans.z.https://requests.readthedocs.ioz.2.31.0i.1..z.Kenneth Reitzz.me@kennethreitz.orgz.Apache 2.0z.Copyright Kenneth Reitzu..... .. .N)...__title__..__description__..__url__..__version__..__build__..__author__..__author_email__..__license__..__copyright__..__cake__........YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/requests/__version__.py..<module>r........s:.................+....+...................(..........)....%..r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\_internal_utils.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2016
                                          Entropy (8bit):5.75086680759094
                                          Encrypted:false
                                          SSDEEP:48:j0L07mpGWydzx0kOdqPr1OlX4OXPGddmei8tmgs:QU95UL4pY56dmei8S
                                          MD5:76BF53C7AE0849137F5B51A941BA0048
                                          SHA1:8F4D30AF4EFE5FC8282794B202CE9537293A4282
                                          SHA-256:51490B2CC59AFBE5E5B732D05ADD7BF5337B773AC6DE20D13B2CAD7F4075BE4B
                                          SHA-512:FBF9001DBE61AC95010F732CF29374DD4BB63736CD546A8D94FA1DD1EBF2E198011299F322E88641B0F7B0BC2C211B47F4AD1E2990E4DACC5FB2FF68F78E24BC
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.Z.d.d.l.m.Z.....e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.........Z.e.e.f.Z.e.e.f.Z.e.e.e.e.i.Z.d.d...Z.d...Z.y.).z..requests._internal_utils.~~~~~~~~~~~~~~..Provides utility functions that are consumed internally by Requests.which depend on extremely few external helpers (such as compat)......N.....)...builtin_strs....^[^:\s][^:\r\n]*$z.^[^:\s][^:\r\n]*$s....^\S[^\r\n]*$|^$z.^\S[^\r\n]*$|^$c.....................P.....t.........|.t.................r.|.}.|.S.|.j...................|.........}.|.S.).z.Given a string object, regardless of type, returns a representation of. that string in the native string type, encoding and decoding where. necessary. This assumes ASCII unless told otherwise.. )...isinstancer......decode)...string..encoding..outs.... .]C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/requests/_internal_ut

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\adapters.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):21272
                                          Entropy (8bit):5.499010709081522
                                          Encrypted:false
                                          SSDEEP:384:0mo2p/6ufA//8AweLEWjHqc58xaFpuSjWWj0gKh0ntAOJKmJevvGKf2xIxqrs:TR6ZEq6/SyCVrEm4vvv2xIgrs
                                          MD5:DA1DBC3E3334D03A39137030F3DA21F9
                                          SHA1:D5C9FA7FA9890713A4B13B21ECDDADDE8BA6E133
                                          SHA-256:B918E640C24A9520752EA17DABD5957B39502EE39DA0555457EABA2A6A5C1E58
                                          SHA-512:EDCAF3FA9F1EC8509B6781F5FEEF010A3BB816D6C89619DCB5CC68EA95038D7F4A1AC44994C52DB266874425F11EE824824F1A1FAA1C795512BDD495001A69D0
                                          Malicious:false
                                          Preview:...........f.L.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l m!Z!m"Z"..d.d.l#m$Z$..d.d.l%m&Z&m'Z'm.Z.m(Z(m)Z)m*Z*m.Z.m+Z+m,Z,m.Z...d.d.l-m.Z...d.d.l/m0Z0..d.d.l1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8....d.d.l9m:Z:..d.Z<d.Z=d.Z>d.Z?..G.d...d.........Z@..G.d...d.e@........ZAy.#.e;$.r...d...Z:Y..(w.x.Y.w.).z..requests.adapters.~~~~~~~~~~~~~~~~~..This module contains the transport adapters that Requests uses to define.and maintain connections.......N)...ClosedPoolError..ConnectTimeoutError)...HTTPError)...InvalidHeader)...LocationValueError..MaxRetryError..NewConnectionError..ProtocolError)...ProxyError)...ReadTimeoutError..ResponseError)...SSLError)...PoolManager..proxy_from_url)...Timeout)...parse_url)...Retry.....)..._basic_auth_str)...basestring..urlparse)...extract_cookies_to_jar)...ConnectionError..ConnectTimeoutr......

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\api.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7196
                                          Entropy (8bit):5.321243453313373
                                          Encrypted:false
                                          SSDEEP:96:HfTMVXGLluXWC7ZolNAzj8t8ZkvI2gt9GmCleGmwGm4diSA:HrMVXEoZjM8Icule8JSA
                                          MD5:CEFD19AF7570BC44D9A43EDAE9A5FD07
                                          SHA1:FD0581EFB94E3115FCDC2499AA56C71515E3025E
                                          SHA-256:C2D12510E387B25788509C537E499F5838FAFF75C93C2BE6BEC238E2F0D6DE88
                                          SHA-512:12F2168C57D5F1D5D2007D090111B73C74C0DCDF5ED10A883EA0C3C652F52B0B3E3899A007DFF4909E84167657E4BEE88B4D2C12D7F5C05969626360AAA3B576
                                          Malicious:false
                                          Preview:...........f1.........................L.....d.Z.d.d.l.m.Z...d...Z.d.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d...Z.y.).z..requests.api.~~~~~~~~~~~~..This module implements the Requests API...:copyright: (c) 2012 by Kenneth Reitz..:license: Apache2, see LICENSE for more details.......)...sessionsc..........................t.........j...........................5.}...|.j...................d.|.|.d...|.....c.d.d.d...........S.#.1.s.w...Y.....y.x.Y.w.).a....Constructs and sends a :class:`Request <Request>`... :param method: method for the new :class:`Request` object: ``GET``, ``OPTIONS``, ``HEAD``, ``POST``, ``PUT``, ``PATCH``, or ``DELETE``.. :param url: URL for the new :class:`Request` object.. :param params: (optional) Dictionary, list of tuples or bytes to send. in the query string for the :class:`Request`.. :param data: (optional) Dictionary, list of tuples, bytes, or file-like. object to send in the body of the :class:`Request`.. :param json: (optional) A

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\auth.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13915
                                          Entropy (8bit):5.090518478653886
                                          Encrypted:false
                                          SSDEEP:192:TRSX0eHfJ8hH9jwdJssOeFIg+1xIcjn+d1mVqhX:T40eh8PwdJ2lL+frX
                                          MD5:0EE60A1D2B949CA96616AAA742CFD75C
                                          SHA1:27F0F3A0BA508CB2251CC3A336768E6A4A50D592
                                          SHA-256:88C95CB61817D2B868C7C9D5203D65C9F3A1A7A781DC3BE8989A54D5B5F99F24
                                          SHA-512:FEB5316078BEA643289B253EAF35FA2F0F9037977112C559FDC24928983591C40EC32DF19AF941BD59F79EC2048503BCB95232B11F9D10B33E7D5AB98F27EA44
                                          Malicious:false
                                          Preview:...........f.'..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.Z.d...Z...G.d...d.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.y.).z].requests.auth.~~~~~~~~~~~~~..This module contains the authentication handlers for Requests.......N)...b64encode.....)...to_native_string)...basestring..str..urlparse)...extract_cookies_to_jar)...parse_dict_headerz!application/x-www-form-urlencodedz.multipart/form-datac...........................t.........|.t.................s5t.........j...................d.j...................|.........t.....................t.........|.........}.t.........|.t.................s>t.........j...................d.j...................t.........|.................t.....................t.........|.........}.t.........|.t.................r.|.j...................d.........}.t.........|.t.................r.|.j...................d.........}.d.t....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\certs.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):914
                                          Entropy (8bit):5.42671536596259
                                          Encrypted:false
                                          SSDEEP:12:uFSBR/EF1A3Dj4uIy1XfB4A4kvYa4ZkiaWPpnWbaiUS+O++PhctIxKfxDg/:8cEFgbXKAhwa9Fxb/UWh0IxAg
                                          MD5:968F7D86B41F3B39DCD9AADD8EF0502E
                                          SHA1:95DC9C1B14543AFC8278AE50E17A9EF6FF7E389B
                                          SHA-256:7D1D55764A9F104AE127666BBE02CC5FAA8D68B629FFA8A431A7FD7F03726101
                                          SHA-512:D0A9D2F42492689C502A212B85D0F2D43409EF910E931136DBAC8334E2D25D7F2A20C1B50AFC9C949783E3ED1D878BB4577CAAF5384F8CBA08F859D31737BFB2
                                          Malicious:false
                                          Preview:...........f?.........................f.....d.Z.d.d.l.Z.d.e.j...................v.r.d.d.l.m.Z...n.d...Z.e.d.k(..r...e...e...................y.y.).uF....requests.certs.~~~~~~~~~~~~~~..This module returns the preferred default CA certificate bundle. There is.only one . the one from the certifi package...If you are packaging Requests, e.g., for a Linux distribution or a managed.environment, you can change the definition of where() to return a separately.packaged CA bundle.......N.._PIP_STANDALONE_CERT)...wherec.....................(.....t.........j...................d.....S.).Nr....)...os..environ........SC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/requests/certs.pyr....r........s..........z.z..0..1..1r......__main__)...__doc__r....r......pip._vendor.certifir......__name__..printr....r....r......<module>r........s;.............................+..)....2......z.......%.'.N.....r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\compat.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1499
                                          Entropy (8bit):5.763525488740409
                                          Encrypted:false
                                          SSDEEP:24:fSuCXn4/9NJ4WQGX0yyOMmyRFxFWzlKjPggN5LByZGSqucf8ZKt5ZiQb/UJt1o/H:fRt+GXHyOLyRolcPV5SnZ2kXFovn
                                          MD5:8DE8153AEAD110B60D9C211BC0BD13BB
                                          SHA1:6149690B7FADCC657252AC8A07A06E520637BF73
                                          SHA-256:7615458566EC127AA043065C44A4AFB925CFE2A19327E13355FB322A47D61861
                                          SHA-512:36CC172564D241AC43952725065430853217B0E5DBFF55712DB95AEF7B2D242DB343533E3913F8803D847E020716E166B4E7E78CAFF94995DE7DC0F92D571C33
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.d.l.m.Z...d.d.l.Z.e.j...................Z.e.d.....d.k(..Z.e.d.....d.k(..Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!..d.d.l"m#Z#m$Z$m%Z%m&Z&m'Z'..e(Z)e(Z(e*Z*e(e*f.Z+e,e-f.Z.e,f.Z/y.).z..requests.compat.~~~~~~~~~~~~~~~..This module previously handled import compatibility issues.between Python 2 and Python 3. It remains for backwards.compatibility until the next major version.......)...chardetN..........)...JSONDecodeError)...OrderedDict)...Callable..Mapping..MutableMapping)...cookiejar)...Morsel)...StringIO)...quote..quote_plus..unquote..unquote_plus..urldefrag..urlencode..urljoin..urlparse..urlsplit..urlunparse)...getproxies..getproxies_environment..parse_http_list..proxy_bypass..proxy_bypass_environment)0..__doc__..pip._vendorr......sys..version_info.._ver..is_py2..is_py3..jsonr......collectionsr......collections.abcr....r....r......httpr......

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\cookies.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):25238
                                          Entropy (8bit):5.285060842073198
                                          Encrypted:false
                                          SSDEEP:384:9yjXZ01tNokJwiVMqewgZRApHzAL+sqawtcXFczgn+PloRgMCdoaF:9ylkcqeFapH8nYa+dogXr
                                          MD5:9D34D830A73C93D0CFBAA2EE57BEC01A
                                          SHA1:6C306DB9209608162EB0CAFC808FF4C82CCE3C5F
                                          SHA-256:D7D7F02D655264B3F81836B3D55E178540F12F51248F6C35E954D6775D7BBD45
                                          SHA-512:2C921FF15E8B38F31151719CB21AB3860FC6915ECF3AB10ED5D73E6E2EBFC4625D6848F3AF24BBD3176FF5A407C2BB0989A357149A1DE1F275A838285963A306
                                          Malicious:false
                                          Preview:...........f.H..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.....d.d.l.Z...G.d...d.........Z...G.d...d.........Z.d...Z.d...Z.d.d...Z...G.d...d.e.........Z...G.d...d.e.j,..................e.........Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.y.#.e.$.r...d.d.l.Z.Y..[w.x.Y.w.).z..requests.cookies.~~~~~~~~~~~~~~~~..Compatibility code to be able to use `cookielib.CookieJar` with requests...requests.utils imports from here, so be careful with imports.......N.....)...to_native_string)...Morsel..MutableMapping..cookielib..urlparse..urlunparsec..........................e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d.d...Z.d...Z.d...Z.d...Z.e.d...........Z.e.d...........Z.e.d...........Z.y.)...MockRequesta....Wraps a `requests.Request` to mimic a `urllib2.Request`... The code in `cookielib.CookieJar` expects this interface in order to correctly. manage cookie policies, i.e., determine whether a cookie can be set, given the. domains of the

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\exceptions.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7039
                                          Entropy (8bit):5.0368565014725775
                                          Encrypted:false
                                          SSDEEP:96:xN/PGOd92PKIlQkoXH7gYfTz7DSh72rpzbIq4fvqo9bvWuKxCRpp:/PGO1IlQPvTr6q4fSqvWupRpp
                                          MD5:60C17391D79F19A8BF3DFB50583145BD
                                          SHA1:B76CF8A0BC07B38ABADE4B2A68D68D26889939E1
                                          SHA-256:35C3924EA3F95C427F1F9EDEAB3E576E6BFF3620913579671B71385976B8C45A
                                          SHA-512:3546394BB898A145D2998E1235DA3FB511228191A785DD315BB90FB4231992C20D63DC07DD9719941D77ED813EAE625B9407579C2C8ED86EA22940F84CDA768A
                                          Malicious:false
                                          Preview:...........f..........................X.....d.Z.d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.e.........Z...G.d...d e.e.........Z...G.d!..d"e.e.........Z...G.d#..d$e.e.........Z...G.d%..d&e.........Z...G.d'..d(e.........Z...G.d)..d*e.e.........Z...G.d+..d,e.e.........Z...G.d-..d.e.........Z...G.d/..d0e.........Z...G.d1..d2e.........Z...G.d3..d4e.e ........Z!..G.d5..d6e.........Z"y7)8z`.requests.exceptions.~~~~~~~~~~~~~~~~~~~..This module contains the set of Requests' exceptions.......)...HTTPError.....)...JSONDecodeErrorc.....................".......e.Z.d.Z.d.Z...f.d...Z...x.Z.S.)...RequestExceptionzTThere was an ambiguous exception that occurred while handling your. request.. c.............................|.j.................

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\help.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4304
                                          Entropy (8bit):5.48264383047669
                                          Encrypted:false
                                          SSDEEP:96:gEbBGcYMh2QDBYerRxgXs9khTpguSr69HsPaBu67dfS:UckQ3xoKkN1uGK
                                          MD5:BF65BF423D6030F3DC06D2B419A63012
                                          SHA1:E50A68EF0ABBA282D88A2B48B32A7B099CF9A6D0
                                          SHA-256:CC82CA8C8C8C2B8370971185EEF6BDD6A8CF3E8DB2BEE2F2E477E64B9699D184
                                          SHA-512:56E874AA2F6C3FD63224959F58028309202181F76061C32B6B97DB110FD4C3CF4FA560C23A4480F0912ABF0A3B9FE8615386F7651F440AB58CD19A6D53F620C0
                                          Malicious:false
                                          Preview:...........f'...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z...d.d.l.m.Z.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d...Z.d...Z.d...Z.e.d.k(..r...e...........y.y.#.e.$.r...d.Z.Y../w.x.Y.w.#.e.$.r...d.Z.d.Z.d.Z.Y..1w.x.Y.w.).z'Module containing bug report helper(s)......N)...idna)...urllib3.....)...__version__)...chardet)...pyopensslc.....................&.....t.........j...........................}.|.d.k(..r.t.........j...........................}.n.|.d.k(..r.d.j...................t.........j...................j...................t.........j...................j...................t.........j...................j...........................}.t.........j...................j...................d.k7..rbd.j...................|.t.........j...................j...................g.........}.n6|.d.k(..r.t.........j...........................}.n.|.d.k(..r.t.........j...........................}.n.d.}.|.|.d...S.).a....Return a dict with the Python imple

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\hooks.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1044
                                          Entropy (8bit):5.681734789854953
                                          Encrypted:false
                                          SSDEEP:24:3n2x1qlJ5pMUqTDPOp9rb/xvn2yHUR9SUuZ3P1qlndA10:3JRyDPOp7TC9Pi3PI60
                                          MD5:EC8AB3E9991D80E417D91E7F4CBFC4A5
                                          SHA1:470A089A6A3B01FB75DC59AFE3B480A15032191D
                                          SHA-256:E5A326B48691407DC81ACC573D18ED33857B85C766FCA179C652A4740DD6693A
                                          SHA-512:D22B2520B72197341D0F58F6D35368899499178D26655E005C9398D59600603D49A7D7ED0AA08D15B6BAEAB31E80703A9FDF94F31BC4020ED39DCA769F46FCCA
                                          Malicious:false
                                          Preview:...........f................................d.Z.d.g.Z.d...Z.d...Z.y.).z..requests.hooks.~~~~~~~~~~~~~~..This module provides the capabilities for the Requests hooks system...Available hooks:..``response``:. The response generated from a Request....responsec.....................6.....t.........D...c.i.c.]...}.|.g.......c.}.S.c...c.}.w.).N)...HOOKS)...events.... .SC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/requests/hooks.py..default_hooksr........s.......#(..).%.E.2.I..)..)...)s........c..........................|.x.s...i.}.|.j...................|.........}.|.r$t.........|.d.........r.|.g.}.|.D.]...}...|.|.f.i.|.....}.|.....|.}.....|.S.).z6Dispatches a hook dictionary on a given piece of data...__call__)...get..hasattr)...key..hooks..hook_data..kwargs..hook.._hook_datas.... r......dispatch_hookr........s].........K.R.E....I.I.c.N.E.......5.*..%....G.E.......'.D....i..2.6..2.J.....%..&......'.............N)...__doc__r....r....r......r....r......<module>r...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\models.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):35440
                                          Entropy (8bit):5.413207115193588
                                          Encrypted:false
                                          SSDEEP:768:0dDjmg+zGuMasmUcyp8h4iFjD9RaaP6UAdAEOcB0nKypUgQHnI7PXoCVdHOp8GX:0xZ0pFUcJDFjDvaaPodAW6oX
                                          MD5:DB9CEF3CF3438627D01FF1BEFEA10E90
                                          SHA1:E9C1DE7EEBF73053DE8472D20566721A8292CC86
                                          SHA-256:B5DF3E21A05FD5F74301200FA913DA976D69DD21EDDABF35B717CC99A46E8447
                                          SHA-512:622368257B73ED8CE57344220737A104668452CC9159240087199C119D7789435E80CD9B76A021531EA8D7CDFC957D45A76FC9EF69EC0B7F30976A58E34A4101
                                          Malicious:false
                                          Preview:...........f.........................d.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z ..d.d.l.m!Z!m"Z"m#Z#..d.d.l$m%Z%m&Z&m'Z'..d.d.l(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z...d.d.l(m.Z/..d.d.l(m0Z0..d.d.l(m.Z1..d.d.l(m2Z2..d.d.l3m4Z4..d.d.l5m6Z6..d.d.l7m8Z8..d.d.l9m:Z:m;Z;m<Z<m=Z=m>Z>m?Z?m@Z@mAZAmBZBmCZC..e6j...................e6j...................e6j...................e6j...................e6j...................f.ZId.ZJd.ZKd.ZL..G.d...d.........ZM..G.d...d.........ZN..G.d...d eN........ZO..G.d!..d"eMeN........ZP..G.d#..d$........ZQy.)%z`.requests.models.~~~~~~~~~~~~~~~..This module contains the primary objects that power Requests.......N)...UnsupportedOperation)...DecodeError..LocationParseError..ProtocolError..ReadTimeoutError..SSLError)...RequestField)...encode_multipart_formdata)...parse_url.....)...to_native_string..unicode_is_ascii)...HTTPBasicAuth)...Callable..JSONDe

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\packages.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):764
                                          Entropy (8bit):5.562864099492965
                                          Encrypted:false
                                          SSDEEP:12:rnaBdqNplAsA+AJf6pxAFE3zBifqI0iQA4EWbaiPlF2a7kCZ0nWWKD:rUqN0o2FWzEfz41b/dFz7kM0WWKD
                                          MD5:BBA387F3563A388BA62B1A123C9D0B0D
                                          SHA1:C573A071095E60C51F1335674ED732B7E6D53790
                                          SHA-256:8F519AA4F6C6AFDDAFAEDBE2FFC3C9C20047477F798B18DD4CF0FF0F7CEB96E5
                                          SHA-512:F23B62F5C46C7000F503AC43968BC264F2C5AD3FF6E71963153DEA43612272373BF0BDFB24CB391A5E386E86A873C3063166710CA3DB402BB2E51BA39D2E68E4
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.D.]r..Z.d.e.z...Z...e.e...........e.........e.<.....e.e.j...........................D.]F..Z.e.e.k(..s.e.j...................e.d.z...........s...e...e.d.........d...Z.e.j...................e.....e.j...................d.e.z...<....H...t..y.)......N)...urllib3..idna..chardetz.pip._vendor....z.pip._vendor.requests.packages.)...sys..package..vendored_package..__import__..locals..list..modules..mod..startswith..len..unprefixed_mod........VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/requests/packages.py..<module>r........s.....................^..G..%..../.....".#3..4.F.H.W.........C.K.K.. ....^........"..".c.n.n.5E...5K.&L.. ...^.!4.!5..6.N.MP.[.[.Y\.M].C.K.K..8.>..I..J....^.....^.r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\sessions.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):27749
                                          Entropy (8bit):5.397783600912696
                                          Encrypted:false
                                          SSDEEP:384:HuKLnmlx5Mb4r6kVCLLzdRSeCZV3K2U29LLK7KAVUVLvAGqmOAtaBkfgNmw/spS:HrLgw4B2JEptK2U29/K74LzOAQl/sE
                                          MD5:BC51DA4F684EAF24E87FEB367D73BFB0
                                          SHA1:510EE93D86CFD7BB239E41DC4062D525458C68E6
                                          SHA-256:4A89A0E383C014FFF3E6256AE58F079642096B10B3F485C7E9A7FC6C418EFE6F
                                          SHA-512:748EDC5DFD19912918367D6D580DE78DD506598DB08AED58FF2B5A7EB62D47F910B51BCCEDE5E8D62091E807705E735635C783D2916C60BBBF1D39D4736ABF94
                                          Malicious:false
                                          Preview:...........f.v.............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l m!Z!m"Z"m#Z#m$Z$..d.d.l%m&Z&..d.d.l'm(Z(..d.d.l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3..e.jh..................d.k(..r.e.jj..................Z6n.e.j...................Z6e.f.d...Z7e.f.d...Z8..G.d...d.........Z9..G.d...d.e9........Z:d...Z;y.).z..requests.sessions.~~~~~~~~~~~~~~~~~..This module provides a Session object to manage and persist settings across.requests (cookies, auth, proxies).......N)...OrderedDict)...timedelta.....)...to_native_string)...HTTPAdapter)..._basic_auth_str)...Mapping..cookielib..urljoin..urlparse)...RequestsCookieJar..cookiejar_from_dict..extract_cookies_to_jar..merge_cookies)...ChunkedEncodingError..ContentDecodingError..InvalidSchema..TooManyRedirects)...default_hooks..dispatch_hook)...DEFAULT_REDIRECT_LIMIT..REDIRECT_STATI..PreparedReq

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\status_codes.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5951
                                          Entropy (8bit):5.826812974240227
                                          Encrypted:false
                                          SSDEEP:96:M+vEE3uQaXQ/cMZI3SUpWBD7iC/U6+VdlhdHTtX94F0fpkLq2PrWv4x:MWn3uKFICFBXiAqlh9R00frO8q
                                          MD5:6B4BA8AD713C9E4E302526BF5DC3FB17
                                          SHA1:D12CA590E664F24CEBD159A92A46057DC0509A6B
                                          SHA-256:9E2E0C7701404A0276A693F06367732E5E0A2E628C55E386AFF34715D1BCFDFF
                                          SHA-512:5D24069620C02AADC0FA09A02681FE04A8E8225A49A64A9F8838FE81DA4054693AF6A0C4EEC4B651F49C4CFD630866737C3D347A7BF7E9E036164644954B551F
                                          Malicious:false
                                          Preview:...........f................................d.a.d.d.l.m.Z...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d ..d!d"..d#d$..i.d%d&..d'd(..d)d*..d+d,..d-d...d/d0..d1d2..d3d4..d5d6..d7d8..d9d:..d;d<..d=d>..d?d@..dAdB..dCdD..dEdF....i.dGdH..dIdJ..dKdL..dMdN..dOdP..dQdR..dSdT..dUdV..dWdX..dYdZ..d[d\..d]d^..d_d`..dadb..dcdd..dedf..dgdh....i.didj..dkdl..dmdn..dodp..dqdr..dsdt..dudv..dwdx..dydz..d{d|..d}d~..d.d...d.d...d.d...d.d...d.d...d.d.....Z...e.d...........Z.d...Z...e...........y.).a.....The ``codes`` object defines a mapping from common names for HTTP statuses.to their numerical codes, accessible either as attributes or as dictionary.items...Example::.. >>> import requests. >>> requests.codes['temporary_redirect']. 307. >>> requests.codes.teapot. 418. >>> requests.codes['\o/']. 200..Some codes have multiple names, and both upper- and lower-case versions of.the names are allowed. For example, ``codes.ok``, ``codes.OK``, and.``

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\structures.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5609
                                          Entropy (8bit):5.149661947132146
                                          Encrypted:false
                                          SSDEEP:96:A1jg0JgabXXnRqiARZhlEgOFZmzuUNN/PVxA:ARg0JrbXXnXIfxO3mXrk
                                          MD5:52BF5ACD2F910D54C87ADC42495EC3B1
                                          SHA1:D17E5F75266BE4C9EE0F11073F3E01BFBE4AB2F8
                                          SHA-256:17CE79CF8DFF24CB1ADD62B96F076A9369C6AA05E1DF3FA49F4BFF1BC85A42F2
                                          SHA-512:7B69B1F7628E993D9FADCFA357390888758FA4C0630D488DF9E0D542791E81BED470BCFF75641D600148527344300426BBDD535832E2AA0A2AB8A6FF2A366194
                                          Malicious:false
                                          Preview:...........f`.........................P.....d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.....G.d...d.e.........Z...G.d...d.e.........Z.y.).zO.requests.structures.~~~~~~~~~~~~~~~~~~~..Data structures that power Requests.......)...OrderedDict.....)...Mapping..MutableMappingc.....................N.....e.Z.d.Z.d.Z.d.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.)...CaseInsensitiveDicta....A case-insensitive ``dict``-like object... Implements all methods and operations of. ``MutableMapping`` as well as dict's ``copy``. Also. provides ``lower_items``... All keys are expected to be strings. The structure remembers the. case of the last key to be set, and ``iter(instance)``,. ``keys()``, ``items()``, ``iterkeys()``, and ``iteritems()``. will contain case-sensitive keys. However, querying and contains. testing is case insensitive::.. cid = CaseInsensitiveDict(). cid['Accept'] = 'application/json'. cid['aCCEPT'] == 'application/json' # True.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__pycache__\utils.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):36261
                                          Entropy (8bit):5.562778500238063
                                          Encrypted:false
                                          SSDEEP:768:xqkg2CM20kK4w6aQCzydwmbuGhTH32dpEWEEzyso5V3s:x31CYkJa4dHuGhTHGdnEEzyss8
                                          MD5:B5C157E30757F2D6BA6DDE33BEFE7A33
                                          SHA1:8592217CD05DF63C3D0FDB4671622493D66382E3
                                          SHA-256:AEE58D5FAB48795E7DCCC9627A48FD23F6EBA500FD51C1648E825DF602E4BFE3
                                          SHA-512:A080567E538C55B24EF28992D73FA1BC33F5C856028D0623E768B196FD5B44CE66BFD0897B454FA269EDBCC2C0267258F610DF17C041A9D33CACA502B77EC4F3
                                          Malicious:false
                                          Preview:...........f..........................Z.....d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m Z!..d.d.l.m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,m-Z-m.Z.m/Z/..d.d.l0m1Z1..d.Z2..e.jf..........................Z4d.d.d...Z5d.jm....................e.jn..................d...e.d...........d.....................Z8e.jr..................d.k(..r.d...Z:d...Z"d...Z;d...Z<dHd...Z=d...Z>d...Z?e.j...................d ..........ZAd!..ZBd"..ZCd#..ZDd$..ZEdHd%..ZFd&..ZGd'..ZHd(..ZId)..ZJd*..ZKd+..ZLd,..ZMd-..ZN..eOd.........ZPd/..ZQd0..ZRd1..ZSd2..ZTd3..ZUd4..ZVe.j...................d5..........ZWd6..ZXdId7..ZYd8..ZZdJd9..Z[dKd:..Z\d;..Z]d<..Z^d=j...................d>........Z`e`d?z...Zae`d@z...ZbdA..ZcdB..ZddC..ZedD..ZfdE..ZgdF..ZhdG..Ziy.)Lz..requests.utils.~~~~~~~~~~~~~~..This module provides utility functions that are used within Requ

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\__version__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):435
                                          Entropy (8bit):4.92644594167572
                                          Encrypted:false
                                          SSDEEP:12:PbfvK6kUFu7/svcTMIxSu6AbzuEFhtRH3RX0T:Tfvqcq/svcxSu6AvbRH3RX0T
                                          MD5:6393CB210C95B7321847C97FB29F37AD
                                          SHA1:98551B7B5437E725ED4ED631DC9C448B0432FFCD
                                          SHA-256:B2C237133B7B3DAC6090E5B8E4686DC0F51C968FD23BFCA0B489B803BE0839FC
                                          SHA-512:D45127407718FC33767B28ADD44604360E432264CCB88AF8BFF19C9A1457331FDB76910A7F698BDFF822769A863DB442CA7066631E9D2651AEB5547FE20F7F77
                                          Malicious:false
                                          Preview:# .-. .-. .-. . . .-. .-. .-. .-..# |( |- |.| | | |- `-. | `-..# ' ' `-' `-`.`-' `-' `-' ' `-'..__title__ = "requests".__description__ = "Python HTTP for Humans.".__url__ = "https://requests.readthedocs.io".__version__ = "2.31.0".__build__ = 0x023100.__author__ = "Kenneth Reitz".__author_email__ = "me@kennethreitz.org".__license__ = "Apache 2.0".__copyright__ = "Copyright Kenneth Reitz".__cake__ = "\u2728 \U0001f370 \u2728".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\_internal_utils.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1495
                                          Entropy (8bit):5.15366805062305
                                          Encrypted:false
                                          SSDEEP:24:+fmQURGWIgQiMhTzcnsIarYO09+gioikIxFYIhARWr1OlX4N8oQdYvf8P:ImpGWf0zcnXarYOSCRhvr1OlX4NlQ88P
                                          MD5:9DFFF48651AD4C1CD36B1229E869D749
                                          SHA1:83A8612A7FE67477B5D61A8C4358D22D5B099F7E
                                          SHA-256:9CC4329ABE21B37D93A95A3901B0AB99C24486F3D487BC57965BB2AB0B252E24
                                          SHA-512:8BC4699BFFE4B41B11FF43EEF9CF33B668127DB9F58D8DB0EA6105150B01C7472E2CF6E834A0F45133F33AF9A54AEBE3B1399EDE383109D7D01F59455DB61001
                                          Malicious:false
                                          Preview:""".requests._internal_utils.~~~~~~~~~~~~~~..Provides utility functions that are consumed internally by Requests.which depend on extremely few external helpers (such as compat).""".import re..from .compat import builtin_str.._VALID_HEADER_NAME_RE_BYTE = re.compile(rb"^[^:\s][^:\r\n]*$")._VALID_HEADER_NAME_RE_STR = re.compile(r"^[^:\s][^:\r\n]*$")._VALID_HEADER_VALUE_RE_BYTE = re.compile(rb"^\S[^\r\n]*$|^$")._VALID_HEADER_VALUE_RE_STR = re.compile(r"^\S[^\r\n]*$|^$").._HEADER_VALIDATORS_STR = (_VALID_HEADER_NAME_RE_STR, _VALID_HEADER_VALUE_RE_STR)._HEADER_VALIDATORS_BYTE = (_VALID_HEADER_NAME_RE_BYTE, _VALID_HEADER_VALUE_RE_BYTE).HEADER_VALIDATORS = {. bytes: _HEADER_VALIDATORS_BYTE,. str: _HEADER_VALIDATORS_STR,.}...def to_native_string(string, encoding="ascii"):. """Given a string object, regardless of type, returns a representation of. that string in the native string type, encoding and decoding where. necessary. This assumes ASCII unless told otherwise.. """. if

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\adapters.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):19697
                                          Entropy (8bit):4.481896758913148
                                          Encrypted:false
                                          SSDEEP:384:CmaK41rfA73TObWjr89828eaCYWjRhqnnJ8vKF8eXRuxCAiO:oLta3iqVxCuCvKF8eXRuxCAiO
                                          MD5:FD51D2017E40F065FFC096C1EA4529EF
                                          SHA1:A8044515493C0E34203EB9F820A6341B33BDE89A
                                          SHA-256:89D8FA7197087772F9C4D35E27B89E38BB70DDAC0993903AE3151F7AD1F0AB73
                                          SHA-512:A0D354859B6FAF64225D6CD75BC468FDA6D64BBFC564147D725D1A6A2379AB4E314D004FDA49F7A7C138A633D94651EA582621A5529BC5F74F96C5A13B2E1517
                                          Malicious:false
                                          Preview:""".requests.adapters.~~~~~~~~~~~~~~~~~..This module contains the transport adapters that Requests uses to define.and maintain connections.."""..import os.path.import socket # noqa: F401..from pip._vendor.urllib3.exceptions import ClosedPoolError, ConnectTimeoutError.from pip._vendor.urllib3.exceptions import HTTPError as _HTTPError.from pip._vendor.urllib3.exceptions import InvalidHeader as _InvalidHeader.from pip._vendor.urllib3.exceptions import (. LocationValueError,. MaxRetryError,. NewConnectionError,. ProtocolError,.).from pip._vendor.urllib3.exceptions import ProxyError as _ProxyError.from pip._vendor.urllib3.exceptions import ReadTimeoutError, ResponseError.from pip._vendor.urllib3.exceptions import SSLError as _SSLError.from pip._vendor.urllib3.poolmanager import PoolManager, proxy_from_url.from pip._vendor.urllib3.util import Timeout as TimeoutSauce.from pip._vendor.urllib3.util import parse_url.from pip._vendor.urllib3.util.retry import Retry..from .auth import

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\api.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6449
                                          Entropy (8bit):4.805063878988985
                                          Encrypted:false
                                          SSDEEP:96:FfmGLluXWC7ZolNAzj8t8l8DQNQmsh4UiGmQb1UAGmQxSUDGmQTQj:FuEoZjM8SkSBKx0b1P0xSc0Uj
                                          MD5:2788B72CC0F3D6392C126F7A78C76B26
                                          SHA1:783D802BE4E0EF6483063A3043C0413C201A64C4
                                          SHA-256:ABAD71717AB8B668889ABBDC4952D36C5C82883D85F8BFFE8562866F3E32F2F8
                                          SHA-512:44749F4DDE702DE352318E50F90B8DE48A29C2A878657FAD29A6C758BC78341ECBA4FC2DC86D882C57141CA03D304C8746833D1B3A6F8A05D7FB9ED797A2C81A
                                          Malicious:false
                                          Preview:""".requests.api.~~~~~~~~~~~~..This module implements the Requests API...:copyright: (c) 2012 by Kenneth Reitz..:license: Apache2, see LICENSE for more details.."""..from . import sessions...def request(method, url, **kwargs):. """Constructs and sends a :class:`Request <Request>`... :param method: method for the new :class:`Request` object: ``GET``, ``OPTIONS``, ``HEAD``, ``POST``, ``PUT``, ``PATCH``, or ``DELETE``.. :param url: URL for the new :class:`Request` object.. :param params: (optional) Dictionary, list of tuples or bytes to send. in the query string for the :class:`Request`.. :param data: (optional) Dictionary, list of tuples, bytes, or file-like. object to send in the body of the :class:`Request`.. :param json: (optional) A JSON serializable Python object to send in the body of the :class:`Request`.. :param headers: (optional) Dictionary of HTTP Headers to send with the :class:`Request`.. :param cookies: (optional) Dict or CookieJar obje

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\auth.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):10187
                                          Entropy (8bit):4.530751757170063
                                          Encrypted:false
                                          SSDEEP:192:zVDpNQFSzkbBr/Pwrbp61OsAZnA6Mkd8x91u+9PwX:hT2SIV/AinAZnAPkd8x9D9K
                                          MD5:F9967D6B03B8B2B12D7832A56077BF7E
                                          SHA1:4E2A84BC60A655EF478C78ADBC6B43FAE762AF9F
                                          SHA-256:87E1CB955C7D8FCACA57985F480C9C3F60293928254F3EFB474B73EEA09B6C41
                                          SHA-512:C1DBB2E64518D327F32F7AD2C1176654CA394AA54D1D625BC26DBE10F47C161F31272ABEFE6B794F68B3F309A7DA1CF43D9ED275BDD5484AF6AE1AD42722167F
                                          Malicious:false
                                          Preview:""".requests.auth.~~~~~~~~~~~~~..This module contains the authentication handlers for Requests.."""..import hashlib.import os.import re.import threading.import time.import warnings.from base64 import b64encode..from ._internal_utils import to_native_string.from .compat import basestring, str, urlparse.from .cookies import extract_cookies_to_jar.from .utils import parse_dict_header..CONTENT_TYPE_FORM_URLENCODED = "application/x-www-form-urlencoded".CONTENT_TYPE_MULTI_PART = "multipart/form-data"...def _basic_auth_str(username, password):. """Returns a Basic Auth string.""".. # "I want us to put a big-ol' comment on top of it that. # says that this behaviour is dumb but we need to preserve. # it because people are relying on it.". # - Lukasa. #. # These are here solely to maintain backwards compatibility. # for things like ints. This will be removed in 3.0.0.. if not isinstance(username, basestring):. warnings.warn(. "Non-string usernames w

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\certs.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):575
                                          Entropy (8bit):4.934421807547222
                                          Encrypted:false
                                          SSDEEP:12:Hj1A3Dj4uIy1XfB4A4kvYa4ZkfR+E8rC0QhKbW2pHhu:DgbXKAhwa9fD8YKHpE
                                          MD5:9479D3B9C5E5AAF2F1B5DF8D71938126
                                          SHA1:75406468389902A6D906E6E516A00485D171D33B
                                          SHA-256:3D53E8A01D233F986464450B482C02D3BE39DF65056D1D8FB60BB4239CF0982B
                                          SHA-512:6EF471A5F76B16E0AD22685D51EE3D64D6BB7DFDB4397D8A1825521BB977BC4C181ECFE000805E04B49A0B4BA99123E0C1C8217727D56C6DA6E45C2B8F2EA183
                                          Malicious:false
                                          Preview:#!/usr/bin/env python..""".requests.certs.~~~~~~~~~~~~~~..This module returns the preferred default CA certificate bundle. There is.only one . the one from the certifi package...If you are packaging Requests, e.g., for a Linux distribution or a managed.environment, you can change the definition of where() to return a separately.packaged CA bundle.."""..import os..if "_PIP_STANDALONE_CERT" not in os.environ:. from pip._vendor.certifi import where.else:. def where():. return os.environ["_PIP_STANDALONE_CERT"]..if __name__ == "__main__":. print(where()).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\compat.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1286
                                          Entropy (8bit):4.8500973853032345
                                          Encrypted:false
                                          SSDEEP:24:+QGX0yyOMmyRFIdUpWBNXirhl06ralDJRqE9AyKQbxAqM5qKwN8tZ9VU7dgxa:DGXHyOLyRnkNXiX7SDJRqDyTK3Vw6lw
                                          MD5:48EC2C859E45459FA18019C1DAE15C49
                                          SHA1:DE2DC8F513051C4F6D9A93D6BE4D33C4D65B3E40
                                          SHA-256:2212BDAAEC97D1146E59335C83A7762464803946CCEA6CA6DA9FF65E32D3C1FE
                                          SHA-512:6BD847D7BD17C5C6A6D1532D767F7FF105EA18A1E4C222422EA9ADC8119565240787B0D9669F3278A96BC851462E09D41CD3F1401030E301757DB4B1AFE9907E
                                          Malicious:false
                                          Preview:""".requests.compat.~~~~~~~~~~~~~~~..This module previously handled import compatibility issues.between Python 2 and Python 3. It remains for backwards.compatibility until the next major version.."""..from pip._vendor import chardet..import sys..# -------.# Pythons.# -------..# Syntax sugar.._ver = sys.version_info..#: Python 2.x?.is_py2 = _ver[0] == 2..#: Python 3.x?.is_py3 = _ver[0] == 3..# Note: We've patched out simplejson support in pip because it prevents.# upgrading simplejson on Windows..import json.from json import JSONDecodeError..# Keep OrderedDict for backwards compatibility..from collections import OrderedDict.from collections.abc import Callable, Mapping, MutableMapping.from http import cookiejar as cookielib.from http.cookies import Morsel.from io import StringIO..# --------------.# Legacy Imports.# --------------.from urllib.parse import (. quote,. quote_plus,. unquote,. unquote_plus,. urldefrag,. urlencode,. urljoin,. urlparse,. urlspli

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\cookies.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):18560
                                          Entropy (8bit):4.4459231058062745
                                          Encrypted:false
                                          SSDEEP:192:u2XABMUj5PLeaZcA8Jq20Fe6Jo0K8afO+50LfckHMGWjki0pAyEFEHQj:XXAAyAkceoYTQapv6Ea
                                          MD5:91B27FBF8D78D53BDB214E1E693B7182
                                          SHA1:0AF89877E7653CE1474E49032E615BD1E2DBC3FA
                                          SHA-256:903DE43447028FE9B16ED7F97C9B12693F3A786A046290F75F4092829CE5EC13
                                          SHA-512:B5B461401EC28AD2B7E7867DB819FBC1FACF8366A47855583F565B1174904D008AFB64604B1265EF0EEB60B7BE8623BD7D59C6E76C525927EC9E1158794B306D
                                          Malicious:false
                                          Preview:""".requests.cookies.~~~~~~~~~~~~~~~~..Compatibility code to be able to use `cookielib.CookieJar` with requests...requests.utils imports from here, so be careful with imports.."""..import calendar.import copy.import time..from ._internal_utils import to_native_string.from .compat import Morsel, MutableMapping, cookielib, urlparse, urlunparse..try:. import threading.except ImportError:. import dummy_threading as threading...class MockRequest:. """Wraps a `requests.Request` to mimic a `urllib2.Request`... The code in `cookielib.CookieJar` expects this interface in order to correctly. manage cookie policies, i.e., determine whether a cookie can be set, given the. domains of the request and the cookie... The original request object is read-only. The client is responsible for collecting. the new headers via `get_new_headers()` and interpreting them appropriately. You. probably want `get_cookie_header`, defined below.. """.. def __init__(self, request):.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\exceptions.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3823
                                          Entropy (8bit):4.819029564720729
                                          Encrypted:false
                                          SSDEEP:96:Yn8BlK2uscIbE2iYoSjfUv5/5hdyioDgjolUvAN:N0IZsUEnIN
                                          MD5:312E2F6438F6F53662F4CA81C2BEEFDC
                                          SHA1:1308F42F9E65C10816A1946F6C7B5C692CCA37B2
                                          SHA-256:140FBF915C016768E15DAB9172D37F7B01D52B6E5BF9F8F4033CB3D531D0D0A9
                                          SHA-512:8F7953C4A6DA2CF3876D319B4B36ED350902DFC1ED607AC5692BA673478C93847D3C52762EDD3DA09944C98B81EE9E595FE9745EF55792C60816BADEC925A6F1
                                          Malicious:false
                                          Preview:""".requests.exceptions.~~~~~~~~~~~~~~~~~~~..This module contains the set of Requests' exceptions..""".from pip._vendor.urllib3.exceptions import HTTPError as BaseHTTPError..from .compat import JSONDecodeError as CompatJSONDecodeError...class RequestException(IOError):. """There was an ambiguous exception that occurred while handling your. request.. """.. def __init__(self, *args, **kwargs):. """Initialize RequestException with `request` and `response` objects.""". response = kwargs.pop("response", None). self.response = response. self.request = kwargs.pop("request", None). if response is not None and not self.request and hasattr(response, "request"):. self.request = self.response.request. super().__init__(*args, **kwargs)...class InvalidJSONError(RequestException):. """A JSON error occurred."""...class JSONDecodeError(InvalidJSONError, CompatJSONDecodeError):. """Couldn't decode the text into json""".. def __ini

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\help.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3879
                                          Entropy (8bit):4.5792307059613
                                          Encrypted:false
                                          SSDEEP:96:fk7TDYMh2QDBYerRxG3fwf7W149geOWhhrewSMOUFEWGI3Iongi:fkTkQ3wYfq1MOWPrl1Iingi
                                          MD5:225866FA63EA4FBEA8EF2DB9ABD52163
                                          SHA1:CDAB1CA78B150D4CB91C453900E4CBB2B00516AD
                                          SHA-256:167000925BFC3069BFA9BD948A50D0812EA5D1C52DB620852948F1D339F65CD0
                                          SHA-512:765D3EFCD2F1C1EB303DB76E2743F8BBE9FC20E791197A0A39B18343C4B5FB52DD3874E0B7F18A6C14335657BD0BCE17E9E70D0208B7C0638DCF474A8AA6EB59
                                          Malicious:false
                                          Preview:"""Module containing bug report helper(s)."""..import json.import platform.import ssl.import sys..from pip._vendor import idna.from pip._vendor import urllib3..from . import __version__ as requests_version..charset_normalizer = None..try:. from pip._vendor import chardet.except ImportError:. chardet = None..try:. from pip._vendor.urllib3.contrib import pyopenssl.except ImportError:. pyopenssl = None. OpenSSL = None. cryptography = None.else:. import cryptography. import OpenSSL...def _implementation():. """Return a dict with the Python implementation and version... Provide both the name and the version of the Python implementation. currently running. For example, on CPython 3.10.3 it will return. {'name': 'CPython', 'version': '3.10.3'}... This function works best on CPython and PyPy: in particular, it probably. doesn't work for Jython or IronPython. Future investigation should be done. to work out the correct shape of the code for those pla

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\hooks.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):733
                                          Entropy (8bit):4.520976235953487
                                          Encrypted:false
                                          SSDEEP:12:+x1p4IoWy5pMUqTgEA12TnbxawBCFfy6nu6faadxBIYKzYnhDXrY:+x1qlJ5pMUqTg7wCZy6nu6bBIYHBY
                                          MD5:94EB29001B47E2886C00D1E201B8733D
                                          SHA1:6C2AEBE642D6471E70534C45E039DF709B23435D
                                          SHA-256:0A2BB2B221C0DFD57951F702057148C7CDC8AC3A6EC1F37D45C4D482FDBC7ED4
                                          SHA-512:15F9F577F2A490427BCFFCA5C217CB8D544431391942264352679174621CF2DB183D293F478083EBA592E1AFF059CF7F41F24AA1538933990819D4B3E49B48A3
                                          Malicious:false
                                          Preview:""".requests.hooks.~~~~~~~~~~~~~~..This module provides the capabilities for the Requests hooks system...Available hooks:..``response``:. The response generated from a Request..""".HOOKS = ["response"]...def default_hooks():. return {event: [] for event in HOOKS}...# TODO: response is the only one...def dispatch_hook(key, hooks, hook_data, **kwargs):. """Dispatches a hook dictionary on a given piece of data.""". hooks = hooks or {}. hooks = hooks.get(key). if hooks:. if hasattr(hooks, "__call__"):. hooks = [hooks]. for hook in hooks:. _hook_data = hook(hook_data, **kwargs). if _hook_data is not None:. hook_data = _hook_data. return hook_data.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\models.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):35288
                                          Entropy (8bit):4.358995532413908
                                          Encrypted:false
                                          SSDEEP:768:SKyQloBoXrMuaij97OG2MrjrFem40+XkVbkbiwW:pysuW4uaij97/2M00+XggY
                                          MD5:ECC4196524D20C2866B5D79C690E2EFD
                                          SHA1:765765550A634F7A341EB869FE3DBB92C9440421
                                          SHA-256:74367E893868B64CBE368ABDCB2F7B71410986BDF09D8EA6BFEC51FDE3E0FE59
                                          SHA-512:3FC0C17791CDF4741A1FCB48CBBD35C8E9B5062EA18C76E84B8D9E0E02A24B32F2D429B88B44222E16BFE07D1E185A0A8952FEF70E9487EE2782F90F10DA4EE9
                                          Malicious:false
                                          Preview:""".requests.models.~~~~~~~~~~~~~~~..This module contains the primary objects that power Requests.."""..import datetime..# Import encoding now, to avoid implicit import later..# Implicit import within threads may cause LookupError when standard library is in a ZIP,.# such as in Embedded Python. See https://github.com/psf/requests/issues/3578..import encodings.idna # noqa: F401.from io import UnsupportedOperation..from pip._vendor.urllib3.exceptions import (. DecodeError,. LocationParseError,. ProtocolError,. ReadTimeoutError,. SSLError,.).from pip._vendor.urllib3.fields import RequestField.from pip._vendor.urllib3.filepost import encode_multipart_formdata.from pip._vendor.urllib3.util import parse_url..from ._internal_utils import to_native_string, unicode_is_ascii.from .auth import HTTPBasicAuth.from .compat import (. Callable,. JSONDecodeError,. Mapping,. basestring,. builtin_str,. chardet,. cookielib,.).from .compat import json as complexjson.fro

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\packages.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):695
                                          Entropy (8bit):4.7385379376049785
                                          Encrypted:false
                                          SSDEEP:12:kyxK21tfkpB7KvEoradNzMk9W5B4XFKW88XCrmW6EpO6zK5IxAKhU8cr0tU:kaQX+YNzM1BsKW8MkmW1p5zK5I2KhUhp
                                          MD5:4F61660BE0B646E3C7EA1C4DB16FA8C1
                                          SHA1:F02C00E0F57B81A6EA652F22E4934258F5EF00C7
                                          SHA-256:9E32665627D8E1A49CB6E5B73CFE441510B18C4C0C4433BA27F7DE1B674A5AC2
                                          SHA-512:48A737D0ECD5CD35E5F0F960491FD5829AEB2333EE1553817527F0ADCF7FED51B6B645E5DC3D608E90BE1514FBA3EA813A38490B10F892A734565E852DC666DA
                                          Malicious:false
                                          Preview:import sys..# This code exists for backwards compatibility reasons..# I don't like it either. Just look the other way. :)..for package in ('urllib3', 'idna', 'chardet'):. vendored_package = "pip._vendor." + package. locals()[package] = __import__(vendored_package). # This traversal is apparently necessary such that the identities are. # preserved (requests.packages.urllib3.* is urllib3.*). for mod in list(sys.modules):. if mod == vendored_package or mod.startswith(vendored_package + '.'):. unprefixed_mod = mod[len("pip._vendor."):]. sys.modules['pip._vendor.requests.packages.' + unprefixed_mod] = sys.modules[mod]..# Kinda cool, though, right?.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\sessions.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):30373
                                          Entropy (8bit):4.4621106606774985
                                          Encrypted:false
                                          SSDEEP:384:7VcaRxATfGGMxzEZwYviFxosm/mk+ulMSh2unB67H9Lu/PMFYyFpyUR4d/haBUaU:7iaRtTxs5vivo9vMSh246L9WPCv4+yl
                                          MD5:26B35B3254510EBCA8A6C47E0D5B7C95
                                          SHA1:44FBE35FE96E791DB4EC9204AC99FC461F178155
                                          SHA-256:F8BBD3CEB3ED7AD493AD1DDBBB1BB85E176032B2452C1D6AE43ECFFBE2F65E1C
                                          SHA-512:AFEABC632187FA6C618171F9D4367B74AE0E2DAF3BD5C1488573462CBAD7F397308F8B213804D9E581BD74BA529C5D29B6908BA2F38C28A77D03F59A7E3D3EC8
                                          Malicious:false
                                          Preview:""".requests.sessions.~~~~~~~~~~~~~~~~~..This module provides a Session object to manage and persist settings across.requests (cookies, auth, proxies)..""".import os.import sys.import time.from collections import OrderedDict.from datetime import timedelta..from ._internal_utils import to_native_string.from .adapters import HTTPAdapter.from .auth import _basic_auth_str.from .compat import Mapping, cookielib, urljoin, urlparse.from .cookies import (. RequestsCookieJar,. cookiejar_from_dict,. extract_cookies_to_jar,. merge_cookies,.).from .exceptions import (. ChunkedEncodingError,. ContentDecodingError,. InvalidSchema,. TooManyRedirects,.).from .hooks import default_hooks, dispatch_hook..# formerly defined here, reexposed here for backward compatibility.from .models import ( # noqa: F401. DEFAULT_REDIRECT_LIMIT,. REDIRECT_STATI,. PreparedRequest,. Request,.).from .status_codes import codes.from .structures import CaseInsensitiveDict.from .utils import

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\status_codes.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):4235
                                          Entropy (8bit):4.816406011231522
                                          Encrypted:false
                                          SSDEEP:48:PlaX6kK/id2KWUZNbpbSjXxQqzqwX5LiOBv8BAzbYR1+5db/g1SpYvpvpIP3xXHy:daXQ/id15JSjXxQgqq/t8BAzb+1+f/PM
                                          MD5:663DD9E477D4A5FFD451801D2EC2C2BD
                                          SHA1:530D2BD28F8FE4E40CD40337E86635347E15A65C
                                          SHA-256:16F1E64F9B87FBFBA29AD473E611FD5426EDED557E35E8B627DBA96DE8FA8FC8
                                          SHA-512:D265270229AA8C5E803289375C42C8FC6DB5BFEDD3E743EDA041E5D00FBF247C1BF1ED41AF4EE94D5C7F2766253744C55CD662CB4968B35EBDB43299C30A15A0
                                          Malicious:false
                                          Preview:r""".The ``codes`` object defines a mapping from common names for HTTP statuses.to their numerical codes, accessible either as attributes or as dictionary.items...Example::.. >>> import requests. >>> requests.codes['temporary_redirect']. 307. >>> requests.codes.teapot. 418. >>> requests.codes['\o/']. 200..Some codes have multiple names, and both upper- and lower-case versions of.the names are allowed. For example, ``codes.ok``, ``codes.OK``, and.``codes.okay`` all correspond to the HTTP status code 200.."""..from .structures import LookupDict.._codes = {. # Informational.. 100: ("continue",),. 101: ("switching_protocols",),. 102: ("processing",),. 103: ("checkpoint",),. 122: ("uri_too_long", "request_uri_too_long"),. 200: ("ok", "okay", "all_ok", "all_okay", "all_good", "\\o/", "."),. 201: ("created",),. 202: ("accepted",),. 203: ("non_authoritative_info", "non_authoritative_information"),. 204: ("no_content",),. 205: ("reset_c

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\structures.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):2912
                                          Entropy (8bit):4.67487833368712
                                          Encrypted:false
                                          SSDEEP:48:HtJ0fhf5XObXK0YuIG9n6QeHMl5uWG5gRMz2vKvUgNjmTXr2LpC5pSjF/zfrm:NJgabXX+HaIWqiqUgwg0LEF//m
                                          MD5:077948910AE6FB44DC6E58D3D25D6AEE
                                          SHA1:B5C2C740B9FF7D27A83AC4C80E3AE741AA33B5BE
                                          SHA-256:F886E6855CF4E92FB968F499B94B6167AFBA0FD5CE8D1B935C739A6D8D38D573
                                          SHA-512:B9256700252D4330095253FF3ABAA885CC97967AAFB39EEB6720DB90AD55F6A9E70D925CDF0B77CA15E9DED6FAAB571EE2660FD2FDBA038DAD3247798FC22BC0
                                          Malicious:false
                                          Preview:""".requests.structures.~~~~~~~~~~~~~~~~~~~..Data structures that power Requests.."""..from collections import OrderedDict..from .compat import Mapping, MutableMapping...class CaseInsensitiveDict(MutableMapping):. """A case-insensitive ``dict``-like object... Implements all methods and operations of. ``MutableMapping`` as well as dict's ``copy``. Also. provides ``lower_items``... All keys are expected to be strings. The structure remembers the. case of the last key to be set, and ``iter(instance)``,. ``keys()``, ``items()``, ``iterkeys()``, and ``iteritems()``. will contain case-sensitive keys. However, querying and contains. testing is case insensitive::.. cid = CaseInsensitiveDict(). cid['Accept'] = 'application/json'. cid['aCCEPT'] == 'application/json' # True. list(cid) == ['Accept'] # True.. For example, ``headers['content-encoding']`` will return the. value of a ``'Content-Encoding'`` response header, regardless. o

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\requests\utils.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):33460
                                          Entropy (8bit):4.612325222320672
                                          Encrypted:false
                                          SSDEEP:768:ygGfemtN5Pvl1eW4JvaQO9rIdGio5Z9cS+uZ0qqMvEg:ygGWmtN5F1ebaDydGi8Z9cS56qqgEg
                                          MD5:B01AEBBE803AE5DCC4EEE669D0999734
                                          SHA1:AB32BBF7F7C53C36839CF134DF931794CD80464D
                                          SHA-256:90E3E7D2A603EB1453CDAC5BA937588922270591E5EB7EFD009B32220CD818B6
                                          SHA-512:37D3B0BD23645B5D15326775C246F8EF0644967959F6E6E6CC92412B40202DA0FE30EE3D100E492C496A69589E9EB8F60F66D2069BE2344AAB4A0D729BA0EA7D
                                          Malicious:false
                                          Preview:""".requests.utils.~~~~~~~~~~~~~~..This module provides utility functions that are used within Requests.that are also useful for external consumption.."""..import codecs.import contextlib.import io.import os.import re.import socket.import struct.import sys.import tempfile.import warnings.import zipfile.from collections import OrderedDict..from pip._vendor.urllib3.util import make_headers, parse_url..from . import certs.from .__version__ import __version__..# to_native_string is unused here, but imported here for backwards compatibility.from ._internal_utils import ( # noqa: F401. _HEADER_VALIDATORS_BYTE,. _HEADER_VALIDATORS_STR,. HEADER_VALIDATORS,. to_native_string,.).from .compat import (. Mapping,. basestring,. bytes,. getproxies,. getproxies_environment,. integer_types,.).from .compat import parse_http_list as _parse_list_header.from .compat import (. proxy_bypass,. proxy_bypass_environment,. quote,. str,. unquote,. urlparse,. url

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):537
                                          Entropy (8bit):4.510321812162615
                                          Encrypted:false
                                          SSDEEP:12:UFc7jOOxY0fZR5RAZ7edTe5/fpxfNQifG6RB7Js7F:5j3vP1d0GUls7F
                                          MD5:8B67527EBDE2B292D95BFE62FF92897F
                                          SHA1:C756151B98834A600DAF027ED3E9AC9C12A15F6F
                                          SHA-256:879D3D4DD11CA5BE7EE382689DA5377B1D93335E465412E333D08D08FC274D3B
                                          SHA-512:EC0F64873CDD2BE43515ACE09A72C575B4DD2516DC5F9839686912A70F69DA5009DC5B04BA5300DDEBA3B739C5234EEA98C43AF1408218B3BA7492F420D3D124
                                          Malicious:false
                                          Preview:__all__ = [. "__version__",. "AbstractProvider",. "AbstractResolver",. "BaseReporter",. "InconsistentCandidate",. "Resolver",. "RequirementsConflicted",. "ResolutionError",. "ResolutionImpossible",. "ResolutionTooDeep",.]..__version__ = "1.0.1"...from .providers import AbstractProvider, AbstractResolver.from .reporters import BaseReporter.from .resolvers import (. InconsistentCandidate,. RequirementsConflicted,. ResolutionError,. ResolutionImpossible,. ResolutionTooDeep,. Resolver,.).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):626
                                          Entropy (8bit):5.316425711726334
                                          Encrypted:false
                                          SSDEEP:12:02zlyjX/J7BOfLjRdC+Jq+b8J/PhlJF087eyWbaAEjaZxJcV:rh0/JCLhk+b8JnhlJW8objZgV
                                          MD5:A132E736612A7F36C256E5F36B900CF7
                                          SHA1:6DD94F219FE4E44F8A215ED66C7536CC9344CAF8
                                          SHA-256:25F78E1AC872CCA750BFEB6CEAA9A6C6F114022C126935734F7627622B57A16D
                                          SHA-512:7B95714F8F37AFD0EA8BB6F549E23E19DCE65C75D5E6EBE45379237BA55BEF0F8095C7E69C80C46AFEB00D907FEB6BF5764AAA5799FE1D5A1714FB92591E4ED5
                                          Malicious:false
                                          Preview:...........f..........................L.....g.d...Z.d.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...y.).)...__version__..AbstractProvider..AbstractResolver..BaseReporter..InconsistentCandidate..Resolver..RequirementsConflicted..ResolutionError..ResolutionImpossible..ResolutionTooDeepz.1.0.1.....).r....r....).r....).r....r....r....r....r....r....N)...__all__r......providersr....r......reportersr......resolversr....r....r....r....r....r............XC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/resolvelib/__init__.py..<module>r........s*..........................:..#...............r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\__pycache__\providers.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):6843
                                          Entropy (8bit):4.8214989811009845
                                          Encrypted:false
                                          SSDEEP:96:MfoOHatNtOvKX4APafN5n0vBWUQmOCfQNJHjsPyihCO8NcReY4tO7exrcn+eBDQi:OobtWrEzQWYJDsZwOleJuDghDtFSE25
                                          MD5:3348CB39EE014311C39EF5C9C612B318
                                          SHA1:1053DAD9EB96356D93E584860477DBA0E373ED7F
                                          SHA-256:D9073B0E9156E429B945DC878CAB2C11FC2B5285D9C46CD189510D31998C7FCC
                                          SHA-512:8D1F9C8D01B0936F6401DFDAD4693AC1436CAA1CD819954F2E2D4CBE30F66FD378414AB9DF37ABEC2E17ADAB2318C7AA85AB2EFBB0135816B0D74339445D2915
                                          Malicious:false
                                          Preview:...........f..........................0.......G.d...d.e.........Z...G.d...d.e.........Z.y.).c...........................e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.)...AbstractProviderzBDelegate class to provide the required interface for the resolver.c...........................t...........).z.Given a requirement, return an identifier for it... This is used to identify a requirement, e.g. whether two requirements. should have their specifier parts merged.. ....NotImplementedError)...self..requirement_or_candidates.... .YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/resolvelib/providers.py..identifyz.AbstractProvider.identify..............."..!.....c...........................t...........).a....Produce a sort key for given requirement based on preference... The preference is defined as "I think this requirement should be. resolved first". The lower the return value is, the more preferred. this group of arguments is...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\__pycache__\reporters.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2646
                                          Entropy (8bit):4.958717449036616
                                          Encrypted:false
                                          SSDEEP:48:dLeWwd4FtjKm0OUzoQJOZv4kBo8RFigz3NhEENSs45:d6L6V0bivRBV2gz3NeEN8
                                          MD5:FF796A3EC0234642FB99C598E828F2BC
                                          SHA1:9BE9F5727A48C87DBAD5F53FC41138E9F9D58579
                                          SHA-256:E0843CB9389DFCA390274F1EE34F5830818458B621FD04A43B4C169ECFE45237
                                          SHA-512:016AFAD4BD58E6BC9E83607879F21B3AA554E6A44EA541EE7D0EACD306EB444100CA078A7EC550289AF0CC63D7C5C3E1A47AD6CCC742527B32F076D1280A921C
                                          Malicious:false
                                          Preview:...........fA.................................G.d...d.e.........Z.y.).c.....................@.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.)...BaseReporterz?Delegate class to provider progress reporting for the resolver.c...........................y.).z-Called before the resolution actually starts.N..)...selfs.... .YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/resolvelib/reporters.py..startingz.BaseReporter.starting................c...........................y.).zYCalled before each round of resolution starts... The index is zero-based.. Nr....).r......indexs.... r......starting_roundz.BaseReporter.starting_round....r....r....c...........................y.).z.Called before each round of resolution ends... This is NOT called if the resolution ends at this round. Use `ending`. if you want to report finalization. The index is zero-based.. Nr....).r....r......states.... r......ending_roundz.BaseReporter.ending_

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\__pycache__\resolvers.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):25889
                                          Entropy (8bit):5.18308384628936
                                          Encrypted:false
                                          SSDEEP:384:v+tvvBc/BneLFroK7UbqsKhQ/u+U5B5cEaBkeG0qD9dkLGfu+ua2l:IvJUeL9T7Ubq5LYqSsmy9C
                                          MD5:566912CCD180B90E04732101795E8A9A
                                          SHA1:6FD2A3AFBCD0C1DC98230C0AC8F223954D7B6CC0
                                          SHA-256:71C981369658FC8DE10F1F748AE9522F324CD82B96807784E36923EF486BF4A5
                                          SHA-512:746BBCE0512DC8E38D226509F9BDC1DBDC07B3F0693148EE04124EDAEA0A77912B2AC52EB946B0A62983F7A756FB98FF5DA4ECDF75ABEFB0D6832CA033627DB2
                                          Malicious:false
                                          Preview:...........f.P.............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.....e.j...................d.d.d.g.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...e.j...................d.d.........Z...G.d...d.e.........Z.d...Z...e.j...................d.d.........Z.d...Z...G.d...d.e.........Z.y.) .....N.....)...AbstractResolver)...DirectedGraph..IteratorMapping..build_iter_view..RequirementInformation..requirement..parentc...........................e.Z.d.Z.d.Z.y.)...ResolverExceptionz.A base class for all exceptions raised by this module... Exceptions derived by this class should all be handled in this module. Any. bubbling pass the resolver should be treated as a bug.. N)...__name__..__module__..__qualname__..__doc__........YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/resolvelib/resolvers.pyr....r........s...........r....r

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\__pycache__\structs.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10498
                                          Entropy (8bit):4.866809501498127
                                          Encrypted:false
                                          SSDEEP:192:b5waLWl2u6qM0la/5YITi9aZojOo6vG1iyO7KQgJeiMbdb0Ix:b5wKWl2u6qM0la/5PTq1iy+KE5j
                                          MD5:06F3A4E23F86B629230E483349B2770A
                                          SHA1:6FD1EB58A2A7AA1A91681B1EA76E5790364665C7
                                          SHA-256:6CA079345D77DE334D3C81B34967CAECCA6C45D74E5468969C788623E7870AB8
                                          SHA-512:69B35EB672037200116C3386A466A8877CFF59FA1F8B00B41622349DD7508969A45A37257DA4230980FB2E9E5A16D0153A589643D8EF81E502F583EE2C6DB068
                                          Malicious:false
                                          Preview:...........fc..............................d.d.l.Z.d.d.l.m.Z.....G.d...d.e.........Z...G.d...d.e.j...........................Z...G.d...d.e.........Z...G.d...d.e.........Z.d...Z.y.)......N.....)...collections_abcc.....................X.....e.Z.d.Z.d.Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.)...DirectedGraphz&A graph structure with directed edges.c.....................>.....t.................|._.........i.|._.........i.|._.........y...N)...set.._vertices.._forwards.._backwards....selfs.... .WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/resolvelib/structs.py..__init__z.DirectedGraph.__init__....s..................................c.....................,.....t.........|.j...........................S.r....)...iterr....r....s.... r......__iter__z.DirectedGraph.__iter__...............D.N.N..#..#r....c.....................,.....t.........|.j...........................S.r....)...lenr....r....s.... r......__len__z.DirectedGraph.__len__....s

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\compat\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):192
                                          Entropy (8bit):4.841149123482124
                                          Encrypted:false
                                          SSDEEP:3:oQ4yllVO8l4NuWD6qpOAVcR6iVWrzLUhKBHKd2IUcRwIaQHtgem/l:L4y/VneNZD6qpR2pAreaAB6Iaatgem/l
                                          MD5:3607E71C70BD83067C429C53521D59EA
                                          SHA1:D862781DDC137DC0A86BB1562E59ABA032EC2B7B
                                          SHA-256:2C646EAA2796EB440262030A28425FE88777DF2DEF4EB818AB9173AF26B43824
                                          SHA-512:DAE4ABAAD82F30A54117F5F2A8BE671837F4A2E99FFABB551E32290948230D08E1C8E670D15A56F25CAB3BB4DF6C2C7C7D8E4F809F5D8B965B2DA577BA1D6FFC
                                          Malicious:false
                                          Preview:...........f................................y.).N..r.........._C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/resolvelib/compat/__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\compat\__pycache__\collections_abc.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):412
                                          Entropy (8bit):5.529735964719821
                                          Encrypted:false
                                          SSDEEP:12:BfkLVJT3PJsX0WbaAPayleuk1rCHQ5Yyn:B8LVhPkby2eu8d
                                          MD5:1FADC0C5E44E95B4533EDDBE7B4C70B0
                                          SHA1:E07E420EAB0EBAEA842F35599EA9CF21AB33FB49
                                          SHA-256:175B7D1C97FE235F9402F2B5AC9DB85299FD747B06D2E99FBE87AB81137A5468
                                          SHA-512:575C0CF1F5183B2D4E7647CCE1089FF8322A520364B441B1BB33BBA054EEECC688EEA574FE734D299D3711DC86ECEB8F2BD4CFDBCEDA7D12689E12681D34B75E
                                          Malicious:false
                                          Preview:...........f..........................D.....d.d.g.Z...d.d.l.m.Z.m.Z...y.#.e.$.r...d.d.l.m.Z.m.Z...Y.y.w.x.Y.w.)...Mapping..Sequence.....).r....r....N)...__all__..collections.abcr....r......ImportError..collections........fC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/resolvelib/compat/collections_abc.py..<module>r........s/............j..!.........1..1...........-..-......s................

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\compat\collections_abc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):156
                                          Entropy (8bit):4.553911096832729
                                          Encrypted:false
                                          SSDEEP:3:UFo+HoEdHODTXKuADY0LukIEMsILXwN5XKuANMXB0Luk/:UJovyEyIvpLXwuIBy/
                                          MD5:8CCCA9124787135195D14416CE79902C
                                          SHA1:707DC63C9B0961B36CC1127216AF38DE6B1B31E7
                                          SHA-256:BB2F31519F8D0C4C3DD7AB6E8145E6F0783008688C3B47FE45C767A647D77CEB
                                          SHA-512:2F5EA29E328C16AD440198F3711EC8A6E6CC413C22C297E34370A77F4C373031A071DCC62929E092BF0ABED5930A68A5C42D2FD0788DC6BD98841199201C7764
                                          Malicious:false
                                          Preview:__all__ = ["Mapping", "Sequence"]..try:. from collections.abc import Mapping, Sequence.except ImportError:. from collections import Mapping, Sequence.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\providers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5871
                                          Entropy (8bit):4.2712977964138785
                                          Encrypted:false
                                          SSDEEP:96:0wMwxa+DBKX4APafN5n0vBWUQmOCfQN/EqaihCO8NcReY4tO7exrcnfq+wgDQPHK:0YrEzQWYcq5wOlep+DgxQRz
                                          MD5:665E6250C74F4CE90B856FB8BB4DD6EA
                                          SHA1:D4753F2CE0F84B8ECE6709862CA9C5859D391A70
                                          SHA-256:7EEBAF56B09EB6EE60B313C1E37111CA37CEF1A45E4B7AC5407A4382222D6ECE
                                          SHA-512:30DDDA3174429AA2C10D5FF137CE9C3645C7A9F177E2B23A0B3320935E0C03822492ED3DDD6F3D153D34970FAD1CD526176796ECA12E63E403FD79062ABF6DC0
                                          Malicious:false
                                          Preview:class AbstractProvider(object):. """Delegate class to provide the required interface for the resolver.""".. def identify(self, requirement_or_candidate):. """Given a requirement, return an identifier for it... This is used to identify a requirement, e.g. whether two requirements. should have their specifier parts merged.. """. raise NotImplementedError.. def get_preference(. self,. identifier,. resolutions,. candidates,. information,. backtrack_causes,. ):. """Produce a sort key for given requirement based on preference... The preference is defined as "I think this requirement should be. resolved first". The lower the return value is, the more preferred. this group of arguments is... :param identifier: An identifier as returned by ``identify()``. This. identifies the dependency matches which should be returned.. :param resolutions: Mapping of can

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\reporters.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1601
                                          Entropy (8bit):4.330519926970746
                                          Encrypted:false
                                          SSDEEP:24:MJdtvFSaYuaTwKEq3tlYw1oHmM3TOUz7s2Ao24Zd4xgC1LwHoYwnqmK:IdZhKx1Om0OUzNXv4gwLwHoYwnhK
                                          MD5:5BF3F0BF3D4F94B0339E60D4D4766447
                                          SHA1:12FB5DB25D45218AF1EDF7A377251B2C5E493BE5
                                          SHA-256:4D26D1996CD3736EB0D2082C5756F15697960C1F10348ADEEADC1897B1886411
                                          SHA-512:66656422F188AAC638AEA78769F2FD9B51588024A883DFE3B3873B094317C1AC68FD93DE2FDBE856D4B53C7E0703195BD16F0B36FA49EA6789CE7A5048A955AD
                                          Malicious:false
                                          Preview:class BaseReporter(object):. """Delegate class to provider progress reporting for the resolver.""".. def starting(self):. """Called before the resolution actually starts.""".. def starting_round(self, index):. """Called before each round of resolution starts... The index is zero-based.. """.. def ending_round(self, index, state):. """Called before each round of resolution ends... This is NOT called if the resolution ends at this round. Use `ending`. if you want to report finalization. The index is zero-based.. """.. def ending(self, state):. """Called before the resolution ends successfully.""".. def adding_requirement(self, requirement, parent):. """Called when adding a new requirement into the resolve criteria... :param requirement: The additional requirement to be applied to filter. the available candidaites.. :param parent: The candidate that requires ``requirement`` as

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\resolvers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):20511
                                          Entropy (8bit):4.178230099897123
                                          Encrypted:false
                                          SSDEEP:192:5C5jw+mgruh4Hp5+OuzZ7B+vM7sL6A1Z3kIvqs2GSdsLci5zD9dkLGfygmx:8pwFERg7B+UGXZZD9dkLGf8x
                                          MD5:638769280AA3660D6C298202B1A75A61
                                          SHA1:81C58B0F42E795A41A832E6EDCB0EF3A8667AF3E
                                          SHA-256:1BCAEC2D94AAEB883956622AFA507B51C209D608C0C48409993178444665790D
                                          SHA-512:A610F35824D6FA5394283C618141AE3DF4241231FB4768C0A1381E9323D69886934C5CDD87C236846EC62BC7E2780A0F868F2A81BB39042D25D0FE8410DAB8E7
                                          Malicious:false
                                          Preview:import collections.import itertools.import operator..from .providers import AbstractResolver.from .structs import DirectedGraph, IteratorMapping, build_iter_view..RequirementInformation = collections.namedtuple(. "RequirementInformation", ["requirement", "parent"].)...class ResolverException(Exception):. """A base class for all exceptions raised by this module... Exceptions derived by this class should all be handled in this module. Any. bubbling pass the resolver should be treated as a bug.. """...class RequirementsConflicted(ResolverException):. def __init__(self, criterion):. super(RequirementsConflicted, self).__init__(criterion). self.criterion = criterion.. def __str__(self):. return "Requirements conflict: {}".format(. ", ".join(repr(r) for r in self.criterion.iter_requirement()),. )...class InconsistentCandidate(ResolverException):. def __init__(self, candidate, criterion):. super(InconsistentCandidate, self)

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\resolvelib\structs.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4963
                                          Entropy (8bit):4.504287082118526
                                          Encrypted:false
                                          SSDEEP:96:XMW5iwtA0USqyxkW48ZPSrhvWU6+wiiRWgOEyXSYCRj:j5iwtA9tP1qPGkOO/Rj
                                          MD5:1DE4B6FFAF2082A2C0AFE6BFDC947054
                                          SHA1:36DBFDD47591385CCD103148BD024F7A1E81C690
                                          SHA-256:D3FD7F5CEF33FC22E17A03F75697FD549DF325C7CB9B434E1D133E8B4624CF7A
                                          SHA-512:E7CC50FA1C2E0B11F103C8E365DCD4E4D0D06604F1A20585DDBA2D3EC8D1998338AA8877D041444FA62F39719A10748E05F73508B8285043F7413F9A29A39439
                                          Malicious:false
                                          Preview:import itertools..from .compat import collections_abc...class DirectedGraph(object):. """A graph structure with directed edges.""".. def __init__(self):. self._vertices = set(). self._forwards = {} # <key> -> Set[<key>]. self._backwards = {} # <key> -> Set[<key>].. def __iter__(self):. return iter(self._vertices).. def __len__(self):. return len(self._vertices).. def __contains__(self, key):. return key in self._vertices.. def copy(self):. """Return a shallow copy of this graph.""". other = DirectedGraph(). other._vertices = set(self._vertices). other._forwards = {k: set(v) for k, v in self._forwards.items()}. other._backwards = {k: set(v) for k, v in self._backwards.items()}. return other.. def add(self, key):. """Add a new vertex to the graph.""". if key in self._vertices:. raise ValueError("vertex exists"). self._vertices.add(key). self._f

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\rich\abc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):890
                                          Entropy (8bit):4.514182483611388
                                          Encrypted:false
                                          SSDEEP:12:1L8Ceed/DG4FeZLlD6EEUNoS1jMOIcsA6Fy930LQIk2peBw3XpPrAlkmpVW2G:1jG4kZRD6zZS1j5Ich6F++pzpcSmLW2G
                                          MD5:39D8C0ACDCECE37E58B4E2A2796B67FC
                                          SHA1:9E5742F6C5E276B656A575BD91DEBE5B6935EBE1
                                          SHA-256:38DF84F99A924A1799F3C56B297D8CDCF5E915B18451464F31AFC07F497EE1FD
                                          SHA-512:D6D459438E70A273C142D2395121664333EA6EC008218D2281DFE465E1FEA8FC50026FC80D661D9219C49BAEFB9EDDCE4D47B8EEF6B6B177791CBCDEF8BDCB6D
                                          Malicious:false
                                          Preview:from abc import ABC...class RichRenderable(ABC):. """An abstract base class for Rich renderables... Note that there is no need to extend this class, the intended use is to check if an. object supports the Rich renderable protocol. For example::.. if isinstance(my_object, RichRenderable):. console.print(my_object).. """.. @classmethod. def __subclasshook__(cls, other: type) -> bool:. """Check if this class supports the rich render protocol.""". return hasattr(other, "__rich_console__") or hasattr(other, "__rich__")...if __name__ == "__main__": # pragma: no cover. from pip._vendor.rich.text import Text.. t = Text(). print(isinstance(Text, RichRenderable)). print(isinstance(t, RichRenderable)).. class Foo:. pass.. f = Foo(). print(isinstance(f, RichRenderable)). print(isinstance("", RichRenderable)).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\rich\align.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):10368
                                          Entropy (8bit):4.2608608706408475
                                          Encrypted:false
                                          SSDEEP:192:kBcq3sNdwsHBdAHaH/HxX/1zr1hW4gBHYh2JVngtPdzDb6:kCzHBdAHaH/HN1WtHTVg1Db6
                                          MD5:E68E4DCDB55FE8189DF330EE5F37014E
                                          SHA1:6377C335836A6A85F093A865378DDC7449F03364
                                          SHA-256:262F98A247E48677DEFF1326AF82128D9074ED3257820042398A186BE1C302BF
                                          SHA-512:9A298C22D32D83B5C2D6B8DB7E159ADA4372967140F6954DBAD39DE935441899D570F4A21BE09C2854F02A29AAC399F1FBED12CAB661A0C3D0F877DBFA643A6E
                                          Malicious:false
                                          Preview:import sys.from itertools import chain.from typing import TYPE_CHECKING, Iterable, Optional..if sys.version_info >= (3, 8):. from typing import Literal.else:. from pip._vendor.typing_extensions import Literal # pragma: no cover..from .constrain import Constrain.from .jupyter import JupyterMixin.from .measure import Measurement.from .segment import Segment.from .style import StyleType..if TYPE_CHECKING:. from .console import Console, ConsoleOptions, RenderableType, RenderResult..AlignMethod = Literal["left", "center", "right"].VerticalAlignMethod = Literal["top", "middle", "bottom"]...class Align(JupyterMixin):. """Align a renderable by adding spaces if necessary... Args:. renderable (RenderableType): A console renderable.. align (AlignMethod): One of "left", "center", or "right"". style (StyleType, optional): An optional style to apply to the background.. vertical (Optional[VerticalAlginMethod], optional): Optional vertical align, one of "top

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\rich\ansi.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):6906
                                          Entropy (8bit):4.106471780077641
                                          Encrypted:false
                                          SSDEEP:96:06GEiC7otJG6Mn3HvdfC8i/GfNoDCgXKGHUkTznqr4/pGnYqNyaqryXpefPr:09qcoXnX1fCfeeWga4Tzqr4hMpefPr
                                          MD5:90CF20A4AECF64D490F1A7337A870984
                                          SHA1:E3B9FA9C938E63733A92217086465AE90E9F3D07
                                          SHA-256:883EB9DF6418AA7066EA1003BA52A3AD5F25F24149FBD7C4568A072471F784C8
                                          SHA-512:6951B44F6DE19AD7D0A37436DD063FEA06ECEB834FACABA734F6E07766FBE309AA3245CC530DC9F08AF0C2C2770A4E2750B0F8A06811CE193C745BEB6424832C
                                          Malicious:false
                                          Preview:import re.import sys.from contextlib import suppress.from typing import Iterable, NamedTuple, Optional..from .color import Color.from .style import Style.from .text import Text..re_ansi = re.compile(. r""".(?:\x1b\](.*?)\x1b\\)|.(?:\x1b([(@-Z\\-_]|\[[0-?]*[ -/]*[@-~])).""",. re.VERBOSE,.)...class _AnsiToken(NamedTuple):. """Result of ansi tokenized string.""".. plain: str = "". sgr: Optional[str] = "". osc: Optional[str] = ""...def _ansi_tokenize(ansi_text: str) -> Iterable[_AnsiToken]:. """Tokenize a string in to plain text and ANSI codes... Args:. ansi_text (str): A String containing ANSI codes... Yields:. AnsiToken: A named tuple of (plain, sgr, osc). """.. position = 0. sgr: Optional[str]. osc: Optional[str]. for match in re_ansi.finditer(ansi_text):. start, end = match.span(0). osc, sgr = match.groups(). if start > position:. yield _AnsiToken(ansi_text[position:start]). if sgr:.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\rich\bar.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):3264
                                          Entropy (8bit):4.755311796963686
                                          Encrypted:false
                                          SSDEEP:48:gM1WnLqJkYUMOnSSFgBYwSYau+RFWnAVinpzBzE7SlGDaaiAmx:gM1WqJrhOpF3vWAVSzW7S8Daai5x
                                          MD5:48B51F3A119071D36DC9C3A5B4ADE62A
                                          SHA1:D42CE6F8F095838ECDEDAEAD910F6AB10686AD53
                                          SHA-256:6BB503DF4DC171C442AC48468DF304969BF94456088A7680840BAA62A854BE6C
                                          SHA-512:2F718F3D090B4C631295DDEC194AB25087806B29A07F99D845AD23E0C360BB63650DCF2D82A000ABD1851EECA2D164107BA5A2B061B40DB669D5E966F2F70593
                                          Malicious:false
                                          Preview:from typing import Optional, Union..from .color import Color.from .console import Console, ConsoleOptions, RenderResult.from .jupyter import JupyterMixin.from .measure import Measurement.from .segment import Segment.from .style import Style..# There are left-aligned characters for 1/8 to 7/8, but.# the right-aligned characters exist only for 1/8 and 4/8..BEGIN_BLOCK_ELEMENTS = [".", ".", ".", ".", ".", ".", ".", "."].END_BLOCK_ELEMENTS = [" ", ".", ".", ".", ".", ".", ".", "."].FULL_BLOCK = "."...class Bar(JupyterMixin):. """Renders a solid block bar... Args:. size (float): Value for the end of the bar.. begin (float): Begin point (between 0 and size, inclusive).. end (float): End point (between 0 and size, inclusive).. width (int, optional): Width of the bar, or ``None`` for maximum width. Defaults to None.. color (Union[Color, str], optional): Color of the bar. Defaults to "default".. bgcolor (Union[Color

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\rich\box.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):9842
                                          Entropy (8bit):4.98595020454903
                                          Encrypted:false
                                          SSDEEP:192:krdZVAxTnljBlWadBD7UhSxyfcCP0BcsFLu/KnoX21FEFh4S:kr3VAxTljBL5kcesFZc2a4S
                                          MD5:30023D8C772E704976DC7DA2AC632CDF
                                          SHA1:E24F95DECD0F048B328CB40EDD2C424F3630858B
                                          SHA-256:149EA72378C3EE1D97345535DFC6C952DD8762658E9516E5B68084B8801985EC
                                          SHA-512:A7622A0E59D20448FEE9FE426C4A77CA5EDF85BFE162304CCB7A2F04A181D72D1435DD0F8A0E33A7D218C0B24A3A9268100F112F64692097415B3977145BC31D
                                          Malicious:false
                                          Preview:import sys.from typing import TYPE_CHECKING, Iterable, List..if sys.version_info >= (3, 8):. from typing import Literal.else:. from pip._vendor.typing_extensions import Literal # pragma: no cover...from ._loop import loop_last..if TYPE_CHECKING:. from pip._vendor.rich.console import ConsoleOptions...class Box:. """Defines characters to render boxes... .... top. . .. head. .... head_row. . .. mid. .... row. .... foot_row. . .. foot. .... bottom.. Args:. box (str): Characters making up box.. ascii (bool, optional): True if this box uses ascii characters only. Default is False.. """.. def __init__(self, box: str, *, ascii: bool = False) -> None:. self._box = box. self.ascii = ascii. line1, line2, line3, line4, line5, line6, line7, line8 = box.splitlines(). # top. self.top_left, self.top, self.top_divider, self.top_right = iter(line1).

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\rich\cells.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):4509
                                          Entropy (8bit):4.820107817420641
                                          Encrypted:false
                                          SSDEEP:96:G44UbhWUoBh+GwRkTYK3p3AAtHO+K9Z8DGCB3C:fHh6BhmRkDp3AAhO+3GCE
                                          MD5:A36F45D4D8F0B6678FE8253ABAA5A9DF
                                          SHA1:D18C80732961C8984A11572CEB90F0E88E685424
                                          SHA-256:EB6EF3B49B3DCCE2FEDFC1C9EE45C17AB47E813F0A05F602F14CC4C0C243618A
                                          SHA-512:DB9FED2EC80E21CAA24CDC49F9624B6994D9F62296E250EFC7E6BF5CAC1743248DAD66C6D0177386E227BB752B9A205C8CA9ABA743CE034EAC324778EF193D3D
                                          Malicious:false
                                          Preview:import re.from functools import lru_cache.from typing import Callable, List..from ._cell_widths import CELL_WIDTHS..# Regex to match sequence of the most common character ranges._is_single_cell_widths = re.compile("^[\u0020-\u006f\u00a0\u02ff\u0370-\u0482]*$").match...@lru_cache(4096).def cached_cell_len(text: str) -> int:. """Get the number of cells required to display text... This method always caches, which may use up a lot of memory. It is recommended to use. `cell_len` over this method... Args:. text (str): Text to display... Returns:. int: Get the number of cells required to display text.. """. _get_size = get_character_cell_size. total_size = sum(_get_size(character) for character in text). return total_size...def cell_len(text: str, _cell_len: Callable[[str], int] = cached_cell_len) -> int:. """Get the number of cells required to display text... Args:. text (str): Text to display... Returns:. int: Get the number of

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\rich\columns.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):7131
                                          Entropy (8bit):4.238368373370728
                                          Encrypted:false
                                          SSDEEP:96:vp1B18+k1DnTktdEP+oRedO/+9//gECw2657r8Ixn8AYLx9EhP1Zo8sMJFqlbI/z:vp7jcDTIE2oQdOuhnYV8YcRz
                                          MD5:D32C7EF426F5EF568DB7F6FA3ACAAE07
                                          SHA1:556F2BDD1C7382FA941827C8F2AFCBAB008C1FC6
                                          SHA-256:1D45F429C326F5DB0A362D757D36E233F876883B65F3248269573195A944CEAF
                                          SHA-512:5A5A96307A252B2DC2D22C2F73BDF5E64565D1AB2B584DAE826BC5B16061C7C2A0A1A6364FA730A009C1A387A03D8E16F304E26841F5E04EE2E7F69F14A0848A
                                          Malicious:false
                                          Preview:from collections import defaultdict.from itertools import chain.from operator import itemgetter.from typing import Dict, Iterable, List, Optional, Tuple..from .align import Align, AlignMethod.from .console import Console, ConsoleOptions, RenderableType, RenderResult.from .constrain import Constrain.from .measure import Measurement.from .padding import Padding, PaddingDimensions.from .table import Table.from .text import TextType.from .jupyter import JupyterMixin...class Columns(JupyterMixin):. """Display renderables in neat columns... Args:. renderables (Iterable[RenderableType]): Any number of Rich renderables (including str).. width (int, optional): The desired width of the columns, or None to auto detect. Defaults to None.. padding (PaddingDimensions, optional): Optional padding around cells. Defaults to (0, 1).. expand (bool, optional): Expand columns to full width. Defaults to False.. equal (bool, optional): Arrange in to equal sized column

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3333
                                          Entropy (8bit):4.910097609925741
                                          Encrypted:false
                                          SSDEEP:96:P9QpivZbY9VEhGOIow92oAkVHW0nFp+Gsxs31sisz2nsM:VpZcDELgVHW0nx
                                          MD5:AA0AAF78010ECA6E197E854CE5250968
                                          SHA1:CC9234EC06BDD97BBBAE4AE7A2B5E837F93FE8DE
                                          SHA-256:8972DC6222724A7D0635B58E3990C30298012F52603F8E0467C8B5EFAD12F0C7
                                          SHA-512:9FBE4267643AC3E2408C7F355B7167A40D8D73A53B11A227917989CA72947BF1FFC015305044CC4D66CE6D028A05700257B1C5B03E50BBEC4897C61294C82BC0
                                          Malicious:false
                                          Preview:""".Python HTTP library with thread-safe connection pooling, file post support, user friendly, and more.""".from __future__ import absolute_import..# Set default logging handler to avoid "No handler found" warnings..import logging.import warnings.from logging import NullHandler..from . import exceptions.from ._version import __version__.from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool, connection_from_url.from .filepost import encode_multipart_formdata.from .poolmanager import PoolManager, ProxyManager, proxy_from_url.from .response import HTTPResponse.from .util.request import make_headers.from .util.retry import Retry.from .util.timeout import Timeout.from .util.url import get_host..# === NOTE TO REPACKAGERS AND VENDORS ===.# Please delete this block, this logic is only.# for urllib3 being distributed via PyPI..# See: https://github.com/urllib3/urllib3/issues/2680.try:. import urllib3_secure_extra # type: ignore # noqa: F401.except ImportError:. pass.else:.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3397
                                          Entropy (8bit):5.452550779970858
                                          Encrypted:false
                                          SSDEEP:48:VaknrQiAFH7uy9Qpow7fUQ7Ty62oAOYCdCLz28ekZ/erv3kHgyM4CJFGDhc2g:tnsP9QpoIu62oAHmWz2J4/qv3DyJhhg
                                          MD5:50A91E0204FD503F42C654A4BD8AFF37
                                          SHA1:D00AB043A4199B347F2B384FEC23E46CCB1632C5
                                          SHA-256:E4C9B6E7843818A3BF59CCD5CD0AF3ECB76D10307635CA014A967D6B27F91CF2
                                          SHA-512:8BDD287120040FAEEEBD9FF1861F6906939E690144B28F3A278FF733AAD7D93591B60C25DE3BF65D27E497E4C10F1810AEF42CECCFE56B5674655DFCBA57B741
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.Z...e.j>..................d.e d.............d.Z"d.Z#e.Z.d.Z$..e.jJ..................e&........jO....................e...................e.jP..................f.d...Z)[...e.jT..................d.e.jV..................d...............e.jT..................d.e.jX..................d...............e.jT..................d.e.jZ..................d...............e.jT..................d.e.j\..................d.............e.j^..................f.d...Z0y.#.e!$.r...Y...w.x.Y.w.).ze.Python HTTP library with thread-safe connection pooling, file post support, user friendly, and more......)...absolute_importN)...NullHandler.....)...exceptions)...__version__)...HTTPConnectionPool..HTTPSConnectionPool..connection_from_url)...encode_multipart_formdata)...PoolManager..ProxyMana

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\_collections.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):15923
                                          Entropy (8bit):5.22747273161801
                                          Encrypted:false
                                          SSDEEP:192:A8geFiBgC7X3QHz3k141Q0MuMNZy2cLPACReDDtZoXKmiJn5n:NgjBgC7nQHz0141bj2cbzReftLhxx
                                          MD5:C0E86400F2E31583F44F440FBA1F4738
                                          SHA1:670A9E0361DD0509AE668D86EC335CD8F9B3DF99
                                          SHA-256:092D95834BABF558BBE23CAF9CABD2DD40771D4B3E71EEB3EB042601FB0946E2
                                          SHA-512:FFA444B470B5702CB1FCFCB34FBF13C98ABB1BD8D3D0319083E2D3161116532388B04431C4692020CAB65CEE9BFA62E3477526D1FB7CCDF3865C6D6A8ED363B8
                                          Malicious:false
                                          Preview:...........f;*..............................d.d.l.m.Z.....d.d.l.m.Z.m.Z.....d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.g.Z...e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.y.#.e.$.r...d.d.l.m.Z.m.Z...Y..Rw.x.Y.w.#.e.$.r.....G.d...d.........Z.Y..`w.x.Y.w.)......)...absolute_import)...Mapping..MutableMapping)...RLockc...........................e.Z.d.Z.d...Z.d...Z.y.).r....c...........................y...N......selfs.... .YC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/_collections.py..__enter__z.RLock.__enter__...................c...........................y.r....r....).r......exc_type..exc_value..tracebacks.... r......__exit__z.RLock.__exit__....r....r....N)...__name__..__module__..__qualname__r....r....r....r....r....r....r........s................r....r....)...OrderedDict.....)...InvalidHeader)...six)...iterkeys..itervalues..RecentlyUsedContainer..HTTPHeaderDictc.....................F.....e.Z.d.Z.d.Z.e.Z.d.d...Z.d...Z.d..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\_version.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):210
                                          Entropy (8bit):5.211087371171847
                                          Encrypted:false
                                          SSDEEP:6:d7/CaCC5ptT5jD6qpR2pAreaeH15aYleH3sl:p/CaCCXtTZxWbaO5aYkH3sl
                                          MD5:7CEF2ECC82C12E1663E973B330F04045
                                          SHA1:038D34A670DB0BB6C68EDA7CF535D84555A985C3
                                          SHA-256:F4951E3CB5F11866A1CA4EC7316A781804C4E2A678CD6ED3F2FCA70A6E215FE5
                                          SHA-512:32153B6E9E8472B131500428E57545846912ED9BD65D0053DEE967714750FBA6630C2C98805C62653BA2D763B580E25C3E935542D831C05E5322926E20C6331F
                                          Malicious:false
                                          Preview:...........f@...............................d.Z.y.).z.1.26.17N)...__version__........UC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/_version.py..<module>r........s..............r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\connection.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):20399
                                          Entropy (8bit):5.367857664308015
                                          Encrypted:false
                                          SSDEEP:384:/1MiavBEDxKDkKlQTXFpWpCFzi9h1/jDesyUpjzULVI8la:d84xKQKlzCFW9hBnHv2VDla
                                          MD5:843B753183631EB9F7264A31816816B6
                                          SHA1:2838620D4886235DAA6556EE4FB9112D70AE91EE
                                          SHA-256:0A7E60896964A183EC2F4439DA6FE91616D0C7F93714627EA795F29821750D89
                                          SHA-512:FCCE9E283F17368B1339ED15B2C180F4B1EADB9F8E53F6218EB11164656A4CB82C47009DE16F27350A197A0CC89DFEA62BA8808F83C9A805C8BAC055C0F97A40
                                          Malicious:false
                                          Preview:...........fLO.............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....d.d.l.Z.e.j*..................Z...e.Z...e.Z.d.d.l.m.Z...d.d.l m!Z!..d.d.l"m#Z#m$Z$m%Z%m&Z&..d.d.l'm(Z(m)Z)m*Z*..d.d.l+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1..d.d.l2m3Z3m4Z4....e.jj..................e6........Z7d.d.d...Z8..e.jr..................d.d.d.........Z:..e.jv..................d.........Z<..G.d...d.e.e=........Z...G.d...d.e.........Z>d...Z?d ..Z@..G.d!..d"e=........ZAe.s.eAZ>e>ZBy.#.e.e.f.$.r...d.Z...G.d...d.e.........Z.Y...w.x.Y.w.#.e.$.r.....G.d...d.e.........Z.Y...w.x.Y.w.#.e.$.r.....G.d...d.e.........Z.Y...w.x.Y.w.)#.....)...absolute_importN)...error)...timeout.....)...six)...HTTPConnection)...HTTPException)...create_proxy_ssl_contextc...........................e.Z.d.Z.y.)...BaseSSLErrorN....__name__..__module__..__qualname__........WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/connecti

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\connectionpool.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 9554260508676940890112.000000
                                          Category:dropped
                                          Size (bytes):36271
                                          Entropy (8bit):5.41867242665358
                                          Encrypted:false
                                          SSDEEP:384:2mPrdOpBiti2VY1ekRKAwGi4VXEOzCerzmHWhS4mEe9giI2FLehUD+D7b1hyyF+:FPZQ2a1ekADG/VXmHEmNm0L6zDXyyF+
                                          MD5:6F6FDBAB543F93FDAC35AF82D7DD9039
                                          SHA1:7AA80367AE60CACC0585A514F8EB6319BBC03A65
                                          SHA-256:A69292F4FD016D2F5DCD30E222DFFFE2E44B4E90F8499B7E6943C33F49BF01EB
                                          SHA-512:F0B0F1D330629E23F675455514FFE4F4794C7E1C07EF4E2D8FD36568E501A9F6D4A6999F759CE844DE56AD3D264E52D2020FCADDC089787022769B4EAE2EF89E
                                          Malicious:false
                                          Preview:...........f6..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!m"Z"..d.d.l#m$Z$..d.d.l%m&Z&..d.d.l'm(Z(..d.d.l)m*Z*..d.d.l+m,Z,..d.d.l-m.Z...d.d.l/m0Z0..d.d.l1m2Z2..d.d.l3m4Z4..d.d.l5m6Z6..d.d.l7m8Z8..d.d.l9m:Z:..d.d.l;m<Z<m=Z=..d.d.l;m>Z?..d.d.l;m@Z@mAZA....d.d.lBZBeBj...................ZDe$j...................j...................ZH..e.j...................eJ........ZK..eL........ZM..G.d...d.eL........ZNe.j...................e.j...................h.ZQ..G.d...d.eNe(........ZR..G.d...d.eR........ZSd...ZTd...Z>d ..ZUy.#.eE$.r...d.d.lFmDZD..Y...w.x.Y.w.)!.....)...absolute_importN)...error....timeout.....)...BaseSSLError..BrokenPipeError..DummyConnection..HTTPConnection..HTTPException..HTTPSConnection..VerifiedHTTPSConnection..port_by_scheme)...ClosedPoolError..EmptyPoolError..HeaderParsingError..HostChangedError..InsecureRequestWarni

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\exceptions.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):13485
                                          Entropy (8bit):5.114031430412809
                                          Encrypted:false
                                          SSDEEP:192:mXba8LhJQ98gdYjGG227v71LIcWo03yamtq2EfMZzm9P/o5g:mXO4hZjZBamtq2EfMZzCoO
                                          MD5:013376A2E08E0C6EA2A603A8F0B89BE9
                                          SHA1:8BC87345F76A5D3613DF023F0D9FDCFECFF786FD
                                          SHA-256:573DED744FD6A5BBE861C4F62B426141A1ECD6032B0440693001F90D10CBEE96
                                          SHA-512:3F46B5B6B09A6D99243119A819A86CD6FF1365A401A2E29BD33409BE3086EE7A7C200BDF8C7A33A611A2BF6F68EB061D21E1DD0DBC7F49F5EB510341DE3D43F3
                                          Malicious:false
                                          Preview:...........f. ........................\.....d.d.l.m.Z...d.d.l.m.Z.....G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.e.Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.e.........Z...G.d...d.e.........Z...G.d ..d!e.e.........Z...G.d"..d#e.........Z...G.d$..d%e.........Z...G.d&..d'e.e.........Z...G.d(..d)e.........Z...G.d*..d+e.........Z...G.d,..d-e.........Z...G.d...d/e.........Z...G.d0..d1e.........Z...G.d2..d3e.........Z ..G.d4..d5e.........Z!..G.d6..d7e.........Z"..G.d8..d9e.........Z#..G.d:..d;e.........Z$..G.d<..d=e.e.........Z%..G.d>..d?e.........Z&..G.d@..dAe.e.........Z...G.dB..dCe.e.........Z'..G.dD..dEe.........Z(..G.dF..dGe)e.........Z*..G.dH..dIe.........Z+..G.dJ..dKe.........Z,..G.dL..dMe.........Z-yN)O.....)...absolute_import.....)...IncompleteReadc...........................e.Z.d.Z.d.Z.y.)...HTT

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\fields.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10405
                                          Entropy (8bit):5.489801795046449
                                          Encrypted:false
                                          SSDEEP:192:YkhqMz+LUfXm1YFVUsmgUuELIKU9y+dIYF:YkQIaeXmm4kELIKsyQF
                                          MD5:E07BF610556E5776DD950365901990DB
                                          SHA1:DE605182807573A72325C819857083EA7B79B16E
                                          SHA-256:78E1F103F2268BE7970251AAF2A023C39954882B6A2B280CB4C0C04690C41DBD
                                          SHA-512:AB8BEC4C0042ACD6B3D0C2D0417229843645BCB3708470A9E3E4398D5DC2AC6AB1934A9BD77AA58D6017BBA15B8FE32F0F8108E5438683367ADA359EA9943EE6
                                          Malicious:false
                                          Preview:...........f.!..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d...Z.d...Z.d.d.d...Z.e.j.....................e.d.d.........D...c.i.c.](..}.|.d.v.r"..e.j...................|.........d.j...................|............*..c.}...........d...Z.d...Z.e.Z...G.d...d.e.........Z.y.c...c.}.w.)......)...absolute_importN.....)...sixc.....................B.....|.r.t.........j...................|.........d.....x.s...|.S.|.S.).z.. Guess the "Content-Type" of a file... :param filename:. The filename to guess the "Content-Type" of using :mod:`mimetypes`.. :param default:. If no "Content-Type" can be guessed, default to `default`.. r....)...mimetypes..guess_type)...filename..defaults.... .SC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/fields.py..guess_content_typer........s'...............#..#.H..-.a..0..;.G..;....N.....c............................t...........t.........j...........................r...j...............

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\filepost.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4010
                                          Entropy (8bit):5.301790405406043
                                          Encrypted:false
                                          SSDEEP:48:A6a2yU5fVXmUmoDO9LbJCBqSzNTC4s72GZ4NAlpLdA1lTaC+fvYw29ywyCczjDoo:tagVUbJCFsxuNAlAT+Cxw2cwyJMGh
                                          MD5:3CA282DD0C601B7B8A5C93FF280A733A
                                          SHA1:8FABBCB6EE1F25FAC80CA06A6A7AD2953DAE6E42
                                          SHA-256:028F95CD28607E7E385202BEC74C553704C481A094EB57B94F305E429970154B
                                          SHA-512:AF50B87A3B59E9F15232AC38E5F33AECFD7181916BAE70865F3A7E290EFFE11335969DEB844F8D9470492754365273FC67475895C4B20BFF6B0070D87F94B30A
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.....e.j...................d.........d.....Z.d...Z.d...Z.d...Z.d.d...Z.y.)......)...absolute_importN)...BytesIO.....)...RequestField)...six)...bz.utf-8.....c..........................t.........j...................t.........j...................d.................}.t.........j...................s.|.j...................d.........}.|.S.).zN. Our embarrassingly-simple replacement for mimetools.choose_boundary.. .......ascii)...binascii..hexlify..os..urandomr......PY2..decode)...boundarys.... .UC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/filepost.py..choose_boundaryr........s6.......................2..../.H....7.7....?.?.7..+......O.....c................#........K.....t.........|.t.................r.t.........j...................|.........}.n.t.........|.........}.|.D.]+..}.t.........|.t.................r.|.........t.........j.......

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\poolmanager.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):20294
                                          Entropy (8bit):5.475757209812685
                                          Encrypted:false
                                          SSDEEP:384:pYgixiutRx22m2SfvNN5pggSu3Kbp4tM3/J/:GAutR3k3NN5eM3MpaIJ/
                                          MD5:93E5129B08BC082CB832BDC668DDB036
                                          SHA1:03DB340B7CDCB7784E1F3086C1D6DF510E14DFEE
                                          SHA-256:EC2C30FD0427A133CBE050A8BED4DCEFC6CB0A5DA9EF23B3593F7865DAD59906
                                          SHA-512:0C865DE18B57EFAA6F1B52E531753C363AFDB4F23A1A2B35976EAE97163119501E1DBDC697B56276D5841AEF6050CD9EDB29C8D7EACA2AE0D96B295CB2857283
                                          Malicious:false
                                          Preview:...........f(M..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z...e.j<..................e.........Z d.Z!d.Z"..e.jF..................d.e"........Z$d.Z%..e.jF..................d.e%........Z&d...Z'..e.jP..................e'e$..........e.jP..................e'e$........d...Z)e.e.d...Z*..G.d...d.e.........Z+..G.d...d.e+........Z,d...Z-y.)......)...absolute_importN.....)...RecentlyUsedContainer)...HTTPConnectionPool..HTTPSConnectionPool..port_by_scheme)...LocationValueError..MaxRetryError..ProxySchemeUnknown..ProxySchemeUnsupported..URLSchemeUnknown)...six)...urljoin)...RequestMethods)...connection_requires_http_tunnel)...Retry)...parse_url)...PoolManager..ProxyManager..proxy_from_url)...key_file..cert_file..cert_reqs..ca_certs..ssl_version..ca_cert_dir..ssl_context..key_password..server_hostname)...key_scheme..key_host..key_port..key_tim

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\request.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7286
                                          Entropy (8bit):5.439438434769979
                                          Encrypted:false
                                          SSDEEP:96:osMY2cO6oSxdCyJTTGDX9Z+MhTEaMshfEtkK7h3dSnPXW4Xdb72SLC4OdMwpil3:ossR6oSXCyJgX9pgsJZKtABI4OQx
                                          MD5:7FF1CA1F4A803F35D2918A16518EE4D1
                                          SHA1:89F517289EFC22A6F8428DE05F61A22875679658
                                          SHA-256:3B5D3DC0A7F9620FE3AF4BAEB390A75F8F3514A495C4A7AD2840766699B9A8C3
                                          SHA-512:ACDD051E0BCE59BBB1010F09554DA04BBB538C6E51097180195380563A2EB105C03D30847AA474141C38B590D80937621C749F072EEA7883E21F1826DE3C5E4D
                                          Malicious:false
                                          Preview:...........f#...............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.g.Z...G.d...d.e.........Z.e.j...................s7..G.d...d.e.j...................e.....j...........................Z.e.e.j...................e....._.........y.y.)......)...absolute_importN.....)...encode_multipart_formdata)...six)...urlencode..RequestMethodsc.....................P.....e.Z.d.Z.d.Z.h.d...Z.d.d...Z.........d.d...Z.d.d...Z.d.d...Z.........d.d...Z.y.).r....a..... Convenience mixin for classes who implement a :meth:`urlopen` method, such. as :class:`urllib3.HTTPConnectionPool` and. :class:`urllib3.PoolManager`... Provides behavior for making common types of HTTP request methods and. decides which type of request field encoding to use... Specifically,.. :meth:`.request_encode_url` is for sending requests whose fields are. encoded in the URL (such as GET, HEAD, DELETE)... :meth:`.request_encode_body` is for sending requests whose fields are. enco

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\__pycache__\response.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):33960
                                          Entropy (8bit):5.197690622397562
                                          Encrypted:false
                                          SSDEEP:384:iiJlCWvF0Jr/YV3jZPaY2/AueGulwohd1zuNC6J2sG9HeRVG9fftkjnibU0ULXDi:hHCPmaYoAu8l/DOVMBaWfftkjn1TU3t
                                          MD5:76644FE1F5068EC130784C13D19000AF
                                          SHA1:3DDC392D87A5C0A33DF71F5A35DC229D8FF47042
                                          SHA-256:AD976EC2FBCB0D9EBF55CBB7B927BFB85B18F5F619B9AB89D9D76861C6A3BC48
                                          SHA-512:69304D02A9C5AA5243E98FBAD666905FE8AEE5897E62AA5B6C1C71B02335716DEDE8069E91F4695B5EE91828C96ECFF56F919A9329D8100FD758CE07DF37EE33
                                          Malicious:false
                                          Preview:...........f.w.............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z ..d.d.l!m"Z"..d.d.l#m$Z$m%Z%....e.jL..................e'........Z(..G.d...d.e)........Z*..G.d...d.e)........Z+..G.d...d.e)........Z,e.....G.d...d.e)........Z-..G.d...d.e)........Z.d...Z/..G.d...d.e.j`..........................Z1y.)......)...absolute_importN)...contextmanager)...error)...timeout.....)...util)...HTTPHeaderDict)...BaseSSLError..HTTPException)...BodyNotHttplibCompatible..DecodeError..HTTPError..IncompleteRead..InvalidChunkLength..InvalidHeader..ProtocolError..ReadTimeoutError..ResponseNotChunked..SSLError)...six)...is_fp_closed..is_response_to_headc...........................e.Z.d.Z.d...Z.d...Z.d...Z.y.)...DeflateDecoderc.....................R.....d.|._.........d.|._.........t.........j...........................|._.........y.).NT.....)..._first_try.._dat

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\_collections.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):10811
                                          Entropy (8bit):4.417580601911852
                                          Encrypted:false
                                          SSDEEP:192:uigwjMrDy91VrSp14/JPDc7R6w3R8RPI1dZ:LghuI14/JLs6AePkH
                                          MD5:C00034CAB38BB125F7FF7FA9FF99A5B8
                                          SHA1:48AA9B3F4621CB54B901F789D8E596122AB98898
                                          SHA-256:469D6657206073F52501CA7A3376ADD6C909057479278DCD6B0453BD6DA0FD76
                                          SHA-512:36B4442CDBF73E54AA3ED89C1464F1996B30C9A2C71B6E23F9529137CD988506D6C094451B34054537D111887E391248C8806E7DCFFF832956B4B9AEE234CC18
                                          Malicious:false
                                          Preview:from __future__ import absolute_import..try:. from collections.abc import Mapping, MutableMapping.except ImportError:. from collections import Mapping, MutableMapping.try:. from threading import RLock.except ImportError: # Platform-specific: No threads available.. class RLock:. def __enter__(self):. pass.. def __exit__(self, exc_type, exc_value, traceback):. pass...from collections import OrderedDict..from .exceptions import InvalidHeader.from .packages import six.from .packages.six import iterkeys, itervalues..__all__ = ["RecentlyUsedContainer", "HTTPHeaderDict"]..._Null = object()...class RecentlyUsedContainer(MutableMapping):. """. Provides a thread-safe dict-like container which maintains up to. ``maxsize`` keys while throwing away the least-recently-used keys beyond. ``maxsize``... :param maxsize:. Maximum number of recent elements to retain... :param dispose_func:. Every time an item is evicted from

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\_version.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):64
                                          Entropy (8bit):4.806804250365621
                                          Encrypted:false
                                          SSDEEP:3:SbFQmvCEmqhqO2i6TAXLvsD/:SbFmEdgOH4A7sD/
                                          MD5:7AC3036E582783F28D96AF250E413D81
                                          SHA1:6F6F135154F47E085D6CE6E49897A4B6B6684627
                                          SHA-256:6B3A0CECCEC15000E5DA406131547A3CF7F61A104323DD267B57DC9F34F075CC
                                          SHA-512:98173E4FBFD3037E09EA53D212FCADA80E3C361B58238E96E1BD9F442CF13FA4222DA655AA0B780908CE08AAAE1C0894D909AA47544C18F07FF5B68822B5DDCC
                                          Malicious:false
                                          Preview:# This file is protected via CODEOWNERS.__version__ = "1.26.17".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1155
                                          Entropy (8bit):4.83746578234033
                                          Encrypted:false
                                          SSDEEP:24:1R23fEVkSyG/TfgZ2G1lVZjY/ukxvt5U12MydsFtrB5cNuQOt4TJAAJxj:P+8ynGs1JjY/ukdX32FtrB5cNyKT6sj
                                          MD5:F951FB1888473EE32752499CE9B841A5
                                          SHA1:896463BCD6481C029DE1EF982B1F532942FA6B02
                                          SHA-256:2449929A6AAA2F26B0F0FE75814226661F06C20F62D7349EF83A2A022B67DA77
                                          SHA-512:FBB614667E169337204758BCF053EB65E55560BBB9A70CD749CF90F59059DB20C4419C999C1086754DF9D5C2306F9562262C689A8F49EC869309DABC5B6E547B
                                          Malicious:false
                                          Preview:from __future__ import absolute_import..# For backwards compatibility, provide imports that used to be here..from .connection import is_connection_dropped.from .request import SKIP_HEADER, SKIPPABLE_HEADERS, make_headers.from .response import is_fp_closed.from .retry import Retry.from .ssl_ import (. ALPN_PROTOCOLS,. HAS_SNI,. IS_PYOPENSSL,. IS_SECURETRANSPORT,. PROTOCOL_TLS,. SSLContext,. assert_fingerprint,. resolve_cert_reqs,. resolve_ssl_version,. ssl_wrap_socket,.).from .timeout import Timeout, current_time.from .url import Url, get_host, parse_url, split_first.from .wait import wait_for_read, wait_for_write..__all__ = (. "HAS_SNI",. "IS_PYOPENSSL",. "IS_SECURETRANSPORT",. "SSLContext",. "PROTOCOL_TLS",. "ALPN_PROTOCOLS",. "Retry",. "Timeout",. "Url",. "assert_fingerprint",. "current_time",. "is_connection_dropped",. "is_fp_closed",. "get_host",. "parse_url",. "make_headers",. "resolve_cert_reqs",.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1138
                                          Entropy (8bit):5.499665916147409
                                          Encrypted:false
                                          SSDEEP:24:f4gUVetDtDuGty+tIsko8yidUmzpr7kDDKBmXfbYHIp+:fxtD0+m5o8yidU67UDmQQIp+
                                          MD5:C494C6E9A7D797E7A1EE8F1C6825473A
                                          SHA1:7F5FF2D27BAF71B14E4E107981C9742B4F13BFB8
                                          SHA-256:D00B5A314FCF0042611AC1C53F37A7E246F31A02CE9D39FD1602A3E84EB6523A
                                          SHA-512:0F9EC35B2226346984CFFC086ED189EFCD01203CAC6611F4B85B93A0B54ADF5A18678EE4BE88E13307D77713038BA52BC1377E82FD7CCCFCDF52031B5FDDF8B5
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m Z m!Z!..d.Z"y.)......)...absolute_import.....)...is_connection_dropped)...SKIP_HEADER..SKIPPABLE_HEADERS..make_headers)...is_fp_closed)...Retry)...ALPN_PROTOCOLS..HAS_SNI..IS_PYOPENSSL..IS_SECURETRANSPORT..PROTOCOL_TLS..SSLContext..assert_fingerprint..resolve_cert_reqs..resolve_ssl_version..ssl_wrap_socket)...Timeout..current_time)...Url..get_host..parse_url..split_first)...wait_for_read..wait_for_write).r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....r....N)#..__future__r......connectionr......requestr....r....r......responser......retryr......ssl_r....r....r....r....r....r....r....r....r....r......timeoutr....r......urlr....r....r....r......waitr....r......__all__........ZC:\Users\V3NOM0u$\Desktop\python312\Lib\si

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\connection.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4748
                                          Entropy (8bit):5.5050193319361584
                                          Encrypted:false
                                          SSDEEP:96:f4yu3IQ5EJc367wwStdv2r58H5o9jfuK7pfRuu:Xu4Q+CKeVW5xLL75Ruu
                                          MD5:EAA3FD5B0C1D50CA7FEA0480AE31E79E
                                          SHA1:C80A0D5FA3E474206B10FC71EAC620B1B6A6EB83
                                          SHA-256:B8E59C1B901E1D092F04DF2CBB0D249DF24A2355BEC6E0BC604901D1F681DFB1
                                          SHA-512:1CDFD62835F126B4D89FB547FDA7C1F5792CCFD4FE801ADB41C710660E295A84416CFB5F360397E3EA5B510619FF626F99494D2D21CED5332287F39539059B78
                                          Malicious:false
                                          Preview:...........f%..............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d...Z.e.j...................d.d.f.d...Z.d...Z.d...Z.d...Z...e.d.........Z.y.)......)...absolute_importN.....)..._appengine_environ)...LocationParseError)...six.....)...NoWayToWaitForSocketError..wait_for_readc.....................f.....t.........|.d.d.........}.|.d.u.r.y.|...y...t.........|.d...........S.#.t.........$.r...Y.y.w.x.Y.w.).a$.... Returns True if the connection is dropped and should be closed... :param conn:. :class:`http.client.HTTPConnection` object... Note: For platforms like AppEngine, this will always return ``False`` to. let the platform handle connection recycling transparently for us.. ..sockFTg........)...timeout)...getattrr....r....)...connr....s.... .\C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/util/connection.py..is_connection_droppedr........sH...........4......'.D....u.}.......|............T.3.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\proxy.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1544
                                          Entropy (8bit):5.457160121263915
                                          Encrypted:false
                                          SSDEEP:24:8QRQZWXiIQXvAFnT8ade8uFKb/bjJgGKXIzV2tTskl5ePWraOmntGvhHn:8Q2ZxI38a48uFKbjUIpo5eeuVtmBn
                                          MD5:E00330B4C538E8C77230E5E2E0FEC5BF
                                          SHA1:20BCE9A617D0F029BB27402898F3972D7E33A351
                                          SHA-256:F926A893CC1DB42873AB3E7BC7D94BA1556215581E373D275452C7F1993FFB31
                                          SHA-512:677515CCCB9A6205F8D23934D28B5D7A133E62D0CC27D1676795F406B52AA6785A32DDDF1FA448E000D23E117ED426180B1E12BE03C80E3C57CBDDE49139A3CE
                                          Malicious:false
                                          Preview:...........fE.........................,.....d.d.l.m.Z.m.Z.m.Z.....d.d...Z...d.d...Z.y.)......)...create_urllib3_context..resolve_cert_reqs..resolve_ssl_versionNc.....................R.....|...y.|.d.k(..r.y.|.j...................d.k(..r.|.r.|.j...................r.y.y.).a?.... Returns True if the connection requires an HTTP CONNECT through the proxy... :param URL proxy_url:. URL of the proxy.. :param ProxyConfig proxy_config:. Proxy configuration from poolmanager.py. :param str destination_scheme:. The scheme of the destination. (i.e https, http, etc). F..http..httpsT)...scheme..use_forwarding_for_https)...proxy_url..proxy_config..destination_schemes.... .WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/util/proxy.py..connection_requires_http_tunnelr........s>......................V..#...............G..#........1..1.............c..........................t.........t.........|.........t.........|...................}.|.s |.s

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\queue.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1344
                                          Entropy (8bit):4.6838569465985005
                                          Encrypted:false
                                          SSDEEP:24:se1xahmzb1GL8/vMCTCwufmCV/W4CGF/OFkJ4IaE2m9cU:pWRcEC6LWoNQUcU
                                          MD5:5EC345ACC88882160EC406AD68914591
                                          SHA1:1EE6DC045E0DB9F2DFCF79AED0CFC24EEBF801CB
                                          SHA-256:C99709FD7A4795838B5ACDB99221581CD1CB82F57ABF2BB8A04EAABAD828614A
                                          SHA-512:BF7124727BD1874A0AE39DCFB6575CA4BBE3630B94B89B96FE5174B3E3CCD00D302E34A4E8AE19F2D1C228F5E598B9ED04DFCA988733AF314BFCF6B2BBF41FC4
                                          Malicious:false
                                          Preview:...........f..........................n.....d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...e.j...................r.d.d.l.Z...G.d...d.e.j...........................Z.y.)......N.....)...six....queuec.....................(.....e.Z.d.Z.d...Z.e.f.d...Z.d...Z.d...Z.y.)...LifoQueuec.....................6.....t.........j...........................|._.........y...N)...collections..dequer....)...self.._s.... .WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/util/queue.py.._initz.LifoQueue._init....s........ ..&..&..(.........c.....................&.......|.|.j...........................S.r....r....).r......lens.... r......_qsizez.LifoQueue._qsize....s..........4.:.:.....r....c.....................:.....|.j...................j...................|...........y.r....).r......append).r......items.... r......_putz.LifoQueue._put....s....................$...r....c.....................6.....|.j...................j...........................S.r....).r......pop).r....s.... r......_getz.LifoQ

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\request.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4175
                                          Entropy (8bit):5.666260279327798
                                          Encrypted:false
                                          SSDEEP:48:q+Gj9OQa0ivYufSYzEsL1GgpDKEBobUdno1PSYPKi6d1CxIeoG17oMkL:q+e9OQ87fSa1TpDKEeUAS8K/Itw
                                          MD5:3E52CB26E072A87A5014BEB48BF6E7DA
                                          SHA1:92EB88090A5F0C363C5525DB1069F535D0DA8AD1
                                          SHA-256:5E5BD4AE5B75B0E8756D2B885A71FE33B1D9071691E0761DB4FE1E06858F5C3A
                                          SHA-512:11BA477EAB8A0E2E399EE95495362A5604E8BECE5C764BDEA085B237D10BEF021092C0D2829996EBD10FE0A7F6E4467B3C8EF71B42E403C80F9BAE9B52B318A2
                                          Malicious:false
                                          Preview:...........f...............................d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.Z...e.g.d...........Z.d.Z...e.........Z.............d.d...Z.d...Z.d...Z.y.)......)...absolute_import)...b64encode.....)...UnrewindableBodyError)...b..integer_typesz.@@@SKIP_HEADER@@@)...accept-encoding..host..user-agentz.gzip,deflateNc.....................`.....i.}.|.r>t.........|.t.................r.n(t.........|.t.................r.d.j...................|.........}.n.t.........}.|.|.d.<...|.r.|.|.d.<...|.r.d.|.d.<...|.r)d.t.........t.........|.................j...................d.........z...|.d.<...|.r)d.t.........t.........|.................j...................d.........z...|.d.<...|.r.d.|.d.<...|.S.).a..... Shortcuts for generating request headers... :param keep_alive:. If ``True``, adds 'connection: keep-alive' header... :param accept_encoding:. Can be a boolean, list, or string.. ``True`` translates to 'gzip,deflate'.. List will get joined by co

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\response.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2981
                                          Entropy (8bit):5.54526558530662
                                          Encrypted:false
                                          SSDEEP:48:Lym/Fb16V0247gkLqr94dNmYGTAsvE6nnVBG1Pzbc:16BJrWgcsvBnM8
                                          MD5:8E91A3B40F968F4C754432DC2B6C6865
                                          SHA1:05653662456C83277225EDC66EB27AFD7A27E167
                                          SHA-256:2D953AEC5B2B11DF6D33700A261F070F8021673320EA8A25F2B0FF6352E40116
                                          SHA-512:8E47025ACB6B213C4B983AF77EA71A41A3808BF785A68EE3C253F05330A0DBC7A6685C4AF57A3ED32998444EF59DAFDA88B6704EB371359803832FEACF332FB0
                                          Malicious:false
                                          Preview:...........f..........................J.....d.d.l.m.Z...d.d.l.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z...d...Z.d...Z.d...Z.y.)......)...absolute_import)..!MultipartInvariantViolationDefect..StartBoundaryNotFoundDefect.....)...HeaderParsingError)...http_clientc.............................|.j...........................S.#.t.........$.r...Y.n.w.x.Y.w...|.j...................S.#.t.........$.r...Y.n.w.x.Y.w...|.j...................d.u.S.#.t.........$.r...Y.t.........d...........w.x.Y.w.).zt. Checks whether a given file-like object is closed... :param obj:. The file-like object to check.. Nz)Unable to determine whether fp is closed.)...isclosed..AttributeError..closed..fp..ValueError)...objs.... .ZC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/util/response.py..is_fp_closedr........s{................|.|.~..............................z.z................................v.v...~....................@..A..A......s).....................:...:...A.....A"..!.A".c...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\retry.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):21689
                                          Entropy (8bit):5.413833347162211
                                          Encrypted:false
                                          SSDEEP:384:xno5mUKuD+YIlzXQ4c8pY/ayXS511dapctDfy8N:Jo5mU7DIlDQ4vYj8fdESD5N
                                          MD5:B3D608CDF9AAEC3C80CF66A781E5C1F3
                                          SHA1:58B720F6375E400594C7DF13D59FA4AD25817705
                                          SHA-256:34666AB4B59E048DD10BDC62867DFE1F9869CB9AF61B9D1E357D954F05EF47B3
                                          SHA-512:979E32825E055622EE890041613088A88ECA6BF1AC953AF5EB351E569583E4C3F1369B01A2AE2F84043B5AA93B899AB83ED37A6C0EDB386EFF43799484F1789D
                                          Malicious:false
                                          Preview:...........f.U........................8.....d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z.....e.j*..................e.........Z...e.d.g.d...........Z...e.........Z...G.d...d.e.........Z...e.j:..................e...........G.d...d.e.................Z...e.d.........e._.........y.)......)...absolute_importN)...namedtuple)...takewhile.....)...ConnectTimeoutError..InvalidHeader..MaxRetryError..ProtocolError..ProxyError..ReadTimeoutError..ResponseError)...six..RequestHistory)...method..url..error..status..redirect_locationc..........................e.Z.d.Z.e.d...........Z.e.j...................d...........Z.e.d...........Z.e.j...................d...........Z.e.d...........Z.e.j...................d...........Z.y.)..._RetryMetac.....................N.....t.........j...................d.t...................|.j...................S...Nz}Using 'Retry.DEFAULT_METHOD_WHITELIST' is deprecated and will be removed in v2.0. Use

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\ssl_.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):15095
                                          Entropy (8bit):5.70629395866924
                                          Encrypted:false
                                          SSDEEP:384:B3jGaLH05HKvt1Aoi842/Qtk1x1vu2dB8fC32qSydOyKcWvaZiO:hiUQMvzfYoOyKci07
                                          MD5:A0AF2FD8F4FF79C0BCF891BB0920D65D
                                          SHA1:F2E1DB923728B407255F65A78A93603AEAC9789E
                                          SHA-256:EAB6ECAD5B405DB77AEFC06B6E336F9D6D41AB61A8B4F007995B816AC9FAE585
                                          SHA-512:CCF908FB49A163702FFF30B0E0BA171FEC01430E685466BEF78B204D18EDE877FCD0810EDCF9BCA2883D2383423ADA8354184A7706079A6CDD3BE55D19C5D343
                                          Malicious:false
                                          Preview:...........f.C..............................d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z...d.d.l.m.Z...d.d.l.m.Z.m.Z...d.Z.d.Z.d.Z.d.Z.d.Z.d.g.Z.e.e.e.d...Z.d...Z...e.e.d.e.........Z ..d.d.l!Z!d.d.l!m"Z"m#Z#....d.d.l!m.Z.....d.d.l%m.Z.....d.d.l!m&Z&..e&Z'..d.d.l!m(Z(....d.d.l!m)Z)m*Z*m+Z+....d.d.l!m,Z,..d.j[..................g.d...........Z...d.d.l!m.Z...d...Z0d ..Z1d!..Z2..d'd"..Z3........................d(d#..Z4d$..Z5d%..Z6d)d&..Z7y.#.e$$.r...Y..zw.x.Y.w.#.e$$.r...Y..~w.x.Y.w.#.e$$.r...Y...w.x.Y.w.#.e$$.r.....d.d.l!m'Z&..e&Z'n.#.e$$.r...d.x.Z'Z&Y.n.w.x.Y.w.Y...w.x.Y.w.#.e$$.r...e&Z(Y...w.x.Y.w.#.e$$.r...d.\...Z*Z+d.Z)Y...w.x.Y.w.#.e$$.r...d.Z,Y...w.x.Y.w.#.e$$.r.....G.d...d.e/........Z.Y...w.x.Y.w.)*.....)...absolute_importN)...hexlify..unhexlify)...md5..sha1..sha256.....)...InsecurePlatformWarning..ProxySchemeUnsupported..SNIMissingWarning..SSLError)...six.....)...BRACELESS_IPV6_ADDRZ_RE..IPV4_REFz.http/1.1).. ....(....@...c..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\ssl_match_hostname.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):5063
                                          Entropy (8bit):5.48900975925236
                                          Encrypted:false
                                          SSDEEP:96:0AiRWtVv5LtMIxP0zfUb8XGH02iQeUfy2ScGC:0Y5p0zfUwWHYT2ScGC
                                          MD5:9CDC9B58A086CBB0C05AF935CCC096F7
                                          SHA1:EB95A38A9DE68118BD9B7FE4EE635C6E61FB7D5B
                                          SHA-256:B48B8E5C293E676203A592FC38CC40332DAB79903F9CE51EC588EFEA3A8CCEC5
                                          SHA-512:1685E8229015B78166DBC7D0AD2CBA7FD27814A4181192EC820B447A6640FC09106060134E7FA17FD65C452C90ED76591784972C58574F51CF72BCDF54218D74
                                          Malicious:false
                                          Preview:...........f~.........................p.....d.Z.d.d.l.Z.d.d.l.Z...d.d.l.Z.d.Z...G.d...d.e.........Z.d.d...Z.d...Z.d...Z.d...Z.y.#.e.$.r...d.Z.Y..$w.x.Y.w.).zJThe match_hostname() function from Python 3.3.3, essential when using SSL......Nz.3.5.0.1c...........................e.Z.d.Z.y.)...CertificateErrorN)...__name__..__module__..__qualname__........dC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/util/ssl_match_hostname.pyr....r........s.........r....r....c...........................g.}.|.s.y.|.j...................d.........}.|.d.....}.|.d.d...}.|.j...................d.........}.|.|.kD..r.t.........d.t.........|.........z.............|.s!|.j...........................|.j...........................k(..S.|.d.k(..r.|.j...................d...........n{|.j...................d.........s.|.j...................d.........r%|.j...................t.........j...................|...................n4|.j...................t.........j...................|.........j..........

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\ssltransport.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):10764
                                          Entropy (8bit):5.144024015200956
                                          Encrypted:false
                                          SSDEEP:192:OGicuqXMZP7KxNLx+GHdrGVEnuukgybPK/5tuQf:5ilq6P7Qx+GHdIOBtuQf
                                          MD5:FAD005A8790673B262CDE36E1587E1E3
                                          SHA1:27D977B8B08EA0A65CFDB88CD05717DAC8E7A529
                                          SHA-256:6EE86EE1242049E64C9D73EF37763D10E263CD061C26B507F0AE4979CDFB12B1
                                          SHA-512:84242EEF9441047DFF6AC78989DE4F946CA03DFA3E0A6249D25A2D3DD4E883469F7088ADE3E0359012F8338237056D14DD72928D299BD0A7FA8C20BEDE2AF697
                                          Malicious:false
                                          Preview:...........f..........................L.....d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.Z...G.d...d.........Z.y.)......N.....)...ProxySchemeUnsupported)...sixi.@..c...........................e.Z.d.Z.d.Z.e.d...........Z...d.d...Z.d...Z.d...Z.d...Z.d.d...Z.d.d...Z.d.d...Z.d d...Z.d d...Z...d!d...Z.d...Z.d...Z.d"d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d#d...Z.d...Z.y.)$..SSLTransportaL.... The SSLTransport wraps an existing socket and establishes an SSL connection... Contrary to Python's implementation of SSLSocket, it allows you to chain. multiple TLS connections together. It's particularly useful if you need to. implement TLS within TLS... The class supports most of the socket API operations.. c.....................h.....t.........|.d.........s&t.........j...................r.t.........d...........t.........d...........y.).z.. Raises a ProxySchemeUnsupported if the provided ssl_context can't be used. for TLS in TLS... The

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\timeout.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):11131
                                          Entropy (8bit):5.2071867857445175
                                          Encrypted:false
                                          SSDEEP:192:Xor+TN+l/u/qDlQ3KJ8MhCBvqGV7fQdF4sQiiqygT4l:4qTm/u/qDGMyHpqJo
                                          MD5:C474E086E7A6D291F76FEE9444A81A0A
                                          SHA1:B3AB96EFB9F02380C2B0C8082C24598177671CB2
                                          SHA-256:46C3912E7A542A7BB2C51005C251AAF9752D9A210558A46B3C9FBB98CC360342
                                          SHA-512:2B25F7B3C24DD15B1F3D85729CB4B5B471A825E88E6173F33A058CEF70CB53D97566A058B4A8BB9BF6464FCEFB2C696B58ED57ED05660FCD55A6D512490B6957
                                          Malicious:false
                                          Preview:...........f.'.............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.m.Z...d.d.l.m.Z.....e.........Z...e.e.d.e.j...........................Z...G.d...d.e.........Z.y.)......)...absolute_importN)..._GLOBAL_DEFAULT_TIMEOUT..getdefaulttimeout.....)...TimeoutStateError..monotonicc..........................e.Z.d.Z.d.Z.e.Z.d.e.e.f.d...Z.d...Z.e.Z.e.d...........Z.e.d...........Z.e.d...........Z.d...Z.d...Z.d...Z.e.d...........Z.e.d...........Z.y.)...Timeouta2...Timeout configuration... Timeouts can be defined as a default for a pool:.. .. code-block:: python.. timeout = Timeout(connect=2.0, read=7.0). http = PoolManager(timeout=timeout). response = http.request('GET', 'http://example.com/').. Or per-request (which overrides the default for the pool):.. .. code-block:: python.. response = http.request('GET', 'http://example.com/', timeout=Timeout(10)).. Timeouts can be disabled by setting all the parameters to ``None``:.. .. code-block:: python..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\url.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):15787
                                          Entropy (8bit):5.730067771492386
                                          Encrypted:false
                                          SSDEEP:192:7jhVOVS1cL+lvP0EP2x2qMqXHJz/J9lZZJbrFwHjDP7l9pwDiGnCQZ1y1aPoa43a:PhVcS1cL+82iXhnnZRrqfVweGCyZ7Z
                                          MD5:E19A8EDD3E648662260C58475BC60A3E
                                          SHA1:BAF45F89ABA80BC04F4E33AB1A2F1DACE950BBB9
                                          SHA-256:4FF20607DDD20DF8F6592A5AFDADC3811C2EA719854F02336B75F45B677E340B
                                          SHA-512:380563FDF4BD5AB05F9068650F2463183966F4AC68EB68EE993690157685E62B924DFD89D451AEE79B5963A35D4B451658E08A5602DB8D212A77478CC0E23EB3
                                          Malicious:false
                                          Preview:...........f.7..............................d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.m.Z...g.d...Z.d.Z...e.j...................d.........Z...e.j...................d.........Z...e.j...................d.e.j...................e.j...................z...........Z.d.Z.d.Z.d.j'..................e.e...........Z.e.e.d...Z.g.d...Z.d.Z.d.d.j1..................e.D...c.g.c.]...}.|.e.z.........c.}.........z...d.z...Z.d.e.z...d.z...Z.d.e.z...d.z...e.z...d.z...Z.d.Z...e.j...................d.........Z...e.j...................d.e.z...d.z...........Z...e.j...................d.e.z...d.z...........Z...e.j...................d.e.z...d.z...........Z ..e.j...................d.e.d.d...z...d.z...........Z!..e.j...................d.e.z...d z...........Z"d!e...d.e...d.e...d"..Z#..e.j...................e#e.j...................e.j...................z...........Z$..e%d#........Z&..e%d$........Z'e&e'z...d%h.z...Z(e(d&d'h.z...Z)e)d(h.z...x.Z*Z+..G.d)..d*..e.d*e.................Z,d+..Z-d3d,..Z.d-..Z/d...Z0d/..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\__pycache__\wait.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4395
                                          Entropy (8bit):5.203791689757078
                                          Encrypted:false
                                          SSDEEP:96:bzbTiV8ZMXu9ohXMHqwhszBI/SmpT5cABuIAIPJth:reiZMXG6XMHqwhUI/dT5ru6PJ
                                          MD5:D31C1B0E51BDC5F9A5B98CA28DE128CA
                                          SHA1:96EDE80B58265F1E54B207E27C12452AE71EF57F
                                          SHA-256:DCA0466A9058D74FFCD2BD20371660A476BE80DAC9C34DBF5690BBCE4EF3567A
                                          SHA-512:6E49395BCC9F2207BA453FA10FB0A421A4C5AC65F533FA835C0E82B788F8692B4F26134600BFE3E9F7ECDC7D309FE53894F6D06ADE6760CF02146042A1860FE5
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.....d.d.l.m.Z...g.d...Z...G.d...d.e.........Z.e.j...................d.k\..r.d...Z.n.d...Z.d.d...Z.d.d...Z.d...Z.d...Z.d...a.d.d...Z.d.d...Z.y.#.e.$.r...d.d.l.m.Z...Y..Lw.x.Y.w.)......N)...partial)...monotonic)...time)...NoWayToWaitForSocketError..wait_for_read..wait_for_writec...........................e.Z.d.Z.y.).r....N)...__name__..__module__..__qualname__........VC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/urllib3/util/wait.pyr....r........s.........r....r....)...........c.............................|.|.........S...Nr....)...fn..timeouts.... r......_retry_on_intrr....*...s..........'.{...r....c.....................".....|...t.........d.........}.n.t.................|.z...}.......|.|.........S.#.t.........t.........j...................f.$.rO}.|.j...................d.....t.........j...................k7..r...|.t.................z...}.|.d.k...r.d.}.|.t.........d.........k(..r.d.}.Y.d.}

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\response.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):3510
                                          Entropy (8bit):4.529413035203953
                                          Encrypted:false
                                          SSDEEP:48:PYn1uZLY0GS9PpvNYKzamS7gkLgUCj0bp0FFN1SH8Qnt5JxWCkARhzE6nZwDQ1m8:uuK0HPpv1Nb5MGFU/JOChzB08
                                          MD5:6EB83504356CF0A5778199247F39E6CA
                                          SHA1:A3B6DD229AA3B2BE1A4148673A7A68D51EA53024
                                          SHA-256:189A60DC4822F6A6895D1C01879C2FF8C36E4566A7E4122EE34A117A8C563F6F
                                          SHA-512:E0B3F698B7AF3098526395E440CBAC30882EEFC5CDB9CAE0FAE166888B9C6546CC67176A1AEE50761E66FD6941A046645CA714A28E4CA09D75569C85A58ED2AB
                                          Malicious:false
                                          Preview:from __future__ import absolute_import..from email.errors import MultipartInvariantViolationDefect, StartBoundaryNotFoundDefect..from ..exceptions import HeaderParsingError.from ..packages.six.moves import http_client as httplib...def is_fp_closed(obj):. """. Checks whether a given file-like object is closed... :param obj:. The file-like object to check.. """.. try:. # Check `isclosed()` first, in case Python3 doesn't set `closed`.. # GH Issue #928. return obj.isclosed(). except AttributeError:. pass.. try:. # Check via the official file-like-object way.. return obj.closed. except AttributeError:. pass.. try:. # Check if the object is a container for another file-like object that. # gets released on exhaustion (e.g. HTTPResponse).. return obj.fp is None. except AttributeError:. pass.. raise ValueError("Unable to determine whether fp is closed.")...def assert_header_parsi

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\retry.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):22013
                                          Entropy (8bit):4.495310967587354
                                          Encrypted:false
                                          SSDEEP:192:nlSPFqV8FCR/EMIjKVabMI9eLNw6H2N/yBF1iruuciXjyy+ZCIyyMT9hJvF3O3XW:nZtngYyKuD+YB6tWvruOUY
                                          MD5:C310CE867C31E498A8B1012AD22946B3
                                          SHA1:0B9E7BFD446E8DF15923B8CC02010075B9AF8BDB
                                          SHA-256:67A5847F9D7C7933973F98EBE50490F60A892340D562DDD7B3710A9D86939AEB
                                          SHA-512:89AA812B63584535FE50D8178BB238419C679ED5EC1C4F359BC6EB6B0FE7379F9DD04ECFC5625F5928C1A0ED8B405D04E2277A49D43FF86EC75F3C8E030A9FDD
                                          Malicious:false
                                          Preview:from __future__ import absolute_import..import email.import logging.import re.import time.import warnings.from collections import namedtuple.from itertools import takewhile..from ..exceptions import (. ConnectTimeoutError,. InvalidHeader,. MaxRetryError,. ProtocolError,. ProxyError,. ReadTimeoutError,. ResponseError,.).from ..packages import six..log = logging.getLogger(__name__)...# Data structure for representing the metadata of requests that result in a retry..RequestHistory = namedtuple(. "RequestHistory", ["method", "url", "error", "status", "redirect_location"].)...# TODO: In v2 we can remove this sentinel and metaclass with deprecated options.._Default = object()...class _RetryMeta(type):. @property. def DEFAULT_METHOD_WHITELIST(cls):. warnings.warn(. "Using 'Retry.DEFAULT_METHOD_WHITELIST' is deprecated and ". "will be removed in v2.0. Use 'Retry.DEFAULT_ALLOWED_METHODS' instead",. DeprecationWarning,.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\ssl_.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):17177
                                          Entropy (8bit):4.775309806708075
                                          Encrypted:false
                                          SSDEEP:384:U1hF8n1WeEX+g42d1x1vR+WPNhorfCd20M0/1bv64asyKU1Je2kO81:U10KO+vxh7/17yKH
                                          MD5:B9CF4ED19E64963CEB82C8C53583B394
                                          SHA1:93D0641961B01C303CF84E54D8B66633ED410492
                                          SHA-256:5F8F80A96F756983E13F1EBEC5B7FAEB21C540A6EAA9F0BFE59B785A42D7D477
                                          SHA-512:BE560DA3BA6DBA0B9045DDBA347084A17BC5BCB1D19604C5EA46DE022C974592E82F499A0BFFC36ADD3165ED3EEF0D33CD9D15F941A7CFCAB6F54837D6420D02
                                          Malicious:false
                                          Preview:from __future__ import absolute_import..import hmac.import os.import sys.import warnings.from binascii import hexlify, unhexlify.from hashlib import md5, sha1, sha256..from ..exceptions import (. InsecurePlatformWarning,. ProxySchemeUnsupported,. SNIMissingWarning,. SSLError,.).from ..packages import six.from .url import BRACELESS_IPV6_ADDRZ_RE, IPV4_RE..SSLContext = None.SSLTransport = None.HAS_SNI = False.IS_PYOPENSSL = False.IS_SECURETRANSPORT = False.ALPN_PROTOCOLS = ["http/1.1"]..# Maps the length of a digest to a possible hash function producing this digest.HASHFUNC_MAP = {32: md5, 40: sha1, 64: sha256}...def _const_compare_digest_backport(a, b):. """. Compare two digests of equal length in constant time... The digests must be of type str/bytes.. Returns True if the digests match, and False otherwise.. """. result = abs(len(a) - len(b)). for left, right in zip(bytearray(a), bytearray(b)):. result |= left ^ right. return result == 0..._co

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\ssl_match_hostname.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5758
                                          Entropy (8bit):4.611359283311187
                                          Encrypted:false
                                          SSDEEP:96:qa5t+WRFp1bMziocVZn0QkWoAyQ40Rrz8JPGH5txxG3IpdmcyHSup1eqtPZ:H5x/bbXB0QkWxyQ40u4HPeIPmLyuCsB
                                          MD5:B0DB7B081C5B51774A44654D586E0F40
                                          SHA1:E1F6AB140AA52211A136D25F784A475F47434263
                                          SHA-256:22BE1C65512398093C8140081D64A2EF0B4E3BCDD4098001636C450F5425FD60
                                          SHA-512:C935738635C94A25758742611485558C1D0991AD5100074E8655A202198A3FBE3AB2349AD5418ABBBDE774E490FA91300C94082D275DA8B57B0E387937887D03
                                          Malicious:false
                                          Preview:"""The match_hostname() function from Python 3.3.3, essential when using SSL."""..# Note: This file is under the PSF license as the code comes from the python.# stdlib. http://docs.python.org/3/license.html..import re.import sys..# ipaddress has been backported to 2.6+ in pypi. If it is installed on the.# system, use it to handle IPAddress ServerAltnames (this was added in.# python-3.5) otherwise only do DNS matching. This allows.# util.ssl_match_hostname to continue to be used in Python 2.7..try:. import ipaddress.except ImportError:. ipaddress = None..__version__ = "3.5.0.1"...class CertificateError(ValueError):. pass...def _dnsname_match(dn, hostname, max_wildcards=1):. """Matching according to RFC 6125, section 6.4.3.. http://tools.ietf.org/html/rfc6125#section-6.4.3. """. pats = []. if not dn:. return False.. # Ported from python3-syntax:. # leftmost, *remainder = dn.split(r'.'). parts = dn.split(r"."). leftmost = parts[0]. remaind

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\ssltransport.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):6895
                                          Entropy (8bit):4.388507124401732
                                          Encrypted:false
                                          SSDEEP:192:zfcuDlXsMobpIIo86Nm0a7OyrsoLYs9LQau:zflDlcVblJ7rsuK
                                          MD5:33C5C43F65397D31EEBBAC57DC2CEF3A
                                          SHA1:78D59E903FECD211AA975AE4C8DC01B17C8FAD44
                                          SHA-256:340FAEE6B313AC3143142F10CD129410A306D39EB584E0F8A814EBDD9E29BFA1
                                          SHA-512:1FDCE1D1DC3E6927F159DA507D574A5C7474B821FF9E660C1DE4B3E26B008264DAE2C4EE6FAE548ACF8EB2FD545965D2A8EBAEC1292538B0CC728EDC70AB9DC9
                                          Malicious:false
                                          Preview:import io.import socket.import ssl..from ..exceptions import ProxySchemeUnsupported.from ..packages import six..SSL_BLOCKSIZE = 16384...class SSLTransport:. """. The SSLTransport wraps an existing socket and establishes an SSL connection... Contrary to Python's implementation of SSLSocket, it allows you to chain. multiple TLS connections together. It's particularly useful if you need to. implement TLS within TLS... The class supports most of the socket API operations.. """.. @staticmethod. def _validate_ssl_context_for_tls_in_tls(ssl_context):. """. Raises a ProxySchemeUnsupported if the provided ssl_context can't be used. for TLS in TLS... The only requirement is that the ssl_context provides the 'wrap_bio'. methods.. """.. if not hasattr(ssl_context, "wrap_bio"):. if six.PY2:. raise ProxySchemeUnsupported(. "TLS in TLS requires SSLContext.wrap_bio() which isn't ".

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\timeout.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):10168
                                          Entropy (8bit):4.384251610888325
                                          Encrypted:false
                                          SSDEEP:192:J6N+l/u6i71a8bo7pB2GmyqqQnqXAzBCsQioKA16:Am/u6gN6XGmAIHM
                                          MD5:888565383A82FCEDAF9D2473B8911660
                                          SHA1:D7F1427C1B312B0907973BD6F4C12E1E406C6825
                                          SHA-256:730AB874C93CEE624748192D2B59A2609FBCE46FB74F74664F6D2FED2142A67A
                                          SHA-512:835FF527992286DF1F75078900C41B79B08D497BF5DF510B5437C3B68EA317B1302466AE8ECF1A7E0424BEA70CF71B5EDDAB9EB67E0586F94549552B747A81FF
                                          Malicious:false
                                          Preview:from __future__ import absolute_import..import time..# The default socket timeout, used by httplib to indicate that no timeout was; specified by the user.from socket import _GLOBAL_DEFAULT_TIMEOUT, getdefaulttimeout..from ..exceptions import TimeoutStateError..# A sentinel value to indicate that no timeout was specified by the user in.# urllib3._Default = object()...# Use time.monotonic if available..current_time = getattr(time, "monotonic", time.time)...class Timeout(object):. """Timeout configuration... Timeouts can be defined as a default for a pool:.. .. code-block:: python.. timeout = Timeout(connect=2.0, read=7.0). http = PoolManager(timeout=timeout). response = http.request('GET', 'http://example.com/').. Or per-request (which overrides the default for the pool):.. .. code-block:: python.. response = http.request('GET', 'http://example.com/', timeout=Timeout(10)).. Timeouts can be disabled by setting all the parameters to ``None``:..

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\url.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):14296
                                          Entropy (8bit):4.9149976609001556
                                          Encrypted:false
                                          SSDEEP:384:jGBaWLWmblAkuqSHMXN5ts+RsF6IZQOaweGqSxgOO12j:jGruLHMPWV6a6pSxgVc
                                          MD5:3B0F140E69E68B5AA6006E4C7621E365
                                          SHA1:23D4363BF76691302DC9E216A3E4AD6DEE839CDB
                                          SHA-256:942004ECCE66C80F040DD5B4B09BB2C9985507D2BF8F7F258D684702715A5A81
                                          SHA-512:190637764FCB3AC705D942D992886652F98D9103DA4962D7A0D83AC0BADE9EF4DCD2D8E18E559EA6F21B23C46034E6D72B2488ADCB8F282828DC0DD8CFA75765
                                          Malicious:false
                                          Preview:from __future__ import absolute_import..import re.from collections import namedtuple..from ..exceptions import LocationParseError.from ..packages import six..url_attrs = ["scheme", "auth", "host", "port", "path", "query", "fragment"]..# We only want to normalize urls with an HTTP(S) scheme..# urllib3 infers URLs without a scheme (None) to be http..NORMALIZABLE_SCHEMES = ("http", "https", None)..# Almost all of these patterns were derived from the.# 'rfc3986' module: https://github.com/python-hyper/rfc3986.PERCENT_RE = re.compile(r"%[a-fA-F0-9]{2}").SCHEME_RE = re.compile(r"^(?:[a-zA-Z][a-zA-Z0-9+-]*:|/)").URI_RE = re.compile(. r"^(?:([a-zA-Z][a-zA-Z0-9+.-]*):)?". r"(?://([^\\/?#]*))?". r"([^?#]*)". r"(?:\?([^#]*))?". r"(?:#(.*))?$",. re.UNICODE | re.DOTALL,.)..IPV4_PAT = r"(?:[0-9]{1,3}\.){3}[0-9]{1,3}".HEX_PAT = "[0-9A-Fa-f]{1,4}".LS32_PAT = "(?:{hex}:{hex}|{ipv4})".format(hex=HEX_PAT, ipv4=IPV4_PAT)._subs = {"hex": HEX_PAT, "ls32": LS32_PAT}._variations = [. #

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\urllib3\util\wait.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):5403
                                          Entropy (8bit):4.537602348461433
                                          Encrypted:false
                                          SSDEEP:96:Y2n0jQGAov2Rq9rFKYuBArDu8N1lwcycJR8c8WR9qgP8LjBGdisassAEgaYAEDn:YE0jQGf9hKorDu4ec86T0LjBxsad2D
                                          MD5:CF3F909036467C64F0829344E4C49904
                                          SHA1:7944D9BDA2E8389C5CEBA58A7AD704532A4F6DD2
                                          SHA-256:7CE5F4FDF6A8CC6D8FEE25688D0A04D666F277078DC93726FA15C47C5AD3B4B2
                                          SHA-512:8362891953CDA4B2FC8072880D8BC3F9403FB9DFE6A86C0BB017C9E1CF8A4DD0A7B32172ACFCC92D236C38610A0851C32802B6AAA0CB4F6E35354074EB8ED195
                                          Malicious:false
                                          Preview:import errno.import select.import sys.from functools import partial..try:. from time import monotonic.except ImportError:. from time import time as monotonic..__all__ = ["NoWayToWaitForSocketError", "wait_for_read", "wait_for_write"]...class NoWayToWaitForSocketError(Exception):. pass...# How should we wait on sockets?.#.# There are two types of APIs you can use for waiting on sockets: the fancy.# modern stateful APIs like epoll/kqueue, and the older stateless APIs like.# select/poll. The stateful APIs are more efficient when you have a lots of.# sockets to keep track of, because you can set them up once and then use them.# lots of times. But we only ever want to wait on a single socket at a time.# and don't want to keep track of state, so the stateless APIs are actually.# more efficient. So we want to use select() or poll()..#.# Now, how do we choose between select() and poll()? On traditional Unixes,.# select() has a strange calling convention that makes it slow, or fail.# a

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\vendor.txt

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):493
                                          Entropy (8bit):4.7746517657184535
                                          Encrypted:false
                                          SSDEEP:12:OTdeS72N78XVZt/zm6ftmnQv54JxDhRdsMflp:OJeSCNS/Za6Fv+JxVRmMflp
                                          MD5:23138AA47D111A6FD465D282E7FC00EA
                                          SHA1:C070B3B9771E1E9657F872F5BEDB39A8CDB332E5
                                          SHA-256:E0D2A4EDF42156C670D14FB4CE69BD4362E01B268F5DA7056E7240692D10E846
                                          SHA-512:A9A1CCF8FD1C8BCA177833BAB95914804185A0A7CFF7062C8675137B133E4A1CDD81A45F87D03FCB0CB53E6126D160D77482CCA45E4B3C3C01893B12E3B6CD4E
                                          Malicious:false
                                          Preview:CacheControl==0.13.1 # Make sure to update the license in pyproject.toml for this..colorama==0.4.6.distlib==0.3.8.distro==1.8.0.msgpack==1.0.5.packaging==21.3.platformdirs==3.8.1.pyparsing==3.1.0.pyproject-hooks==1.0.0.requests==2.31.0. certifi==2023.7.22. chardet==5.1.0. idna==3.4. urllib3==1.26.17.rich==13.4.2. pygments==2.15.1. typing_extensions==4.7.1.resolvelib==1.0.1.setuptools==68.0.0.six==1.16.0.tenacity==8.2.2.tomli==2.0.1.truststore==0.8.0.webencodings==0.5.1.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):10579
                                          Entropy (8bit):4.710985631227764
                                          Encrypted:false
                                          SSDEEP:192:L388cYqgRKq/v9W3TEzFOZJr7MRW69FNpekGVjGERPs7ecJaXC8L:L3dbJ/1WgcZ4W6FwkaU7x8L
                                          MD5:55D9055C84ED1357A3A9DDFCD4BEF2CA
                                          SHA1:B86D0C96A67C31EBB93D1DFBC506289CD8ED30C0
                                          SHA-256:A8E04922E3F2FF8072607E96FDB360245FAA610D83A14F9D2AC0EEE724560978
                                          SHA-512:83F0A156004D77C51704E65158198E49320D954F5295CC995A281D8C151DD17DC47EE212EF4FDC0B197CBF339EBC500056F49782DFFDAE7590E6404DE167E3DF
                                          Malicious:false
                                          Preview:# coding: utf-8.""".. webencodings. ~~~~~~~~~~~~.. This is a Python implementation of the `WHATWG Encoding standard. <http://encoding.spec.whatwg.org/>`. See README for details... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details..."""..from __future__ import unicode_literals..import codecs..from .labels import LABELS...VERSION = '0.5.1'...# Some names in Encoding are not valid Python aliases. Remap these..PYTHON_NAMES = {. 'iso-8859-8-i': 'iso-8859-8',. 'x-mac-cyrillic': 'mac-cyrillic',. 'macintosh': 'mac-roman',. 'windows-874': 'cp874'}..CACHE = {}...def ascii_lower(string):. r"""Transform (only) ASCII letters to lower case: A-Z is mapped to a-z... :param string: An Unicode string.. :returns: A new Unicode string... This is used for `ASCII case-insensitive. <http://encoding.spec.whatwg.org/#ascii-case-insensitive>`_. matching of encoding labels.. The same matching is also used, among other things,.

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):11993
                                          Entropy (8bit):5.48644755775516
                                          Encrypted:false
                                          SSDEEP:192:uufTmANeGvmVa54qFavrCj/lykzOMb+E9YX/RX:5LmwGdvQyktb+E9W
                                          MD5:1ECC7AF2FE451CD48382549FC12C3C92
                                          SHA1:BA0A2A44BF5C2B1915838706E26ADE7A975664D6
                                          SHA-256:9DE9404ADFDFA4D83F2187ABD6D3D343C278CA97B66E648FF2C88BE5EF82C11A
                                          SHA-512:BBA1425E840FBCCBE76A0E8D890F6A719887EBEB8DB0BC37F77AE24414381B938AC38C5E9CBF1941469085791FF34A405E8A0AA8C2C4CD1C578E44E06B3A84A0
                                          Malicious:false
                                          Preview:...........fS)..............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z...d.Z.d.d.d.d.d...Z.i.Z.d...Z.d...Z.d...Z...G.d...d.e.........Z...e.d.........Z...e.d.........Z...e.d.........Z.d d...Z.d...Z.e.d.f.d...Z.d d...Z.d...Z.e.d.f.d...Z.d...Z...G.d...d.e.........Z...G.d...d.e.........Z.y.)!a...... webencodings. ~~~~~~~~~~~~.. This is a Python implementation of the `WHATWG Encoding standard. <http://encoding.spec.whatwg.org/>`. See README for details... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details........)...unicode_literalsN.....)...LABELSz.0.5.1z.iso-8859-8z.mac-cyrillicz.mac-roman..cp874).z.iso-8859-8-iz.x-mac-cyrillic..macintoshz.windows-874c.....................^.....|.j...................d.........j...........................j...................d.........S.).a9...Transform (only) ASCII letters to lower case: A-Z is mapped to a-z... :param string: An Unicode string.. :returns: A new Unicode string... This is used

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\__pycache__\labels.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):7124
                                          Entropy (8bit):6.016799298344487
                                          Encrypted:false
                                          SSDEEP:192:cWMFuwZnRwUW92HsMWIomedqcbinouMzov5:cWMFuGaUW8HsMWIomBu8ouKov5
                                          MD5:AD81FA0C8644104EFFC39A8548BB191F
                                          SHA1:DBFD0038A4CEDDE44FAF9433D62F5998001610B7
                                          SHA-256:5189222D97C712A86E4E9B7B7035ECAFB3534EB0499553F9960EBFDBA1E32442
                                          SHA-512:DD686A22D458D0EB571F089453BC0357FB65CBA5718F027E9531E5546DF67BEA692B77A671FE7EBFB21DFE27239B2AF9D26510529FC1E80BDACB633DB12FEF44
                                          Malicious:false
                                          Preview:...........f.#..............................d.Z.i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...i.d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d d...d!d...d"d.....i.d#d$..d%d$..d$d$..d&d$..d'd$..d(d$..d)d$..d*d$..d+d,..d-d,..d.d,..d/d,..d0d,..d1d,..d,d,..d2d,..d3d,....i.d4d,..d5d,..d6d,..d7d,..d8d,..d9d:..d;d:..d<d:..d=d:..d>d:..d:d:..d?d:..d@d:..dAd:..dBd:..dCd:..dDd:....i.dEdF..dGdF..dHdF..dFdF..dIdF..dJdF..dKdF..dLdF..dMdF..dNdF..dOdF..dPdQ..dQdQ..dRdQ..dSdT..dTdT..dUdT....i.dVdT..dWdT..dXdT..dYdT..dZdZ..d[dZ..d\dZ..d]d]..d^d]..d_d]..d`da..dada..dbda..dcda..ddda..deda..dfdf....i.dgdh..didh..djdh..dhdh..dkdh..dldl..dmdn..dodn..dndn..dpdn..dqdr..dsdr..dtdr..dudr..dvdr..drdr..dwdx....i.dxdx..dydx..dzd{..d{d{..d|d{..d}d~..d.d~..d.d~..d.d~..d.d~..d.d~..d.d~..d.d~..d.d~..d.d~..d.d~..d.d~....i.d.d~..d.d~..d.d~..d~d~..d.d~..d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d...d.d.....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\__pycache__\mklabels.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):2691
                                          Entropy (8bit):5.604217163428884
                                          Encrypted:false
                                          SSDEEP:48:Piz/ihuNICnHyZU6fywyJEhwRNJP05qdkZ82CHBnxrwSV:aDi0iCSNH2G5qCG2Ov
                                          MD5:CBD815F8F921FD21C93AE5CCFDAB29FD
                                          SHA1:04CA282DF9C822467E40CD6FB4BFFFFB2EB79979
                                          SHA-256:261C743C2B052388D148FC1D13B46A48290FFB3DE39095E1A3A7CB83B96695FC
                                          SHA-512:1778929652D5542EEC57E01A1F146D7A32B52D2F4948D3318FCB9D59136A8E2CE33A067D45DC64A6EB5B2E14DBA8401AF4081E7FC09F71BC6B60B67D22C410E8
                                          Malicious:false
                                          Preview:...........f..........................t.....d.Z.d.d.l.Z...d.d.l.m.Z...d...Z.d...Z.e.d.k(..r...e...e.d...................y.y.#.e.$.r...d.d.l.m.Z...Y..(w.x.Y.w.).z... webencodings.mklabels. ~~~~~~~~~~~~~~~~~~~~~.. Regenarate the webencodings.labels module... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details........N)...urlopenc.....................0.....|.|.j...........................k(..s.J...|.S...N)...lower)...strings.... .ZC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/webencodings/mklabels.py..assert_lowerr........s..........V.\.\.^..#..#..#....M.....c.............................d.g.}.t.........j...................t.........|.........j...........................j...................d.................D.......c.g.c.]V..}.|.d.....D.]L..}.|.d.....D.]B..}.t.........t.........|.................j...................d.........t.........|.d.............j...................d.........f....D...N...X..}.}.}.}.t.........d...|.D....

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\__pycache__\tests.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):9243
                                          Entropy (8bit):5.20982897863219
                                          Encrypted:false
                                          SSDEEP:192:L0ZXQMsgeecoaUTrTHBV9L9oRQFYOJMI2vkw9haKh2gJpx3viLpII:L0FQWeecoaQfRoqMI2sw9haKh22I
                                          MD5:6D500C3883EFA5F7D5D672529B154FAF
                                          SHA1:556C8B292A78E92E52C6408578A241769874B5A2
                                          SHA-256:8697B5CFB0A617F35E31E95BB9F4DBF1876EAB775E3BBC4342E223FA8B8B24AF
                                          SHA-512:F83CE9AE8087677DFF0C4EE9109C6E05BC1C5C4022C93A83D14C045166884A0A572822EB14D9D7EBCCC101F75FB1F319E3D5D410D82377D55FC8B79BA68E971D
                                          Malicious:false
                                          Preview:...........f..........................v.....d.Z.d.d.l.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z...d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.d...Z.y.).z... webencodings.tests. ~~~~~~~~~~~~~~~~~~.. A basic test suite for Encoding... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details........)...unicode_literals.....)...lookup..LABELS..decode..encode..iter_decode..iter_encode..IncrementalDecoder..IncrementalEncoder..UTF8c.....................F.........|.|.i.|.......t.........d.|.z.............#.|.$.r...Y.y.w.x.Y.w.).Nz.Did not raise %s.)...AssertionError)...exception..function..args..kwargss.... .WC:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/webencodings/tests.py..assert_raisesr........s;.........>....$..!.&..!.......0.9..<..=..=....................s.......... ... .c..........................t.........d.........j...................d.k(..s.J...t.........d.........j...................d.k(..s.J...t.........d...

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\__pycache__\x_user_defined.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3287
                                          Entropy (8bit):5.298378977428594
                                          Encrypted:false
                                          SSDEEP:96:ArMBM8/rYpKr7kubuWcIHiDHBf33Pf3mVtG:r/Nr7LbuWTHibBnuVc
                                          MD5:27CD2A8E874FF4ABDCCA4AED792DC9E3
                                          SHA1:56A15176846607CE34121DDDF092C7C4DE05B55C
                                          SHA-256:C73A4B4DD67C7D87C18BC01CD589926E4C304F64B019F56ED118B5DF2956FFE1
                                          SHA-512:231EE1180D2163936BB8B33CE7DD2E490ED660DC3C9935120294EFC2470C341796EAC7B48B485D8C08EBD43FFBA34C7307D20D8C388CEBF618A74474212698E2
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.m.Z...d.d.l.Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.j...........................Z...G.d...d.e.e.j...........................Z...G.d...d.e.e.j...........................Z...e.j...................d...e.........j.....................e.........j...................e.e.e.e...........Z.d.Z...e.j...................e.........Z.y.).z... webencodings.x_user_defined. ~~~~~~~~~~~~~~~~~~~~~~~~~~~.. An implementation of the x-user-defined encoding... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details........)...unicode_literalsNc...........................e.Z.d.Z.d.d...Z.d.d...Z.y.)...Codecc.....................8.....t.........j...................|.|.t.................S...N)...codecs..charmap_encode..encoding_table....self..input..errorss.... .`C:\Users\V3NOM0u$\Desktop\python312\Lib\site-packages\pip/_vendor/webencodings/x_user_defined.py..en

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\labels.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):8979
                                          Entropy (8bit):3.9105308752588424
                                          Encrypted:false
                                          SSDEEP:192:4ITA4JtHwGFd8UF1o5HowbqbuzbFb/b+TeJMDLdRT/aO9p+U6x9pJJRS/NA:RTA4JtHwGMUF1o5H8eJMDLdRT/aO9p+j
                                          MD5:F60643FB1D1BCC67D909770217036A43
                                          SHA1:0D571C80A0923785FD20100B9DB8C74993D035E7
                                          SHA-256:E003BF2B14DD76A1ADACBF67B3B9003E36F409C37AC6C088C5B2B7EC763DAF71
                                          SHA-512:1C3DF76548C9FF20F24F6750CF3DABB7866B498924F45213F72D1BEFD9E8232B91F7B4E4BD5133A3517B92554E74E7DA2C6FC6642167C00122AC6093764FA7F3
                                          Malicious:false
                                          Preview:""".. webencodings.labels. ~~~~~~~~~~~~~~~~~~~.. Map encoding labels to their name... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details..."""..# XXX Do not edit!.# This file is automatically generated by mklabels.py..LABELS = {. 'unicode-1-1-utf-8': 'utf-8',. 'utf-8': 'utf-8',. 'utf8': 'utf-8',. '866': 'ibm866',. 'cp866': 'ibm866',. 'csibm866': 'ibm866',. 'ibm866': 'ibm866',. 'csisolatin2': 'iso-8859-2',. 'iso-8859-2': 'iso-8859-2',. 'iso-ir-101': 'iso-8859-2',. 'iso8859-2': 'iso-8859-2',. 'iso88592': 'iso-8859-2',. 'iso_8859-2': 'iso-8859-2',. 'iso_8859-2:1987': 'iso-8859-2',. 'l2': 'iso-8859-2',. 'latin2': 'iso-8859-2',. 'csisolatin3': 'iso-8859-3',. 'iso-8859-3': 'iso-8859-3',. 'iso-ir-109':

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\mklabels.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):1305
                                          Entropy (8bit):4.8188121134805115
                                          Encrypted:false
                                          SSDEEP:24:0Az/cJc1/wsvK3I6U2zOwcJNAvigFM028U9NEHFAkaUSsptaP0h:pz/n14+uIzbwyEM021E8UvHaq
                                          MD5:16B377E26F6F4B9353464784CCAD19DC
                                          SHA1:1FAC2E8B532EB9062024C99E8AE7D0417F12520D
                                          SHA-256:19821ECB09E968B9CFD064A273C2C55A0774515BCEFE5D4D73A62817EF3B47FE
                                          SHA-512:DB6C969E5BE37C2EA70B98B8227C87121611EC364BD752A8CE083BB0DEB59F7CF08AA59E370C46F9A6FE8F7EB2A11FE8717F37A59825AA9D45D6A6FFC464CE85
                                          Malicious:false
                                          Preview:""".. webencodings.mklabels. ~~~~~~~~~~~~~~~~~~~~~.. Regenarate the webencodings.labels module... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details..."""..import json.try:. from urllib import urlopen.except ImportError:. from urllib.request import urlopen...def assert_lower(string):. assert string == string.lower(). return string...def generate(url):. parts = ['''\.""".. webencodings.labels. ~~~~~~~~~~~~~~~~~~~.. Map encoding labels to their name... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details..."""..# XXX Do not edit!.# This file is automatically generated by mklabels.py..LABELS = {.''']. labels = [. (repr(assert_lower(label)).lstrip('u'),. repr(encoding['name']).lstrip('u')). for category in json.loads(urlopen(url).read().decode('ascii')). for encoding in category['encodings']. for label in encoding['labels']]. max_len = max(len(l

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\tests.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable
                                          Category:dropped
                                          Size (bytes):6563
                                          Entropy (8bit):5.005813196764521
                                          Encrypted:false
                                          SSDEEP:192:KGpLBqOwLInBPqgGDrYrSrErorgrgrDrnrPrArNr7rIrHrzrrrBPWywjS:Kc1qLwBPqgGPAyEQ44PrjYJ3wL/nYM
                                          MD5:F576E857B45ECF794935B1FD1919A2C7
                                          SHA1:745CA9BD26CC0C09828BEE5F21D461D3AEFB9484
                                          SHA-256:3AD18BCA384D6357EF916D46BCB27F155F59A2A0BD027CA3AFBAB79314DBCCDB
                                          SHA-512:8F1CC6997A3C6DBF669AF6DF41FE0586464B07974C1DAFB079A511226048D344CC425F192C1E79377BEE40B05FA4322404A81CFA65BEBF801D8E89D8B83EC728
                                          Malicious:false
                                          Preview:# coding: utf-8.""".. webencodings.tests. ~~~~~~~~~~~~~~~~~~.. A basic test suite for Encoding... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details..."""..from __future__ import unicode_literals..from . import (lookup, LABELS, decode, encode, iter_decode, iter_encode,. IncrementalDecoder, IncrementalEncoder, UTF8)...def assert_raises(exception, function, *args, **kwargs):. try:. function(*args, **kwargs). except exception:. return. else: # pragma: no cover. raise AssertionError('Did not raise %s.' % exception)...def test_labels():. assert lookup('utf-8').name == 'utf-8'. assert lookup('Utf-8').name == 'utf-8'. assert lookup('UTF-8').name == 'utf-8'. assert lookup('utf8').name == 'utf-8'. assert lookup('utf8').name == 'utf-8'. assert lookup('utf8 ').name == 'utf-8'. assert lookup(' \r\nutf8\t').name == 'utf-8'. assert lookup('u8') is None # Python label.. assert lookup

                                          C:\Users\user\AppData\Roaming\windows\Lib\site-packages\pip\_vendor\webencodings\x_user_defined.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable
                                          Category:dropped
                                          Size (bytes):4307
                                          Entropy (8bit):4.320275346220306
                                          Encrypted:false
                                          SSDEEP:96:WM6buluNECIFi18gLrdo35Qti4p441sMLubQ:W3uluepFi6gPwQpSE
                                          MD5:74A6BDC155E4E6E8C08B22B0B34B5E7E
                                          SHA1:E7B80B249B8A194B29ACAA3B3709F655D75A7A62
                                          SHA-256:C8EA9649D9A9CAD19F52087F67A258803361A1CF81007CB279E4F5E45AF8DAD3
                                          SHA-512:CCC32377C20E805BCC30E1EAE818397052F94566AF0E0B8EDCB7617B61C6C581C6A19CB84D481168A40E95C564CB21037FE14EFDB725BD2F013C745668651D5E
                                          Malicious:false
                                          Preview:# coding: utf-8.""".. webencodings.x_user_defined. ~~~~~~~~~~~~~~~~~~~~~~~~~~~.. An implementation of the x-user-defined encoding... :copyright: Copyright 2012 by Simon Sapin. :license: BSD, see LICENSE for details..."""..from __future__ import unicode_literals..import codecs...### Codec APIs..class Codec(codecs.Codec):.. def encode(self, input, errors='strict'):. return codecs.charmap_encode(input, errors, encoding_table).. def decode(self, input, errors='strict'):. return codecs.charmap_decode(input, errors, decoding_table)...class IncrementalEncoder(codecs.IncrementalEncoder):. def encode(self, input, final=False):. return codecs.charmap_encode(input, self.errors, encoding_table)[0]...class IncrementalDecoder(codecs.IncrementalDecoder):. def decode(self, input, final=False):. return codecs.charmap_decode(input, self.errors, decoding_table)[0]...class StreamWriter(Codec, codecs.StreamWriter):. pass...class StreamReader(Codec,

                                          C:\Users\user\AppData\Roaming\windows\Lib\site.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):23504
                                          Entropy (8bit):4.667064620418957
                                          Encrypted:false
                                          SSDEEP:384:rw2NUPbFYo2mawTm1xV0lDKPKxBj/5QrYdCQk209nSX84/sHiKKWPBD:xURYo21E0xqRSlYYQ+SrxZWN
                                          MD5:C90E1491E620EF2E81E6601AD0B25574
                                          SHA1:E64382D24DD97D6008A82B0A123C0888DB10ABF0
                                          SHA-256:1C138F0D11E328D7933A3D4E455A50F37FF1633C7539079411CEB666B080F811
                                          SHA-512:11EDAB40A7BBBC1CCED563CB00885211C27D3714610B92BA507B5B2909E59A78280C1D6302AA925A6FBE0B7026C6371C21BF0C734091418666BF9D409665EB2C
                                          Malicious:false
                                          Preview:"""Append module search paths for third-party packages to sys.path.....****************************************************************..* This module is automatically imported during initialization. *..****************************************************************....This will append site-specific paths to the module search path. On..Unix (including Mac OSX), it starts with sys.prefix and..sys.exec_prefix (if different) and appends..lib/python<version>/site-packages...On other platforms (such as Windows), it tries each of the..prefixes directly, as well as with lib/site-packages appended. The..resulting directories, if they exist, are appended to sys.path, and..also inspected for path configuration files.....If a file named "pyvenv.cfg" exists one directory above sys.executable,..sys.prefix and sys.exec_prefix are set to that directory and..it is also checked for site-packages (sys.base_prefix and..sys.base_exec_prefix will always be the "real" prefixes of the Python..installation

                                          C:\Users\user\AppData\Roaming\windows\Lib\smtplib.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):44641
                                          Entropy (8bit):4.495904018343374
                                          Encrypted:false
                                          SSDEEP:768:rI6W3HVctoov8k0o+wt0ZEr1kNCLCkUethIqLbgaVIT4I6piT3fWotlAJpEgjFee:DWatDawzrmC9tYdawjW7E6eby
                                          MD5:975312F436C00D8D7397B6A22E8EBB98
                                          SHA1:07BF789C5B32E4550A3A74E63B894CDF73B30740
                                          SHA-256:BFB22B1D9F0BC1A193572B92CADFB2C10D831F443D682CDE90CDFAA548A0DD05
                                          SHA-512:9B5E3CBED83361A79FF2E357085B516495886EEED2167C75D4079C1F13DF25F755DDC689C530A5D7ECDFEB10F746C63BC2234C957C69DDBB57C82AE95DDCBF1F
                                          Malicious:false
                                          Preview:#! /usr/bin/env python3....'''SMTP/ESMTP client class.....This should follow RFC 821 (SMTP), RFC 1869 (ESMTP), RFC 2554 (SMTP..Authentication) and RFC 2487 (Secure SMTP over TLS).....Notes:....Please remember, when doing ESMTP, that the names of the SMTP service..extensions are NOT the same thing as the option keywords for the RCPT..and MAIL commands!....Example:.... >>> import smtplib.. >>> s=smtplib.SMTP("localhost").. >>> print(s.help()).. This is Sendmail version 8.8.4.. Topics:.. HELO EHLO MAIL RCPT DATA.. RSET NOOP QUIT HELP VRFY.. EXPN VERB ETRN DSN.. For more info use "HELP <topic>"... To report bugs in the implementation send email to.. sendmail-bugs@sendmail.org... For local information send email to Postmaster at your site... End of HELP info.. >>> s.putcmd("vrfy","someone@here").. >>> s.getreply().. (250, "Somebody OverHere <somebody@here.my.org>").. >>> s.quit()..'''....# Author: The Dragon De Monsyne <drago

                                          C:\Users\user\AppData\Roaming\windows\Lib\sndhdr.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7719
                                          Entropy (8bit):4.854081138958104
                                          Encrypted:false
                                          SSDEEP:192:mwqbK/jkUx5LN08OVfKwOQpRpXYEw6ddDDmQCpjHjKkz:mwI2IfKi+7pjD3
                                          MD5:2AE257ABDEEE32C5666AFA2541608483
                                          SHA1:EBFF491714017EA4E28BA6C9E863597D30C75680
                                          SHA-256:FA81B19F637ED3294F7C535CDF959C4AE2E370D7F3AEDCEC9A810F8B9558A22D
                                          SHA-512:0BA5CCC0C60CF2AC0741C68EF97221164C3E190D50713B2A246FB7DC83301BF51925C379DE27FDDC6C03487C76BB0FE7737814BE41EB34140CAD94A21013BE22
                                          Malicious:false
                                          Preview:"""Routines to help recognizing sound files.....Function whathdr() recognizes various types of sound file headers...It understands almost all headers that SOX can decode.....The return tuple contains the following items, in this order:..- file type (as SOX understands it)..- sampling rate (0 if unknown or hard to decode)..- number of channels (0 if unknown or hard to decode)..- number of frames in the file (-1 if unknown or hard to decode)..- number of bits/sample, or 'U' for U-LAW, or 'A' for A-LAW....If the file doesn't have a recognizable type, it returns None...If the file can't be opened, OSError is raised.....To compute the total time, divide the number of frames by the..sampling rate (a frame contains a sample for each channel).....Function what() calls whathdr(). (It used to also use some..heuristics for raw data, but this doesn't work very well.)....Finally, the function test() is a simple main program that calls..what() for all files mentioned on the argument list. For dire

                                          C:\Users\user\AppData\Roaming\windows\Lib\socket.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):38379
                                          Entropy (8bit):4.618917188223124
                                          Encrypted:false
                                          SSDEEP:768:DMXSVL2vpF5e7mYGW3fBp58RrNrgIULvT6DbdDS:DQDefBMRrdgIULvT6D5DS
                                          MD5:9AAB2F1A5BF7F626F4B92312CEACAA70
                                          SHA1:55DD8B566531622986FB8DCD9A2003EDE0D7A7DB
                                          SHA-256:7D4B7685670DE10D74F42DC0B72C0D48AAD373A77D6F97462667019D58DB78DB
                                          SHA-512:81979EF4C62C8C22813830AF106A340CD5D1EC09F38DCF0317689FF80BDA031DFEBE2D5C6716796C9A3623107B1A0BDE552F8EA4599BB5F8A5130246F46DD708
                                          Malicious:false
                                          Preview:# Wrapper module for _socket, providing some additional facilities..# implemented in Python....."""\..This module provides socket operations and some related functions...On Unix, it supports IP (Internet Protocol) and Unix domain sockets...On other systems, it only supports IP. Functions specific for a..socket are available as methods of the socket object.....Functions:....socket() -- create a new socket object..socketpair() -- create a pair of new socket objects [*]..fromfd() -- create a socket object from an open file descriptor [*]..send_fds() -- Send file descriptor to the socket...recv_fds() -- Receive file descriptors from the socket...fromshare() -- create a socket object from data received from socket.share() [*]..gethostname() -- return the current hostname..gethostbyname() -- map a hostname to its IP number..gethostbyaddr() -- map an IP number or hostname to DNS info..getservbyname() -- map a service name and a protocol name to a port number..getprotobyname() -- map a protoco

                                          C:\Users\user\AppData\Roaming\windows\Lib\socketserver.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):28709
                                          Entropy (8bit):4.5350322879491145
                                          Encrypted:false
                                          SSDEEP:384:140jlGmx6MdZG5F3+lNek7gawgKck2bw8Nfxr5dghwHHO4Q/NfX:28wi0Z8kywWdQ/
                                          MD5:D975B1EFE10804FB554241F4AA4FC9D2
                                          SHA1:F1752952C0FA820A5B70804DCB81662DCBF1DA79
                                          SHA-256:1C886A4880D38DF2D036BC6DF23399FD5660EA970DF0DEFFD988F6F92DB70A88
                                          SHA-512:C1508710C0700DBCDC6661218EEDEECB9F13D3E0289919F50627CA34935054C14D00D2B54133CA069381FDA6ACC98AAF6B34D458F63C557C67AC735C7574B870
                                          Malicious:false
                                          Preview:"""Generic socket server classes.....This module tries to capture the various aspects of defining a server:....For socket-based servers:....- address family:.. - AF_INET{,6}: IP (Internet Protocol) sockets (default).. - AF_UNIX: Unix domain sockets.. - others, e.g. AF_DECNET are conceivable (see <socket.h>..- socket type:.. - SOCK_STREAM (reliable stream, e.g. TCP).. - SOCK_DGRAM (datagrams, e.g. UDP)....For request-based servers (including socket-based):....- client address verification before further looking at the request.. (This is actually a hook for any processing that needs to look.. at the request before anything else, e.g. logging)..- how to handle multiple requests:.. - synchronous (one request is handled at a time).. - forking (each request is handled by a new process).. - threading (each request is handled by a new thread)....The classes in this module favor the server type that is simplest to..write: a

                                          C:\Users\user\AppData\Roaming\windows\Lib\sqlite3\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2571
                                          Entropy (8bit):4.739320030421755
                                          Encrypted:false
                                          SSDEEP:48:YOfevzhVebHd6wMTpe7d7h11pS1eBm0Tq6p6e9COnMvMpshvGfS:YOeH4dd11cedbr9COnUaXK
                                          MD5:94065ABBA62F622A898196D3A2C3B6A7
                                          SHA1:6DA747A8B8AF3DA6C53E6754837E2E7BA2C3D72A
                                          SHA-256:8C2CF6C0598D0D4F96F28EE6B4E2ABC17C1DD2021F601301D958789635BBF2C8
                                          SHA-512:3EC2120896A4574488A96D41D3568261350ED3E232D434E5EAB93D1B97B0907E2ADC13C0B7C193856F9A5F731E21111C22061E154CC50269DDE20CB0F5521F7B
                                          Malicious:false
                                          Preview:# pysqlite2/__init__.py: the pysqlite2 package...#..# Copyright (C) 2005 Gerhard H.ring <gh@ghaering.de>..#..# This file is part of pysqlite...#..# This software is provided 'as-is', without any express or implied..# warranty. In no event will the authors be held liable for any damages..# arising from the use of this software...#..# Permission is granted to anyone to use this software for any purpose,..# including commercial applications, and to alter it and redistribute it..# freely, subject to the following restrictions:..#..# 1. The origin of this software must not be misrepresented; you must not..# claim that you wrote the original software. If you use this software..# in a product, an acknowledgment in the product documentation would be..# appreciated but is not required...# 2. Altered source versions must be plainly marked as such, and must not be..# misrepresented as being the original software...# 3. This notice may not be removed or altered from any source distri

                                          C:\Users\user\AppData\Roaming\windows\Lib\sqlite3\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3982
                                          Entropy (8bit):4.543514836101169
                                          Encrypted:false
                                          SSDEEP:96:C9dQiK9zXnwg696u/vXm1O3yeXCDFdIEkAOO/g:C9dQDwg43/eg31CDV3g
                                          MD5:3A52226016BE7019A33B4E36F64C30BC
                                          SHA1:402831C91C1BD6C9B330EB20FADE921CA93F56C7
                                          SHA-256:EB222AEC2CD77D0EE30E9A12D343CF3321F0956733F27B37492DF598B36C7AC3
                                          SHA-512:688BEA0B51FBF085DF213045A1DEA594DF76E38810B1B1918367764176AB9BE90A94B1B2D29494A6453A2F0C0D4E6D4465228432B6E9802949B571F202E294AB
                                          Malicious:false
                                          Preview:"""A simple SQLite CLI for the sqlite3 module.....Apart from using 'argparse' for the command-line interface,..this module implements the REPL as a thin wrapper around..the InteractiveConsole class from the 'code' stdlib module..."""..import sqlite3..import sys....from argparse import ArgumentParser..from code import InteractiveConsole..from textwrap import dedent......def execute(c, sql, suppress_errors=True):.. """Helper that wraps execution of SQL code..... This is used both by the REPL and by direct execution from the CLI..... 'c' may be a cursor or a connection... 'sql' is the SQL string to execute... """.... try:.. for row in c.execute(sql):.. print(row).. except sqlite3.Error as e:.. tp = type(e).__name__.. try:.. print(f"{tp} ({e.sqlite_errorname}): {e}", file=sys.stderr).. except AttributeError:.. print(f"{tp}: {e}", file=sys.stderr).. if not suppress_errors:.. sys.exit(1)......

                                          C:\Users\user\AppData\Roaming\windows\Lib\sqlite3\dbapi2.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3739
                                          Entropy (8bit):4.793799391064396
                                          Encrypted:false
                                          SSDEEP:96:oOeH4d8NkWko8XjmelfgA58ngv4idm4BCP1gJF/vG/vm/t/wvdvSXK:ofL81BT58gv9I4Qe/vG/vm/t/wvdvF
                                          MD5:75BFAD372085E7FAB5FE55DE9EC64050
                                          SHA1:AC7B0B9B8666263425A6EA3522B928603A66E243
                                          SHA-256:4595E60F0893CD6D8C6937C8BA5F7D9BEB232E33A5548579B6598A46853A5C13
                                          SHA-512:740B85709D3D475366ED777EE437BB7FCE1164ECA9F8DA71162CC6C3709257211CDF5A71661F136CEA5DD2591D8F3C4556C58869071541A4365398C2F42FF132
                                          Malicious:false
                                          Preview:# pysqlite2/dbapi2.py: the DB-API 2.0 interface..#..# Copyright (C) 2004-2005 Gerhard H.ring <gh@ghaering.de>..#..# This file is part of pysqlite...#..# This software is provided 'as-is', without any express or implied..# warranty. In no event will the authors be held liable for any damages..# arising from the use of this software...#..# Permission is granted to anyone to use this software for any purpose,..# including commercial applications, and to alter it and redistribute it..# freely, subject to the following restrictions:..#..# 1. The origin of this software must not be misrepresented; you must not..# claim that you wrote the original software. If you use this software..# in a product, an acknowledgment in the product documentation would be..# appreciated but is not required...# 2. Altered source versions must be plainly marked as such, and must not be..# misrepresented as being the original software...# 3. This notice may not be removed or altered from any source d

                                          C:\Users\user\AppData\Roaming\windows\Lib\sqlite3\dump.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3559
                                          Entropy (8bit):4.784988920886343
                                          Encrypted:false
                                          SSDEEP:48:x+tzfkdKSQ2QAbhtPZI1/DdzY7+GDb3rb9R5BuajdkI:8tzfkdKPAbrZG/DJYqGDb3bHjmI
                                          MD5:7233BED1738E0A2FBC98C2B0975A784F
                                          SHA1:6F8CC5C1982EFBB786DA88C56A00D08EC15129B0
                                          SHA-256:83B6FB156EC8C6478C7284F3D75D2380E47EC2C07898C0D20EF7CEC01E159E06
                                          SHA-512:14E2E1A769615C00F034FC5B81881D2AF4A1444AEDF54D5A210AC7DCA268190D8877D7FC5F221B300960AE0FA07F75493ABE8239589FCBB9C27F6ABCA17DF819
                                          Malicious:false
                                          Preview:# Mimic the sqlite3 console shell's .dump command..# Author: Paul Kippes <kippesp@gmail.com>....# Every identifier in sql is quoted based on a comment in sqlite..# documentation "SQLite adds new keywords from time to time when it..# takes on new features. So to prevent your code from being broken by..# future enhancements, you should normally quote any identifier that..# is an English language word, even if you do not have to."....def _iterdump(connection):.. """.. Returns an iterator to the dump of the database in an SQL text format..... Used to produce an SQL dump of the database. Useful to save an in-memory.. database for later restoration. This function should not be called.. directly but instead called from the Connection method, iterdump()... """.... writeable_schema = False.. cu = connection.cursor().. yield('BEGIN TRANSACTION;').... # sqlite_master table contains the SQL CREATE statements for the database... q = """.. SELECT "name", "ty

                                          C:\Users\user\AppData\Roaming\windows\Lib\sre_compile.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):238
                                          Entropy (8bit):4.674625761918704
                                          Encrypted:false
                                          SSDEEP:6:wXLo5mpZYQ42HBg1ONXvjT22JgKIsMNEQHKSGKl:wXVZjHH6w/vBgKIDpHKK
                                          MD5:BBC0A0B4F7D38FDC4C14FF4780C1403E
                                          SHA1:373BCABDF1BD5AC7884471B77E0F3126457BC452
                                          SHA-256:B4C466EE8901119B467141DCC30D2BD512B3EC384911B8E33842E169FDAF19F4
                                          SHA-512:2DA6241F1BCC354D91BE16D18362722D0ED12EF8D30BD26AB6D080ABAD90A36B88D2C657A36F66BB95E338763FD21B754D93154313AA6C5379AD6C75005E5812
                                          Malicious:false
                                          Preview:import warnings..warnings.warn(f"module {__name__!r} is deprecated",.. DeprecationWarning,.. stacklevel=2)....from re import _compiler as _..globals().update({k: v for k, v in vars(_).items() if k[:2] != '__'})..

                                          C:\Users\user\AppData\Roaming\windows\Lib\sre_constants.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):239
                                          Entropy (8bit):4.669363088487422
                                          Encrypted:false
                                          SSDEEP:6:wXLo5mpZYQ42HBg1ONXvjMQA0gKIsMNEQHKSGKl:wXVZjHH6w/4v0gKIDpHKK
                                          MD5:F91B14486175BD8A104F6FA80F31A555
                                          SHA1:B8FA622257A09DF1ED3DA3F01F5273AF2CF0F69D
                                          SHA-256:A74070FD00E873127617BEE90A9FE54D2A710DFCE80CC57678992B2D1B22500B
                                          SHA-512:BC205DCF660E3379121F6DD77D1FF0E6C9A5392D9F4938ED0782910B04B03A343FCBCCCFCC9D5F99DAFD99EA9929C723DCFE095B69053632EDF0C92874159031
                                          Malicious:false
                                          Preview:import warnings..warnings.warn(f"module {__name__!r} is deprecated",.. DeprecationWarning,.. stacklevel=2)....from re import _constants as _..globals().update({k: v for k, v in vars(_).items() if k[:2] != '__'})..

                                          C:\Users\user\AppData\Roaming\windows\Lib\sre_parse.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):236
                                          Entropy (8bit):4.6586954272576655
                                          Encrypted:false
                                          SSDEEP:6:wXLo5mpZYQ42HBg1ONXvVJgKIsMNEQHKSGKl:wXVZjHH6w/7gKIDpHKK
                                          MD5:AE6DB8A967B0A29557CE3A27E7CEFF49
                                          SHA1:A327808D9BD6D3459BCC2D79F6EEFB33E9F29CB1
                                          SHA-256:7CFD6E20250E3FE0A4DE263F99ADE8B584109CE4DC5D198A26F0E1C2EB6780CA
                                          SHA-512:DE160CD27D55EBB108B2FF39C91D504914A814B3E53834150622E728F3F5A2CAE8C34C51436E752B8538A7411E152809DA61A121EE335C05D4D1AA60037D7B44
                                          Malicious:false
                                          Preview:import warnings..warnings.warn(f"module {__name__!r} is deprecated",.. DeprecationWarning,.. stacklevel=2)....from re import _parser as _..globals().update({k: v for k, v in vars(_).items() if k[:2] != '__'})..

                                          C:\Users\user\AppData\Roaming\windows\Lib\ssl.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):52299
                                          Entropy (8bit):4.759335791140121
                                          Encrypted:false
                                          SSDEEP:768:tMVjLpvt444abg7+0MkQMj1MnCXA+Y62lsQ7F4l0:WV/zYabOM2MnCw+YtD7F4a
                                          MD5:2C2C8F94CE8E08F2749EA8DD0155A085
                                          SHA1:09DE3C78F98BF6D4B437D65FD4D7DFD78843C9AF
                                          SHA-256:5DAEAA2407F01E2BB5871ACFB4D94444142666E2CB40FEAA02907739273D54C7
                                          SHA-512:EDFF83F643BF9A90D88B7543883FF2072BDF47A1E71EDC3090707F9D43AD188AF34CDB6C5D01A23BD347A33B4D9C36191D3232F56FABD35475216B407702D9E4
                                          Malicious:false
                                          Preview:# Wrapper module for _ssl, providing some additional facilities..# implemented in Python. Written by Bill Janssen....."""This module provides some more Pythonic support for SSL.....Object types:.... SSLSocket -- subtype of socket.socket which does SSL over the socket....Exceptions:.... SSLError -- exception raised for I/O errors....Functions:.... cert_time_to_seconds -- convert time string used for certificate.. notBefore and notAfter functions to integer.. seconds past the Epoch (the time values.. returned from time.time()).... get_server_certificate (addr, ssl_version, ca_certs, timeout) -- Retrieve the.. certificate from the server at the specified.. address and return it as a PEM-encoded string......Integer constants:....SSL_ERROR_ZERO_RETURN..SSL_ERROR_WANT_READ..SSL_ERROR_WANT_WRITE..SSL_ERROR_WANT_X509_LOOKUP..SSL_ERROR_SYSCALL..SSL_ERROR_SSL..SSL_ERR

                                          C:\Users\user\AppData\Roaming\windows\Lib\stat.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5680
                                          Entropy (8bit):5.1523236470837945
                                          Encrypted:false
                                          SSDEEP:96:btQUzIkdY5TVIU5zY553qt50eS52AY5LAx5UztU5ws45lz45R7J8nkwg3GCgt8Tn:ZB7dkV3YHqoeFAQAczDsQzmt8oW8TDHj
                                          MD5:7A7143CBE739708CE5868F02CD7DE262
                                          SHA1:E915795B49B849E748CDBD8667C9C89FCDFF7BAF
                                          SHA-256:E514FD41E2933DD1F06BE315FB42A62E67B33D04571435A4815A18F490E0F6CE
                                          SHA-512:7ECF6AC740B734D26D256FDE2608375143C65608934AA51DF7AF34A1EE22603A790ADC5B3D67D6944BA40F6F41064FA4D6957E000DE441D99203755820E34D53
                                          Malicious:false
                                          Preview:"""Constants/functions for interpreting results of os.stat() and os.lstat().....Suggested usage: from stat import *.."""....# Indices for stat struct members in the tuple returned by os.stat()....ST_MODE = 0..ST_INO = 1..ST_DEV = 2..ST_NLINK = 3..ST_UID = 4..ST_GID = 5..ST_SIZE = 6..ST_ATIME = 7..ST_MTIME = 8..ST_CTIME = 9....# Extract bits from the mode....def S_IMODE(mode):.. """Return the portion of the file's mode that can be set by.. os.chmod()... """.. return mode & 0o7777....def S_IFMT(mode):.. """Return the portion of the file's mode that describes the.. file type... """.. return mode & 0o170000....# Constants used as S_IFMT() for various file types..# (not all are implemented on all systems)....S_IFDIR = 0o040000 # directory..S_IFCHR = 0o020000 # character device..S_IFBLK = 0o060000 # block device..S_IFREG = 0o100000 # regular file..S_IFIFO = 0o010000 # fifo (named pipe)..S_IFLNK = 0o120000 # symbolic link..S_IFSOCK = 0o140000 # s

                                          C:\Users\user\AppData\Roaming\windows\Lib\statistics.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):51681
                                          Entropy (8bit):4.812093771535753
                                          Encrypted:false
                                          SSDEEP:768:ezttzGzxz6czkgy4cBrWuBj18GkrWIDRMZPTkQkRyFsz5zjr1mTH0NCH2xA7fPCy:extqNzK4sWuB1RcixQySlZmTUUHsA3
                                          MD5:316D6BBE1F18742DDF16D9DB36185D62
                                          SHA1:CF85AA1FAD8B76300F12783A76147E709F6EF21A
                                          SHA-256:BF12BAAB12537F999C15BB903EDA896CE761B8B5EDBB663DBE024CEEF0914749
                                          SHA-512:28B2AA1F9EC4C18FD99E86F65509E3C33E37B68187AF0AAAD5674FF5C579590236DE4BC08278C75D0F0CBE806BD5902493FD93DBE067F1B50A407C6FA045A94D
                                          Malicious:false
                                          Preview:"""..Basic statistics module.....This module provides functions for calculating statistics of data, including..averages, variance, and standard deviation.....Calculating averages..--------------------....================== ==================================================..Function Description..================== ==================================================..mean Arithmetic mean (average) of data...fmean Fast, floating point arithmetic mean...geometric_mean Geometric mean of data...harmonic_mean Harmonic mean of data...median Median (middle value) of data...median_low Low median of data...median_high High median of data...median_grouped Median, or 50th percentile, of grouped data...mode Mode (most common value) of data...multimode List of modes (most common values of data)...quantiles Divide data into intervals with equal probability...================== ==

                                          C:\Users\user\AppData\Roaming\windows\Lib\string.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12095
                                          Entropy (8bit):4.463943926280918
                                          Encrypted:false
                                          SSDEEP:192:NeRTSYTE9FuCE3W4Xc7Li9S/j/8RNnGPu+2MZKqhMohlPbokGJ2A7u6VOC:NeRTSYTE9xNPLeS/j/8TG2+2MZKqhMoC
                                          MD5:CF6B69E28ED69D22D657E0E5E7DF96CD
                                          SHA1:7ECB1B7C4DE06E50A8F2BB9BE720969E0936EE4C
                                          SHA-256:C5F415046D856B81BF227A605A410E7A9F250F477A8BA2418689159E2EF4D70B
                                          SHA-512:65CF0A923C63AAFBF5952DC09B2B1DBB9E76FB89D0A95EB5194D527917EA3D4D1FE54CEC366F52BC9FC2A555FF64EF6D94CCD1DA78739CB3D4BFA34D7E2A3640
                                          Malicious:false
                                          Preview:"""A collection of string constants.....Public module variables:....whitespace -- a string containing all ASCII whitespace..ascii_lowercase -- a string containing all ASCII lowercase letters..ascii_uppercase -- a string containing all ASCII uppercase letters..ascii_letters -- a string containing all ASCII letters..digits -- a string containing all ASCII decimal digits..hexdigits -- a string containing all ASCII hexadecimal digits..octdigits -- a string containing all ASCII octal digits..punctuation -- a string containing all ASCII punctuation characters..printable -- a string containing all ASCII characters considered printable...."""....__all__ = ["ascii_letters", "ascii_lowercase", "ascii_uppercase", "capwords",.. "digits", "hexdigits", "octdigits", "printable", "punctuation",.. "whitespace", "Formatter", "Template"]....import _string....# Some strings for ctype-style character classification..whitespace = ' \t\n\r\v\f'..ascii_lowercase = 'abcdefghijklmnopqrstuvwx

                                          C:\Users\user\AppData\Roaming\windows\Lib\stringprep.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13189
                                          Entropy (8bit):4.91396520579551
                                          Encrypted:false
                                          SSDEEP:384:uqbH8M915eiV4fTpjgLPXEj7w6NraVKt+oKVcXRn:uwnMaLPIN+VKtWKn
                                          MD5:7A4A0BE66939C3F2E62531A37F6B60E1
                                          SHA1:A4E0BE0F314B738F9ACE2698BF5B7910A9B4A1A5
                                          SHA-256:FE08A5C09B78E5037F7CCB95B9014C5F4CC2B3968C9001F321D4788E0ADB45EB
                                          SHA-512:DF83633E7F827D909426B58AADD9AD5664BAB4787119F005C25A7659E28BC8D2834CAD7B3CF0BE011D3AD6F30129FF724D5C40601ED50B9F4C94B2635875B226
                                          Malicious:false
                                          Preview:# This file is generated by mkstringprep.py. DO NOT EDIT..."""Library that exposes various tables found in the StringPrep RFC 3454.....There are two kinds of tables: sets, for which a member test is provided,..and mappings, for which a mapping function is provided..."""....from unicodedata import ucd_3_2_0 as unicodedata....assert unicodedata.unidata_version == '3.2.0'....def in_table_a1(code):.. if unicodedata.category(code) != 'Cn': return False.. c = ord(code).. if 0xFDD0 <= c < 0xFDF0: return False.. return (c & 0xFFFF) not in (0xFFFE, 0xFFFF)......b1_set = set([173, 847, 6150, 6155, 6156, 6157, 8203, 8204, 8205, 8288, 65279] + list(range(65024,65040)))..def in_table_b1(code):.. return ord(code) in b1_set......b3_exceptions = {..0xb5:'\u03bc', 0xdf:'ss', 0x130:'i\u0307', 0x149:'\u02bcn',..0x17f:'s', 0x1f0:'j\u030c', 0x345:'\u03b9', 0x37a:' \u03b9',..0x390:'\u03b9\u0308\u0301', 0x3b0:'\u03c5\u0308\u0301', 0x3c2:'\u03c3', 0x3d0:'\u03b2',..0x3d1:'\u03b8', 0x3d2:'\u03c5'

                                          C:\Users\user\AppData\Roaming\windows\Lib\struct.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):272
                                          Entropy (8bit):4.3743352648582725
                                          Encrypted:false
                                          SSDEEP:6:UoPb5ThvOC3hvOuFimWA7la//1SITIFIjrWVZFIpdOv:UoDhECUno7YlSIEFIfWV7IpdA
                                          MD5:5B6FAB07BA094054E76C7926315C12DB
                                          SHA1:74C5B714160559E571A11EA74FEB520B38231BC9
                                          SHA-256:EADBCC540C3B6496E52449E712ECA3694E31E1D935AF0F1E26CFF0E3CC370945
                                          SHA-512:2846E8C449479B1C64D39117019609E5A6EA8030220CAC7B5EC6B4090C9AA7156ED5FCD5E54D7175A461CD0D58BA1655757049B0BCE404800BA70A2F1E12F78C
                                          Malicious:false
                                          Preview:__all__ = [.. # Functions.. 'calcsize', 'pack', 'pack_into', 'unpack', 'unpack_from',.. 'iter_unpack',.... # Classes.. 'Struct',.... # Exceptions.. 'error'.. ]....from _struct import *..from _struct import _clearcache..from _struct import __doc__..

                                          C:\Users\user\AppData\Roaming\windows\Lib\subprocess.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):90941
                                          Entropy (8bit):4.2435843122404355
                                          Encrypted:false
                                          SSDEEP:1536:aK7t9c+p5IyX1dFML1Ztkq4iXochlqYIwaYO/ZJKDrKW2+E90Gj5hfqoHn7iZ0MU:aK7t++p5IyX1daL1NjOv
                                          MD5:93B0C900E0A94286F93F318864E18EF2
                                          SHA1:CD748C102C5486DA637A8CE74637774F3BF1670E
                                          SHA-256:4F08D583A95B415762D888FFF499C19103040D4B7027E25A73D46C7E3D777D04
                                          SHA-512:15755797223A5B9D7E6793741C702C549DAF498878E93C117276D7B3BB616C74E1CB19EEBE47CA85B6BBB8860C7A531EF5F285CC1661DAEC1C854D74F6D451D3
                                          Malicious:false
                                          Preview:# subprocess - Subprocesses with accessible I/O streams..#..# For more information about this module, see PEP 324...#..# Copyright (c) 2003-2005 by Peter Astrand <astrand@lysator.liu.se>..#..# Licensed to PSF under a Contributor Agreement.....r"""Subprocesses with accessible I/O streams....This module allows you to spawn processes, connect to their..input/output/error pipes, and obtain their return codes.....For a complete description of this module see the Python documentation.....Main API..========..run(...): Runs a command, waits for it to complete, then returns a.. CompletedProcess instance...Popen(...): A class for flexibly executing a command in a new process....Constants..---------..DEVNULL: Special value that indicates that os.devnull should be used..PIPE: Special value that indicates a pipe should be created..STDOUT: Special value that indicates that stderr should go to stdout......Older API..=========..call(...): Runs a command, waits for it to complete, then ret

                                          C:\Users\user\AppData\Roaming\windows\Lib\sunau.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):19011
                                          Entropy (8bit):4.553756459515841
                                          Encrypted:false
                                          SSDEEP:192:xoVIiMydyelw/k/TyMRDyzlDGgGoBVa/yY/BFex0lAvk/yCyg+YdM0ccoeUPG:xojMUyey/xQlorDY/exMAvVXWoK
                                          MD5:29CFCB0ACD4505F7C981120914AC2B21
                                          SHA1:FA6294A2DF45CF6087FCC14541B66BE0F1DE5CB5
                                          SHA-256:EBAED7E3E5AB1492CF3C124BA5A3FD1FBEF2EA2A89FEFD8B754C51BAD8E7AA75
                                          SHA-512:AC699BDC2304AA996F79473561EC2CC744DF8B57C04FA9B0CEFD2FD77AB037B61D4CB02A381937FA1205A190A4A8DD6DBB24E887EAFE5D31642C0BFA8B6AD720
                                          Malicious:false
                                          Preview:"""Stuff to parse Sun and NeXT audio files.....An audio file consists of a header followed by the data. The structure..of the header is as follows..... +---------------+.. | magic word |.. +---------------+.. | header size |.. +---------------+.. | data size |.. +---------------+.. | encoding |.. +---------------+.. | sample rate |.. +---------------+.. | # of channels |.. +---------------+.. | info |.. | |.. +---------------+....The magic word consists of the 4 characters '.snd'. Apart from the..info field, all header fields are 4 bytes in size. They are all..32-bit unsigned integers encoded in big-endian byte order.....The header size really gives the start of the data...The data size is the physical size of the data. From the other..parameters the number of frames can be calculated...The encoding gives the way in which audio sampl

                                          C:\Users\user\AppData\Roaming\windows\Lib\symtable.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11086
                                          Entropy (8bit):4.567184233297077
                                          Encrypted:false
                                          SSDEEP:192:t+Ra9lg8SLJMqIQ6Eddu1HgjotSAKgepU880:Gr8SLJ3IQ6E3cNKgepU0
                                          MD5:AA0E5FB49868FA2EDDA9102B39F2CD15
                                          SHA1:D64435EFB1E7DB20C4C7D029E92D49B2FECE5B5F
                                          SHA-256:AFE0B15C5761D2EA3738B0AAE6BD4A7FA2D0420D0BFD55320CC3671EB549D515
                                          SHA-512:0D1FB0CBB8A1B0520E01D5F6DB42390D353D1BDAAEB8D72F44B7B2F19C129E75395CE1CB3C717CB0E3E808A6A7039D0D0B03E3A1AB2D4D775696FBF4D5C7679F
                                          Malicious:false
                                          Preview:"""Interface to the compiler's internal symbol tables"""....import _symtable..from _symtable import (USE, DEF_GLOBAL, DEF_NONLOCAL, DEF_LOCAL, DEF_PARAM,.. DEF_IMPORT, DEF_BOUND, DEF_ANNOT, SCOPE_OFF, SCOPE_MASK, FREE,.. LOCAL, GLOBAL_IMPLICIT, GLOBAL_EXPLICIT, CELL)....import weakref....__all__ = ["symtable", "SymbolTable", "Class", "Function", "Symbol"]....def symtable(code, filename, compile_type):.. """ Return the toplevel *SymbolTable* for the source code..... *filename* is the name of the file with the code.. and *compile_type* is the *compile()* mode argument... """.. top = _symtable.symtable(code, filename, compile_type).. return _newSymbolTable(top, filename)....class SymbolTableFactory:.. def __init__(self):.. self.__memo = weakref.WeakValueDictionary().... def new(self, table, filename):.. if table.type == _symtable.TYPE_FUNCTION:.. return Function(table, filename).. if table.type == _symtable.TYPE_CLASS:..

                                          C:\Users\user\AppData\Roaming\windows\Lib\sysconfig.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):31875
                                          Entropy (8bit):4.844993224769645
                                          Encrypted:false
                                          SSDEEP:768:3sjrzn1Q7WkxFfRw2G3ULbA9/hK5U3lPdmOq61uc7g:3YzlkxFfS5//PdTR7g
                                          MD5:EDEA0EF7E425ECB1CDE79E2AC22D69A3
                                          SHA1:97F9BB6E19356964CBDC0F276E9A058E2467901D
                                          SHA-256:67A9061B83EFA404314AFBFB5BE243D684C20EA796F238F48CD83A6D5B1E647C
                                          SHA-512:14A4F20FE4F091BE0ECC41A7AF6F6DED1C30207D8B7AA5C38E4F2697883F240DFBED8D3412EA66D809EC13ED38056D90C6F96E9928EBE14A7F7449699F636C5B
                                          Malicious:false
                                          Preview:"""Access to Python's configuration information."""....import os..import sys..import threading..from os.path import realpath....__all__ = [.. 'get_config_h_filename',.. 'get_config_var',.. 'get_config_vars',.. 'get_makefile_filename',.. 'get_path',.. 'get_path_names',.. 'get_paths',.. 'get_platform',.. 'get_python_version',.. 'get_scheme_names',.. 'parse_config_h',..]....# Keys for get_config_var() that are never converted to Python integers..._ALWAYS_STR = {.. 'MACOSX_DEPLOYMENT_TARGET',..}...._INSTALL_SCHEMES = {.. 'posix_prefix': {.. 'stdlib': '{installed_base}/{platlibdir}/python{py_version_short}',.. 'platstdlib': '{platbase}/{platlibdir}/python{py_version_short}',.. 'purelib': '{base}/lib/python{py_version_short}/site-packages',.. 'platlib': '{platbase}/{platlibdir}/python{py_version_short}/site-packages',.. 'include':.. '{installed_base}/include/python{py_version_short}{abiflags}',.. 'pla

                                          C:\Users\user\AppData\Roaming\windows\Lib\tabnanny.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11871
                                          Entropy (8bit):4.483607215298272
                                          Encrypted:false
                                          SSDEEP:192:2Ptt0b5MiaVbSj5LmOLNzFhFI9NSHvc4n4+FAhBhNSkpyPqP1P+FMC6yILnMqx0:1b5M9lMBLNzFhFIjSHvc4n4+FAhFJ0Pn
                                          MD5:9ED3CFC9EF6082A3F987D132D653C3F2
                                          SHA1:F1D9C7DA135E7271A97234DAEBC5C25C33C732C2
                                          SHA-256:59F3489376F6B7D84F88CE5263EAC0A2CFDB401F37CF5CD18538CAD7B89BB9A4
                                          SHA-512:39FD53A7900418FFCEC8396B8C7A0B60BB87663D7725BA1EE0FEE35B2AFB43E15580E0E5A73CF2390C5DAA092AC8195321A9F939C5ADA84241E9020E164814AE
                                          Malicious:false
                                          Preview:#! /usr/bin/env python3...."""The Tab Nanny despises ambiguous indentation. She knows no mercy.....tabnanny -- Detection of ambiguous indentation....For the time being this module is intended to be called as a script...However it is possible to import it into an IDE and use the function..check() described below.....Warning: The API provided by this module is likely to change in future..releases; such changes may not be backward compatible..."""....# Released to the public domain, by Tim Peters, 15 April 1998.....# XXX Note: this is now a standard library module...# XXX The API needs to undergo changes however; the current code is too..# XXX script-like. This will be addressed later.....__version__ = "6"....import os..import sys..import tokenize....__all__ = ["check", "NannyNag", "process_tokens"]....verbose = 0..filename_only = 0....def errprint(*args):.. sep = "".. for arg in args:.. sys.stderr.write(sep + str(arg)).. sep = " ".. sys.stderr.write("\n").. sy

                                          C:\Users\user\AppData\Roaming\windows\Lib\tarfile.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):109783
                                          Entropy (8bit):4.48628869446824
                                          Encrypted:false
                                          SSDEEP:1536:mBoXq0G4wS81uRtT2PMI/hbq0gBsmoztv4:m2Xxw514tT2PVq0gBsxztv4
                                          MD5:F74CF4D0FF3AF0A580AE1C8AFB30E46C
                                          SHA1:E18BD7EA199382C22799DF86BB01D7724C9B4B63
                                          SHA-256:9CA6B53A644EC48A4B60D898803F849BB592CFDF0E9A51622CBD55E024E25125
                                          SHA-512:072E18E7BD418318B986B075DE4372E61ACB01376A80E77EF917A171C741D37731491B59D3AC338BBE4CC8E25B496235D04CE1D4FA44FE645EECA6444421730A
                                          Malicious:false
                                          Preview:#!/usr/bin/env python3..#-------------------------------------------------------------------..# tarfile.py..#-------------------------------------------------------------------..# Copyright (C) 2002 Lars Gustaebel <lars@gustaebel.de>..# All rights reserved...#..# Permission is hereby granted, free of charge, to any person..# obtaining a copy of this software and associated documentation..# files (the "Software"), to deal in the Software without..# restriction, including without limitation the rights to use,..# copy, modify, merge, publish, distribute, sublicense, and/or sell..# copies of the Software, and to permit persons to whom the..# Software is furnished to do so, subject to the following..# conditions:..#..# The above copyright notice and this permission notice shall be..# included in all copies or substantial portions of the Software...#..# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..# EXPRESS OR IMPLIED, INCLUDI

                                          C:\Users\user\AppData\Roaming\windows\Lib\telnetlib.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):23980
                                          Entropy (8bit):4.518460142420019
                                          Encrypted:false
                                          SSDEEP:384:DyP08SF0rbykUKUIVl0RPB5Z9FrpvPsgeNTKOX2A4bVWVn:WDSF0rukgI70RPB5Z9FrpvPsjNTKw
                                          MD5:2ED09F7EE2E1E01E25270207FEC33857
                                          SHA1:24A7D962D4AF64836EA270D475A2D00EA80E874F
                                          SHA-256:F04B318096FCAC0D033AD6B07737CEFF5B101EC2BF3EDA87CFDC37175F8C96ED
                                          SHA-512:9F81485F65E0069B9D71B81CAD07231F78F665A12D81E7F41517A59274467134A97D72662E2D9DFF5E0BD9FBBBBE158519E4494D61625A8545DC9B5A2154A9E4
                                          Malicious:false
                                          Preview:r"""TELNET client class.....Based on RFC 854: TELNET Protocol Specification, by J. Postel and..J. Reynolds....Example:....>>> from telnetlib import Telnet..>>> tn = Telnet('www.python.org', 79) # connect to finger port..>>> tn.write(b'guido\r\n')..>>> print(tn.read_all())..Login Name TTY Idle When Where..guido Guido van Rossum pts/2 <Dec 2 11:10> snag.cnri.reston......>>>....Note that read_all() won't read until eof -- it just reads some data..-- but it guarantees to read at least one byte unless EOF is hit.....It is possible to pass a Telnet object to a selector in order to wait until..more data is available. Note that in this case, read_eager() may return b''..even if there was data on the socket, because the protocol negotiation may have..eaten the data. This is why EOFError is needed in some cases to distinguish..between "no data" and "connection closed" (since the socket also appears ready..for reading when it is closed).....To

                                          C:\Users\user\AppData\Roaming\windows\Lib\tempfile.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):33188
                                          Entropy (8bit):4.435258347730375
                                          Encrypted:false
                                          SSDEEP:384:BNed/ue7EK/MBSxdsiEMDprcpdH+ddEjm3L9yvD+i+lZsLE:bed/uYE6M0x2iEMDpop9EujAyvZPLE
                                          MD5:5F363779E0969A7A5D57E8967FFB5224
                                          SHA1:8ADBBB3EF3F7396DF551CB9A42A9F7244C133EFB
                                          SHA-256:325262B226E4D8EC1EF92B825F603E54B767B5ADD31792ACFC3AB6F2B8BE73CE
                                          SHA-512:1018794515D6FA84A9DC5FF4079351D9E482ED907FCD1966939D450DD8F5CB8240C532BC0FD59526CB3AA4BF91CFADABD046D4C1C97824B53C45A187EBCE5012
                                          Malicious:false
                                          Preview:"""Temporary files.....This module provides generic, low- and high-level interfaces for..creating temporary files and directories. All of the interfaces..provided by this module can be used without fear of race conditions..except for 'mktemp'. 'mktemp' is subject to race conditions and..should not be used; it is provided for backward compatibility only.....The default path names are returned as str. If you supply bytes as..input, all return values will be in bytes. Ex:.... >>> tempfile.mkstemp().. (4, '/tmp/tmptpu9nin8').. >>> tempfile.mkdtemp(suffix=b'').. b'/tmp/tmppbi8f0hy'....This module also provides some data items to the user:.... TMP_MAX - maximum number of names that will be tried before.. giving up... tempdir - If this is set to a string before the first use of.. any routine from this module, it will be considered as.. another candidate location to store temporary files..."""....__all__ = [.. "NamedTemporaryFile", "Te

                                          C:\Users\user\AppData\Roaming\windows\Lib\textwrap.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):20209
                                          Entropy (8bit):4.447873689358886
                                          Encrypted:false
                                          SSDEEP:384:6jY1j/VIYzSu/AdorlSNMNt/KhV0q1uJN7J6CJap:6jY1j/bDAdWFOUNcC0p
                                          MD5:66ED8AD42ECE95E40E68ED807E3A4053
                                          SHA1:BD353F9EF3EA6D4CC510FC14F9A681F8F54C4CE6
                                          SHA-256:CAD00069B2A25A585604D2FA774C288CF5ED70D4464AFAC16EDF821F3A4AFD5F
                                          SHA-512:BBC4377CF3FC0B84694626D158CA969A2E4AB8B1C9A0CA778C6589362D804573A3B95031B30616D393F536D8CB13DBE1567ED084931A2619D83DD570107851AD
                                          Malicious:false
                                          Preview:"""Text wrapping and filling..."""....# Copyright (C) 1999-2001 Gregory P. Ward...# Copyright (C) 2002, 2003 Python Software Foundation...# Written by Greg Ward <gward@python.net>....import re....__all__ = ['TextWrapper', 'wrap', 'fill', 'dedent', 'indent', 'shorten']....# Hardcode the recognized whitespace characters to the US-ASCII..# whitespace characters. The main reason for doing this is that..# some Unicode spaces (like \u00a0) are non-breaking whitespaces..._whitespace = '\t\n\x0b\x0c\r '....class TextWrapper:.. """.. Object for wrapping/filling text. The public interface consists of.. the wrap() and fill() methods; the other methods are just there for.. subclasses to override in order to tweak the default behaviour... If you want to completely replace the main wrapping algorithm,.. you'll probably have to override _wrap_chunks()..... Several instance attributes control various aspects of wrapping:.. width (default: 70).. the maximum width of w

                                          C:\Users\user\AppData\Roaming\windows\Lib\this.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1031
                                          Entropy (8bit):4.7762509461988625
                                          Encrypted:false
                                          SSDEEP:24:b9G79+7q737Kv7Vm7QXUJRfDDFWnLmjoOLSFDuCSy176Pff2fdgmsG0Fm:k79+7q737s7A7QXG93COWVB76HsdnsGx
                                          MD5:92F4A7B0A22F593C8BDF429CAC3D4589
                                          SHA1:958CCB19110A69ED6595B5F16C768CA73A85C469
                                          SHA-256:5A89B1A1F22384960E69C554633A98558231F11A48260952EBFC21CA10F0625C
                                          SHA-512:2E0A0118BE0F4B309E6286E8015FFE0885181A77B485BA39E528638757D59ADB2F15F9F2ACC04DE31794357556DD5CC622EC8D6526604CE6F3F8520C2B64D925
                                          Malicious:false
                                          Preview:s = """Gur Mra bs Clguba, ol Gvz Crgref....Ornhgvshy vf orggre guna htyl...Rkcyvpvg vf orggre guna vzcyvpvg...Fvzcyr vf orggre guna pbzcyrk...Pbzcyrk vf orggre guna pbzcyvpngrq...Syng vf orggre guna arfgrq...Fcnefr vf orggre guna qrafr...Ernqnovyvgl pbhagf...Fcrpvny pnfrf nera'g fcrpvny rabhtu gb oernx gur ehyrf...Nygubhtu cenpgvpnyvgl orngf chevgl...Reebef fubhyq arire cnff fvyragyl...Hayrff rkcyvpvgyl fvyraprq...Va gur snpr bs nzovthvgl, ershfr gur grzcgngvba gb thrff...Gurer fubhyq or bar-- naq cersrenoyl bayl bar --boivbhf jnl gb qb vg...Nygubhtu gung jnl znl abg or boivbhf ng svefg hayrff lbh'er Qhgpu...Abj vf orggre guna arire...Nygubhtu arire vf bsgra orggre guna *evtug* abj...Vs gur vzcyrzragngvba vf uneq gb rkcynva, vg'f n onq vqrn...Vs gur vzcyrzragngvba vf rnfl gb rkcynva, vg znl or n tbbq vqrn...Anzrfcnprf ner bar ubaxvat terng vqrn -- yrg'f qb zber bs gubfr!"""....d = {}..for c in (65, 97):.. for i in range(26):.. d[chr(i+c)] = chr((i+13) % 26 + c)....print("".jo

                                          C:\Users\user\AppData\Roaming\windows\Lib\threading.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):61829
                                          Entropy (8bit):4.426519642160088
                                          Encrypted:false
                                          SSDEEP:768:2T8aeajmC/gcGUXiyLOSp2W2kIE/fZtTinkKUd9acJEi4OoOuTWJAkIE6py6UhMy:2jjOmH2o5DKg9vElO7IWJPKg9WnPG
                                          MD5:EF96E5D3E37946573944A21A541F1C88
                                          SHA1:B76A113076244AC30ACFA56332AED387E7D645BD
                                          SHA-256:2E15F4E0500260A756868AC0609C4702B10634A5DEE5D89926F9E3BD642089F1
                                          SHA-512:81607D3A99A2B6C4E18F74CC0A889DF0CB7BCABC54E28F5E255DCF78928E78759F6B6A4D52E19D2B819C7A72DAB5E9FF06DA8477F43FDD4C36D91218EA938025
                                          Malicious:false
                                          Preview:"""Thread module emulating a subset of Java's threading model."""....import os as _os..import sys as _sys..import _thread..import functools....from time import monotonic as _time..from _weakrefset import WeakSet..from itertools import count as _count..try:.. from _collections import deque as _deque..except ImportError:.. from collections import deque as _deque....# Note regarding PEP 8 compliant names..# This threading model was originally inspired by Java, and inherited..# the convention of camelCase function and method names from that..# language. Those original names are not in any imminent danger of..# being deprecated (even for Py3k),so this module provides them as an..# alias for the PEP 8 compliant names..# Note that using the new PEP 8 compliant names facilitates substitution..# with the multiprocessing module, which doesn't provide the old..# Java inspired names.....__all__ = ['get_ident', 'active_count', 'Condition', 'current_thread',.. 'enumerate', 'main_thr

                                          C:\Users\user\AppData\Roaming\windows\Lib\timeit.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13845
                                          Entropy (8bit):4.376280470787703
                                          Encrypted:false
                                          SSDEEP:384:cLWbxiKKgku/fXcsvHKut3THMXng+NZVJ:cacKKpu/0sfKGIXNZj
                                          MD5:52D94135A6134821B35075F61972C692
                                          SHA1:4F4D21C4AD0B07C5196FCA1E4F2CD8DF7BC0254D
                                          SHA-256:892EE637AA0C91999882BE4A25984F5B33E8FC1C577CAB32ADE8F13B7DAE212D
                                          SHA-512:646A6567B8B12616DFBC9D07BF2BAD84EB13A7E824B13979EAB1951FAE30526E7BF65B4F09DA9B898A131A1DB713E916A7D6BB9175326DF59FDC3F655FDFB908
                                          Malicious:false
                                          Preview:#! /usr/bin/env python3...."""Tool for measuring execution time of small code snippets.....This module avoids a number of common traps for measuring execution..times. See also Tim Peters' introduction to the Algorithms chapter in..the Python Cookbook, published by O'Reilly.....Library usage: see the Timer class.....Command line usage:.. python timeit.py [-n N] [-r N] [-s S] [-p] [-h] [--] [statement]....Options:.. -n/--number N: how many times to execute 'statement' (default: see below).. -r/--repeat N: how many times to repeat the timer (default 5).. -s/--setup S: statement to be executed once initially (default 'pass')... Execution time of this setup statement is NOT timed... -p/--process: use time.process_time() (default is time.perf_counter()).. -v/--verbose: print raw timing results; repeat for more digits precision.. -u/--unit: set the output time unit (nsec, usec, msec, or sec).. -h/--help: print this usage message and exit.. --: separate options from

                                          C:\Users\user\AppData\Roaming\windows\Lib\token.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2621
                                          Entropy (8bit):5.204282176965826
                                          Encrypted:false
                                          SSDEEP:48:J9Lcdqen2WIMekwDqkJVZuR4APG5XCsAnKClaofrYqR6FCgLzqUVndcELod:fc/2xMeJJIhGlCsNsaozgvzqUVn+Ew
                                          MD5:DC3731CBE0DCC0F35F663F02D04B1901
                                          SHA1:8F242B9EA8AC9AB40224C6934EF424A539F5CAFA
                                          SHA-256:C62135333E0EEBC05C84027FE51FCF5C43898606D76DBB9522E602941228EF76
                                          SHA-512:A8F29934F44E934A35F34204122A1AE63E0193F48953B9A8639DF95B2E1B477B0F95B367D4590F32C909AFF02B2B7A0E6D5AA87BC80D26ABA1B25CA45EC94D8C
                                          Malicious:false
                                          Preview:"""Token constants."""..# Auto-generated by Tools/build/generate_token.py....__all__ = ['tok_name', 'ISTERMINAL', 'ISNONTERMINAL', 'ISEOF']....ENDMARKER = 0..NAME = 1..NUMBER = 2..STRING = 3..NEWLINE = 4..INDENT = 5..DEDENT = 6..LPAR = 7..RPAR = 8..LSQB = 9..RSQB = 10..COLON = 11..COMMA = 12..SEMI = 13..PLUS = 14..MINUS = 15..STAR = 16..SLASH = 17..VBAR = 18..AMPER = 19..LESS = 20..GREATER = 21..EQUAL = 22..DOT = 23..PERCENT = 24..LBRACE = 25..RBRACE = 26..EQEQUAL = 27..NOTEQUAL = 28..LESSEQUAL = 29..GREATEREQUAL = 30..TILDE = 31..CIRCUMFLEX = 32..LEFTSHIFT = 33..RIGHTSHIFT = 34..DOUBLESTAR = 35..PLUSEQUAL = 36..MINEQUAL = 37..STAREQUAL = 38..SLASHEQUAL = 39..PERCENTEQUAL = 40..AMPEREQUAL = 41..VBAREQUAL = 42..CIRCUMFLEXEQUAL = 43..LEFTSHIFTEQUAL = 44..RIGHTSHIFTEQUAL = 45..DOUBLESTAREQUAL = 46..DOUBLESLASH = 47..DOUBLESLASHEQUAL = 48..AT = 49..ATEQUAL = 50..RARROW = 51..ELLIPSIS = 52..COLONEQUAL = 53..EXCLAMATION = 54..OP = 55..AWAIT = 56..ASYNC = 57..TYPE_IGNORE = 58..TYPE_COMMENT =

                                          C:\Users\user\AppData\Roaming\windows\Lib\tokenize.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21800
                                          Entropy (8bit):4.677996857786815
                                          Encrypted:false
                                          SSDEEP:384:gk38juhVcMXCBRFY0VbUu/q0Y8OKKcsRTukGwrHAxsBJD:g8hVcMXuRF2BuOKKcKZGwrH/BJD
                                          MD5:E893BB65B6CF7F02451E3D85147AA4D1
                                          SHA1:1472D0DE7E007A603BE3EBCA098D1C461B35C3BF
                                          SHA-256:B392482136E453AC329DFDFD99C54D939DCBF925A3E4D0E2BFFFCC5BE8A57598
                                          SHA-512:BB72E366C25B4955F2A5633A41B6AAC6885A06C3C27E01009EB2BF56FCCD6020DC6287A790753331D133C06EAFCE4A4E5B91706EDA615CEAFAB43813F35DADFC
                                          Malicious:false
                                          Preview:"""Tokenization help for Python programs.....tokenize(readline) is a generator that breaks a stream of bytes into..Python tokens. It decodes the bytes according to PEP-0263 for..determining source file encoding.....It accepts a readline-like method which is called repeatedly to get the..next line of input (or b"" for EOF). It generates 5-tuples with these..members:.... the token type (see token.py).. the token (a string).. the starting (row, column) indices of the token (a 2-tuple of ints).. the ending (row, column) indices of the token (a 2-tuple of ints).. the original line (string)....It is designed to match the working of the Python tokenizer exactly, except..that it produces COMMENT tokens for comments and gives type OP for all..operators. Additionally, all token lists start with an ENCODING token..which tells you which encoding was used to decode the bytes stream..."""....__author__ = 'Ka-Ping Yee <ping@lfw.org>'..__credits__ = ('GvR, ESR, Tim Peters, Thomas Wou

                                          C:\Users\user\AppData\Roaming\windows\Lib\tomllib\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):318
                                          Entropy (8bit):5.045051054683137
                                          Encrypted:false
                                          SSDEEP:6:SAgLRatxZSE91SnWiRD65orBUL2/fDwMwfXfv7zAn:5O+xZSE91SnWiRD65UUi/Lj+Xfj0n
                                          MD5:F7972D06CBEBD7D5618C4D56BB8E471F
                                          SHA1:BD39C6D364257C64AD3DA9017DE44D7A3A2CA5F1
                                          SHA-256:340E8AE1914E9E9E83E354BF9BCD2E96C4A4EBBC5CBDDAA4AE90037671D48CB9
                                          SHA-512:A3578FDD7426C8E72665621584D2BD242BF8AB1B0A88D93E5F6FE6A28E13A7AE4B1BE48A1E8B5E0A019276D2F9D95EC23E4EFA587BA52802B05835C04FC6261E
                                          Malicious:false
                                          Preview:# SPDX-License-Identifier: MIT..# SPDX-FileCopyrightText: 2021 Taneli Hukkinen..# Licensed to PSF under a Contributor Agreement.....__all__ = ("loads", "load", "TOMLDecodeError")....from ._parser import TOMLDecodeError, load, loads....# Pretend this exception was created here...TOMLDecodeError.__module__ = __name__..

                                          C:\Users\user\AppData\Roaming\windows\Lib\tomllib\_parser.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):23322
                                          Entropy (8bit):4.727730663363257
                                          Encrypted:false
                                          SSDEEP:384:/ZipBhaO0DKo/Fa7P2ynswBfboTBtqJbb6lNTPMQ9C2XAHzi1DV/ezwW:/UpBh90DKoA7+rTPcb67T0QbXEe1DV/a
                                          MD5:692ECDB85BAABC115BB8ACDD82B0CDE2
                                          SHA1:4B5EDFAB3FCE7ED3517F3753AA7D0B2E9076146D
                                          SHA-256:3D50B4129E51B82DC56104B75533B71216A85F681750F21C59290A97D0811086
                                          SHA-512:5FD1FE6ABFB331299C787457CB3D8F8EFA6880D3AE99ADF574167E11EEDC2342C2ADFA1561F75EE21809BEA8645CA9309F01FD6FE82FE1863F66A20FFADB23C3
                                          Malicious:false
                                          Preview:# SPDX-License-Identifier: MIT..# SPDX-FileCopyrightText: 2021 Taneli Hukkinen..# Licensed to PSF under a Contributor Agreement.....from __future__ import annotations....from collections.abc import Iterable..import string..from types import MappingProxyType..from typing import Any, BinaryIO, NamedTuple....from ._re import (.. RE_DATETIME,.. RE_LOCALTIME,.. RE_NUMBER,.. match_to_datetime,.. match_to_localtime,.. match_to_number,..)..from ._types import Key, ParseFloat, Pos....ASCII_CTRL = frozenset(chr(i) for i in range(32)) | frozenset(chr(127))....# Neither of these sets include quotation mark or backslash. They are..# currently handled as separate cases in the parser functions...ILLEGAL_BASIC_STR_CHARS = ASCII_CTRL - frozenset("\t")..ILLEGAL_MULTILINE_BASIC_STR_CHARS = ASCII_CTRL - frozenset("\t\n")....ILLEGAL_LITERAL_STR_CHARS = ILLEGAL_BASIC_STR_CHARS..ILLEGAL_MULTILINE_LITERAL_STR_CHARS = ILLEGAL_MULTILINE_BASIC_STR_CHARS....ILLEGAL_COMMENT_CHARS = ILLEGAL_BASIC_

                                          C:\Users\user\AppData\Roaming\windows\Lib\tomllib\_re.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3050
                                          Entropy (8bit):5.020525008551756
                                          Encrypted:false
                                          SSDEEP:48:8iRjeF1UmPPZIVDGiesR8/siAHIIUeTcPalZx2D0lHtGo0Do7Gq5PnLknQyszIEH:tZ2pZIVDGiesRuNMIIT6DOMsnwQysEU
                                          MD5:CB6C73383CC9DC1F343BB05E404FF4E5
                                          SHA1:30061B4A315B8EBEFAB207B084E6BC8534A693B5
                                          SHA-256:4842E6E992D2D9FFB07B47BE52C62A016582305E7071C2748877ED60A51D13A6
                                          SHA-512:4ECE79CDE22FE3AD3A18F34438181288C5B7B6055030F475346E86B809F5ED79BB22FD7D89E73AC9DEC66099EA5B79B6D199FF0E68E183AA7548D08C8B47CEF3
                                          Malicious:false
                                          Preview:# SPDX-License-Identifier: MIT..# SPDX-FileCopyrightText: 2021 Taneli Hukkinen..# Licensed to PSF under a Contributor Agreement.....from __future__ import annotations....from datetime import date, datetime, time, timedelta, timezone, tzinfo..from functools import lru_cache..import re..from typing import Any....from ._types import ParseFloat....# E.g...# - 00:32:00.999999..# - 00:32:00.._TIME_RE_STR = r"([01][0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])(?:\.([0-9]{1,6})[0-9]*)?"....RE_NUMBER = re.compile(.. r"""..0..(?:.. x[0-9A-Fa-f](?:_?[0-9A-Fa-f])* # hex.. |.. b[01](?:_?[01])* # bin.. |.. o[0-7](?:_?[0-7])* # oct..)..|..[+-]?(?:0|[1-9](?:_?[0-9])*) # dec, integer part..(?P<floatpart>.. (?:\.[0-9](?:_?[0-9])*)? # optional fractional part.. (?:[eE][+-]?[0-9](?:_?[0-9])*)? # optional exponent part..)..""",.. flags=re.VERBOSE,..)..RE_LOCALTIME = re.compile(_TIME_RE_STR)..RE_DATETIME = re.compile(.. rf"""..([0-9]{{4

                                          C:\Users\user\AppData\Roaming\windows\Lib\tomllib\_types.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):264
                                          Entropy (8bit):5.020749606814896
                                          Encrypted:false
                                          SSDEEP:6:SAgLRatxZSE91SnWNREYBFpkkVBL+RBCw+5/Lin:5O+xZSE91SnWNREYBJVB4c/Li
                                          MD5:DE6BA739621EA2A492AFFF15C82377F9
                                          SHA1:58DC9831FC2BBB71850D3F35B93D30C2EB9693B8
                                          SHA-256:FF8F42662B5B3275150639B2C20F72C08D1DD27E9F3C646B968C5A67B86BE9FE
                                          SHA-512:5B326E4D83B536728AF4656885B0131F1E368B90B05914E7AF7B7F38DA78C5249A88D83D11473C10F8F71FB7E49CC9332DCB91F825F033958F3DFF0A3C0145DF
                                          Malicious:false
                                          Preview:# SPDX-License-Identifier: MIT..# SPDX-FileCopyrightText: 2021 Taneli Hukkinen..# Licensed to PSF under a Contributor Agreement.....from typing import Any, Callable, Tuple....# Type annotations..ParseFloat = Callable[[str], Any]..Key = Tuple[str, ...]..Pos = int..

                                          C:\Users\user\AppData\Roaming\windows\Lib\trace.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):29922
                                          Entropy (8bit):4.349279759865132
                                          Encrypted:false
                                          SSDEEP:768:s8ANr0a9ZzFP5mpE+y0861HRlT9Lx+Mdbudf:bir0aJYp5yKtfudf
                                          MD5:DDF199D60DBEF8DA4E94D0E4E627E6D8
                                          SHA1:8933C89BF665245E385B6620B475D6A970585C9A
                                          SHA-256:1A38443BBE40ECEBDE3D56DAEAFB1EC385293543596481094ADC485B9BC15398
                                          SHA-512:0178EAD2F7B9CF46EE0281AF63382411F9DCCC6CB3356EB6D0C8D8A007997598B27005B28C004A50A23C0056E4833A2EE18282A98F92FF4F668FE7DD9E999317
                                          Malicious:false
                                          Preview:#!/usr/bin/env python3....# portions copyright 2001, Autonomous Zones Industries, Inc., all rights.....# err... reserved and offered to the public under the terms of the..# Python 2.2 license...# Author: Zooko O'Whielacronx..# http://zooko.com/..# mailto:zooko@zooko.com..#..# Copyright 2000, Mojam Media, Inc., all rights reserved...# Author: Skip Montanaro..#..# Copyright 1999, Bioreason, Inc., all rights reserved...# Author: Andrew Dalke..#..# Copyright 1995-1997, Automatrix, Inc., all rights reserved...# Author: Skip Montanaro..#..# Copyright 1991-1995, Stichting Mathematisch Centrum, all rights reserved...#..#..# Permission to use, copy, modify, and distribute this Python software and..# its associated documentation for any purpose without fee is hereby..# granted, provided that the above copyright notice appears in all copies,..# and that both that copyright notice and this permission notice appear in..# supporting documentation, and that the name of neither Automatrix,..# Bioreas

                                          C:\Users\user\AppData\Roaming\windows\Lib\traceback.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):47512
                                          Entropy (8bit):4.4043800069963135
                                          Encrypted:false
                                          SSDEEP:768:EMohcpIYS4UfZZDtKX0Yix9d+anHJakOFnVyH6ZIca:EMohuTSf6kLrQkzH6Zo
                                          MD5:3810BF534834964645F07881F1C84B21
                                          SHA1:AECB80D54CD58E3F54AA41D99A4BD7676C27204F
                                          SHA-256:AC90749FA2692E4BF6F39AC85DE077C53291BAE5D577BE99B3F23C1E7078AD95
                                          SHA-512:8118AB94541572165C93CFA7A769107C2489809F272D08184DEA8FDA62BC4D1C1C1F4F9F5ABA602881EAAEEA1AB38FDD63FFBD8F85AEDEB2228883FBD5FA17EB
                                          Malicious:false
                                          Preview:"""Extract, format and print information about Python stack traces."""....import collections.abc..import itertools..import linecache..import sys..import textwrap..from contextlib import suppress....__all__ = ['extract_stack', 'extract_tb', 'format_exception',.. 'format_exception_only', 'format_list', 'format_stack',.. 'format_tb', 'print_exc', 'format_exc', 'print_exception',.. 'print_last', 'print_stack', 'print_tb', 'clear_frames',.. 'FrameSummary', 'StackSummary', 'TracebackException',.. 'walk_stack', 'walk_tb']....#..# Formatting and printing lists of traceback lines...#....def print_list(extracted_list, file=None):.. """Print the list of tuples as returned by extract_tb() or.. extract_stack() as a formatted stack trace to the given file.""".. if file is None:.. file = sys.stderr.. for item in StackSummary.from_list(extracted_list).format():.. print(item, file=file, end="")....def format_list(extracted_list

                                          C:\Users\user\AppData\Roaming\windows\Lib\tracemalloc.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):18607
                                          Entropy (8bit):4.3022125555964355
                                          Encrypted:false
                                          SSDEEP:192:+4LhpNVbPdoUFsyIygyWy98JYYV/lGT7mEE/U/JZJtvryt/+ZYJOZGB5qTW:VhbVbPbFhFdWy98JYYVNGXLjGT
                                          MD5:0233BC515180C861D919BA79B6928163
                                          SHA1:FD671280B0ECDD6E8EB44F36C75ADE6E5C32DE8F
                                          SHA-256:488C28AD5FD084DD715986EA235928894F1B140AC880A5872655A99C97054DC2
                                          SHA-512:6B158318BF6BBCE099EC3519E5A2780504ADBB93B76F33FA19DE57BCA808757A466731D2D7C47EBCA29B492AE66685908449B811A02DA1BD62FE1F6D95B0A7A5
                                          Malicious:false
                                          Preview:from collections.abc import Sequence, Iterable..from functools import total_ordering..import fnmatch..import linecache..import os.path..import pickle....# Import types and functions implemented in C..from _tracemalloc import *..from _tracemalloc import _get_object_traceback, _get_traces......def _format_size(size, sign):.. for unit in ('B', 'KiB', 'MiB', 'GiB', 'TiB'):.. if abs(size) < 100 and unit != 'B':.. # 3 digits (xx.x UNIT).. if sign:.. return "%+.1f %s" % (size, unit).. else:.. return "%.1f %s" % (size, unit).. if abs(size) < 10 * 1024 or unit == 'TiB':.. # 4 or 5 digits (xxxx UNIT).. if sign:.. return "%+.0f %s" % (size, unit).. else:.. return "%.0f %s" % (size, unit).. size /= 1024......class Statistic:.. """.. Statistic difference on memory allocations between two Snapshot instance... """.... __slots__ = ('traceback

                                          C:\Users\user\AppData\Roaming\windows\Lib\tty.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2108
                                          Entropy (8bit):5.134965823089888
                                          Encrypted:false
                                          SSDEEP:48:xh4rTFizQgTlvF/EYaPhu9j8raPhu9cTEvDyYITk7DyC:7GizZlv9Ev0jH0cXYIRC
                                          MD5:7B2597A8F09CC5BD1AF60C029F543336
                                          SHA1:20A0B29E1FA94D30A688AA54C150AB0A9F69A350
                                          SHA-256:E03CA6CC422B36186EC1FCC3686B5EDDEC2C1F8FB26F1F9E3DB74A6B800C6B3C
                                          SHA-512:EAA3D9A2C31D5A491C3A4F40721CA6D77C411D6B1C161134AC66781E64A7CD423F7F17BF3F4DEB26F2FC76AFD342631DCA8113D8705785EA4836C24AA9BC7130
                                          Malicious:false
                                          Preview:"""Terminal utilities."""....# Author: Steen Lumholt.....from termios import *....__all__ = ["cfmakeraw", "cfmakecbreak", "setraw", "setcbreak"]....# Indices for termios list...IFLAG = 0..OFLAG = 1..CFLAG = 2..LFLAG = 3..ISPEED = 4..OSPEED = 5..CC = 6....def cfmakeraw(mode):.. """Make termios mode raw.""".. # Clear all POSIX.1-2017 input mode flags... # See chapter 11 "General Terminal Interface".. # of POSIX.1-2017 Base Definitions... mode[IFLAG] &= ~(IGNBRK | BRKINT | IGNPAR | PARMRK | INPCK | ISTRIP |.. INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF).... # Do not post-process output... mode[OFLAG] &= ~OPOST.... # Disable parity generation and detection; clear character size mask;.. # let character size be 8 bits... mode[CFLAG] &= ~(PARENB | CSIZE).. mode[CFLAG] |= CS8.... # Clear all POSIX.1-2017 local mode flags... mode[LFLAG] &= ~(ECHO | ECHOE | ECHOK | ECHONL | ICANON |.. IEXTEN | ISIG | NOFLSH | TOSTOP)

                                          C:\Users\user\AppData\Roaming\windows\Lib\turtle.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):150568
                                          Entropy (8bit):4.483472318366657
                                          Encrypted:false
                                          SSDEEP:3072:0kU8qJ9GvUDb+sn2lrOprf5AibivN4iki1gSCNVXB0:wQsbx2lrOprf5aN4Ri1gNNVXB0
                                          MD5:C145FB9BE4BD6FBA186887AA7430E98A
                                          SHA1:A1CA9698D2968DBC9712DF742731AF5D545CD99C
                                          SHA-256:D3A33F54AA95B8B674268EF4D07869421BF729E098308DB0558F17709E036B05
                                          SHA-512:2B112DAC934A94FF54A38AFCF7F4B82F1363CBE33CEFD7A7BDD216318A34F0EE370F5DB3BE860154B790A82AD1A92451E8055D0B1955DC4DECEBC3762B4B35F0
                                          Malicious:false
                                          Preview:#..# turtle.py: a Tkinter based turtle graphics module for Python..# Version 1.1b - 4. 5. 2009..#..# Copyright (C) 2006 - 2010 Gregor Lingl..# email: glingl@aon.at..#..# This software is provided 'as-is', without any express or implied..# warranty. In no event will the authors be held liable for any damages..# arising from the use of this software...#..# Permission is granted to anyone to use this software for any purpose,..# including commercial applications, and to alter it and redistribute it..# freely, subject to the following restrictions:..#..# 1. The origin of this software must not be misrepresented; you must not..# claim that you wrote the original software. If you use this software..# in a product, an acknowledgment in the product documentation would be..# appreciated but is not required...# 2. Altered source versions must be plainly marked as such, and must not be..# misrepresented as being the original software...# 3. This notice may not be removed or altered

                                          C:\Users\user\AppData\Roaming\windows\Lib\types.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11326
                                          Entropy (8bit):4.64284823278766
                                          Encrypted:false
                                          SSDEEP:192:RYevVSyy+zNVWPfeSu6r/OKi+VfTQJWD4GqwfAE9UYzaSaVDYG1XVz6:RYuLDzHWPm3l4faW8RwLaVDZ1XV+
                                          MD5:8303D9715C8089A5633F874F714643A7
                                          SHA1:CDB53427CA74D3682A666B83F883B832B2C9C9F4
                                          SHA-256:D7CE485ECD8D4D1531D8F710E538B4D1A49378AFACB6FF9231E48C645A9FA95E
                                          SHA-512:1A6CA272DDE77BC4D133244047FCC821FFCB3ADEE89D400FE99ECE9CF18AB566732D48DF2F18F542B228B73B3402A3CACE3CD91A9E2B9480B51F7E5E598D3615
                                          Malicious:false
                                          Preview:"""..Define names for built-in types that aren't directly accessible as a builtin..."""..import sys....# Iterators in Python aren't a matter of type but of protocol. A large..# and changing number of builtin types implement *some* flavor of..# iterator. Don't check the type! Use hasattr to check for both..# "__iter__" and "__next__" attributes instead.....def _f(): pass..FunctionType = type(_f)..LambdaType = type(lambda: None) # Same as FunctionType..CodeType = type(_f.__code__)..MappingProxyType = type(type.__dict__)..SimpleNamespace = type(sys.implementation)....def _cell_factory():.. a = 1.. def f():.. nonlocal a.. return f.__closure__[0]..CellType = type(_cell_factory())....def _g():.. yield 1..GeneratorType = type(_g())....async def _c(): pass.._c = _c()..CoroutineType = type(_c).._c.close() # Prevent ResourceWarning....async def _ag():.. yield.._ag = _ag()..AsyncGeneratorType = type(_ag)....class _C:.. def _m(self): pass..MethodType = type(_C(

                                          C:\Users\user\AppData\Roaming\windows\Lib\typing.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):120888
                                          Entropy (8bit):4.62448066083258
                                          Encrypted:false
                                          SSDEEP:3072:ymhmPYDkJ7tmmSwsRNFDu8xfM9RhB9HDxydnBaY4u5yi6JF:V4gDkJ7jsRNFDPxf8RFxyJ94u5ydF
                                          MD5:F854ACC705E62F8162F4457D0894A251
                                          SHA1:D9CC01C4A73427989F2377A3A8F5D029E55838EF
                                          SHA-256:45DAD58211901FB3DC8001A3F5F60325BC046C149EF0219DFAD6898F87690531
                                          SHA-512:E3E416C04E571448071F442A462CE58A0AD0FCA812591E916D71C5E99C3100A15AFE05CCC8E5058407F4F32258A23EB09FF1EED9670B9720A0ECB60257C667A7
                                          Malicious:false
                                          Preview:"""..The typing module: Support for gradual typing as defined by PEP 484 and subsequent PEPs.....Among other things, the module includes the following:..* Generic, Protocol, and internal machinery to support generic aliases... All subscripted types like X[int], Union[int, str] are generic aliases...* Various "special forms" that have unique meanings in type annotations:.. NoReturn, Never, ClassVar, Self, Concatenate, Unpack, and others...* Classes whose instances can be type arguments to generic classes and functions:.. TypeVar, ParamSpec, TypeVarTuple...* Public helper functions: get_type_hints, overload, cast, final, and others...* Several protocols to support duck-typing:.. SupportsFloat, SupportsIndex, SupportsAbs, and others...* Special types: NewType, NamedTuple, TypedDict...* Deprecated wrapper submodules for re and io related types...* Deprecated aliases for builtin types and collections.abc ABCs.....Any name not present in __all__ is an implementation detail..that may be c

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3572
                                          Entropy (8bit):5.140891537959872
                                          Encrypted:false
                                          SSDEEP:96:gFtnZewzoX2FQCL3st/B+9CadmvrIH4gV7wTUCvw:ktngwzgtCL3stS9QK
                                          MD5:AF713EC5EC83E26B000A1A06B31B5F07
                                          SHA1:C747810AD03F121BBAC58A040EA59A5478E960D1
                                          SHA-256:D9F5034DEE11AF8558C36DAB6F2DE6A443296A927AF64A729F7EA65B87F3D4BB
                                          SHA-512:3B8B9B9C73AA41DD19B817EA504D01EEDE6AA4AF803E9D9B728548606CDFE3301657E06FB85F028887CCDA4A219D8229374D1327F1CB09334DDC2BDBC3E01CA8
                                          Malicious:false
                                          Preview:"""..Python unit testing framework, based on Erich Gamma's JUnit and Kent Beck's..Smalltalk testing framework (used with permission).....This module contains the core framework classes that form the basis of..specific test cases and suites (TestCase, TestSuite etc.), and also a..text-based utility class for running the tests and reporting the results.. (TextTestRunner).....Simple usage:.... import unittest.... class IntegerArithmeticTestCase(unittest.TestCase):.. def testAdd(self): # test method names begin with 'test'.. self.assertEqual((1 + 2), 3).. self.assertEqual(0 + 1, 1).. def testMultiply(self):.. self.assertEqual((0 * 10), 0).. self.assertEqual((5 * 8), 40).... if __name__ == '__main__':.. unittest.main()....Further information is available in the bundled documentation, and from.... http://docs.python.org/library/unittest.html....Copyright (c) 1999-2003 Steve Purcell..Copyright (c) 2003-2010 Python Sof

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):490
                                          Entropy (8bit):4.722470328048522
                                          Encrypted:false
                                          SSDEEP:12:6oSweg/eZTOmqjfj8XLySIVN7rZ0n/c+WuFnXhkU8fRo:6oSi/jfgXlIVN7F8+Knxklo
                                          MD5:61F3216563575B97702D3AA2D8BC22C3
                                          SHA1:AAFC4D215EB6FF57184AC694F7C6C9463665893E
                                          SHA-256:14C0C71B35519473106EA65B3F22A9128F1C4B87D98AAFF0A7B7B770FF2780DD
                                          SHA-512:A61341E84CF28659CF9B544DE8EDD68FBF79375D7538800524B3E5A1D95BAC3B6BE3A28602F959730B7FFD08D8134E38CE4553C781C5A2A90F230BE0C781A101
                                          Malicious:false
                                          Preview:"""Main entry point"""....import sys..if sys.argv[0].endswith("__main__.py"):.. import os.path.. # We change sys.argv[0] to make help message more useful.. # use executable without path, unquoted.. # (it's just a hint anyway).. # (if you have spaces in your executable you get what you deserve!).. executable = os.path.basename(sys.executable).. sys.argv[0] = executable + " -m unittest".. del os....__unittest = True....from .main import main....main(module=None)..

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\_log.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2832
                                          Entropy (8bit):4.359518104013746
                                          Encrypted:false
                                          SSDEEP:48:63deMAzExePnhAb6tX4pTAdOv//fmK7f6/4:63debceenS/4
                                          MD5:6C5137D84F81114007547C4D84A4C69E
                                          SHA1:B1CA1532C89F9A0940813D06B9408D08326E05B3
                                          SHA-256:7C9BF421EC62FBB42C9EAA95C24B5E93F64ABB46C5487900BE40300762A4AD3A
                                          SHA-512:D0AAA38E37070543C7505D53F5D6A1AC58333FC55FB8E9CD5A2E46D3B3315EC532159B35D4413D1D87CB553FEEC08B06E5DB0692658D3AD73DF244F0FCEA0105
                                          Malicious:false
                                          Preview:import logging..import collections....from .case import _BaseTestCaseContext......_LoggingWatcher = collections.namedtuple("_LoggingWatcher",.. ["records", "output"])....class _CapturingHandler(logging.Handler):.. """.. A logging handler capturing all (raw and formatted) logging output... """.... def __init__(self):.. logging.Handler.__init__(self).. self.watcher = _LoggingWatcher([], []).... def flush(self):.. pass.... def emit(self, record):.. self.watcher.records.append(record).. msg = self.format(record).. self.watcher.output.append(msg)......class _AssertLogsContext(_BaseTestCaseContext):.. """A context manager for assertLogs() and assertNoLogs() """.... LOGGING_FORMAT = "%(levelname)s:%(name)s:%(message)s".... def __init__(self, test_case, logger_name, level, no_logs):.. _BaseTestCaseContext.__init__(self, test_case).. self.logger_name = logger_name..

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\async_case.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5607
                                          Entropy (8bit):4.493408114399921
                                          Encrypted:false
                                          SSDEEP:96:knFDQUjB+uTGt8w8i//57v8DuOQfcQEi9qsYrQbaOGiNJsEGSd4+00:kRQeUuTGN8sNsunnSHiNeEGSd410
                                          MD5:EFE03C1D14055CFD5949323AAD13914F
                                          SHA1:2B6055F5DFD3304F150976B44F97C0EE04F63883
                                          SHA-256:3967BE1E55C489D42E1B316F5DB2EF0BAE16FE3A2D31EEDA474DBBB504D4DDF2
                                          SHA-512:4456C177C7D17F3AD766EF940B30B037DD3A6923EFABE14BA4EC55CC4AFDBF606B98C20DB457F3893F302DC0BD528E7A39A22E1CEB35E7AD2D01364424701DAB
                                          Malicious:false
                                          Preview:import asyncio..import contextvars..import inspect..import warnings....from .case import TestCase......class IsolatedAsyncioTestCase(TestCase):.. # Names intentionally have a long prefix.. # to reduce a chance of clashing with user-defined attributes.. # from inherited test case.. #.. # The class doesn't call loop.run_until_complete(self.setUp()) and family.. # but uses a different approach:.. # 1. create a long-running task that reads self.setUp().. # awaitable from queue along with a future.. # 2. await the awaitable object passing in and set the result.. # into the future object.. # 3. Outer code puts the awaitable and the future object into a queue.. # with waiting for the future.. # The trick is necessary because every run_until_complete() call.. # creates a new task with embedded ContextVar context... # To share contextvars between setUp(), test and tearDown() we need to execute.. # them inside the same task..... # Note:

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\case.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):58987
                                          Entropy (8bit):4.376096049304309
                                          Encrypted:false
                                          SSDEEP:768:iw/1J1e4uBsMw2vd3NlrbNRIO+reKucsYlidQgxiqdvgju5Vg8broiCAN:iwMNnNRIeTYlidQgxigVg8bF
                                          MD5:5FA75EB52AF03A65BE3FE55CACB6E011
                                          SHA1:F7576A1E60C0756F4E8FF4FCD905FE644670791F
                                          SHA-256:11F61A50154773384DDA271C8A5ABE7FA38698B07D7025F27707A84B27626C29
                                          SHA-512:328D3A92E2F9299DAF6C2257BEDB5E347BBF5EF6BA7DAB6867F0DD3193989A2A0FF72DBFC40E298A6F050A97DA7D405C94A73CEDC0DE8A197184848551AF663F
                                          Malicious:false
                                          Preview:"""Test case implementation"""....import sys..import functools..import difflib..import pprint..import re..import warnings..import collections..import contextlib..import traceback..import time..import types....from . import result..from .util import (strclass, safe_repr, _count_diff_all_purpose,.. _count_diff_hashable, _common_shorten_repr)....__unittest = True...._subtest_msg_sentinel = object()....DIFF_OMITTED = ('\nDiff is %s characters long. '.. 'Set self.maxDiff to None to see it.')....class SkipTest(Exception):.. """.. Raise this exception in a test to skip it..... Usually you can use TestCase.skipTest() or one of the skipping decorators.. instead of raising this directly... """....class _ShouldStop(Exception):.. """.. The test should stop... """....class _UnexpectedSuccess(Exception):.. """.. The test was supposed to fail, but it didn't!.. """......class _Outcome(object):.. def __init__(self, result=None):..

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\loader.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21505
                                          Entropy (8bit):4.298184340368762
                                          Encrypted:false
                                          SSDEEP:384:aWrfiuwkC+B0Y1jyl5jznSeQ9khxxxJADFhiVmC2iVSMEfMb:aiKuwkC+B0Y1jyl5jznSeQCxxxKDFhiX
                                          MD5:E4D19E7D1D4003219F8EFDA4B5054489
                                          SHA1:2E8A23B91FC8BF805BE1A588A97FF56AAAFDC337
                                          SHA-256:FFB0B4C12BBEF932E5F4AF680BB325C040D2C77DE25DB7264E07F588505A4DE7
                                          SHA-512:0E3C16DFBFBB00C7C9B78FA4D6C8E951FEA1E78027049D8EE8E60FAA31A3A002AA6E1BA338DF092DCB8472FDA1398ED5143E954D95F9DD152D0EA04DAC6D9505
                                          Malicious:false
                                          Preview:"""Loading unittests."""....import os..import re..import sys..import traceback..import types..import functools....from fnmatch import fnmatch, fnmatchcase....from . import case, suite, util....__unittest = True....# what about .pyc (etc)..# we would need to avoid loading the same tests multiple times..# from '.py', *and* '.pyc'..VALID_MODULE_NAME = re.compile(r'[_a-z]\w*\.py$', re.IGNORECASE)......class _FailedTest(case.TestCase):.. _testMethodName = None.... def __init__(self, method_name, exception):.. self._exception = exception.. super(_FailedTest, self).__init__(method_name).... def __getattr__(self, name):.. if name != self._testMethodName:.. return super(_FailedTest, self).__getattr__(name).. def testFailure():.. raise self._exception.. return testFailure......def _make_failed_import_test(name, suiteClass):.. message = 'Failed to import test module: %s\n%s' % (.. name, traceback.format_exc()).. return

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\main.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12282
                                          Entropy (8bit):4.254676578050953
                                          Encrypted:false
                                          SSDEEP:192:nmxblgdIxKrpDDf9FZXJiGGCb9LhcUq5PDail3:n9FJaedcUqFh
                                          MD5:902B6311F2697E80211217AC0181C390
                                          SHA1:2241379C5E428A090EEF194A4C92B068040FD07E
                                          SHA-256:1D486405DF1226FA8FF7B392F150AFC6E1239FB186033C28348627C04D9EEEDB
                                          SHA-512:9BB5ACCC14C415C935D02F79F91DE863D9E00780093F7A32BEE5B590F7579CE1163175C9B95B995A1252C5B8CB6994F3B022AF592A17C3FA168DAD7952BC6745
                                          Malicious:false
                                          Preview:"""Unittest main program"""....import sys..import argparse..import os..import warnings....from . import loader, runner..from .signals import installHandler....__unittest = True.._NO_TESTS_EXITCODE = 5....MAIN_EXAMPLES = """\..Examples:.. %(prog)s test_module - run tests from test_module.. %(prog)s module.TestClass - run tests from module.TestClass.. %(prog)s module.Class.test_method - run specified test method.. %(prog)s path/to/test_file.py - run tests from test_file.py.."""....MODULE_EXAMPLES = """\..Examples:.. %(prog)s - run default set of tests.. %(prog)s MyTestSuite - run suite 'MyTestSuite'.. %(prog)s MyTestCase.testSomething - run MyTestCase.testSomething.. %(prog)s MyTestCase - run all 'test*' test methods.. in MyTestCase.."""....def _convert_name(name):.. # on Linux / Mac OS X 'foo.PY' is not importable, but on.. # Windows it is. Simpler to

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\mock.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):107983
                                          Entropy (8bit):4.455213741296335
                                          Encrypted:false
                                          SSDEEP:3072:5ldO8wZFkrqvkWgtN3tu64MkmGymTUjM5EpEEP3BkO3AWg:HcN9
                                          MD5:05A95563089C4CD97A059A19A89F5DAA
                                          SHA1:CCEC29863B3FDB388C09BF6455303A63F6078E3C
                                          SHA-256:2B440FB279DBE8274EFE972002CEFAE031E6810FA50BF5E0E863FFD98C52C8DA
                                          SHA-512:B9BB9948DE30EF954F5A346732EDC883BBE8AC2A2338759FD1FD0D82AD15C2B3B63B01A1C143AEC7630FD46A9643444637676EFFD212E08CCB05D59EBF491D6E
                                          Malicious:false
                                          Preview:# mock.py..# Test tools for mocking and patching...# Maintained by Michael Foord..# Backport for other versions of Python available from..# https://pypi.org/project/mock....__all__ = (.. 'Mock',.. 'MagicMock',.. 'patch',.. 'sentinel',.. 'DEFAULT',.. 'ANY',.. 'call',.. 'create_autospec',.. 'AsyncMock',.. 'FILTER_DIR',.. 'NonCallableMock',.. 'NonCallableMagicMock',.. 'mock_open',.. 'PropertyMock',.. 'seal',..)......import asyncio..import contextlib..import io..import inspect..import pprint..import sys..import builtins..import pkgutil..from asyncio import iscoroutinefunction..from types import CodeType, ModuleType, MethodType..from unittest.util import safe_repr..from functools import wraps, partial..from threading import RLock......class InvalidSpecError(Exception):.. """Indicates that an invalid value was used as a mock spec."""......_builtins = {name for name in dir(builtins) if not name.startswith('_')}....FILTER_DIR = True....# Workarou

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\result.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9386
                                          Entropy (8bit):4.345965411206533
                                          Encrypted:false
                                          SSDEEP:192:yPQqK9AKW3X6YHJtJMRwVvoJcgi/CvZZpQsq:yNKW3XbHJtIvo
                                          MD5:167D655B530E47D4E0A796F859F64617
                                          SHA1:809FBBA99B2BB369D739E2995F54B1D9E630F260
                                          SHA-256:76456254DCF4A5D1D882EBE8D5C00A3714D1059842D2995A570C60C59FC31FC3
                                          SHA-512:45A65E04EF866013DEE336998CE1DF92376CF76240913F86CE20D489A9134F3DDD241B7CB14B7B3F72C57777026CE0B3C49AB0397DC3D3A6CDDA4DD0006671CF
                                          Malicious:false
                                          Preview:"""Test result object"""....import io..import sys..import traceback....from . import util..from functools import wraps....__unittest = True....def failfast(method):.. @wraps(method).. def inner(self, *args, **kw):.. if getattr(self, 'failfast', False):.. self.stop().. return method(self, *args, **kw).. return inner....STDOUT_LINE = '\nStdout:\n%s'..STDERR_LINE = '\nStderr:\n%s'......class TestResult(object):.. """Holder for test result information..... Test results are automatically managed by the TestCase and TestSuite.. classes, and do not need to be explicitly manipulated by writers of tests..... Each instance holds the total number of tests run, and collections of.. failures and errors that occurred among those test runs. The collections.. contain tuples of (testcase, exceptioninfo), where exceptioninfo is the.. formatted traceback of the error that occurred... """.. _previousTestClass = None.. _testRunEntered = False.

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\runner.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):10660
                                          Entropy (8bit):4.283735390149342
                                          Encrypted:false
                                          SSDEEP:192:M/uLqh/+vVuSt3zsPJsYkSYRuVR0gs6LQanXfmPKjK3k/J+8qR5YXa8Xe03L:MG50a3IPuYkIna6Qt8i5YX9L
                                          MD5:493C9936FFD04C4F433BFA954B34063A
                                          SHA1:19E19334BB087AAA6C6177F58432054161EB291D
                                          SHA-256:B05822336DE459DD5ED917417A9E2F903D35A24B715ACBB149359D820932A083
                                          SHA-512:1121BDAF1646C4F10359F11FAE2A42A00F931A21EFEDE701DF14C2BDCA511824E13E2D3A2BC3DEA7B66666D97F89D336F851665462929E99BE1E7DDA88A205D6
                                          Malicious:false
                                          Preview:"""Running tests"""....import sys..import time..import warnings....from . import result..from .case import _SubTest..from .signals import registerResult....__unittest = True......class _WritelnDecorator(object):.. """Used to decorate file-like objects with a handy 'writeln' method""".. def __init__(self,stream):.. self.stream = stream.... def __getattr__(self, attr):.. if attr in ('stream', '__getstate__'):.. raise AttributeError(attr).. return getattr(self.stream,attr).... def writeln(self, arg=None):.. if arg:.. self.write(arg).. self.write('\n') # text-mode streams translate to \r\n if needed......class TextTestResult(result.TestResult):.. """A test result class that can print formatted text results to a stream..... Used by TextTestRunner... """.. separator1 = '=' * 70.. separator2 = '-' * 70.... def __init__(self, stream, descriptions, verbosity, *, durations=None):.. """Construct a TextTe

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\signals.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2474
                                          Entropy (8bit):4.375420704477591
                                          Encrypted:false
                                          SSDEEP:48:0SUtuV4gLKORr3JJxvMNNcW0c/S2fjuIRrMiH5ZSchSvu0:L/6gLKyrXxUPcW0c/NqIRrLZSHvu0
                                          MD5:F17FE1C654048799F6A7EFC93013F143
                                          SHA1:D274875487C096F562557BB9B4259BB533CE20D0
                                          SHA-256:0ED7CF1CBE0CAB769746B3B344F65A659D912C56CD63D1A4280F9B09A77B778F
                                          SHA-512:158D783F2621D65F3225C12847422938F948A0DC0D5578414027D9A6D2A0912892A2622BEB806A06FFE2A0442DFF8F1033B44C4E67DCD439A36DE8EB22F763C1
                                          Malicious:false
                                          Preview:import signal..import weakref....from functools import wraps....__unittest = True......class _InterruptHandler(object):.. def __init__(self, default_handler):.. self.called = False.. self.original_handler = default_handler.. if isinstance(default_handler, int):.. if default_handler == signal.SIG_DFL:.. # Pretend it's signal.default_int_handler instead... default_handler = signal.default_int_handler.. elif default_handler == signal.SIG_IGN:.. # Not quite the same thing as SIG_IGN, but the closest we.. # can make it: do nothing... def default_handler(unused_signum, unused_frame):.. pass.. else:.. raise TypeError("expected SIGINT signal handler to be ".. "signal.SIG_IGN, signal.SIG_DFL, or a ".. "callable object").. self.default_handler = default_handler....

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\suite.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13891
                                          Entropy (8bit):4.091955505544467
                                          Encrypted:false
                                          SSDEEP:384:GoslZdlUmbT6unPTxdzkKTPoZFM3BCUlSk:GoiXBbqbk
                                          MD5:1BFC31F66AEB5E141C221467F520C8AE
                                          SHA1:99BB5CFB5BCC6A79C44420A72AC76C3B2C613FFA
                                          SHA-256:26ACD439BC5828FCBA41C1DC7D2495CE05ED4F9073375E7FBFAC05FAFDD82E64
                                          SHA-512:3A2E7B3BB483B386BE0CC27BDFFDC811F2F724D50B1E3595A5A84184D07A534D3F3365CEED83B019875E6189D21A4D2D72AB1408AB33922E7B9935ABBECB923B
                                          Malicious:false
                                          Preview:"""TestSuite"""....import sys....from . import case..from . import util....__unittest = True......def _call_if_exists(parent, attr):.. func = getattr(parent, attr, lambda: None).. func()......class BaseTestSuite(object):.. """A simple test suite that doesn't provide class or module shared fixtures... """.. _cleanup = True.... def __init__(self, tests=()):.. self._tests = [].. self._removed_tests = 0.. self.addTests(tests).... def __repr__(self):.. return "<%s tests=%s>" % (util.strclass(self.__class__), list(self)).... def __eq__(self, other):.. if not isinstance(other, self.__class__):.. return NotImplemented.. return list(self) == list(other).... def __iter__(self):.. return iter(self._tests).... def countTestCases(self):.. cases = self._removed_tests.. for test in self:.. if test:.. cases += test.countTestCases().. return cases.... def addTest(s

                                          C:\Users\user\AppData\Roaming\windows\Lib\unittest\util.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5385
                                          Entropy (8bit):4.545682810293851
                                          Encrypted:false
                                          SSDEEP:96:LTe0jHqFDDP9IrrzzPlwwUhV6eDWyh07IFcynrIAJowVJluPzxgVaK+AJYsxgcU:TGxIPzTazHd6yCsxUAJoIJluP9gVamJk
                                          MD5:5413745685C7C3F60F6B6E81BDE3AAC2
                                          SHA1:BF63DC5423B693708877F84C86E800846E538897
                                          SHA-256:D1218413DCA8C641DB891ED05FAB47F02404320BEA183E9063E511D3660F61DB
                                          SHA-512:AC97AF3097EDC2E833B38470C42B3004F72EF3D4EA357A827907984AD0C83D0639B3BC7BAB096F136FDD074427E99969FF9A34993A6A0006C048E6C8D2ADF3B7
                                          Malicious:false
                                          Preview:"""Various utility functions."""....from collections import namedtuple, Counter..from os.path import commonprefix....__unittest = True...._MAX_LENGTH = 80.._PLACEHOLDER_LEN = 12.._MIN_BEGIN_LEN = 5.._MIN_END_LEN = 5.._MIN_COMMON_LEN = 5.._MIN_DIFF_LEN = _MAX_LENGTH - \.. (_MIN_BEGIN_LEN + _PLACEHOLDER_LEN + _MIN_COMMON_LEN +.. _PLACEHOLDER_LEN + _MIN_END_LEN)..assert _MIN_DIFF_LEN >= 0....def _shorten(s, prefixlen, suffixlen):.. skip = len(s) - prefixlen - suffixlen.. if skip > _PLACEHOLDER_LEN:.. s = '%s[%d chars]%s' % (s[:prefixlen], skip, s[len(s) - suffixlen:]).. return s....def _common_shorten_repr(*args):.. args = tuple(map(safe_repr, args)).. maxlen = max(map(len, args)).. if maxlen <= _MAX_LENGTH:.. return args.... prefix = commonprefix(args).. prefixlen = len(prefix).... common_len = _MAX_LENGTH - \.. (maxlen - prefixlen + _MIN_BEGIN_LEN + _PLACEHOLDER_LEN).. if common_len > _MIN_COMMON_LE

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):155
                                          Entropy (8bit):4.542351747143461
                                          Encrypted:false
                                          SSDEEP:3:oXyD/lclllVO8l4OWO6qpOAVcR8XJCZqOwIaQHtgem/l:BD/Ol/VneO16qpR2cJCAxIaatgem/l
                                          MD5:8F88AF7F2490193B967152BC953E4F23
                                          SHA1:E7AF869B4B10CDB88E0726CFD9FD9DCDE4687023
                                          SHA-256:ED63D9053DC05795F3D8CF853A6773EEA9BB56C2D9E16F00321EF18D095D6B76
                                          SHA-512:084C4ADA7C3C61E9346EDEABF79D2D36F2FB39DC38057A272FECE33952AC18DD040A5F942DF268B4759CC3D451D1C22AEB83D5123DDFA75B1F1D82FDE2FA3D66
                                          Malicious:false
                                          Preview:...........f................................y.).N..r..........:C:\Users\V3NOM0u$\Desktop\python312\Lib\urllib\__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\__pycache__\error.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):3668
                                          Entropy (8bit):4.975478409706619
                                          Encrypted:false
                                          SSDEEP:48:czMuQshuDSkJ8Mo/NjbOpmgKAInai+/mdSzX41VK1KVIxsv7AAqbb8Fb4Y5Xbk1d:MMuyDSkJ8Mo/NmIg0v7JMYDvUfed5rC
                                          MD5:EFCC078A90632469D0CD87E73AE33437
                                          SHA1:7587AF6003914BD5D74304EFBCB993AC27809F32
                                          SHA-256:BB979F37A88B671D9E9E15559F7F219EB302EA5ED1CCC443CCC12079B9786431
                                          SHA-512:1161E96A39C388493936FF4888D96EF37C1B102754D798E20AA737E6AD1EB8E37F953DE43536026F4C542E3B6D0123C2580FBF48A2B91AAD2EB1678EBB1300F4
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.Z.g.d...Z...G.d...d.e.........Z...G.d...d.e.e.j...................j...........................Z...G.d...d.e.........Z.y.).a....Exception classes raised by urllib...The base exception class is URLError, which inherits from OSError. It.doesn't define any behavior of its own, but is the base class for all.exceptions defined in this package...HTTPError is an exception class that is also a valid HTTP response.instance. It behaves this way because HTTP protocol errors are valid.responses, with a status code, headers, and a body. In some contexts,.an application may want to handle an exception like a regular.response.......N)...URLError..HTTPError..ContentTooShortErrorc...........................e.Z.d.Z.d.d...Z.d...Z.y.).r....Nc.....................6.....|.f.|._.........|.|._.........|...|.|._.........y.y...N)...args..reason..filename)...selfr....r....s.... .7C:\Users\V3NOM0u$\Desktop\python312\Lib\urllib\error.py..__init__z.U

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\__pycache__\parse.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):50114
                                          Entropy (8bit):5.466253258980144
                                          Encrypted:false
                                          SSDEEP:768:j7yVsYeytnqeShCmAArjDr8sn1aGZqPCd6Toqrw/lOwMimIdeK:3cyEMDZ1Nq9TokbIUK
                                          MD5:A07B8466E8EB4BFF0958335EB1237D73
                                          SHA1:B59466157BD24F203E2F76254A93EC0496344D77
                                          SHA-256:B377FC310F723F57AF91A65C0EAC3FBCA89EC4FEF4821C3CFA97525682B3E449
                                          SHA-512:3BCD8A792B75583B6D6704F7099920C19A6BFDC5EEED1CABDC77B3FD06F3CD05D7E7983954B19B9C50E6434E81BB4B09C6543EBF2B47B3CF993567985EE6DDB1
                                          Malicious:false
                                          Preview:...........fU...............................d.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.g.d...Z.g.d...Z.g.d...Z.g.d...Z.g.d...Z.g.d...Z.g.d...Z.d.Z.d.Z.g.d...Z.d...Z.d.Z.d.Z.d...Z.e.e.f.d...Z.e.e.f.d...Z.d...Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.e.........Z...G.d...d.e.e.........Z...e.d.d ........Z ..e.d!d"........Z!..e.d#d$........Z"d%e _.........d&e jF.................._.........d'e jH.................._.........d(e!_.........d)e!jJ.................._.........d*e!jL.................._.........d+e!jN.................._.........d,e!jP.................._.........d-e!jH.................._.........d.e"_.........e!jJ..................j...................e"jJ.................._.........e!jL..................j...................e"jL.................._.........e!jN..................j...................e"jN.................._.........d/e"jR.................._.........e!jP..................j...................e"jP.................._.

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\__pycache__\request.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):115189
                                          Entropy (8bit):5.321058928997631
                                          Encrypted:false
                                          SSDEEP:1536:siUZzvjBUgaB2MsGIubgTOHZFkaNKgnxsK3j5fSojq5jkXB7aeIxlzpwbMjcsO9c:2hegQYskaNK+sK4V5wX98zpwcXcG7
                                          MD5:2CEC1D7545769E8896ACD769994D44BC
                                          SHA1:C10B7DAC79D00AEFABD51D4DF67A26B99D970DFB
                                          SHA-256:769BD745F7581C7699D484D576EC10CCC6284D9F5C07E418B059D38795E2C886
                                          SHA-512:CF81F49F7585960616B0E452ED8EF554C80806DAA6ACC42C34750BEF8D1C18F13364476E2BA09AD6FC3FA9CA9FC079EC330F7C3170B19FB664BFAC6C7196F0A6
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z.m.Z.m.Z...d.d.l.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m.Z.m Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'..d.d.l(m)Z)m*Z*....d.d.l+Z+d.Z,g.d...Z.d.e.j^..................d.d...z...Z0d.a1d.e.jd..................f.d.d.d.d.d...d...Z3d...Z4g.Z5dgd...Z6d...Z7..e.jp..................d.e.jr..........................Z:d...Z;..G.d...d.........Z<..G.d...d.........Z=d...Z>..G.d...d.........Z?..G.d...d.e?........Z@..G.d...d.e?........ZA..G.d...d.e?........ZBd...ZC..G.d ..d!e?........ZD..G.d"..d#........ZE..G.d$..d%eE........ZF..G.d&..d'eF........ZG..G.d(..d)........ZH..G.d*..d+eHe?........ZI..G.d,..d-eHe?........ZJe.j...................ZL..G.d...d/........ZM..G.d0..d1e?eM........ZN..G.d2..d3e?eM........ZO..G.d4..d5e?........ZP..G.d6..d7eP........ZQ..eRe.j...................d8........r...G.d9..d:eP........ZTe.j...................d:..........

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\__pycache__\response.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):4434
                                          Entropy (8bit):4.882588549417356
                                          Encrypted:false
                                          SSDEEP:96:MBaL9nZMDBJNtvie8nHNJrdHyKfC869Hh//TWkY2Oel1C4ecsrt:HxnKDBTtvUJr5M9BXT22Oe+cu
                                          MD5:EFEC22526B6517DA5D1634C6ACD52423
                                          SHA1:0F7FDBBC4BE6D83612EF28DF57063FCCE5225BE7
                                          SHA-256:E23A38EF312AA41E6E1CCBF9B00A4E722FEBD90BE8A2D8E676D61F129F65A29B
                                          SHA-512:594A61F90A97E1221B947203E421D970E94254BEDEB1F5F87CD49F49B9AA94CD32975637659A4B497E614A824404B3E9492A6B544D19B5E7618F29D9B4D073C2
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.g.d...Z...G.d...d.e.j...........................Z...G.d...d.e.........Z...G.d...d.e.........Z...G.d...d.e.........Z.y.).a....Response classes used by urllib...The base class, addbase, defines a minimal file-like interface,.including read() and readline(). The typical response object is an.addinfourl instance, which defines an info() method that returns.headers and a geturl() method that returns the url.......N)...addbase..addclosehook..addinfo..addinfourlc.....................4.......e.Z.d.Z.d.Z...f.d...Z.d...Z.d...Z.d...Z...x.Z.S.).r....zOBase class for addinfo and addclosehook. Is a good idea for garbage collection.c.....................@.......t.........t.........|.....|.d.d.............|.|._.........y.).Nz.<urllib response>F)...delete)...superr......__init__..fp)...selfr......__class__s.... ..:C:\Users\V3NOM0u$\Desktop\python312\Lib\urllib\response.pyr....z.addbase.__init__....s!..........g....&.r.+>.u..&..M............c....

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\error.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2489
                                          Entropy (8bit):4.639470944288693
                                          Encrypted:false
                                          SSDEEP:48:vxZuQSkq8fQydcJR+j/TQ8/qcISXaf7CXy2ravbTl5AJ:vx0QSkq8Yyj/TQ/cISKjSobAJ
                                          MD5:03686114721E9382F02E9F7BA58C6D75
                                          SHA1:010D984B477B36EE38BC6F0A3C769D1DE4C8B38A
                                          SHA-256:17E896A26FF42405F58189DE81A531B17630398CFBC7C9E2B72ED1AC472ACF01
                                          SHA-512:0CB25AB2DBAD2811AEBF5186FD5D5996BC66AE113D2F19EE56F397840E9F630D224829969774D91E00168105B6DB800B707C15A2CB898FA75BA91348B9D3922F
                                          Malicious:false
                                          Preview:"""Exception classes raised by urllib.....The base exception class is URLError, which inherits from OSError. It..doesn't define any behavior of its own, but is the base class for all..exceptions defined in this package.....HTTPError is an exception class that is also a valid HTTP response..instance. It behaves this way because HTTP protocol errors are valid..responses, with a status code, headers, and a body. In some contexts,..an application may want to handle an exception like a regular..response..."""..import io..import urllib.response....__all__ = ['URLError', 'HTTPError', 'ContentTooShortError']......class URLError(OSError):.. # URLError is a sub-type of OSError, but it doesn't share any of.. # the implementation. need to override __init__ and __str__... # It sets self.args for compatibility with other OSError.. # subclasses, but args doesn't have the typical format with errno in.. # slot 0 and strerror in slot 1. This may be better than nothing... def __ini

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\parse.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):46165
                                          Entropy (8bit):4.7101874614181405
                                          Encrypted:false
                                          SSDEEP:768:z3sYRe+APaAb6pDEXSeGN/3vboXomErW63SMZ/duL0n1pPujnGMDwzKiu4U5FRy7:z8D+l6LGbrpZc19D95FkFxP
                                          MD5:DF161C94C760A8D322A9CE088F9D6901
                                          SHA1:5C6B980BF0450FEE61E4DBD4C345A7C68C1B43B6
                                          SHA-256:708C070638FB372EF0C7A8EC7DC38702A2D93A1B1C6598A31682BA05D7269BE5
                                          SHA-512:E9ED855A7E8B7D0BFCE1D27E43E7F2B0ABDF401C8036DC3BCA65035A46A77E0782409AE9D8089CB0AD06D0FF49D337720E6CCF117812A85CEE05CFE97A592BF5
                                          Malicious:false
                                          Preview:"""Parse (absolute and relative) URLs.....urlparse module is based upon the following RFC specifications.....RFC 3986 (STD66): "Uniform Resource Identifiers" by T. Berners-Lee, R. Fielding..and L. Masinter, January 2005.....RFC 2732 : "Format for Literal IPv6 Addresses in URL's by R.Hinden, B.Carpenter..and L.Masinter, December 1999.....RFC 2396: "Uniform Resource Identifiers (URI)": Generic Syntax by T...Berners-Lee, R. Fielding, and L. Masinter, August 1998.....RFC 2368: "The mailto URL scheme", by P.Hoffman , L Masinter, J. Zawinski, July 1998.....RFC 1808: "Relative Uniform Resource Locators", by R. Fielding, UC Irvine, June..1995.....RFC 1738: "Uniform Resource Locators (URL)" by T. Berners-Lee, L. Masinter, M...McCahill, December 1994....RFC 3986 is considered the current standard and any future changes to..urlparse module should conform with it. The urlparse module is..currently not entirely compliant with this RFC due to defacto..scenarios for parsing, and for backward compa

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\request.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):105600
                                          Entropy (8bit):4.471598027609419
                                          Encrypted:false
                                          SSDEEP:3072:h268nMeTXItee6jWbSdYOtNsu7pxtzQhjoftW7Oy4arA05WfJtwTJTL6KiS4YuRD:QMeTX4ee6jWbSd/tNsu7pxtzQh0ftW7I
                                          MD5:1EE455FC15BE1FA7BFFA0AF170A4BE2C
                                          SHA1:310097C57E0898A70FCA4206CFEB8DDC809CD088
                                          SHA-256:BB01F6CACCB71D38BF174AB9D183219745D8EE25A62429A28DF55990DA2E8B1F
                                          SHA-512:3489785A54665D3F35D3D5B1266C00F5D7D280EDD1F6B416624B59376816B14B826FF8C0FE2AB2687992C31562DDD751F7E9BB733EB8445D9E48968EED1DFD1F
                                          Malicious:false
                                          Preview:"""An extensible library for opening URLs using a variety of protocols....The simplest way to use this module is to call the urlopen function,..which accepts a string containing a URL or a Request object (described..below). It opens the URL and returns the results as file-like..object; the returned object has some extra methods described below.....The OpenerDirector manages a collection of Handler objects that do..all the actual work. Each Handler implements a particular protocol or..option. The OpenerDirector is a composite object that invokes the..Handlers needed to open the requested URL. For example, the..HTTPHandler performs HTTP GET and POST requests and deals with..non-error returns. The HTTPRedirectHandler automatically deals with..HTTP 301, 302, 303, 307, and 308 redirect errors, and the..HTTPDigestAuthHandler deals with digest authentication.....urlopen(url, data=None) -- Basic usage is the same as original..urllib. pass the url and optionally data to post to an HTTP UR

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\response.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2445
                                          Entropy (8bit):4.431974454129167
                                          Encrypted:false
                                          SSDEEP:48:r4BbvTGvQS07lPgWWdq9tsrdyW19ej5wkwBkvR:MBzaQS07lY5cjtWywkwBkZ
                                          MD5:D531F0A30312F650F962EAA31652AEBB
                                          SHA1:A565B2AB6F6A05F0681B62B5E2E77B9BC25D3683
                                          SHA-256:3B79834FB777BCC3601B05C8A2BBFAB1A72BF99B10E5A5D2C20A7C3A4583D0CF
                                          SHA-512:25BBA9683CC29296DD103473FBDC24CF7037FCC9736494DA749B3BB9A4189B108B2CDC586AEB923BF2B48D147FFBB306D073F2A1BB1430599B8AE74F6CB629E6
                                          Malicious:false
                                          Preview:"""Response classes used by urllib.....The base class, addbase, defines a minimal file-like interface,..including read() and readline(). The typical response object is an..addinfourl instance, which defines an info() method that returns..headers and a geturl() method that returns the url..."""....import tempfile....__all__ = ['addbase', 'addclosehook', 'addinfo', 'addinfourl']......class addbase(tempfile._TemporaryFileWrapper):.. """Base class for addinfo and addclosehook. Is a good idea for garbage collection.""".... # XXX Add a method to expose the timeout on the underlying socket?.... def __init__(self, fp):.. super(addbase, self).__init__(fp, '<urllib response>', delete=False).. # Keep reference around as this was part of the original API... self.fp = fp.... def __repr__(self):.. return '<%s at %r whose fp = %r>' % (self.__class__.__name__,.. id(self), self.file).... def __enter__(self):..

                                          C:\Users\user\AppData\Roaming\windows\Lib\urllib\robotparser.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9697
                                          Entropy (8bit):4.15994740890475
                                          Encrypted:false
                                          SSDEEP:192:LEvpw5Ct9tcVd/2/paTJqSXkkOFGAiRiH57f/ivoiqN9/qVRjmGSEBaL/KK8Wh/R:46Ct9tcVFTJqF7fOQoVVB0GK8WP3
                                          MD5:A024DF2786691CF05997954F37178BE0
                                          SHA1:617ACE96E03067AD58490972A1E2122885C19813
                                          SHA-256:05CED87A4F681014F6A5BF7370680CDCE02B392A559832CB6D2AA2F910F7D5EB
                                          SHA-512:FA3406801D1D39B9BFCF052A473F297E2782F19F18A5C24139E94088F5AAABC15D1EFE7269E4E7426E13DD4DA0BC92F0A9C661B3325CEE171E3C910EA6820793
                                          Malicious:false
                                          Preview:""" robotparser.py.... Copyright (C) 2000 Bastian Kleineidam.... You can choose between two licenses when using this package:.. 1) GNU GPLv2.. 2) PSF license for Python 2.2.... The robots.txt Exclusion Protocol is implemented as specified in.. http://www.robotstxt.org/norobots-rfc.txt.."""....import collections..import urllib.parse..import urllib.request....__all__ = ["RobotFileParser"]....RequestRate = collections.namedtuple("RequestRate", "requests seconds")......class RobotFileParser:.. """ This class provides a set of methods to read, parse and answer.. questions about a single robots.txt file..... """.... def __init__(self, url=''):.. self.entries = [].. self.sitemaps = [].. self.default_entry = None.. self.disallow_all = False.. self.allow_all = False.. self.set_url(url).. self.last_checked = 0.... def mtime(self):.. """Returns the time the robots.txt file was last fetched..... This i

                                          C:\Users\user\AppData\Roaming\windows\Lib\uu.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7581
                                          Entropy (8bit):4.619206512231755
                                          Encrypted:false
                                          SSDEEP:96:IqFD4C1j1e5e65PAKhQ3E2Q/N56npYv9EVBDgcDrWXSONFhnlO7c0pz:1zj1Qe8PAKQEH/6nSVEVORe7c0pz
                                          MD5:A15408C95A7D73C841DF85DF469C7A61
                                          SHA1:A4FCECB170FB1BC4837C767A048EA32FB7ADE876
                                          SHA-256:F07A806A3327E5DF84BCA976EA10F0C72D30C36D6169E3815935C5D9C7C67F4F
                                          SHA-512:EF9627423910F87CD5AA6C87C4FF650E1623F950BFD79BB91E872625D31D88F48B2483C5DC9BD779A8EEFB5A59E7F23E54D2F09490E3A473540DC328C3047218
                                          Malicious:false
                                          Preview:#! /usr/bin/env python3....# Copyright 1994 by Lance Ellinghouse..# Cathedral City, California Republic, United States of America...# All Rights Reserved..# Permission to use, copy, modify, and distribute this software and its..# documentation for any purpose and without fee is hereby granted,..# provided that the above copyright notice appear in all copies and that..# both that copyright notice and this permission notice appear in..# supporting documentation, and that the name of Lance Ellinghouse..# not be used in advertising or publicity pertaining to distribution..# of the software without specific, written prior permission...# LANCE ELLINGHOUSE DISCLAIMS ALL WARRANTIES WITH REGARD TO..# THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND..# FITNESS, IN NO EVENT SHALL LANCE ELLINGHOUSE CENTRUM BE LIABLE..# FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES..# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN

                                          C:\Users\user\AppData\Roaming\windows\Lib\uuid.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):30449
                                          Entropy (8bit):4.853664951299224
                                          Encrypted:false
                                          SSDEEP:768:hq/POU0Qc7A62XLCqXcpHK4D9rGcMybNB/2TgbVjj4GKb:hq/Pj0QcUPX+qXcpHK7Gj4GKb
                                          MD5:7E5DCA09A6B1CA15ABA648525DDDB0C8
                                          SHA1:9F109815B78FA905F44D0CED4CCA4122FFCB4C1F
                                          SHA-256:328E41C4EED0877BE1DD3AF10BC93CA54FF6D9A49B4FCBCB27DAB47A7C3AE424
                                          SHA-512:65FEC71D94D6DC2D7C56A725A44D9696B6B70745E5564D81AFAF427737A515DDD89DC0C5B78C140CD8696AED50398E6EFA1941CE38AE3E95134B146442AA9C49
                                          Malicious:false
                                          Preview:r"""UUID objects (universally unique identifiers) according to RFC 4122.....This module provides immutable UUID objects (class UUID) and the functions..uuid1(), uuid3(), uuid4(), uuid5() for generating version 1, 3, 4, and 5..UUIDs as specified in RFC 4122.....If all you want is a unique ID, you should probably call uuid1() or uuid4()...Note that uuid1() may compromise privacy since it creates a UUID containing..the computer's network address. uuid4() creates a random UUID.....Typical usage:.... >>> import uuid.... # make a UUID based on the host ID and current time.. >>> uuid.uuid1() # doctest: +SKIP.. UUID('a8098c1a-f86e-11da-bd1a-00112444be1e').... # make a UUID using an MD5 hash of a namespace UUID and a name.. >>> uuid.uuid3(uuid.NAMESPACE_DNS, 'python.org').. UUID('6fa459ea-ee8a-3ca4-894e-db77e160355e').... # make a random UUID.. >>> uuid.uuid4() # doctest: +SKIP.. UUID('16fd2706-8baf-433b-82eb-8c7fada847da').... # make a UUID using a SHA-1

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25167
                                          Entropy (8bit):4.231242649241325
                                          Encrypted:false
                                          SSDEEP:384:j0buwHcBK/D2w8juStpT2IY6TbCMpXELl1X/DzE73Ct:j0l8lpKIjbnOLPPDzE73Ct
                                          MD5:96973B592DEBF49500CB4FA864C60216
                                          SHA1:F334A82287EF5B391BDA95B8000FCD77E98380F8
                                          SHA-256:5A42652D0A40CA9789667425647532C00E91F49A95B176F0F9419684617041BC
                                          SHA-512:F60D9782469BF4C0FF197A2FA6D356851F24CA4B960E00B8FA6AAFEA7CA20BC0EB769C06880C84E743656B540DA91B4D428C2ADC63ABDBAA742549657606E744
                                          Malicious:false
                                          Preview:"""..Virtual environment (venv) package for Python. Based on PEP 405.....Copyright (C) 2011-2014 Vinay Sajip...Licensed to the PSF under a contributor agreement..."""..import logging..import os..import shutil..import subprocess..import sys..import sysconfig..import types......CORE_VENV_DEPS = ('pip',)..logger = logging.getLogger(__name__)......class EnvBuilder:.. """.. This class exists to allow virtual environment creation to be.. customized. The constructor parameters determine the builder's.. behaviour when called upon to create a virtual environment..... By default, the builder makes the system (global) site-packages dir.. *un*available to the created environment..... If invoked using the Python -m option, the default is to use copying.. on Windows platforms but symlinks elsewhere. If instantiated some.. other way, the default is to *not* use symlinks..... :param system_site_packages: If True, the system (global) site-packages..

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):155
                                          Entropy (8bit):4.391102855481543
                                          Encrypted:false
                                          SSDEEP:3:JSn33FLYBc/RpxlqFF0iLdGMgdFNFsyFF8rDauuZ9WL3MF0OaMy:knFL6yxAFF0ioMMXh0rDahnY3PMy
                                          MD5:C446A88879A21B85D92BD3F00F91D529
                                          SHA1:1EDB68F622FF436F2F3384A1D6BBA9671094AE76
                                          SHA-256:8996339F7F40EE973AC404F514792180F26CB2AFBA22AFCE53F82B842C487FE0
                                          SHA-512:7C9FEFDC73BE7CD93F65E71E1E53AE06B7B639D494E5FE02A16553987A16ECE05F3EA552FB4DAB87DEA46378A812C6BFF0E333C504BB12C8049DA2953F71C020
                                          Malicious:false
                                          Preview:import sys..from . import main....rc = 1..try:.. main().. rc = 0..except Exception as e:.. print('Error: %s' % e, file=sys.stderr)..sys.exit(rc)..

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\scripts\common\Activate.ps1

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26199
                                          Entropy (8bit):6.038482114200419
                                          Encrypted:false
                                          SSDEEP:384:GrY3dW52A9GQoP9ZdgJpOz2nc9rbtGAlR2l1Zm1z8rb3RDsmQ7u+C:Tts4vg3g/9vAAl8l1k1wnE7u+C
                                          MD5:C0CB073C2C805A43D3E120BE164CD600
                                          SHA1:6D616C66094555A1C9CC67EAF6FFEF99F570E2A1
                                          SHA-256:C1AD458E5A9EE836AF9EE4BB0C5C96028994361E82150708BB522BB4B5A15B1A
                                          SHA-512:364E6A02AC87FC56C5C50188CC4495490DB0FCB76D63C85340C33348ACDF111613ECA85D2EA35F8524DEE84CCFA315B912F927255B24FF5AA0194357B0E8CCBA
                                          Malicious:false
                                          Preview:<#...Synopsis..Activate a Python virtual environment for the current PowerShell session......Description..Pushes the python executable for a virtual environment to the front of the..$Env:PATH environment variable and sets the prompt to signify that you are..in a Python virtual environment. Makes use of the command line switches as..well as the `pyvenv.cfg` file values present in the virtual environment......Parameter VenvDir..Path to the directory that contains the virtual environment to activate. The..default value for this is the parent of the directory that the Activate.ps1..script is located within......Parameter Prompt..The prompt prefix to display when this virtual environment is activated. By..default, this prompt is the name of the virtual environment folder (VenvDir)..surrounded by parentheses and followed by a single space (ie. '(.venv) ')......Example..Activate.ps1..Activates the Python virtual environment that contains the Activate.ps1 script......Example..Activate.ps1 -Ver

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\scripts\common\activate

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):2042
                                          Entropy (8bit):5.2057009113881305
                                          Encrypted:false
                                          SSDEEP:48:vvyXtfFmUYilrd2QC2VQAiHIJj8j/rlji3Xxb0OKEgvJamlLNQ:v4tfFmU/lbVzNGtji3Xxb0OKEaflC
                                          MD5:C075086FE6F3995077AD825BF96E3D43
                                          SHA1:7625571587887769FAC6C6A49B3963CAFDDDA12D
                                          SHA-256:76B3D2A782A6B9871BA5B0FE6096A7E315B06C9095BE1618EBF5087E9BA1F73B
                                          SHA-512:68411D42149FDBC9E7F5F7D6038C092D257BC7DAB89DEAC1A68B21190A6859B52207EF482BF5C53C7485208688B8C9C102A51B749498E6AD165F9065BB6F5518
                                          Malicious:false
                                          Preview:# This file must be used with "source bin/activate" *from bash*.# You cannot run it directly..deactivate () {. # reset old environment variables. if [ -n "${_OLD_VIRTUAL_PATH:-}" ] ; then. PATH="${_OLD_VIRTUAL_PATH:-}". export PATH. unset _OLD_VIRTUAL_PATH. fi. if [ -n "${_OLD_VIRTUAL_PYTHONHOME:-}" ] ; then. PYTHONHOME="${_OLD_VIRTUAL_PYTHONHOME:-}". export PYTHONHOME. unset _OLD_VIRTUAL_PYTHONHOME. fi.. # Call hash to forget past commands. Without forgetting. # past commands the $PATH changes we made may not be respected. hash -r 2> /dev/null.. if [ -n "${_OLD_VIRTUAL_PS1:-}" ] ; then. PS1="${_OLD_VIRTUAL_PS1:-}". export PS1. unset _OLD_VIRTUAL_PS1. fi.. unset VIRTUAL_ENV. unset VIRTUAL_ENV_PROMPT. if [ ! "${1:-}" = "nondestructive" ] ; then. # Self destruct!. unset -f deactivate. fi.}..# unset irrelevant variables.deactivate nondestructive..# on Windows, a path can cont

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\scripts\nt\activate.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1007
                                          Entropy (8bit):5.27514244588578
                                          Encrypted:false
                                          SSDEEP:24:fcvSYpA9ii8AeCC50XVvKv21NaQ5gVbK9WNIFaOd5gnVVWi8AIX1o:fc6xbeCC+4e10xK9WGFa7tL
                                          MD5:3F5B7CF6AFC3EBB7053DCA90FE8C0D49
                                          SHA1:AE6802B186B991EE1D33F69CFC3C884D3C612915
                                          SHA-256:107F9AE6646D42EC3E7DA7D40266699C76A6A1FB6837FF824D47114406DA5345
                                          SHA-512:E97B8FDD6BCF1CBBD01897B5FA335C0B6A8DE26D998FC893F995DEEAF7EF60A38D9CA0678F35A83A56CDA7F31516DE341EEA42ACE90763414B6F94A3AA2DFCE5
                                          Malicious:false
                                          Preview:@echo off....rem This file is UTF-8 encoded, so we need to update the current code page while executing it..for /f "tokens=2 delims=:." %%a in ('"%SystemRoot%\System32\chcp.com"') do (.. set _OLD_CODEPAGE=%%a..)..if defined _OLD_CODEPAGE (.. "%SystemRoot%\System32\chcp.com" 65001 > nul..)....set VIRTUAL_ENV=__VENV_DIR__....if not defined PROMPT set PROMPT=$P$G....if defined _OLD_VIRTUAL_PROMPT set PROMPT=%_OLD_VIRTUAL_PROMPT%..if defined _OLD_VIRTUAL_PYTHONHOME set PYTHONHOME=%_OLD_VIRTUAL_PYTHONHOME%....set _OLD_VIRTUAL_PROMPT=%PROMPT%..set PROMPT=__VENV_PROMPT__%PROMPT%....if defined PYTHONHOME set _OLD_VIRTUAL_PYTHONHOME=%PYTHONHOME%..set PYTHONHOME=....if defined _OLD_VIRTUAL_PATH set PATH=%_OLD_VIRTUAL_PATH%..if not defined _OLD_VIRTUAL_PATH set _OLD_VIRTUAL_PATH=%PATH%....set PATH=%VIRTUAL_ENV%\__VENV_BIN_NAME__;%PATH%..set VIRTUAL_ENV_PROMPT=__VENV_PROMPT__....:END..if defined _OLD_CODEPAGE (.. "%SystemRoot%\System32\chcp.com" %_OLD_CODEPAGE% > nul.. set _OLD_CODEPAG

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\scripts\nt\deactivate.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):393
                                          Entropy (8bit):4.756212294983625
                                          Encrypted:false
                                          SSDEEP:12:xWbCw/wCWk/3ow9/L91/FULWM0kiZNAmZQ:gQK3ow1HFUCw
                                          MD5:CD761DDD8683F623C5A4B142142B4323
                                          SHA1:84F7A952A5ACBD6C454F7F208E2B9A06C2AFA32E
                                          SHA-256:FB53ED45866FEE40F01C907C1F67555A399F98361722D89120D05A2580E9E563
                                          SHA-512:ADC7B18D801CF2B6E11E0E67C19890D09883AAB5C5D01C5FA6B688FDD730B98681446C51D5010F28C4356DFACDF64CB0ED265FFA9A9BF3FCD1F32CE14E30B01A
                                          Malicious:false
                                          Preview:@echo off....if defined _OLD_VIRTUAL_PROMPT (.. set "PROMPT=%_OLD_VIRTUAL_PROMPT%"..)..set _OLD_VIRTUAL_PROMPT=....if defined _OLD_VIRTUAL_PYTHONHOME (.. set "PYTHONHOME=%_OLD_VIRTUAL_PYTHONHOME%".. set _OLD_VIRTUAL_PYTHONHOME=..)....if defined _OLD_VIRTUAL_PATH (.. set "PATH=%_OLD_VIRTUAL_PATH%"..)....set _OLD_VIRTUAL_PATH=....set VIRTUAL_ENV=..set VIRTUAL_ENV_PROMPT=....:END..

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\scripts\posix\activate.csh

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with very long lines (324)
                                          Category:dropped
                                          Size (bytes):936
                                          Entropy (8bit):5.299104530040339
                                          Encrypted:false
                                          SSDEEP:12:quK20QYQolsvgRQbG2w5Lyk90IRcAtfgHNeo29H1WHw8Fsm5fm2xFJNrM1/8JwTR:quK2r8lgcQbNTxAi0aHRRR4jV0OId2
                                          MD5:E969D2A879311B19DCC0FCBA0C327A90
                                          SHA1:3CB8F16234D7783C637C3C9B19C0AE222451481B
                                          SHA-256:CDD8A01BB9C221836BFA4470D52C9FB5ACBCE2DE6454DF71EFDAE3ADC342441E
                                          SHA-512:0A4F5B053169C619AA114A42D305758EF7B9AFA537DDD46529CDC3578AD156B9A770655234477E766A5C293CBAECDB4B9B58FC3635AA767992CB849DF3F51B42
                                          Malicious:false
                                          Preview:# This file must be used with "source bin/activate.csh" *from csh*..# You cannot run it directly...# Created by Davide Di Blasi <davidedb@gmail.com>..# Ported to Python 3.3 venv by Andrew Svetlov <andrew.svetlov@gmail.com>..alias deactivate 'test $?_OLD_VIRTUAL_PATH != 0 && setenv PATH "$_OLD_VIRTUAL_PATH" && unset _OLD_VIRTUAL_PATH; rehash; test $?_OLD_VIRTUAL_PROMPT != 0 && set prompt="$_OLD_VIRTUAL_PROMPT" && unset _OLD_VIRTUAL_PROMPT; unsetenv VIRTUAL_ENV; unsetenv VIRTUAL_ENV_PROMPT; test "\!:*" != "nondestructive" && unalias deactivate'..# Unset irrelevant variables..deactivate nondestructive..setenv VIRTUAL_ENV "__VENV_DIR__"..set _OLD_VIRTUAL_PATH="$PATH".setenv PATH "$VIRTUAL_ENV/__VENV_BIN_NAME__:$PATH"...set _OLD_VIRTUAL_PROMPT="$prompt"..if (! "$?VIRTUAL_ENV_DISABLE_PROMPT") then. set prompt = "__VENV_PROMPT__$prompt". setenv VIRTUAL_ENV_PROMPT "__VENV_PROMPT__".endif..alias pydoc python -m pydoc..rehash.

                                          C:\Users\user\AppData\Roaming\windows\Lib\venv\scripts\posix\activate.fish

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):2215
                                          Entropy (8bit):4.911868545536749
                                          Encrypted:false
                                          SSDEEP:48:vRJnPqk7cnQzr9GG5fLOFaWChA7YA2WtOxW9nx8myV:vzD7cnQzr936FaWeA7YANtr9udV
                                          MD5:920152E36456714B76ECF77D96E32F29
                                          SHA1:C82CFAF10765F3F587AE7101389BAEA584CA28B2
                                          SHA-256:A100A3F99289828886D7A4BFAB657751AEA2B4313FFCB5B95BC643D63469448D
                                          SHA-512:8EEEDF23117E3478A9962CEE9437C8F333D584C8585F027DF06B92A71BD0CAC3442507F8A8BF56D2703C694A61CBB37DBAC10694CD5C54BF5CBE4EAE2C9F8804
                                          Malicious:false
                                          Preview:# This file must be used with "source <venv>/bin/activate.fish" *from fish*.# (https://fishshell.com/). You cannot run it directly...function deactivate -d "Exit virtual environment and return to normal shell environment". # reset old environment variables. if test -n "$_OLD_VIRTUAL_PATH". set -gx PATH $_OLD_VIRTUAL_PATH. set -e _OLD_VIRTUAL_PATH. end. if test -n "$_OLD_VIRTUAL_PYTHONHOME". set -gx PYTHONHOME $_OLD_VIRTUAL_PYTHONHOME. set -e _OLD_VIRTUAL_PYTHONHOME. end.. if test -n "$_OLD_FISH_PROMPT_OVERRIDE". set -e _OLD_FISH_PROMPT_OVERRIDE. # prevents error when using nested fish instances (Issue #93858). if functions -q _old_fish_prompt. functions -e fish_prompt. functions -c _old_fish_prompt fish_prompt. functions -e _old_fish_prompt. end. end.. set -e VIRTUAL_ENV. set -e VIRTUAL_ENV_PROMPT. if test "$argv[1]" != "nondestructive". # Self-destruct!.

                                          C:\Users\user\AppData\Roaming\windows\Lib\warnings.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22356
                                          Entropy (8bit):4.4877053281482135
                                          Encrypted:false
                                          SSDEEP:384:VIGZhGnRqmpRXDAr9aue6QkedNr/voix0BWSvs31I:VIeGnRqmUkQiOBDs31I
                                          MD5:C200398BF6E214DB15BD758F5B9DC43B
                                          SHA1:C72E592895BE058FF802526F3F9F5F96058A19B6
                                          SHA-256:890980203DB82E0360E616F1E6F7B6C2504424B2B815D268A944F10FCA0698E0
                                          SHA-512:A4CABE6AEDFE1CE946F62FC1865FF2CFFAD5B20B0785911864CDD02D13D933DAB19A119E3EC47F6471A868F145764D7A19EE33C63898EE5FDEC6B1687A6BC480
                                          Malicious:false
                                          Preview:"""Python part of the warnings subsystem."""....import sys......__all__ = ["warn", "warn_explicit", "showwarning",.. "formatwarning", "filterwarnings", "simplefilter",.. "resetwarnings", "catch_warnings"]....def showwarning(message, category, filename, lineno, file=None, line=None):.. """Hook to write a warning to a file; replace if you like.""".. msg = WarningMessage(message, category, filename, lineno, file, line).. _showwarnmsg_impl(msg)....def formatwarning(message, category, filename, lineno, line=None):.. """Function to format a warning the standard way.""".. msg = WarningMessage(message, category, filename, lineno, None, line).. return _formatwarnmsg_impl(msg)....def _showwarnmsg_impl(msg):.. file = msg.file.. if file is None:.. file = sys.stderr.. if file is None:.. # sys.stderr is None when run with pythonw.exe:.. # warnings get lost.. return.. text = _formatwarnmsg(msg).. try:..

                                          C:\Users\user\AppData\Roaming\windows\Lib\wave.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):23422
                                          Entropy (8bit):4.412060916422069
                                          Encrypted:false
                                          SSDEEP:384:lHM8ycySCvhe0Iul19ILSe7aYhTRhbtss0h96fS:1MnPvhe0Iul1G37fFhbab4a
                                          MD5:669665071174634CBC5DA6C7F32E39E1
                                          SHA1:E3460F7700425AE18B95EB26D2FCD5817B6C1CC7
                                          SHA-256:BF03C1D6BBC7E4F5AFF854E17F387AE40B880BE7B64A004F21EEA8AC6775906B
                                          SHA-512:FCC5983B64549E5324E03B2DCE034C08F513A75F199D2DC80B80B7FA6A31FF2537684A7364EE7FFB375F05F0824D60DC8C664CADA85EF38ECBB2CD726947F241
                                          Malicious:false
                                          Preview:"""Stuff to parse WAVE files.....Usage.....Reading WAVE files:.. f = wave.open(file, 'r')..where file is either the name of a file or an open file pointer...The open file pointer must have methods read(), seek(), and close()...When the setpos() and rewind() methods are not used, the seek()..method is not necessary.....This returns an instance of a class with the following public methods:.. getnchannels() -- returns number of audio channels (1 for.. mono, 2 for stereo).. getsampwidth() -- returns sample width in bytes.. getframerate() -- returns sampling frequency.. getnframes() -- returns number of audio frames.. getcomptype() -- returns compression type ('NONE' for linear samples).. getcompname() -- returns human-readable version of.. compression type ('not compressed' linear samples).. getparams() -- returns a namedtuple consisting of all of the.. above in th

                                          C:\Users\user\AppData\Roaming\windows\Lib\weakref.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22187
                                          Entropy (8bit):4.286714165954684
                                          Encrypted:false
                                          SSDEEP:384:gJp8HzCblJPEwGmyZVPjY8c4jDyCYAym+TiH9QHORqQeIXjWi86wow0wHRegJn9d:g3EPOpRUBzSmOjJnCoWaDf3DjJnRKs
                                          MD5:0C6F82FB8421E6992AEAAB71A587C9DE
                                          SHA1:243DFA4F9E4BCCB75996369F74D0925E4FA0DAE7
                                          SHA-256:6721C34BA3C404BF4A443890ED374B546A870C958935A6AA4FDF634876A5A980
                                          SHA-512:73C764399C329600849F91BA4872BC2BB93B99133BD76DCF3B4440F8FF66FD17919420560B020FFA64BAEAD8A3905E3B4CDB65DE3A50846951EDC3B0E32A466E
                                          Malicious:false
                                          Preview:"""Weak reference support for Python.....This module is an implementation of PEP 205:....https://peps.python.org/pep-0205/.."""....# Naming convention: Variables named "wr" are weak reference objects;..# they are called this instead of "ref" to avoid name collisions with..# the module-global ref() function imported from _weakref.....from _weakref import (.. getweakrefcount,.. getweakrefs,.. ref,.. proxy,.. CallableProxyType,.. ProxyType,.. ReferenceType,.. _remove_dead_weakref)....from _weakrefset import WeakSet, _IterationGuard....import _collections_abc # Import after _weakref to avoid circular import...import sys..import itertools....ProxyTypes = (ProxyType, CallableProxyType)....__all__ = ["ref", "proxy", "getweakrefcount", "getweakrefs",.. "WeakKeyDictionary", "ReferenceType", "ProxyType",.. "CallableProxyType", "ProxyTypes", "WeakValueDictionary",.. "WeakSet", "WeakMethod", "finalize"]......_collections_abc.MutableSet

                                          C:\Users\user\AppData\Roaming\windows\Lib\webbrowser.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):24314
                                          Entropy (8bit):4.504510904358674
                                          Encrypted:false
                                          SSDEEP:192:DwLa8snEWTtATTvYdT7/yO49RTIqxC5UE/43SqNVBWcOW/r/sQCfjxSSUvJLSzjE:DwxgtAvw1CThtWcOGsSCUeZvpkeZEyo
                                          MD5:A11B4B79456AB786ABD45790767B6FE3
                                          SHA1:8490A6A94915D263013983354D4480823CB12B7E
                                          SHA-256:5435615025ABAEE5E23AFA7DD33B59FEB069613E568CC5EECD8414D52D73220C
                                          SHA-512:272DD6D5B7815342E60EE60681F13C6B66CE54C5D87A31C330942979A9B20D45713A54CF6239F4920E239ACEF5F6EDF639101B8D2646A3340D7C8D547AD6D866
                                          Malicious:false
                                          Preview:#! /usr/bin/env python3.."""Interfaces for launching and remotely controlling web browsers."""..# Maintained by Georg Brandl.....import os..import shlex..import shutil..import sys..import subprocess..import threading..import warnings....__all__ = ["Error", "open", "open_new", "open_new_tab", "get", "register"]....class Error(Exception):.. pass...._lock = threading.RLock().._browsers = {} # Dictionary of available browser controllers.._tryorder = None # Preference order of available browsers.._os_preferred_browser = None # The preferred browser....def register(name, klass, instance=None, *, preferred=False):.. """Register a browser connector.""".. with _lock:.. if _tryorder is None:.. register_standard_browsers().. _browsers[name.lower()] = [klass, instance].... # Preferred browsers go to the front of the list... # Need to match to the default browser returned by xdg-settings, which.. # may be of t

                                          C:\Users\user\AppData\Roaming\windows\Lib\wsgiref\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):682
                                          Entropy (8bit):4.74586378239771
                                          Encrypted:false
                                          SSDEEP:12:aMSZzRV70C6qkXJqMbZuIeO0Z6VquA31zVuALrc4perTcI3oZ31bC8fNNNG8:Mzn6tUGZuRx6VdOdrY4oIx1DfvNG8
                                          MD5:752762A137474F10062D2B4DD6EB0666
                                          SHA1:C6912436B710F3ACF4C06FAF81C52D167A4AE229
                                          SHA-256:978228AE9DB30BD59E31AB960BFCA45D15411267F0C5BFC449BFEA84284DA118
                                          SHA-512:99BBB4720B0A682B768D33A7F63487E291E2896397A8FA70B99BA0D8EDE1879E0A9E8DE49BA46BED73114A8F6A9D8161D3053CC48088F08AA753F9B3E215B8FB
                                          Malicious:false
                                          Preview:"""wsgiref -- a WSGI (PEP 3333) Reference Library....Current Contents:....* util -- Miscellaneous useful functions and wrappers....* headers -- Manage response headers....* handlers -- base classes for server/gateway implementations....* simple_server -- a simple BaseHTTPServer that supports WSGI....* validate -- validation wrapper that sits between an app and a server.. to detect errors in either....* types -- collection of WSGI-related types for static type checking....To-Do:....* cgi_gateway -- Run WSGI apps under CGI (pending a deployment standard)....* cgi_wrapper -- Run CGI apps under WSGI....* router -- a simple middleware component that handles URL traversal.."""..

                                          C:\Users\user\AppData\Roaming\windows\Lib\wsgiref\handlers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22237
                                          Entropy (8bit):4.587736072760895
                                          Encrypted:false
                                          SSDEEP:384:JwIEd11/napFUzQ6UZgiFJC1IO5JS2YPUiBbKzEbqm:JwldrnC2QLZgGJY3SXfFKQR
                                          MD5:B3D0B8858613620C1A548D4D99CEF390
                                          SHA1:D51836FF7536D8E6063102FBB7607413D4E30820
                                          SHA-256:F63A3BEF6BD407F93E7667668266EAF27B5057AA8D7A95255EA97AD1C70081C0
                                          SHA-512:3BD7DE7CA0BCB5CB390346312159D0BB85F2C68931BA7517B4DB56009507A5AF42BBCD9E2B779794E8135B4F5EAB3E933B1125159FCADF9165DC96886C584BF4
                                          Malicious:false
                                          Preview:"""Base classes for server/gateway implementations"""....from .util import FileWrapper, guess_scheme, is_hop_by_hop..from .headers import Headers....import sys, os, time....__all__ = [.. 'BaseHandler', 'SimpleHandler', 'BaseCGIHandler', 'CGIHandler',.. 'IISCGIHandler', 'read_environ'..]....# Weekday and month names for HTTP date/time formatting; always English!.._weekdayname = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"].._monthname = [None, # Dummy so we can use 1-based month numbers.. "Jan", "Feb", "Mar", "Apr", "May", "Jun",.. "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"]....def format_date_time(timestamp):.. year, month, day, hh, mm, ss, wd, y, z = time.gmtime(timestamp).. return "%s, %02d %3s %4d %02d:%02d:%02d GMT" % (.. _weekdayname[wd], day, _monthname[month], year, hh, mm, ss.. )...._is_request = {.. 'SCRIPT_NAME', 'PATH_INFO', 'QUERY_STRING', 'REQUEST_METHOD', 'AUTH_TYPE',.. 'CONTENT_TYPE', 'CONTENT_LENGTH', 'HTTPS', 'REM

                                          C:\Users\user\AppData\Roaming\windows\Lib\wsgiref\headers.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6950
                                          Entropy (8bit):4.452309215621417
                                          Encrypted:false
                                          SSDEEP:96:p3Xzp1CtDqI4p4JWKQOj39xUHmjV7u9vJ1XAkm85ny:pnG4j4ZjNxFJ7KAYny
                                          MD5:DE43247A8F9221995F9BDA75FDB451E2
                                          SHA1:180AC426596F99CD67669F0DC45926F87E943A4A
                                          SHA-256:7B96D1DD47E97B5AAB695FE4062D53744E0B7C058BB1565C6E65CAF4DAC9EBCB
                                          SHA-512:ABB7372F921120C98A802259FD1EFE067029434A5577416C7E3CAF6AC3BD5FE914C49F807BBF15DF31AE75D01CF0E0D6D30FC9E9E18EA2ACADEBD249C22FB8CC
                                          Malicious:false
                                          Preview:"""Manage HTTP Response Headers....Much of this module is red-handedly pilfered from email.message in the stdlib,..so portions are Copyright (C) 2001,2002 Python Software Foundation, and were..written by Barry Warsaw..."""....# Regular expression that matches `special' characters in parameters, the..# existence of which force quoting of the parameter value...import re..tspecials = re.compile(r'[ \(\)<>@,;:\\"/\[\]\?=]')....def _formatparam(param, value=None, quote=1):.. """Convenience function to format and return a key=value pair..... This will quote the value if needed or if quote is true... """.. if value is not None and len(value) > 0:.. if quote or tspecials.search(value):.. value = value.replace('\\', '\\\\').replace('"', r'\"').. return '%s="%s"' % (param, value).. else:.. return '%s=%s' % (param, value).. else:.. return param......class Headers:.. """Manage a collection of HTTP response headers""".... de

                                          C:\Users\user\AppData\Roaming\windows\Lib\wsgiref\simple_server.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5336
                                          Entropy (8bit):4.856557033789357
                                          Encrypted:false
                                          SSDEEP:96:aYWTBCDGpP5GMbUYYQoa3PM9190e5+ULK4kM1jS3k5/wVR:aNMSbUHa/2Ge5+OkM18YwVR
                                          MD5:B7D46278821659B18DBAE151058B1AE9
                                          SHA1:00E2FB326D13D8BD33E50CB3FFBAF4AD4EB20444
                                          SHA-256:E2A6C322349214CA18159541EA763EADEA4DA2A1998C002B8CA5DC3396D0E0D2
                                          SHA-512:DB0806C0C98A0C4B17BDE92FFBB230AB430668A3C11AE74A2FB423C5A145A9C7E69B5CD0BED7176C9959FE0B8EFF7E00A83C8F4D8291BED8B785D360A95C094D
                                          Malicious:false
                                          Preview:"""BaseHTTPServer that implements the Python WSGI protocol (PEP 3333)....This is both an example of how WSGI can be implemented, and a basis for running..simple web applications on a local machine, such as might be done when testing..or debugging an application. It has not been reviewed for security issues,..however, and we strongly recommend that you use a "real" web server for..production use.....For example usage, see the 'if __name__=="__main__"' block at the end of the..module. See also the BaseHTTPServer module docs for other API information..."""....from http.server import BaseHTTPRequestHandler, HTTPServer..import sys..import urllib.parse..from wsgiref.handlers import SimpleHandler..from platform import python_implementation....__version__ = "0.2"..__all__ = ['WSGIServer', 'WSGIRequestHandler', 'demo_app', 'make_server']......server_version = "WSGIServer/" + __version__..sys_version = python_implementation() + "/" + sys.version.split()[0]..software_version = server_version +

                                          C:\Users\user\AppData\Roaming\windows\Lib\wsgiref\types.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1771
                                          Entropy (8bit):4.938759888371545
                                          Encrypted:false
                                          SSDEEP:48:HIuo5NjC6LJYN5p2J1eg3lA1RzJabfgbffb2TiZj++aboaApi8P8:HIu63aNv2J1eqPM7Ck0MbiF
                                          MD5:4AFAB88D4A1CD84F053AA85B1F04D326
                                          SHA1:702C2A494F78A27E6618FB358D0199F9185C8E43
                                          SHA-256:F56851D14F5008804BB8220A23B5963D55BA08139F9EA4F22BA2773ADE85A34B
                                          SHA-512:053406531CA7FB8B4F4CD9809E5BD4066CD9D68E604DB436024A942517C95C97F8BD2C90CDA7E0AD038C6ED6462E90339093894259528187FF0029211691CEFD
                                          Malicious:false
                                          Preview:"""WSGI-related types for static type checking"""....from collections.abc import Callable, Iterable, Iterator..from types import TracebackType..from typing import Any, Protocol, TypeAlias....__all__ = [.. "StartResponse",.. "WSGIEnvironment",.. "WSGIApplication",.. "InputStream",.. "ErrorStream",.. "FileWrapper",..]...._ExcInfo: TypeAlias = tuple[type[BaseException], BaseException, TracebackType].._OptExcInfo: TypeAlias = _ExcInfo | tuple[None, None, None]....class StartResponse(Protocol):.. """start_response() callable as defined in PEP 3333""".. def __call__(.. self,.. status: str,.. headers: list[tuple[str, str]],.. exc_info: _OptExcInfo | None = ...,.. /,.. ) -> Callable[[bytes], object]: .......WSGIEnvironment: TypeAlias = dict[str, Any]..WSGIApplication: TypeAlias = Callable[[WSGIEnvironment, StartResponse],.. Iterable[bytes]]....class InputStream(Protocol):.. """WSGI input stream as defined in PEP 3333""".. d

                                          C:\Users\user\AppData\Roaming\windows\Lib\wsgiref\util.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5631
                                          Entropy (8bit):5.017728083580684
                                          Encrypted:false
                                          SSDEEP:96:XW34CNDEbyh7ryLMdzNCzlGS5NipQY/LKQYItQDmATxGH1pqZQRt:XNx2h5wlGgNipQY/eQYyQaEm1poQRt
                                          MD5:11AB47A8BA3D4FF441DC5F9EE4493330
                                          SHA1:8798B3210B6FEFD58877474850D22C1171DB90BA
                                          SHA-256:B0A1004776DFFFFD3073E39100CE6FCFDD03D7A3EEF7A856C9A946E031477154
                                          SHA-512:9DCAF617A311703849F22F870E5EB25CDF09277C517C078ABDF18C9EA6F2165249F0D76C8DAA86517E192D643E95DEC35DEF2AB466E5A1C0C0A610DC27F4B750
                                          Malicious:false
                                          Preview:"""Miscellaneous WSGI-related Utilities"""....import posixpath....__all__ = [.. 'FileWrapper', 'guess_scheme', 'application_uri', 'request_uri',.. 'shift_path_info', 'setup_testing_defaults',..]......class FileWrapper:.. """Wrapper to convert file-like objects to iterables""".... def __init__(self, filelike, blksize=8192):.. self.filelike = filelike.. self.blksize = blksize.. if hasattr(filelike,'close'):.. self.close = filelike.close.... def __iter__(self):.. return self.... def __next__(self):.. data = self.filelike.read(self.blksize).. if data:.. return data.. raise StopIteration....def guess_scheme(environ):.. """Return a guess for whether 'wsgi.url_scheme' should be 'http' or 'https'.. """.. if environ.get("HTTPS") in ('yes','on','1'):.. return 'https'.. else:.. return 'http'....def application_uri(environ):.. """Return the application's base URI (no PATH_INFO or Q

                                          C:\Users\user\AppData\Roaming\windows\Lib\wsgiref\validate.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):15474
                                          Entropy (8bit):4.758004863356647
                                          Encrypted:false
                                          SSDEEP:192:Z4laBfuth+3sZiMWsXo8vtFVccc6oBWS/PWZhNq/v3wza/uPFJuG6ZthKpCcGWKh:Z3cM3m+sf5OrHCH5CcGXnQu
                                          MD5:1D512856CB07DEA1158F55049506AAFD
                                          SHA1:473F16C7C518A31B849EAA8D6D47A8B5D32CDE92
                                          SHA-256:72CF19F76F8ABEFC07E3EA3E1401CD643B883AD461AE1090DFF869ED35CDB66A
                                          SHA-512:CE7DAD40E89405C05F4D177679E821526CC88A7F8F6B6D01ACC11F77CD40A917685B5846737549173E203CA7AC5DCB588E955BAC422E783EEC9649D6FA8D2B77
                                          Malicious:false
                                          Preview:# (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)..# Licensed under the MIT license: https://opensource.org/licenses/mit-license.php..# Also licenced under the Apache License, 2.0: https://opensource.org/licenses/apache2.0.php..# Licensed to PSF under a Contributor Agreement.."""..Middleware to check for obedience to the WSGI specification.....Some of the things this checks:....* Signature of the application and start_response (including that.. keyword arguments are not used).....* Environment checks:.... - Environment is a dictionary (and not a subclass)..... - That all the required keys are in the environment: REQUEST_METHOD,.. SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors,.. wsgi.multithread, wsgi.multiprocess, wsgi.run_once.... - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the.. environment (these headers should appear as CONTENT_LENGTH and.. CONTENT_TYPE)..... - Warns if QUERY_STRING is missing, as

                                          C:\Users\user\AppData\Roaming\windows\Lib\xdrlib.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6184
                                          Entropy (8bit):4.564216988235887
                                          Encrypted:false
                                          SSDEEP:96:l3vVOCEFsFUxepdMJhp1ygk+3PGo7YxCCl:l37jSg0w6GMYx1l
                                          MD5:D97A50E7AF057419F594281D08F0C64D
                                          SHA1:6A836A074DDA9FA20177B15BF7BBF87694151F2A
                                          SHA-256:85E61F3BA94820C09BD53AA9E9228D642BDA513EF4BE7AC41ED37EDEBB59D115
                                          SHA-512:B76BACACB31D265C66F135656996D0030F8CBAA0E4FC12ADD9609362385F549DB795202B25F3DFAA32150E5D4FE1FE3C97D0F0BE2FBD88C96C9E8F5E4690E9C3
                                          Malicious:false
                                          Preview:"""Implements (a subset of) Sun XDR -- eXternal Data Representation.....See: RFC 1014...."""....import struct..from io import BytesIO..from functools import wraps..import warnings....warnings._deprecated(__name__, remove=(3, 13))....__all__ = ["Error", "Packer", "Unpacker", "ConversionError"]....# exceptions..class Error(Exception):.. """Exception class for this module. Use:.... except xdrlib.Error as var:.. # var has the Error instance for the exception.... Public ivars:.. msg -- contains the message.... """.. def __init__(self, msg):.. self.msg = msg.. def __repr__(self):.. return repr(self.msg).. def __str__(self):.. return str(self.msg)......class ConversionError(Error):.. pass....def raise_conversion_error(function):.. """ Wrap any raised struct.errors in a ConversionError. """.... @wraps(function).. def result(self, value):.. try:.. return function(self, value).. except struct.error as e:

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):577
                                          Entropy (8bit):4.836838565624073
                                          Encrypted:false
                                          SSDEEP:12:IeV0+4tWAyKAiKfYtMMZFVSzkGQHxud8oRQZRlIjtRniMDJn+8/Av:90jUpKPK67qkGQHC8MQZRwtR9Vov
                                          MD5:BBF47A853581DA94F257137FC2931942
                                          SHA1:7F92F135DEEEC0C2305D13EDABE46326FFDBF74C
                                          SHA-256:8E7BC2B8A9974751E0BF0BE8E8FD3C116FB0ED2FF2E372F693A7E3659A46F8DC
                                          SHA-512:7DB6463C19416A01B51B87F84AF5AB44182339938F9F1B919E49D44C4DA62EA3CF46967A8A23F8716DC43A3F779F01FDC3C2E83A09D127EDA04CE6E2FF07ACDA
                                          Malicious:false
                                          Preview:"""Core XML support for Python.....This package contains four sub-packages:....dom -- The W3C Document Object Model. This supports DOM Level 1 +.. Namespaces.....parsers -- Python wrappers for XML parsers (currently only supports Expat).....sax -- The Simple API for XML, developed by XML-Dev, led by David.. Megginson and ported to Python by Lars Marius Garshol. This.. supports the SAX 2 API.....etree -- The ElementTree XML library. This is a subset of the full.. ElementTree XML release....."""......__all__ = ["dom", "parsers", "sax", "etree"]..

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):727
                                          Entropy (8bit):5.329660668483252
                                          Encrypted:false
                                          SSDEEP:12:1TXJma0+ItWAyOyKfYtMMZFV/zkGQHxuo89RlIwRnfTLkL+nxW2aktqol/:lJma0/Up9KG77kGQHx89R/R/ozmz/
                                          MD5:9E63660F73511354252589578BF8CA65
                                          SHA1:3451451C17047CE89586456FEE6A2B97A3D897C3
                                          SHA-256:260E486896F95F2F74F9D35F5F4739A968BE56653CA54D3F831A87178A0E20E1
                                          SHA-512:CF834A60711FCB82A31E6F35C7ECA188A0D02BBDAD24718997EEC45931375F7D22CF901A6E531B2C784ED7744AC16EDB883BA7CF48366BB0789CBDE40822B6BF
                                          Malicious:false
                                          Preview:...........fA...............................d.Z.g.d...Z.y.).a....Core XML support for Python...This package contains four sub-packages:..dom -- The W3C Document Object Model. This supports DOM Level 1 +. Namespaces...parsers -- Python wrappers for XML parsers (currently only supports Expat)...sax -- The Simple API for XML, developed by XML-Dev, led by David. Megginson and ported to Python by Lars Marius Garshol. This. supports the SAX 2 API...etree -- The ElementTree XML library. This is a subset of the full. ElementTree XML release...)...dom..parsers..sax..etreeN)...__doc__..__all__........7C:\Users\V3NOM0u$\Desktop\python312\Lib\xml\__init__.py..<module>r........s...............&..-..r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\NodeFilter.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):963
                                          Entropy (8bit):4.460105538633994
                                          Encrypted:false
                                          SSDEEP:24:qiOFX0CABphpk4p/RSaXptaKEUtkNUG5fUy5PsFPQ:dOqphpk4p4aX/aKEUSUG5fUs1
                                          MD5:9958E8A8D21FFE4E3F7BDC7779266848
                                          SHA1:2649B95DE7342E1EA1FEDAF5A4177AEAC1B1B670
                                          SHA-256:125B3733259B454A33B339E5B20AB0B814DC4FBA6337DB0BF92C3E8B35F38DC6
                                          SHA-512:70DBBCB137D11E90075DACC54B49652990BF374749123F7C9ABFF3F474922CF2AD87F982F676ECD155BA5F59EF32CBE73D6C52FEC240D5F6C23A4C5FFA3D76B2
                                          Malicious:false
                                          Preview:# This is the Python mapping for interface NodeFilter from..# DOM2-Traversal-Range. It contains only constants.....class NodeFilter:.. """.. This is the DOM2 NodeFilter interface. It contains only constants... """.. FILTER_ACCEPT = 1.. FILTER_REJECT = 2.. FILTER_SKIP = 3.... SHOW_ALL = 0xFFFFFFFF.. SHOW_ELEMENT = 0x00000001.. SHOW_ATTRIBUTE = 0x00000002.. SHOW_TEXT = 0x00000004.. SHOW_CDATA_SECTION = 0x00000008.. SHOW_ENTITY_REFERENCE = 0x00000010.. SHOW_ENTITY = 0x00000020.. SHOW_PROCESSING_INSTRUCTION = 0x00000040.. SHOW_COMMENT = 0x00000080.. SHOW_DOCUMENT = 0x00000100.. SHOW_DOCUMENT_TYPE = 0x00000200.. SHOW_DOCUMENT_FRAGMENT = 0x00000400.. SHOW_NOTATION = 0x00000800.... def acceptNode(self, node):.. raise NotImplementedError..

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4159
                                          Entropy (8bit):5.031706800364569
                                          Encrypted:false
                                          SSDEEP:96:NRSUBXmSRzMdQOW35aBEqRsKBkMUXz7DZW5Lorzi7xA/knQQ/mDvTNm:bXbMdcUEcBkMaz7DZWLorzi72/kCm
                                          MD5:52A7C6D8927595A89F26EECC28A9F27C
                                          SHA1:056019A0C1D1B5F32CA7333D796176648593262D
                                          SHA-256:205D03F2E27639A136047A7DC21C37FD3AC7CE593899F8BFC482B33274C090AB
                                          SHA-512:A2799115A9B5D0D78B9F18A3A066B6DB17741354B2B65443CE4242092AE43D71B047E035BD3B22EE9FA011D505A9B89333C6D48CEF0D43E8D1A6AD6C3B57B506
                                          Malicious:false
                                          Preview:"""W3C Document Object Model implementation for Python.....The Python mapping of the Document Object Model is documented in the..Python Library Reference in the section on the xml.dom package.....This package contains the following modules:....minidom -- A simple implementation of the Level 1 DOM with namespace.. support added (based on the Level 2 specification) and other.. minor Level 2 functionality.....pulldom -- DOM builder supporting on-demand tree-building for selected.. subtrees of the document....."""......class Node:.. """Class giving the NodeType constants.""".. __slots__ = ().... # DOM implementations may use this as a base class for their own.. # Node implementations. If they don't, the constants defined here.. # should still be used as the canonical definitions as they match.. # the values given in the W3C recommendation. Client code can.. # safely refer to these values in all tests of Node.nodeType.. # values.....

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\domreg.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3550
                                          Entropy (8bit):4.649534812433712
                                          Encrypted:false
                                          SSDEEP:96:klJp4I0LAIesg2M2X/81X/zwAidRXqUrFNZfeuRGTfrfQP:kvp4R8Ie/2M2P2X/0pOUzZ2u6jIP
                                          MD5:1428A8AD8E0FF4731EC5F42BDE8A7ADD
                                          SHA1:D90646B5B206E70D933B825CB714360C8BB0694F
                                          SHA-256:174FACA21D253FB4AC50624823614B5B3B41E7B8BDF64D59EF75E901AD43B0A9
                                          SHA-512:8E329FBEFCB9537C3A59B7001C912BE1972C2190DECDBFC963C8F082B55697DEA8B9E6268EB76F7EF451E705C6EFF03B0230611AA9CDC4586C3589FDD5485ADE
                                          Malicious:false
                                          Preview:"""Registration facilities for DOM. This module should not be used..directly. Instead, the functions getDOMImplementation and..registerDOMImplementation should be imported from xml.dom."""....# This is a list of well-known implementations. Well-known names..# should be published by posting to xml-sig@python.org, and are..# subsequently recorded in this file.....import sys....well_known_implementations = {.. 'minidom':'xml.dom.minidom',.. '4DOM': 'xml.dom.DOMImplementation',.. }....# DOM implementations not officially registered should register..# themselves with their....registered = {}....def registerDOMImplementation(name, factory):.. """registerDOMImplementation(name, factory).... Register the factory function with the name. The factory function.. should return an object which implements the DOMImplementation.. interface. The factory function can either return the same object,.. or a new one (e.g. if that implementation supports some.. customization).""".

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\expatbuilder.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):36655
                                          Entropy (8bit):4.516472311080541
                                          Encrypted:false
                                          SSDEEP:768:9Ds8sGC94+qzyncsIwoDrvkiG9OxBbTgQlBt0UKmYKWk8:ps8sGz+navk6tlnKFbk8
                                          MD5:E20A4D759DF427CE87CF06865101F1D9
                                          SHA1:5D63A725CD7EC1F0DFBE34CE8C1C29099D43DB1C
                                          SHA-256:841EB1A04F902F3BE7AB58241DD7A0672A415A13005EF18B7031B3E1E81A6737
                                          SHA-512:F679823E87B1A1E797EC12F50D8D867756A85B9472D627EAA56426723C70208C3CF1364135F2DF5376199069A187D32F42C8E76439A89DDCB2399D9928CE458C
                                          Malicious:false
                                          Preview:"""Facility to use the Expat parser to load a minidom instance..from a string or file.....This avoids all the overhead of SAX and pulldom to gain performance..."""....# Warning!..#..# This module is tightly bound to the implementation details of the..# minidom DOM and can't be used with other DOM implementations. This..# is due, in part, to a lack of appropriate methods in the DOM (there is..# no way to create Entity and Notation nodes via the DOM Level 2..# interface), and for performance. The latter is the cause of some fairly..# cryptic code...#..# Performance hacks:..#..# - .character_data_handler() has an extra case in which continuing..# data is appended to an existing Text node; this can be a..# speedup since pyexpat can break up character data into multiple..# callbacks even though we set the buffer_text attribute on the..# parser. This also gives us the advantage that we don't need a..# separate normalization pass...#..# - Determining that a n

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\minicompat.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3476
                                          Entropy (8bit):4.360383579682768
                                          Encrypted:false
                                          SSDEEP:96:XNI6TlDr7wscbZSjiqukQsyVhn6HmwxmgMqS:ddRr7pRHyVZwMp
                                          MD5:D2C69B5B30E8E272B3FCDFACBC139787
                                          SHA1:9361E0D6B31BE99CCA23EE02E47A5DF2DD7FF0E3
                                          SHA-256:99AE261E514DE6D47A11FF572D7139EB9DBCC70696E3F6710BB17543F321F4AE
                                          SHA-512:F5C4784B9C4204AB2900FC4AF7F26B519A46A87E3E5DCD67B2217737060196AE9BEC1D65A0F15C92CBF6F4D99DC1737B76A6F70FE853C06CF3FDFA1AF60E0F9F
                                          Malicious:false
                                          Preview:"""Python version compatibility support for minidom.....This module contains internal implementation details and..should not be imported; use xml.dom.minidom instead..."""....# This module should only be imported using "import *"...#..# The following names are defined:..#..# NodeList -- lightest possible NodeList implementation..#..# EmptyNodeList -- lightest possible NodeList that is guaranteed to..# remain empty (immutable)..#..# StringTypes -- tuple of defined string types..#..# defproperty -- function used in conjunction with GetattrMagic;..# using these together is needed to make them work..# as efficiently as possible in both Python 2.2+..# and older versions. For example:..#..# class MyClass(GetattrMagic):..# def _get_myattr(self):..# return something..#..# defproperty(MyClass, "myatt

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\minidom.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):70153
                                          Entropy (8bit):4.476788952132246
                                          Encrypted:false
                                          SSDEEP:1536:f0k5awIUnDnAOwF1qHc9vYeacmaKl/LfH16BvYfcAe:VAOwFkoacmaKVS
                                          MD5:C0215FF60862F3669375E31EE79C3E97
                                          SHA1:9D4A464057ACCE90FBFF95AAC6A5DDE4F23E5848
                                          SHA-256:BF34C3B98EE710C14EB5D550991BB4DDF133187A4E339D655CFAA6E4BA98FB20
                                          SHA-512:C8174BFDCE880CD5D6E7AD609609026CBB589A1BFF9D2F2165A19D82F7B8D8A593F238F90A3F91F614A0A570596E8C5DAD57DB3A584048FF8E793AB5CEA97D8A
                                          Malicious:false
                                          Preview:"""Simple implementation of the Level 1 DOM.....Namespaces and other minor Level 2 features are also supported.....parse("foo.xml")....parseString("<foo><bar/></foo>")....Todo:..=====.. * convenience methods for getting elements and text... * more testing.. * bring some of the writer and linearizer code into conformance with this.. interface.. * SAX 2 namespaces.."""....import io..import xml.dom....from xml.dom import EMPTY_NAMESPACE, EMPTY_PREFIX, XMLNS_NAMESPACE, domreg..from xml.dom.minicompat import *..from xml.dom.xmlbuilder import DOMImplementationLS, DocumentLS....# This is used by the ID-cache invalidation checks; the list isn't..# actually complete, since the nodes being checked will never be the..# DOCUMENT_NODE or DOCUMENT_FRAGMENT_NODE. (The node being checked is..# the node being added or removed, not the node being modified.)..#.._nodeTypes_with_children = (xml.dom.Node.ELEMENT_NODE,.. xml.dom.Node.ENTITY_REFERENCE_NODE)......class Node(

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\pulldom.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):11973
                                          Entropy (8bit):4.563349863402665
                                          Encrypted:false
                                          SSDEEP:96:X+UnLXkCP+QE9H9PU1IeBZGiZqQgAq5e8QHqGhe3+BN+x+vjtUH2GppO0Cphgd8o:/LGiktGMtUl0p1CW8T1oqVw
                                          MD5:B1A5FB5EB8D364CBD286897FAEA71FDB
                                          SHA1:D38FD61ABBCC6E679473894488547F778AA414EC
                                          SHA-256:C9BE4D62E6A7472357148685D34F462F2042CBEA5C2A14D54298FA35B62AEE91
                                          SHA-512:84DFDE99DF415DB3C2081E11941EA1281AB87EE644824BD2D51D167700516E06E255EAE6DF8D7F8C7E1C989FF26E153014BF99857810316FCF7EA6818F7F44DA
                                          Malicious:false
                                          Preview:import xml.sax..import xml.sax.handler....START_ELEMENT = "START_ELEMENT"..END_ELEMENT = "END_ELEMENT"..COMMENT = "COMMENT"..START_DOCUMENT = "START_DOCUMENT"..END_DOCUMENT = "END_DOCUMENT"..PROCESSING_INSTRUCTION = "PROCESSING_INSTRUCTION"..IGNORABLE_WHITESPACE = "IGNORABLE_WHITESPACE"..CHARACTERS = "CHARACTERS"....class PullDOM(xml.sax.ContentHandler):.. _locator = None.. document = None.... def __init__(self, documentFactory=None):.. from xml.dom import XML_NAMESPACE.. self.documentFactory = documentFactory.. self.firstEvent = [None, None].. self.lastEvent = self.firstEvent.. self.elementStack = [].. self.push = self.elementStack.append.. try:.. self.pop = self.elementStack.pop.. except AttributeError:.. # use class' pop instead.. pass.. self._ns_contexts = [{XML_NAMESPACE:'xml'}] # contains uri -> prefix dicts.. self._current_context = self._ns_contexts[-1].. self.

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\dom\xmlbuilder.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12774
                                          Entropy (8bit):4.580280924284623
                                          Encrypted:false
                                          SSDEEP:192:Bzlret/w/z/0/yt/i/p/V/l/T/3AjbDFNPO0NOG624BhDXYkYKNfAjXZH5ax4h4i:BzdeoDY24BhDXYkYKNfyZH2BAM+
                                          MD5:881BBEEF94F77A78DC5BEB0DAA5CFF2A
                                          SHA1:50271F31FEEE68760223DF29B5E9E46A0BCC9EA8
                                          SHA-256:B02D7ACAD7E45931DCAE85209134B345AE94E4845AF40DCC06311A5948EB157F
                                          SHA-512:39EBF5DF5C267E4E364C92AA5E3DD9094D1F83C7204185AC486C2753A310723B3C95E83CD3280576D4EA037784A88F2860B69DA8183BCF320AAD2F83AA611E04
                                          Malicious:false
                                          Preview:"""Implementation of the DOM Level 3 'LS-Load' feature."""....import copy..import xml.dom....from xml.dom.NodeFilter import NodeFilter......__all__ = ["DOMBuilder", "DOMEntityResolver", "DOMInputSource"]......class Options:.. """Features object that has variables set for each DOMBuilder feature..... The DOMBuilder class uses an instance of this class to pass settings to.. the ExpatBuilder class... """.... # Note that the DOMBuilder class in LoadSave constrains which of these.. # values can be set using the DOM Level 3 LoadSave feature..... namespaces = 1.. namespace_declarations = True.. validation = False.. external_parameter_entities = True.. external_general_entities = True.. external_dtd_subset = True.. validate_if_schema = False.. validate = False.. datatype_normalization = False.. create_entity_ref_nodes = True.. entities = True.. whitespace_in_element_content = True.. cdata_sections = True.. comments = True.. charset

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\etree\ElementInclude.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7067
                                          Entropy (8bit):4.831830451126932
                                          Encrypted:false
                                          SSDEEP:192:CWMqEix5fu5TrKmJ+GAVXJbB7Z6S3h3f5zTRA76z4:CVOx5fu5HKmczXJNNh5K
                                          MD5:8993D36D13E13BC403F006D7E85C3C75
                                          SHA1:0B2D3255AB1754396E27D7F93A8ECE2F868D6E3A
                                          SHA-256:7B5DA3456C23CF25459EB3C95B063F3C9B623ED50EE70135E9DFE72D100B1D4E
                                          SHA-512:51048EEE9CA100488570045FCA6C19F953A70B7E5519830B80AEA3E18B7B96A2073C1C1B1FFC0EFE845041E64EBA56AAB050167EC3F3CFCFB73C5B8BA4CC1C78
                                          Malicious:false
                                          Preview:#..# ElementTree..# $Id: ElementInclude.py 3375 2008-02-13 08:05:08Z fredrik $..#..# limited xinclude support for element trees..#..# history:..# 2003-08-15 fl created..# 2003-11-14 fl fixed default loader..#..# Copyright (c) 2003-2004 by Fredrik Lundh. All rights reserved...#..# fredrik@pythonware.com..# http://www.pythonware.com..#..# --------------------------------------------------------------------..# The ElementTree toolkit is..#..# Copyright (c) 1999-2008 by Fredrik Lundh..#..# By obtaining, using, and/or copying this software and/or its..# associated documentation, you agree that you have read, understood,..# and will comply with the following terms and conditions:..#..# Permission to use, copy, modify, and distribute this software and..# its associated documentation for any purpose and without fee is..# hereby granted, provided that the above copyright notice appears in..# all copies, and that both that copyright notice and this permission..# notice appear in supporting

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\etree\ElementPath.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14420
                                          Entropy (8bit):4.520096130525027
                                          Encrypted:false
                                          SSDEEP:192:g0zEix5fu5TNcNZdmNpwvbKRLsPc8CeSnb9xZDkvb7RLEqt2dIIS6c:vx5fu5xKdcSt9N
                                          MD5:CF1580075B75398D1BA2D658C24C6621
                                          SHA1:01B648A7F14A09250FF6BEA45110015568787B3B
                                          SHA-256:9CF2C5248524016C9044BDFE5F81AC1C9AD6EDC0A04AC8433A33EAD7F7D52413
                                          SHA-512:C583575AA80A778DCE82F997D5626926B50192B516EE207A509123C5188D9CCB0FD4DCC6E2654435B1EB05491CFDEA95682056A99F193F46D4A0E5DA78A7927E
                                          Malicious:false
                                          Preview:#..# ElementTree..# $Id: ElementPath.py 3375 2008-02-13 08:05:08Z fredrik $..#..# limited xpath support for element trees..#..# history:..# 2003-05-23 fl created..# 2003-05-28 fl added support for // etc..# 2003-08-27 fl fixed parsing of periods in element names..# 2007-09-10 fl new selection engine..# 2007-09-12 fl fixed parent selector..# 2007-09-13 fl added iterfind; changed findall to return a list..# 2007-11-30 fl added namespaces support..# 2009-10-30 fl added child element value filter..#..# Copyright (c) 2003-2009 by Fredrik Lundh. All rights reserved...#..# fredrik@pythonware.com..# http://www.pythonware.com..#..# --------------------------------------------------------------------..# The ElementTree toolkit is..#..# Copyright (c) 1999-2009 by Fredrik Lundh..#..# By obtaining, using, and/or copying this software and/or its..# associated documentation, you agree that you have read, understood,..# and will comply with the following terms and conditions:..#..# Pe

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\etree\ElementTree.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):76102
                                          Entropy (8bit):4.435834819528531
                                          Encrypted:false
                                          SSDEEP:1536:9OYE5pERJLEBay0Ob0itUkdN0EK0yalzjdm/Xi6eP6nYCOTONCw4zUIZ4FR4Hof6:vE8bi6ed1XF2dM
                                          MD5:ABECFF3B28A3DB5CFEBAB373C46DD06C
                                          SHA1:16B25318A22D6D08437DB8A818A970CECC2173EA
                                          SHA-256:8E073CBD156ECFB55226CAB5E03634AD1C95CED3209AB0E8B17B950F5F0ACF5F
                                          SHA-512:BD76745DCDD3084DC3A36586A733AB907D86C15CDD11BFEE2A1D95FD2CCB21B463B14415C906E86E77AF75DC869F7ADC9E89CF6EEAB6557F5DD2478487970470
                                          Malicious:false
                                          Preview:"""Lightweight XML support for Python..... XML is an inherently hierarchical data format, and the most natural way to.. represent it is with a tree. This module has two classes for this purpose:.... 1. ElementTree represents the whole XML document as a tree and.... 2. Element represents a single node in this tree..... Interactions with the whole document (reading and writing to/from files) are.. usually done on the ElementTree level. Interactions with a single XML element.. and its sub-elements are done on the Element level..... Element is a flexible container object designed to store hierarchical data.. structures in memory. It can be described as a cross between a list and a.. dictionary. Each Element has a number of properties associated with it:.... 'tag' - a string containing the element's name..... 'attributes' - a Python dictionary storing the element's attributes..... 'text' - a string containing the element's text content..... 'tail' - an optional string c

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\etree\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1638
                                          Entropy (8bit):5.18485092184187
                                          Encrypted:false
                                          SSDEEP:24:JpfxgRJmdYYCYN7ktbjBHv9qm2c+Eq6ZaLyxDDGC8xGtuzYsrswF30CAH:JxlCYCdlZ2qtMyxDl8QuzYsxF30h
                                          MD5:074C97369CF6D6AB3C81A90A2EA48000
                                          SHA1:82AC462EB51C6BB4A524F2FA2E6A611A8141B3C4
                                          SHA-256:A2006C512205BA0E5C96B2A4BDCFF89BFDD02F18EF076F3E1FC70F11CED93423
                                          SHA-512:51B140D0C5C537107CDB8BB9546672BE4AE35307B5EE1281D8D55DEBED6066632A96EFB5B43DBC2EF4DAF452531651CEDF66ECFDE9A1C5E037274E4381424CAC
                                          Malicious:false
                                          Preview:# $Id: __init__.py 3375 2008-02-13 08:05:08Z fredrik $..# elementtree package....# --------------------------------------------------------------------..# The ElementTree toolkit is..#..# Copyright (c) 1999-2008 by Fredrik Lundh..#..# By obtaining, using, and/or copying this software and/or its..# associated documentation, you agree that you have read, understood,..# and will comply with the following terms and conditions:..#..# Permission to use, copy, modify, and distribute this software and..# its associated documentation for any purpose and without fee is..# hereby granted, provided that the above copyright notice appears in..# all copies, and that both that copyright notice and this permission..# notice appear in supporting documentation, and that the name of..# Secret Labs AB or the author not be used in advertising or publicity..# pertaining to distribution of the software without specific, written..# prior permission...#..# SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\etree\cElementTree.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):85
                                          Entropy (8bit):4.094248662638836
                                          Encrypted:false
                                          SSDEEP:3:SSXFKCWEkUnexXtJd0kUnexXBVKBiv:SSXFKCWlR/d1RBgBM
                                          MD5:94DD5DD6A9695867E33608F69F470973
                                          SHA1:D20B89CFD1E442F114279F1AE7FE1934FEAFF5CE
                                          SHA-256:A42C14E24D69C79D1A1462486DC28CED30875787CB9407BD56A62CCE83C349A1
                                          SHA-512:FE36B9CF3837F490FB1D0A528C59191E8DF521FD84C791918E63FD47F0E4560E848EF087EB681C5678A79C413F480D5F178F5E65D34CC90F5D629899D0520E9F
                                          Malicious:false
                                          Preview:# Deprecated alias for xml.etree.ElementTree....from xml.etree.ElementTree import *..

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\parsers\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):175
                                          Entropy (8bit):4.573436576270062
                                          Encrypted:false
                                          SSDEEP:3:qQFMLm/rKHnvKFVvlGtMiFKLsWuRbpSMVAVQvE9CTLV40KGlVQLG:NFKyeHvKFVvlG+psWuRlKV6EcLV40KCb
                                          MD5:A1215D8FFF352A77ED03AB2CC1A993E3
                                          SHA1:4E6140E6FD55FC0CCB9D3FA0A9290ED103ECA4EA
                                          SHA-256:D78A708D6CFDCCD02037DEBB3E65D5815C82A0BA66EEC2AABAC29AC730B5D230
                                          SHA-512:1A71F91BBAA01D830F8A1803253C71AC280FDDACEC016734E3EBC1B2DF5B0CB3A1CE26A0A7D6B9B31E0EF7420108A5D567C9E65F562B994E102544916E414EE1
                                          Malicious:false
                                          Preview:"""Python interfaces to XML parsers.....This package contains one module:....expat -- Python wrapper for James Clark's Expat parser, with namespace.. support....."""..

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\parsers\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):337
                                          Entropy (8bit):5.266280187484903
                                          Encrypted:false
                                          SSDEEP:6:BDK8aCCcKyeHgj/vlG+psvKV6EcLV40KVdVQLoA6B0WlttZAu6qpR2X1LIaYleHX:1K8aCCcKU/0+psvKVvcLycD6BvPt+KWP
                                          MD5:F4BB70EDC64C5029634A93AAFFC976C8
                                          SHA1:18E2DD0633E968D325A741ED010D9677FB5C5872
                                          SHA-256:2EBC955F79CB34003A4B3993A58B28EAF85887D09D99717C2EB0D3668A8BBC7E
                                          SHA-512:1914671AC0E1C98DAD1EF02B76D210DBAAF162446AC24DE70DB43A2946E000771A69C3B5C58EAAD0175E7F84FB7ADB0879F6234D5C9774194467D33071B8BFDB
                                          Malicious:false
                                          Preview:...........f................................d.Z.y.).z.Python interfaces to XML parsers...This package contains one module:..expat -- Python wrapper for James Clark's Expat parser, with namespace. support...N)...__doc__........?C:\Users\V3NOM0u$\Desktop\python312\Lib\xml\parsers\__init__.py..<module>r........s..............r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\parsers\__pycache__\expat.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):436
                                          Entropy (8bit):5.254044071640025
                                          Encrypted:false
                                          SSDEEP:6:BDalCWSBclnhuaZKLInBLCIhw2Mc+HNdV3+l466qpR2X1ajagSBg6nwuP:1aSBc9hu0KQFQc+H4e2WlkagSJndP
                                          MD5:04E86637D7FBBD57A256F82E0727FB4F
                                          SHA1:EC4D206DF99F2A5398E997C76C490B1A9124A9F0
                                          SHA-256:CA575704CA29FF8852B794F7AE2570AF61D43383722367FF1AD6B5B1620CADF9
                                          SHA-512:E95AF0574312C7B17CF8E96788C38C93D4E723917413588A0912F0C1DFA53FE41C2D5A185338808293F7D7B0C08F4F85C303708CD584046698384DDF38026BA1
                                          Malicious:false
                                          Preview:...........f..........................V.....d.Z.d.d.l.Z.d.d.l.....e.e.j...................d.<...e.e.j...................d.<...y.).z1Interface to the Expat non-validating XML parser......N)...*z.xml.parsers.expat.modelz.xml.parsers.expat.errors)...__doc__..sys..pyexpat..model..modules..errors........<C:\Users\V3NOM0u$\Desktop\python312\Lib\xml\parsers\expat.py..<module>r........s...........7.........*/........%..&.*0........&..'r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\parsers\expat.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):256
                                          Entropy (8bit):4.629746376425819
                                          Encrypted:false
                                          SSDEEP:6:KggKLInBLCIyyMIg3YbZVlwyz/yVHWtqdvtRv:KHKQFBKAZVlw2yhwqdlJ
                                          MD5:461E0DF49035F4534652570F0826A0A7
                                          SHA1:64AD783C4949FC9663850B63FF71BC381F03924C
                                          SHA-256:4FCCB4BC00F1BA7BAAC14413B180C87A34A77D49A854F1AD9FBCA199DFC2DDEB
                                          SHA-512:31577124F11DE96AFCA30EEAA6FD16D27539816BA5CC3B77145848DCFEB4B1DC39F27851564DA68370715070F3CE1918195203AF9AAD7AF2DC0DFD4E7FC58D9A
                                          Malicious:false
                                          Preview:"""Interface to the Expat non-validating XML parser."""..import sys....from pyexpat import *....# provide pyexpat submodules as xml.parsers.expat submodules..sys.modules['xml.parsers.expat.model'] = model..sys.modules['xml.parsers.expat.errors'] = errors..

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\sax\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3332
                                          Entropy (8bit):4.667427827248521
                                          Encrypted:false
                                          SSDEEP:96:19GFuSxi6JQ8KCybCddb4NDQm4LkugDiqyzKsJz+aDeKlAZG7tst:yFuSLK64NDR4LkugDid7x+aDeKlh5st
                                          MD5:470898CEF421D072112E25672442AC50
                                          SHA1:B4A3B2F1FD6F185EA7ED95776579683361A3C55D
                                          SHA-256:E8C694673344011FFB22D500E91C21A5EC28A8AB1D2B30381D5911249D08D98E
                                          SHA-512:8DD6F0846D7C65F6C85625804FBD346B916BEB1E80368B0AB9DEA95F4764A641C62F53D515DD874F15D4AB2F953F18F36B07A9288BC190851E50371B47B32F3D
                                          Malicious:false
                                          Preview:"""Simple API for XML (SAX) implementation for Python.....This module provides an implementation of the SAX 2 interface;..information about the Java version of the interface can be found at..http://www.megginson.com/SAX/. The Python version of the interface is..documented at <...>.....This package contains the following modules:....handler -- Base classes and constants which define the SAX 2 API for.. the 'client-side' of SAX for Python.....saxutils -- Implementation of the convenience classes commonly used to.. work with SAX.....xmlreader -- Base classes and constants which define the SAX 2 API for.. the parsers used with SAX for Python.....expatreader -- Driver that allows use of the Expat parser with SAX..."""....from .xmlreader import InputSource..from .handler import ContentHandler, ErrorHandler..from ._exceptions import SAXException, SAXNotRecognizedException, \.. SAXParseException, SAXNotSupportedException, \..

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\sax\_exceptions.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4826
                                          Entropy (8bit):4.654787031850351
                                          Encrypted:false
                                          SSDEEP:96:Er1ndizbCoIVsKStRocihjQL7J57veOPwLr:EpnduJusK6/LPwLr
                                          MD5:1BA844CF97FA3824483814BFA93C7F06
                                          SHA1:AA4CF43085DC0ABF307109A1D6F05C9E59E40F2E
                                          SHA-256:B3F900E4E9921DDDAD72C56C8D8C9E68C2AFE32E369415133A2A5589606185A7
                                          SHA-512:F80A8B3D5DA4D7689FD0080A691FAE0A4029498A792E06D72C53C23D46160597FEB79D868EC858D8FC40EDBE00C3C0D42A227878E849BD79CE8D6668448CA56E
                                          Malicious:false
                                          Preview:"""Different kinds of SAX Exceptions"""....# ===== SAXEXCEPTION =====....class SAXException(Exception):.. """Encapsulate an XML error or warning. This class can contain.. basic error or warning information from either the XML parser or.. the application: you can subclass it to provide additional.. functionality, or to add localization. Note that although you will.. receive a SAXException as the argument to the handlers in the.. ErrorHandler interface, you are not actually required to raise.. the exception; instead, you can simply read the information in.. it.""".... def __init__(self, msg, exception=None):.. """Creates an exception. The message is required, but the exception.. is optional.""".. self._msg = msg.. self._exception = exception.. Exception.__init__(self, msg).... def getMessage(self):.. "Return a message for this exception.".. return self._msg.... def getException(self):.. "Return the e

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\sax\expatreader.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):16488
                                          Entropy (8bit):4.400178825352612
                                          Encrypted:false
                                          SSDEEP:192:lZWK6TjrSPHVGFG//alTIDxNWYzCz3vZUcRoKGTGI63PgYd:l/2+PHclMDbWYzS3vZU3wd
                                          MD5:8F3D96060270D90404296E82F52E2D1D
                                          SHA1:69D8055550EC93411C0B5FC84F4E9CB99A5F1E8A
                                          SHA-256:827531B805706EAA19983F96EDE39FBC89DB80604F1FFBD9A9DB9AB25C1D51CD
                                          SHA-512:3BBAF31311D8F185592E6BC5D6796BF7D4CD3E8A6B71FD338895F3BE6AE00673F561B644E979E839806175B6BBD0FFBAA355CA0DE361866BF8A0BE46274A0C3E
                                          Malicious:false
                                          Preview:"""..SAX driver for the pyexpat C module. This driver works with..pyexpat.__version__ == '2.22'..."""....version = "0.20"....from xml.sax._exceptions import *..from xml.sax.handler import feature_validation, feature_namespaces..from xml.sax.handler import feature_namespace_prefixes..from xml.sax.handler import feature_external_ges, feature_external_pes..from xml.sax.handler import feature_string_interning..from xml.sax.handler import property_xml_string, property_interning_dict....try:.. from xml.parsers import expat..except ImportError:.. raise SAXReaderNotAvailable("expat not supported", None)..else:.. if not hasattr(expat, "ParserCreate"):.. raise SAXReaderNotAvailable("expat not supported", None)..from xml.sax import xmlreader, saxutils, handler....AttributesImpl = xmlreader.AttributesImpl..AttributesNSImpl = xmlreader.AttributesNSImpl....# If we're using a sufficiently recent version of Python, we can use..# weak references to avoid cycles between the parser and c

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\sax\handler.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):16004
                                          Entropy (8bit):4.592153043273041
                                          Encrypted:false
                                          SSDEEP:384:4qs2ueE1Ra1tObpUTJLikEojAhSWyMiojpYXlDBDbdmw4Q:4DXVRaLyfjSWynojpYXlDBDbdm9Q
                                          MD5:9FD26A93F62E24979039A131066BA573
                                          SHA1:5EB5E8573F03B12C49A3C56A54ADAA18CB5F3DF9
                                          SHA-256:788A465AF38EFB19485A4E27389D5DE072AEA2F9BC20E5DC1BEDC7E9708B4340
                                          SHA-512:08573961DC60928FA90D93DA4B716FDB4B8199C7FA6C70796D4FCB66A90C7ADA372331CB7520C65DF91A139DCC9EA604C17836A788C909FD17C4820E09718BB1
                                          Malicious:false
                                          Preview:"""..This module contains the core classes of version 2.0 of SAX for Python...This file provides only default classes with absolutely minimum..functionality, from which drivers and applications can be subclassed.....Many of these classes are empty and are included only as documentation..of the interfaces.....$Id$.."""....version = '2.0beta'....#============================================================================..#..# HANDLER INTERFACES..#..#============================================================================....# ===== ERRORHANDLER =====....class ErrorHandler:.. """Basic interface for SAX error handlers..... If you create an object that implements this interface, then.. register the object with your XMLReader, the parser will call the.. methods in your object to report all warnings and errors. There.. are three levels of errors available: warnings, (possibly).. recoverable errors, and unrecoverable errors. All methods take a.. SAXParseException as

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\sax\saxutils.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12624
                                          Entropy (8bit):4.5952127069012025
                                          Encrypted:false
                                          SSDEEP:192:2BZS9XS6KXSZcmTXS2uSTZtk8X2b6R/tNG/ITciShlu5R0C8/NfdEzQxW8/NAdRX:aseOJLYwoiShlcR/q0R
                                          MD5:F8DA395195C50B93F5B98FCE2B9A66BA
                                          SHA1:37A9EA4DE074B99D7A89A3CA96B572C6FEB5ABF0
                                          SHA-256:3EC6D8E4A1414EE7C52E23A58DBCECE9653021705A4D0C0ABA0E96961258C5F3
                                          SHA-512:FA6BAC28F9E5B172BED521C3B6C70891142C153F0FB9ADC50FB061E6B21F419884503FDF61DA1F6B213D9C30388B7567973EBA18A226A8EDDAE7EB64D9963D96
                                          Malicious:false
                                          Preview:"""\..A library of useful helper classes to the SAX classes, for the..convenience of application and driver writers..."""....import os, urllib.parse, urllib.request..import io..import codecs..from . import handler..from . import xmlreader....def __dict_replace(s, d):.. """Replace substrings of a string using a dictionary.""".. for key, value in d.items():.. s = s.replace(key, value).. return s....def escape(data, entities={}):.. """Escape &, <, and > in a string of data..... You can escape other strings of data by passing a dictionary as.. the optional entities parameter. The keys and values must all be.. strings; each key will be replaced with its corresponding value... """.... # must do ampersand first.. data = data.replace("&", "&amp;").. data = data.replace(">", "&gt;").. data = data.replace("<", "&lt;").. if entities:.. data = __dict_replace(data, entities).. return data....def unescape(data, entities={}):.. """Unescape &

                                          C:\Users\user\AppData\Roaming\windows\Lib\xml\sax\xmlreader.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13002
                                          Entropy (8bit):4.5579855755712755
                                          Encrypted:false
                                          SSDEEP:96:WWGFFqdgB8rimyGXrEeKyBp1YErYDUX11Q+ytNctLCEvtvi9JZUBpEUoCBnKntUu:WVqdHW8XYeKyLtX11wcMHGBnxUKZBwyQ
                                          MD5:EDF2E76B3DBDDBA860A0F1F1B288F016
                                          SHA1:41C7E4F5F9BFB2E31855E5F510694F2D9F8A7CDF
                                          SHA-256:6F36E3810C9A4986F22A94617BC6BDAAC9C7CF51FA8AFC11246795C20AEB4C68
                                          SHA-512:48919949B7042660196A55BB545C2F382E0CC2ED431E010C444048ADDFAB55437514969B0BA4DB821ED1189F735158C2D99F993C55B617B74C90180F201823B7
                                          Malicious:false
                                          Preview:"""An XML Reader is the SAX 2 name for an XML parser. XML Parsers..should be based on this code. """....from . import handler....from ._exceptions import SAXNotSupportedException, SAXNotRecognizedException......# ===== XMLREADER =====....class XMLReader:.. """Interface for reading an XML document using callbacks..... XMLReader is the interface that an XML parser's SAX2 driver must.. implement. This interface allows an application to set and query.. features and properties in the parser, to register event handlers.. for document processing, and to initiate a document parse..... All SAX interfaces are assumed to be synchronous: the parse.. methods must not return until parsing is complete, and readers.. must wait for an event-handler callback to return before reporting.. the next event.""".... def __init__(self):.. self._cont_handler = handler.ContentHandler().. self._dtd_handler = handler.DTDHandler().. self._ent_handler = handler.Entit

                                          C:\Users\user\AppData\Roaming\windows\Lib\xmlrpc\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):39
                                          Entropy (8bit):4.2336188853070205
                                          Encrypted:false
                                          SSDEEP:3:SbF8tHyxVWSov:SbFUHoVjov
                                          MD5:F8259102DFC36D919A899CDB8FDE48CE
                                          SHA1:4510C766809835DAB814C25C2223009EB33E633A
                                          SHA-256:52069AEEFB58DAD898781D8BDE183FFDA18FAAE11F17ACE8CE83368CAB863FB1
                                          SHA-512:A77C8A67C95D49E353F903E3BD394E343C0DFA633DCFFBFD7C1B34D5E1BDFB9A372ECE71360812E44C5C5BADFA0FC81387A6F65F96616D6307083C2B3BB0213F
                                          Malicious:false
                                          Preview:# This directory is a Python package...

                                          C:\Users\user\AppData\Roaming\windows\Lib\xmlrpc\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):155
                                          Entropy (8bit):4.624072352000492
                                          Encrypted:false
                                          SSDEEP:3:oXyDmlclllVO8l4OWO6qpOAVcRx0nLiwIaQHtgem/l:BDBtVneO16qpR2XclIaatgem/l
                                          MD5:3E2A5B3C7C25EB4852D6697CA90DED62
                                          SHA1:5541234CF4A260985360DDFD6737A648BBD8CFDA
                                          SHA-256:83ED03E7F28363A984C4F8CD7A5FB1D2A777B4E84C309CDE2C7A348A76E6421B
                                          SHA-512:0C4ADF4ADB05D935B04714CD9B653A6704AA593CC483F64B37FA22272369A044DFEAAAAE2D8C31C68946FACE978F0CE647958653F0907D8A9904E0196397F7B9
                                          Malicious:false
                                          Preview:...........f'...............................y.).N..r..........:C:\Users\V3NOM0u$\Desktop\python312\Lib\xmlrpc\__init__.py..<module>r........s.........r....

                                          C:\Users\user\AppData\Roaming\windows\Lib\xmlrpc\__pycache__\client.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):51610
                                          Entropy (8bit):5.176121596053055
                                          Encrypted:false
                                          SSDEEP:1536:ZDFIRD3b10G7NdoZ3x5Rx9jd45pkov/Ax:ZDmRl0GpKZ3zRx9eIoXAx
                                          MD5:1FA1245C24548F9C62666FEA973F59E6
                                          SHA1:F2C0F3BA81EBE8C7E9673247362DE0A8AE5E30EB
                                          SHA-256:ACB5C969E7DC5156B33C5AF315A7148DDFC7F3C9C099BEE91372644FC287BF9C
                                          SHA-512:DC466F4FC04853FE48461E2480E566F2AB0C93BE3268D60EAD0A6F14A53BCEF391CD610FF1E28154658B856F1CC8AC5F817843BAF160E03CBA966D4EFF5FBB3C
                                          Malicious:false
                                          Preview:...........f...............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.m.Z...d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.d.l.Z.d.d.l.m.Z.....d.d.l.Z.d...Z.d.e.j&..................d.d...z...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z d.Z!d.Z"..G.d...d.e#........Z$..G.d...d.e$........Z%..G.d...d.e$........Z&..G.d...d.e$........Z'e(x.Z)Z*..e.d.d.d.........Z+d...Z,..e,d ........r.d!..Z-n...e,d"........r.d#..Z-n.d$..Z-[+[,d%..Z...G.d&..d'........Z/d(..Z0d)..Z1..G.d*..d+........Z2d,..Z3e/e2f.Z4..G.d-..d.........Z5..G.d/..d0........Z6..G.d1..d2........Z7..G.d3..d4........Z8..G.d5..d6........Z9..G.d7..d8........Z:d.x.Z;x.Z<Z=dLd9..Z>....dMd:..Z?dLd;..Z@d<..ZAdNd=..ZB..G.d>..d?e.r.e.j...................n.eD........ZE..G.d@..dA........ZF..G.dB..dC........ZG..G.dD..dEeG........ZH..G.dF..dG........ZIeIZJeKdHk(..r{..eIdI........ZL....eMeLj...................j.......................................e:eL........ZQeQj.............................eQj...................d.dK..........eQj.......

                                          C:\Users\user\AppData\Roaming\windows\Lib\xmlrpc\client.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):50860
                                          Entropy (8bit):4.781583501186533
                                          Encrypted:false
                                          SSDEEP:1536:zBE5XrEKPEKwu42kQSLkf/TL7wCkJY37rVvY1O:NEdEKPRwuCQSL4/TL7wCkJY37rp0O
                                          MD5:79A4BCDDB2AEFFA93F44C5B5D4D95C51
                                          SHA1:F3A4FCF3C3EFE15F6D0F29269EDFE2700FE5EBD0
                                          SHA-256:B6EEB71D0B26CF4181E64F22E1A0E857A622F9164533053157D4C7E945A4F0D1
                                          SHA-512:1768F0EED115F8A4459EB7FF2617F1BC4757148EE8C277D245DDEF8BC6544ED3DAEA4070B299392C78117E82BB6A639BC4B7442E277EACE92A096026552B9538
                                          Malicious:false
                                          Preview:#..# XML-RPC CLIENT LIBRARY..# $Id$..#..# an XML-RPC client interface for Python...#..# the marshalling and response parser code can also be used to..# implement XML-RPC servers...#..# Notes:..# this version is designed to work with Python 2.1 or newer...#..# History:..# 1999-01-14 fl Created..# 1999-01-15 fl Changed dateTime to use localtime..# 1999-01-16 fl Added Binary/base64 element, default to RPC2 service..# 1999-01-19 fl Fixed array data element (from Skip Montanaro)..# 1999-01-21 fl Fixed dateTime constructor, etc...# 1999-02-02 fl Added fault handling, handle empty sequences, etc...# 1999-02-10 fl Fixed problem with empty responses (from Skip Montanaro)..# 1999-06-20 fl Speed improvements, pluggable parsers/transports (0.9.8)..# 2000-11-28 fl Changed boolean to check the truth value of its argument..# 2001-02-24 fl Added encoding/Unicode/SafeTransport patches..# 2001-02-26 fl Added compare support to wrappers (0.9.9/1.0b1)..# 2001-03-28 fl Make sure response tuple

                                          C:\Users\user\AppData\Roaming\windows\Lib\xmlrpc\server.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):37824
                                          Entropy (8bit):4.554875114967694
                                          Encrypted:false
                                          SSDEEP:768:D2+/Ks9MWfQowYQnRyVRWpAm5JEeBtXSX6cyXB0I:D2jMxXbWLO0CI
                                          MD5:09DE712C856BC84C735636F3B90D1042
                                          SHA1:088FD4629B4C5AF9DFFA847A7B3AED4BEFD28916
                                          SHA-256:686B525906D692111209DE643BFEFD8115C36CDEECDFB7049B94E4284FB3419C
                                          SHA-512:BB1DD45242283337360D1E8B3A6EE0F5E48699DD0CB12F863F06FF1EB91067EEDC833E8A6CD0AD7ECBBCA54AA129FB69685BE9793679050AD9604A68C382083F
                                          Malicious:false
                                          Preview:r"""XML-RPC Servers.....This module can be used to create simple XML-RPC servers..by creating a server and either installing functions, a..class instance, or by extending the SimpleXMLRPCServer..class.....It can also be used to handle XML-RPC requests in a CGI..environment using CGIXMLRPCRequestHandler.....The Doc* classes can be used to create XML-RPC servers that..serve pydoc-style documentation in response to HTTP..GET requests. This documentation is dynamically generated..based on the functions and methods registered with the..server.....A list of possible usage patterns follows:....1. Install functions:....server = SimpleXMLRPCServer(("localhost", 8000))..server.register_function(pow)..server.register_function(lambda x,y: x+y, 'add')..server.serve_forever()....2. Install an instance:....class MyFuncs:.. def __init__(self):.. # make all of the sys functions available through sys.func_name.. import sys.. self.sys = sys.. def _listMethods(self):.. #

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipapp.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Nim source code, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7749
                                          Entropy (8bit):4.6854529601989245
                                          Encrypted:false
                                          SSDEEP:96:ocnKpf1Jnkgp9Gw06hznakQ+czXoC/KkWb2z7LKUK4mSaY9wRnKwfRuPKJaR0:ocR6VncLoC/Kk22z7v5Z0RFfO0
                                          MD5:914326697EAFB8C34C3821B40C87F596
                                          SHA1:2C65157C44CCF6EB96B99D7D6EDA25760B7DD586
                                          SHA-256:2D3AF6C857C14AA8F228D40F8DC5AB90E776B883060525775B001397286A854B
                                          SHA-512:B896D89867A38AC040B7D30D3F634D17F7C3550E89294A83135BAEA3B0A8E4246F91951AFFF3F3438345B5B0E0AE64DCEC7BBB8B3AC581CF8154CA3C68DD3D76
                                          Malicious:false
                                          Preview:import contextlib..import os..import pathlib..import shutil..import stat..import sys..import zipfile....__all__ = ['ZipAppError', 'create_archive', 'get_interpreter']......# The __main__.py used if the users specifies "-m module:fn"...# Note that this will always be written as UTF-8 (module and..# function names can be non-ASCII in Python 3)...# We add a coding cookie even though UTF-8 is the default in Python 3..# because the resulting archive may be intended to be run under Python 2...MAIN_TEMPLATE = """\..# -*- coding: utf-8 -*-..import {module}..{module}.{fn}().."""......# The Windows launcher defaults to UTF-8 when parsing shebang lines if the..# file has no BOM. So use UTF-8 on Windows...# On Unix, use the filesystem encoding...if sys.platform.startswith('win'):.. shebang_encoding = 'utf-8'..else:.. shebang_encoding = sys.getfilesystemencoding()......class ZipAppError(ValueError):.. pass......@contextlib.contextmanager..def _maybe_open(archive, mode):.. if isinstance(

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipfile\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):90020
                                          Entropy (8bit):4.537035075037999
                                          Encrypted:false
                                          SSDEEP:768:yCB2cRimrBwkK87+Xnzu+IzOU+Ot4N/hEvRgzC6BEy9+nSJkvyVjR:yCB2cRrTFZ+IzOU+Ot4ugRC2+nGVt
                                          MD5:C2BBC86A313B9AE0CC630A44554909D9
                                          SHA1:815B38BC473F18090CE2071E1626E6579E96B3F6
                                          SHA-256:269F55652B6C6E7815A5F719CEEC19F8AD5C85E9DF613642332EEE57B681F362
                                          SHA-512:57A2F25A6FF7BBD9EED5A1FE3D0623662E71FDD83893ADBBE05AFEADE68EA35BDEDE3B2039612CFB69B445E032F796BA5993018AB45E19FAD5BC14D0F790AD68
                                          Malicious:false
                                          Preview:"""..Read and write ZIP files.....XXX references to utf-8 need further investigation..."""..import binascii..import importlib.util..import io..import os..import shutil..import stat..import struct..import sys..import threading..import time....try:.. import zlib # We may need its compression method.. crc32 = zlib.crc32..except ImportError:.. zlib = None.. crc32 = binascii.crc32....try:.. import bz2 # We may need its compression method..except ImportError:.. bz2 = None....try:.. import lzma # We may need its compression method..except ImportError:.. lzma = None....__all__ = ["BadZipFile", "BadZipfile", "error",.. "ZIP_STORED", "ZIP_DEFLATED", "ZIP_BZIP2", "ZIP_LZMA",.. "is_zipfile", "ZipInfo", "ZipFile", "PyZipFile", "LargeZipFile",.. "Path"]....class BadZipFile(Exception):.. pass......class LargeZipFile(Exception):.. """.. Raised when writing a zipfile, the zipfile requires ZIP64 extensions.. and those extensions are disab

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipfile\__main__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):62
                                          Entropy (8bit):3.9164754002636917
                                          Encrypted:false
                                          SSDEEP:3:1LYBckHhAjpv/FO:1L6bBAjpHA
                                          MD5:038FCDFEE4C84335D940461C375488B1
                                          SHA1:90FDA558496D59B683175F57FCF348EF0AB4E005
                                          SHA-256:2F6B9BBA7C75478E8181B3B8B0017215E313D47CDEA34971BF64F7041B054BA4
                                          SHA-512:F2973534135D54888F25E877CE9003FBC7B541FFE5D7729AD86159B6FDD9503A2774BA0876A4EA3B69A07370EEE7BBA3DF4EB8E095E5AE61CF8A58DCEE8E15B4
                                          Malicious:false
                                          Preview:from . import main....if __name__ == "__main__":.. main()..

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipfile\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):99441
                                          Entropy (8bit):5.156743853701579
                                          Encrypted:false
                                          SSDEEP:1536:uHcGdaiqZYtlr3XMfKqMfhqTtVvlSIE7n5I4Pa7tPzApKIFr0:tGUgtlgfzmh4OO4S7qsIFA
                                          MD5:C4BCF5BDAFD40D82E9833ABB8D1BA8D4
                                          SHA1:EFEDFDAB1DDDDF712F6A00DC7DF837F7734562B1
                                          SHA-256:BABC8EF106B629A82C786579108B8FDDBF88F7D29AB2B35C52DE3A52CBD4CF9D
                                          SHA-512:E5FC93699DC7E857153BBABDD776431AB9615D9A889A724BF41FC0C83B47BC259626C7F0636185FA5C3A3CEEA9ED681D08AB08BAEAF111FD9AF54D9130C290C3
                                          Malicious:false
                                          Preview:...........f._..............................d.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z...d.d.l.Z.e.j...................Z...d.d.l.Z...d.d.l.Z.g.d...Z...G.d...d.e.........Z...G.d...d.e.........Z.e.x.Z.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z d.Z!d.Z"d.Z#d.Z$..e.jJ..................e#........Z&d.Z'd.Z(d.Z)d.Z*d.Z+d.Z,d.Z-d.Z.d.Z/d.Z0d.Z1d.Z2..e.jJ..................e1........Z3d.Z4d.Z5d.Z6d.Z7d.Z8d.Z9d.Z:d.Z;d.Z<d.Z=d.Z>d.Z?d.Z@d.ZAd.ZBd ZCd!ZDd"ZEd#ZFd.ZGd.ZHd.ZId$ZJd%ZKd&ZLd'ZMd(ZN..e.jJ..................eM........ZOd.ZPd.ZQd.ZRd.ZSd.ZTd.ZUd.ZVd.ZWd.ZXd.ZYd.ZZd.Z[d)Z\d*Z]..e.jJ..................e\........Z^d+Z_d,Z`..e.jJ..................e_........Zad.Zbd.Zcd.Zdd.Zed.Zfd.Zgd.Zhd.Zid.Zjd.Zkd-Zl..e.j...................d.........Znd/..Zod0..Zpd1..Zqd2..Zrd3..Zsd4..Zt..G.d5..d6eu........Zvd.awd7..Zxd8..Zy..G.d9..d:........Zz..G.d;..d<........Z{i.d.d=..d.d>..d.d?..d.d?..d.d?..d.d?..d.d@..d.dA..d.dB..d.dC..d.d@..d.dD..d.dE..d#dF..dGdH..dIdJ..dKdL..Z|dM

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipfile\_path\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, Unicode text, UTF-8 text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):10804
                                          Entropy (8bit):4.644236120402098
                                          Encrypted:false
                                          SSDEEP:192:xMdLfMN7NFh/yNNRcb8bhM9Jl5hfcY1e/BaOTysB9czUi6RXF:xM+NSNGb8bhMVfcY1GaaNB9ZRXF
                                          MD5:C535CE9958EF4E8B009B5326AFA158DB
                                          SHA1:F3203F9561E3A53F81B1351D7A5E1EC410158839
                                          SHA-256:E13354E9FE20DF7BD6D5E9226219837E7234E61ED02D8774871FBF239D2E4347
                                          SHA-512:25267456F8F245725C40DBBAD6D199264C88FC0D433A9F51D26BFAB543FE812A71C55CC392B92C72675EEDEEFF2F267E76F96B8D9EFC6A0416C32A5C8BF1E4BE
                                          Malicious:false
                                          Preview:import io..import posixpath..import zipfile..import itertools..import contextlib..import pathlib..import re....from .glob import translate......__all__ = ['Path']......def _parents(path):.. """.. Given a path with elements separated by.. posixpath.sep, generate all parents of that path..... >>> list(_parents('b/d')).. ['b'].. >>> list(_parents('/b/d/')).. ['/b'].. >>> list(_parents('b/d/f/')).. ['b/d', 'b'].. >>> list(_parents('b')).. [].. >>> list(_parents('')).. [].. """.. return itertools.islice(_ancestry(path), 1, None)......def _ancestry(path):.. """.. Given a path with elements separated by.. posixpath.sep, generate all elements of that path.... >>> list(_ancestry('b/d')).. ['b/d', 'b'].. >>> list(_ancestry('/b/d/')).. ['/b/d', '/b'].. >>> list(_ancestry('b/d/f/')).. ['b/d/f', 'b/d', 'b'].. >>> list(_ancestry('b')).. ['b'].. >>> list(_ancestry('')).. [].. """.. path = path.rstrip(posixpath.s

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipfile\_path\__pycache__\__init__.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):18467
                                          Entropy (8bit):5.087609427738757
                                          Encrypted:false
                                          SSDEEP:384:kHuSYLtbQbTm+kCXVcj0h9dfc66Lzxmj7GBqcXl:kH7YLt0Hm+9Vcs1cR8lwl
                                          MD5:C3B3136A943583462E3C2A9049140C14
                                          SHA1:25EB11A5CF263455811F3B25C7A3302BBEAD9641
                                          SHA-256:A081E9584FF6F7E7F282E787DF345776F57FB672BBDED01C9964A8C2F372A2D8
                                          SHA-512:38909AAA5693E6B02F15AD18E2FB8D0206090710117DD07BDF04114D0D512E1A8F47FC84A018AB9F21D2253F770395AE04735E1D76884DD591104C4AEC2EDBDF
                                          Malicious:false
                                          Preview:...........f4*..............................d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.Z.d.d.l.m.Z...d.g.Z.d...Z.d...Z.e.j...................Z...d...Z...G.d...d.........Z...G.d...d.e.e.j"..........................Z...G.d...d.e.........Z.d.d...Z...G.d...d.........Z.y.)......N.....)...translate..Pathc.....................B.....t.........j...................t.........|.........d.d.........S.).a2.... Given a path with elements separated by. posixpath.sep, generate all parents of that path... >>> list(_parents('b/d')). ['b']. >>> list(_parents('/b/d/')). ['/b']. >>> list(_parents('b/d/f/')). ['b/d', 'b']. >>> list(_parents('b')). []. >>> list(_parents('')). []. r....N)...itertools..islice.._ancestry)...paths.... .AC:\Users\V3NOM0u$\Desktop\python312\Lib\zipfile\_path\__init__.py.._parentsr........s....... ..........I.d.O.Q....5..5.....c................#........K.....|.j...................t.........j...........................}.|.rH|.t.......

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipfile\_path\__pycache__\glob.cpython-312.pyc

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1552
                                          Entropy (8bit):5.102382262631692
                                          Encrypted:false
                                          SSDEEP:24:teTu8dEzruiWV2BL8r08YOd7XEj/GuK7CITee/aERdq4FKrP3R/:tEvdEzVuj0Ad0bVHI7yNfP35
                                          MD5:4129530176C99755853E9B3ABF52149D
                                          SHA1:325864A54D169178470B9F8EEBB141B24FE4DAD5
                                          SHA-256:E7616D59091D815CCB6F011BA875AE12AEA611AC460367282AD2A6A9760044B2
                                          SHA-512:8CB53486F5974503F97DDF70270EF4C17C9D80B1B76774AE5499864BBB367F78BEB6FD067F91C349E64D6A093332707818A9AFA197EC812B70695B17DFCA3268
                                          Malicious:false
                                          Preview:...........f................................d.d.l.Z.d...Z.d...Z.d...Z.y.)......Nc.....................R.....d.j...................t.........t.........t.........|.........................S.).z.. Given a glob pattern, produce a regex that matches it... >>> translate('*.txt'). '[^/]*\\.txt'. >>> translate('a?txt'). 'a.txt'. >>> translate('**/*'). '.*/[^/]*'. ..)...join..map..replace..separate....patterns.... .=C:\Users\V3NOM0u$\Desktop\python312\Lib\zipfile\_path\glob.py..translater........s............7.7.3.w..... 1..2..3..3.....c...........................t.........j...................d.|.........S.).z.. Separate out character sets to avoid translating their contents... >>> [m.group(0) for m in separate('*.txt')]. ['*.txt']. >>> [m.group(0) for m in separate('a[?]txt')]. ['a', '[?]', 'txt']. z+([^\[]+)|(?P<set>[\[].*?[\]])|([\[][^\]]*$))...re..finditerr....s.... r....r....r........s............;.;..E.w..O..Or....c...........................|.j..

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipfile\_path\glob.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):933
                                          Entropy (8bit):4.663946857038987
                                          Encrypted:false
                                          SSDEEP:24:Z5Tm3IbDRpy0qoj8r0sYimEp5XAxDeRvdY9BHhS+:Z9HbDR210Op5XA81M
                                          MD5:E2CAACCEE3F04210EA5288FFB0D3F43D
                                          SHA1:D0DA63F0DB515679B14C99097CC4F241FAA6C8BD
                                          SHA-256:33D2EDDD02C714C2D2CCC538A213BFB2AB41D2E7759BEC1704FAAC4B501BE0CC
                                          SHA-512:91857D9FF31A745743F8375C53986325E64509B23E9B5A793894AA36B30F25C267D6B119D584687A2BCB604B8F16025E2B82195B7549CF7D4268D5FA3778566C
                                          Malicious:false
                                          Preview:import re......def translate(pattern):.. r""".. Given a glob pattern, produce a regex that matches it..... >>> translate('*.txt').. '[^/]*\\.txt'.. >>> translate('a?txt').. 'a.txt'.. >>> translate('**/*').. '.*/[^/]*'.. """.. return ''.join(map(replace, separate(pattern)))......def separate(pattern):.. """.. Separate out character sets to avoid translating their contents..... >>> [m.group(0) for m in separate('*.txt')].. ['*.txt'].. >>> [m.group(0) for m in separate('a[?]txt')].. ['a', '[?]', 'txt'].. """.. return re.finditer(r'([^\[]+)|(?P<set>[\[].*?[\]])|([\[][^\]]*$)', pattern)......def replace(match):.. """.. Perform the replacements for a match from :func:`separate`... """.... return match.group('set') or (.. re.escape(match.group(0)).. .replace('\\*\\*', r'.*').. .replace('\\*', r'[^/]*').. .replace('\\?', r'.').. )..

                                          C:\Users\user\AppData\Roaming\windows\Lib\zipimport.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):28852
                                          Entropy (8bit):4.655503445550203
                                          Encrypted:false
                                          SSDEEP:768:lO/4t//9a5LL5pEveF+SS6s5Ag0k6BX8BpL:lOe/EgefS6aAg04
                                          MD5:97A9A5AAF6055CD8507FE1A0FE46DE54
                                          SHA1:6B83BE43B04FFE5614A8E1D013B97901E1D211EA
                                          SHA-256:9D1E64F2678E00BE1AFC59C1B791978E609906668D31D8C2F4AB3FDE160A0CC8
                                          SHA-512:19FB5497AFEE4B81D06EA495094ECC22F82078B1BCE540FDFB9869FF1A50EC160CF2B51D07679C18912297B7617165408C851F53BE1177885B74C93D57314902
                                          Malicious:false
                                          Preview:"""zipimport provides support for importing Python modules from Zip archives.....This module exports three objects:..- zipimporter: a class; its constructor takes a path to a Zip archive...- ZipImportError: exception raised by zipimporter objects. It's a.. subclass of ImportError, so it can be caught as ImportError, too...- _zip_directory_cache: a dict, mapping archive paths to zip directory.. info dicts, as used in zipimporter._files.....It is usually not needed to use the zipimport module explicitly; it is..used by the builtin import mechanism for sys.path items that are paths..to Zip archives..."""....#from importlib import _bootstrap_external..#from importlib import _bootstrap # for _verbose_message..import _frozen_importlib_external as _bootstrap_external..from _frozen_importlib_external import _unpack_uint16, _unpack_uint32..import _frozen_importlib as _bootstrap # for _verbose_message..import _imp # for check_hash_based_pycs..import _io # for open..import marshal # for lo

                                          C:\Users\user\AppData\Roaming\windows\Lib\zoneinfo\__init__.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):734
                                          Entropy (8bit):4.864665220724518
                                          Encrypted:false
                                          SSDEEP:12:UonqsiujI35m1qokLaZeGJNi/s8mlB/sDYRSw8B/sDQuWuS5s58vrMsRrcyhfFRS:hqsu9ooEfJN61UNIyivrMshxLUTc2rEY
                                          MD5:1F329A76BDAFACD64BB18C75EA2A8328
                                          SHA1:1861E23C2508E928FC67DE4147FA52E2D6D1A23D
                                          SHA-256:75F4740A1DA3CFB5B3E09C537119058B4A8B1BA7A9B90FB90FCA15527C61E585
                                          SHA-512:BD1DB821E7F73636306ECB2222EF6015CE770530301B66864160C3A2D5D887A665AA73B0A9C6BF6867D7C53503686D7ADBEF704E5B552E34FAD8565F70B329BD
                                          Malicious:false
                                          Preview:__all__ = [.. "ZoneInfo",.. "reset_tzpath",.. "available_timezones",.. "TZPATH",.. "ZoneInfoNotFoundError",.. "InvalidTZPathWarning",..]....from . import _tzpath..from ._common import ZoneInfoNotFoundError....try:.. from _zoneinfo import ZoneInfo..except ImportError: # pragma: nocover.. from ._zoneinfo import ZoneInfo....reset_tzpath = _tzpath.reset_tzpath..available_timezones = _tzpath.available_timezones..InvalidTZPathWarning = _tzpath.InvalidTZPathWarning......def __getattr__(name):.. if name == "TZPATH":.. return _tzpath.TZPATH.. else:.. raise AttributeError(f"module {__name__!r} has no attribute {name!r}")......def __dir__():.. return sorted(list(globals()) + ["TZPATH"])..

                                          C:\Users\user\AppData\Roaming\windows\Lib\zoneinfo\_common.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5458
                                          Entropy (8bit):4.56576710237138
                                          Encrypted:false
                                          SSDEEP:96:pZtg6t5djBau/VbU3U134kEC4e0zGm7ZCdpFXHP3fK+9ZH9iJS:Ht/71Vwk1ok2e0Cm7ZKFXHPPBBiJS
                                          MD5:33E429CDD8759CCBEB27B465C8732D99
                                          SHA1:494F4D4D0BD4E37DB1324814D1EB09016C3DC5B6
                                          SHA-256:D1A50C19EB0DDA4996706CF5180C287303EA98E9DA93B1D9140A71BC8DCBA6C5
                                          SHA-512:FEEDAF0753C7868DC005ABD0D67C8500C49967FE133360B41BA0C907DB6503ABFA93FF52500225A9F83D3DFBD8D26D7A7F98B545654F313860B96DFE462BB80D
                                          Malicious:false
                                          Preview:import struct......def load_tzdata(key):.. from importlib import resources.... components = key.split("/").. package_name = ".".join(["tzdata.zoneinfo"] + components[:-1]).. resource_name = components[-1].... try:.. return resources.files(package_name).joinpath(resource_name).open("rb").. except (ImportError, FileNotFoundError, UnicodeEncodeError):.. # There are three types of exception that can be raised that all amount.. # to "we cannot find this key":.. #.. # ImportError: If package_name doesn't exist (e.g. if tzdata is not.. # installed, or if there's an error in the folder name like.. # Amrica/New_York).. # FileNotFoundError: If resource_name doesn't exist in the package.. # (e.g. Europe/Krasnoy).. # UnicodeEncodeError: If package_name or resource_name are not UTF-8,.. # such as keys containing a surrogate character... raise ZoneInfoNotFoundError(f"No time zone found with

                                          C:\Users\user\AppData\Roaming\windows\Lib\zoneinfo\_tzpath.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5569
                                          Entropy (8bit):4.531685128053484
                                          Encrypted:false
                                          SSDEEP:96:A89E9BB8B+fOeANreFeUgc/jcF0TQHZ6JWGm85ysIHwtMml905w:AR9meQeFmc/IFMY4u85ysI8l90C
                                          MD5:4464886D22B3C8C97ACDC3882A38F120
                                          SHA1:DB95B3B461204BB2044702FADEAABB2237561A3C
                                          SHA-256:CA110E529697ED3755EFFACBF805775148500481A3ADDA678BFDE315F4F7633F
                                          SHA-512:7B808A39B398D7F7B1CF9C5844CC58C6B58894671E5FD35F1241C1352F2F78281652FE883F80E677C28B9B7C6C16505400F18305276FD245BCC67D2430A3D0A3
                                          Malicious:false
                                          Preview:import os..import sysconfig......def _reset_tzpath(to=None, stacklevel=4):.. global TZPATH.... tzpaths = to.. if tzpaths is not None:.. if isinstance(tzpaths, (str, bytes)):.. raise TypeError(.. f"tzpaths must be a list or tuple, ".. + f"not {type(tzpaths)}: {tzpaths!r}".. ).... if not all(map(os.path.isabs, tzpaths)):.. raise ValueError(_get_invalid_paths_message(tzpaths)).. base_tzpath = tzpaths.. else:.. env_var = os.environ.get("PYTHONTZPATH", None).. if env_var is None:.. env_var = sysconfig.get_config_var("TZPATH").. base_tzpath = _parse_python_tzpath(env_var, stacklevel).... TZPATH = tuple(base_tzpath)......def reset_tzpath(to=None):.. """Reset global TZPATH.""".. # We need `_reset_tzpath` helper function because it produces a warning,.. # it is used as both a module-level call and a public API... # This is how we equalize the stacklevel

                                          C:\Users\user\AppData\Roaming\windows\Lib\zoneinfo\_zoneinfo.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:Python script, ASCII text executable, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):25446
                                          Entropy (8bit):4.493716977596241
                                          Encrypted:false
                                          SSDEEP:768:hpUadgV7OuqGFNS+khwDwIRSNIygMlyvCm9w:hy+4ixGFPkVIRSNIygEP
                                          MD5:CEB5DD376FE908744276833E0542E03A
                                          SHA1:4964CFD1EF0A4BB790FB999BADAC69D86F7CDB82
                                          SHA-256:936864DE92BEFFBC7E53980B2F11690583E0FB18AC73C4AD448DD12EDD9C1AD3
                                          SHA-512:883376C18C794D84AFB658BA5DE30D88CE6B6D37827FCC2D3139E24301DB258D062DD20A33DD375127D09CBEBA72728748041A6AF13BAC71C1C37DBBEA5A41B0
                                          Malicious:false
                                          Preview:import bisect..import calendar..import collections..import functools..import re..import weakref..from datetime import datetime, timedelta, tzinfo....from . import _common, _tzpath....EPOCH = datetime(1970, 1, 1)..EPOCHORDINAL = datetime(1970, 1, 1).toordinal()....# It is relatively expensive to construct new timedelta objects, and in most..# cases we're looking at the same deltas, like integer numbers of hours, etc...# To improve speed and memory use, we'll keep a dictionary with references..# to the ones we've already used so far...#..# Loading every time zone in the 2020a version of the time zone database..# requires 447 timedeltas, which requires approximately the amount of space..# that ZoneInfo("America/New_York") with 236 transitions takes up, so we will..# set the cache size to 512 so that in the common case we always get cache..# hits, but specifically crafted ZoneInfo objects don't leak arbitrary amounts..# of memory...@functools.lru_cache(maxsize=512)..def _load_timedelta(sec

                                          C:\Users\user\AppData\Roaming\windows\b.bat

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):137
                                          Entropy (8bit):4.894473167272408
                                          Encrypted:false
                                          SSDEEP:3:mKDDf0bbYxwriPA/sriOlwxQVLX65RyVvL3RsIELPvBR:hkbYyriPUsriWwa+5AdiPP
                                          MD5:2C83E0775B8154DAE7A837C310702E7B
                                          SHA1:94A9061BB7791132CCA76A25B6F1C36F5BC803E2
                                          SHA-256:C9455BB13AEA0C5BD47F31C4051C72E0146CFE8C0A52552B82FA55AC657D6749
                                          SHA-512:F47F671BCD31A862743C4AA14F8A00AD2044E041F079DEB32AFAF5FD47B86EFA017D3A180DC1942CD1C55A4AD141E2120AE63CDB5E8A951B4009DB3985BB7ADD
                                          Malicious:false
                                          Preview:@echo off..if not DEFINED IS_MINIMIZED set IS_MINIMIZED=1 && start "" /min "%~dpnx0" %* && exit..python.exe na.py..python.exe ma.py..exit

                                          C:\Users\user\AppData\Roaming\windows\ca.py

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                          Category:dropped
                                          Size (bytes):722197
                                          Entropy (8bit):5.313681051492984
                                          Encrypted:false
                                          SSDEEP:12288:s5gL/LmAiGn0/wBe7ypWXZfaYKKvdpyRfxgSSlehhttfOCjvz1sw464YebowvVEw:BkO5n1XVNjbOwuPzzZ
                                          MD5:15723B8C390C322E75980367BF01A5BF
                                          SHA1:AB213801342A45F0D6CEF084A615F4C8D810BF1F
                                          SHA-256:79C3B28B8B3128F0F7990FC96C57A605A22811655A1BB44EB03B9B2ED0388117
                                          SHA-512:C06D01AD3A90083B01BBA4EFB12F2BE1F2A6AC39D5EB0F917F312F18B8AD4ED6113B2308833887AC6200189C799067F4256ECA648517480BCB936ABB16225CB7
                                          Malicious:false
                                          Preview:wopvEaTEcopFEavc ="9]ZIZBG\x14Z@JBU@3[UIZEE\x10UPCU\x06\x03=<]S^\x16GR\x01hR\\PGOCE\x19\\\\A\x1d\x10PVDP\x1c\n<\x14\x16\x12\x11j\x16\x0e\x18X]BL\x1dJTVT]\x1f\x07\x03\x04\x1f\x1e8\x16\x15\x17\x13^\x15\n\x18\t3\x19\x19\x15\x14_@ECAC\x19\x08\x10QMMQR@BR@\x1a\x113?\x17\x11\x10\x17\x12\x10{cv\x17\x1erSA\x16fR]RRL_\\XT\x11p[^WCY@_]\x18?\x10\x16\x14\x16T^K\x16Z\x18]Z\x11JTVR]\x1b\n\x02\x03\x1f\x08<\x17\x12\x16\x15\x17\x13\x14\x15]\x18\x04\x19\x11S\x15\x1f\x10fjZi\x17\x12\x15[VMb]\x13\x17\x10_\\\\\x10RPN\x18m\x1e\x11\x15\x10\x02\x02\x01<\x19\x16\x18\x16\x15\x11\x15\x17ebZh\x1a\x13bj]d\x18\x0c\x10glZl\x19\x10eo_o;3\x16\x13\x18\x14]\x11\x05\x15R\x15\x05\x13\x08=?\x16\x12\x16\x17\x11\x16eetu\x15\x1fhJ\\L]Z\x19bT_W[Z\x19rU]QKUG[_]\x19sT^ZEXD_\\\x19:\x10\x17\x17\x16_YJ\x16WHAR\x16P]\x15RREP\r3\x18\x11\x10\x14\x17\x10\x11\x15Y\x16\t\x16\x1aX\x19\x1d\x13\t\x1d\x14\x14\x18\x07\r\x032\x13\x18\x17\x15\x16\x12\x16\x17X\x16\x08\x17\x1b^\x15\x1c\x18jbPd\x1c\x14\x15\x15\x03\x06\x02=\x19\x15\x10\x13\x14\x19\

                                          C:\Users\user\AppData\Roaming\windows\include\Python.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2963
                                          Entropy (8bit):4.910046571066118
                                          Encrypted:false
                                          SSDEEP:48:FWjIW+giroK14vBtpMdGDOMIhmM66OTOH/j9JBZlJo9qWju3rxR+yqbTorfCUeRE:FCbEroK14v56MIhmM66OTOfJJBZlJo92
                                          MD5:50EAA3F2FF40883CAB91C4320A90E2C0
                                          SHA1:75545F850D3FB41AE3BD3E6317B867F4D04EBFCF
                                          SHA-256:6831C7FD01FFF4553E50322422A1A09A0DE2757CAF3A6E883861D3433CFA6512
                                          SHA-512:18F534DFF39AD5BD4ACC05C118FD7B73BEEC091503AC418EBAAFE3EFB76235DA3E7CFDFA8D6DD877A0E592E37127A7FF4F04EB70D5BE982B28654CD9C51F11BC
                                          Malicious:false
                                          Preview:// Entry point of the Python C API...// C extensions should only #include <Python.h>, and not include directly..// the other Python header files included by <Python.h>.....#ifndef Py_PYTHON_H..#define Py_PYTHON_H....// Since this is a "meta-include" file, no #ifdef __cplusplus / extern "C" {....// Include Python header files..#include "patchlevel.h"..#include "pyconfig.h"..#include "pymacconfig.h"....#if defined(__sgi) && !defined(_SGI_MP_SOURCE)..# define _SGI_MP_SOURCE..#endif....// stdlib.h, stdio.h, errno.h and string.h headers are not used by Python..// headers, but kept for backward compatibility. They are excluded from the..// limited C API of Python 3.11...#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 < 0x030b0000..# include <stdlib.h>..# include <stdio.h> // FILE*..# include <errno.h> // errno..# include <string.h> // memcpy()..#endif..#ifndef MS_WINDOWS..# include <unistd.h>..#endif..#ifdef HAVE_STDDEF_H..# include <stddef.h>

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\complexobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1292
                                          Entropy (8bit):5.139223578690183
                                          Encrypted:false
                                          SSDEEP:24:1wxib+xhH30pPiRDd/Of+JxyyYHlyt8zK5qYyN:1cgYw6do+/rYHgt8zEFyN
                                          MD5:4DFEFE2CF6776C4087A404A44E3ED705
                                          SHA1:35589BF1FD6E0875F9D6EA438D93431FA803CA6D
                                          SHA-256:CD2BAB68EC67777D71D1E7EC4D33A2D29F96C5145E33D49E101CCDA692934BAE
                                          SHA-512:52CD1A6E0F59FA9BA6E6D7B01B13B72B303A54C3B7D4710EF9079B5000A6D25F30D9785392E78BBB7D2559A78C5D4CE830B69A81B083DA96CB0204F7BD540B19
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_COMPLEXOBJECT_H..# error "this header file must not be included directly"..#endif....typedef struct {.. double real;.. double imag;..} Py_complex;..../* Operations on complex numbers from complexmodule.c */....PyAPI_FUNC(Py_complex) _Py_c_sum(Py_complex, Py_complex);..PyAPI_FUNC(Py_complex) _Py_c_diff(Py_complex, Py_complex);..PyAPI_FUNC(Py_complex) _Py_c_neg(Py_complex);..PyAPI_FUNC(Py_complex) _Py_c_prod(Py_complex, Py_complex);..PyAPI_FUNC(Py_complex) _Py_c_quot(Py_complex, Py_complex);..PyAPI_FUNC(Py_complex) _Py_c_pow(Py_complex, Py_complex);..PyAPI_FUNC(double) _Py_c_abs(Py_complex);..../* Complex object interface */..../*..PyComplexObject represents a complex number with double-precision..real and imaginary parts...*/..typedef struct {.. PyObject_HEAD.. Py_complex cval;..} PyComplexObject;....PyAPI_FUNC(PyObject *) PyComplex_FromCComplex(Py_complex);....PyAPI_FUNC(Py_complex) PyComplex_AsCComplex(PyObject *op);....#ifdef Py_BUILD_CORE../* Format t

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\context.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2043
                                          Entropy (8bit):5.209648903025274
                                          Encrypted:false
                                          SSDEEP:48:0QHsjzPmEiD5PagHyRj29q/R7v9Dg0Bf9p9qmdfsD0+:VszPmLlPDy1TBL9qmlsD0+
                                          MD5:8F1D0EE8D5483001F6FF41734F354389
                                          SHA1:6269AF3AFF52AE81484AF58F948053EB638AB37E
                                          SHA-256:DAE99CC7F7327EF3E797D5E016B957C6FA3CE4880F4478AC97B206DCE4568259
                                          SHA-512:7596CE7CCDBAD4AA1B6B328825059B3BD1B27FF8F7626C5C52FD9510AD2B1CD911970DBA63C54ABB5BA7936FE4BED3D86ED7B3F8E36F76E1C3E081B7159FB987
                                          Malicious:false
                                          Preview:#ifndef Py_LIMITED_API..#ifndef Py_CONTEXT_H..#define Py_CONTEXT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PyContext_Type;..typedef struct _pycontextobject PyContext;....PyAPI_DATA(PyTypeObject) PyContextVar_Type;..typedef struct _pycontextvarobject PyContextVar;....PyAPI_DATA(PyTypeObject) PyContextToken_Type;..typedef struct _pycontexttokenobject PyContextToken;......#define PyContext_CheckExact(o) Py_IS_TYPE((o), &PyContext_Type)..#define PyContextVar_CheckExact(o) Py_IS_TYPE((o), &PyContextVar_Type)..#define PyContextToken_CheckExact(o) Py_IS_TYPE((o), &PyContextToken_Type)......PyAPI_FUNC(PyObject *) PyContext_New(void);..PyAPI_FUNC(PyObject *) PyContext_Copy(PyObject *);..PyAPI_FUNC(PyObject *) PyContext_CopyCurrent(void);....PyAPI_FUNC(int) PyContext_Enter(PyObject *);..PyAPI_FUNC(int) PyContext_Exit(PyObject *);....../* Create a new context variable..... default_value can be NULL...*/..PyAPI_FUNC(PyObject *) PyContextVar_New(.. const char *nam

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\descrobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1706
                                          Entropy (8bit):4.913239676928551
                                          Encrypted:false
                                          SSDEEP:48:0cgl1a/BKr2S03SuCaafSz7iS8SEma4O3:0cx7Sd/Faz7RTB4
                                          MD5:940E4DB2ACBBFBD91EE392EB0C661202
                                          SHA1:3531E8AC632E6C609AA5C2158096116D63330205
                                          SHA-256:F00CA429993329A665C9CD2DE348321712B950B4EFED2E9C05DE6C16EB2E0DDB
                                          SHA-512:5FFD6B6CC2AE290CF8B745918DFC651A677993617102D91BFEED7B4E7065FA106364306B2D829B14A9FD5A9865FA11D132305DCCB9BB6C6AB240A30FF674A875
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_DESCROBJECT_H..# error "this header file must not be included directly"..#endif....typedef PyObject *(*wrapperfunc)(PyObject *self, PyObject *args,.. void *wrapped);....typedef PyObject *(*wrapperfunc_kwds)(PyObject *self, PyObject *args,.. void *wrapped, PyObject *kwds);....struct wrapperbase {.. const char *name;.. int offset;.. void *function;.. wrapperfunc wrapper;.. const char *doc;.. int flags;.. PyObject *name_strobj;..};..../* Flags for above struct */..#define PyWrapperFlag_KEYWORDS 1 /* wrapper function takes keyword args */..../* Various kinds of descriptor objects */....typedef struct {.. PyObject_HEAD.. PyTypeObject *d_type;.. PyObject *d_name;.. PyObject *d_qualname;..} PyDescrObject;....#define PyDescr_COMMON PyDescrObject d_common....#define PyDescr_TYPE(x) (((PyDescrObject *)(x))->d_type)..#define PyDescr_NAME(x) (((PyDescrObject *)(x))->d_name)....

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\dictobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4804
                                          Entropy (8bit):5.086936822611704
                                          Encrypted:false
                                          SSDEEP:96:pcTR1vYJuOeuOvuLK/aTVCSl3hioPLCXoLE7PpPq3UDyI8O:GNOsOxO2lh1zCYsRC37I8O
                                          MD5:C79D4F29F1C2A2FC82AB82FCBFD09F6C
                                          SHA1:610D12152561D6875BF0E6DE78A3B4F8001F5151
                                          SHA-256:C7CE4DDA5C84FC6C5DA636F2FDDA42C21B458859E87B8CF6205544A893097D03
                                          SHA-512:1D51853308CFCD9103893E3286A6C14E84A929B7B1416087CE28FFDE9CEEE9083AA8140F9855155494D0A6195641152E3CAA2B0C99371B7AD1FA6DEBA779CFAC
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_DICTOBJECT_H..# error "this header file must not be included directly"..#endif....typedef struct _dictkeysobject PyDictKeysObject;..typedef struct _dictvalues PyDictValues;..../* The ma_values pointer is NULL for a combined table.. * or points to an array of PyObject* for a split table.. */..typedef struct {.. PyObject_HEAD.... /* Number of items in the dictionary */.. Py_ssize_t ma_used;.... /* Dictionary version: globally unique, value change each time.. the dictionary is modified */..#ifdef Py_BUILD_CORE.. uint64_t ma_version_tag;..#else.. Py_DEPRECATED(3.12) uint64_t ma_version_tag;..#endif.... PyDictKeysObject *ma_keys;.... /* If ma_values is NULL, the table is "combined": keys and values.. are stored in ma_keys..... If ma_values is not NULL, the table is split:.. keys are stored in ma_keys and values are stored in ma_values */.. PyDictValues *ma_values;..} PyDictObject;....PyAPI_FUNC(PyObject *) _PyDict_GetIte

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\fileobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):837
                                          Entropy (8bit):5.193069954764856
                                          Encrypted:false
                                          SSDEEP:24:ljlwxibnNI1NygWEjU3GJLUlnSg7IHBtky:lRcgnNUNIC9d0Sg7IHz5
                                          MD5:2D0D5860216CE08799A13DDDEE21046E
                                          SHA1:FE3723823B06A90864E2B44C6EB8AD93E7C1FDE0
                                          SHA-256:8314B7D514F96FB7212C8DE48443C440D017F25071A81E2DE8734FD354138814
                                          SHA-512:D2CBEE84891E4200876C2C44C1A920EC5B34F07DD7076A1587D6EAA0507332BD78BCC58BAD0FD1A93E2FA212D44BCBEBC993B5F1C6F69773A6778429BC7E4ECE
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_FILEOBJECT_H..# error "this header file must not be included directly"..#endif....PyAPI_FUNC(char *) Py_UniversalNewlineFgets(char *, int, FILE*, PyObject *);..PyAPI_FUNC(char *) _Py_UniversalNewlineFgetsWithSize(char *, int, FILE*, PyObject *, size_t*);..../* The std printer acts as a preliminary sys.stderr until the new io.. infrastructure is in place. */..PyAPI_FUNC(PyObject *) PyFile_NewStdPrinter(int);..PyAPI_DATA(PyTypeObject) PyStdPrinter_Type;....typedef PyObject * (*Py_OpenCodeHookFunction)(PyObject *, void *);....PyAPI_FUNC(PyObject *) PyFile_OpenCode(const char *utf8path);..PyAPI_FUNC(PyObject *) PyFile_OpenCodeObject(PyObject *path);..PyAPI_FUNC(int) PyFile_SetOpenCodeHook(Py_OpenCodeHookFunction hook, void *userData);....PyAPI_FUNC(int) _PyLong_FileDescriptor_Converter(PyObject *, void *);..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\fileutils.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):240
                                          Entropy (8bit):5.0072586187879855
                                          Encrypted:false
                                          SSDEEP:6:BLgF9ov/HQxz2bBAERZHGdZXGEWyye8Ve67bJRCa8Bpey:BLoU/HQxib2EWbnW7LVPpy
                                          MD5:77E359584D56C653096E3495E48F2A0A
                                          SHA1:798CC7DEECC669D96019F53F3C633F78BEAFD8B8
                                          SHA-256:BFD7F53CBA3C135801C129087BC84866312DD998ED7E1EC13B30CB2A800F3704
                                          SHA-512:BAB6D1CCA957699CD282E5B1F415FBB92B51AFCE39A3B4B207E155010C34FE4D47AB2E17CF73332D10DA6239941A04C7144317F5436F71DEA927E9D8B5B0EE45
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_FILEUTILS_H..# error "this header file must not be included directly"..#endif....// Used by _testcapi which must not use the internal C API..PyAPI_FUNC(FILE*) _Py_fopen_obj(.. PyObject *path,.. const char *mode);..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\floatobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):927
                                          Entropy (8bit):5.231380546122055
                                          Encrypted:false
                                          SSDEEP:24:tJwxib+xsyyxV1VsHTmRBaqOm7q7mrPEWPhIWPj:tJcgYsxxrVszmRBafUI0PEWPeWPj
                                          MD5:8B73393791F403ED0A20F9DF6BA63D52
                                          SHA1:38449C1812FD8BF0E601C97D4D35DD41355B7E33
                                          SHA-256:DCE978016FA9D32AD9F3679C9B1B6E614B727B323B2527E0298F23331DAC804B
                                          SHA-512:88FB37C3AE0A8C68247FF739BD51BDA604A99EEF50EB0ECDD8A4D19022428B4C9E91B072A6B45C2C2254D92FB7B6CEA8A372E6F568925DF278CEA348616A02F3
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_FLOATOBJECT_H..# error "this header file must not be included directly"..#endif....typedef struct {.. PyObject_HEAD.. double ob_fval;..} PyFloatObject;....#define _PyFloat_CAST(op) \.. (assert(PyFloat_Check(op)), _Py_CAST(PyFloatObject*, op))....// Static inline version of PyFloat_AsDouble() trading safety for speed...// It doesn't check if op is a double object...static inline double PyFloat_AS_DOUBLE(PyObject *op) {.. return _PyFloat_CAST(op)->ob_fval;..}..#define PyFloat_AS_DOUBLE(op) PyFloat_AS_DOUBLE(_PyObject_CAST(op))......PyAPI_FUNC(int) PyFloat_Pack2(double x, char *p, int le);..PyAPI_FUNC(int) PyFloat_Pack4(double x, char *p, int le);..PyAPI_FUNC(int) PyFloat_Pack8(double x, char *p, int le);....PyAPI_FUNC(double) PyFloat_Unpack2(const char *p, int le);..PyAPI_FUNC(double) PyFloat_Unpack4(const char *p, int le);..PyAPI_FUNC(double) PyFloat_Unpack8(const char *p, int le);..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\frameobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1137
                                          Entropy (8bit):4.903757833245492
                                          Encrypted:false
                                          SSDEEP:24:GSqgwxibULip8ph97UX412U1YxYDKoO2TdGPzGlWmRl:GS7cgUumpouXeoDToz+Vb
                                          MD5:5902B4A048F6428560A52A912B569AE7
                                          SHA1:A565C1F713426F2D1CFF116395DBF9CA2C74E0E2
                                          SHA-256:833C2CA6C489103C63DAA9701D2A3BD11E2EA14BAEB537A61D4CAB5D50493A7C
                                          SHA-512:AC1F95FE7F017614B0BEDBED0B90AC829FD10A56D156310ECB3032CCF0180D8C5F61570FB8FAB873AB82853BDFCD858F70C8647FED7F052A025E574830E5B232
                                          Malicious:false
                                          Preview:/* Frame object interface */....#ifndef Py_CPYTHON_FRAMEOBJECT_H..# error "this header file must not be included directly"..#endif..../* Standard object interface */....PyAPI_FUNC(PyFrameObject *) PyFrame_New(PyThreadState *, PyCodeObject *,.. PyObject *, PyObject *);..../* The rest of the interface is specific for frame objects */..../* Conversions between "fast locals" and locals in dictionary */....PyAPI_FUNC(void) PyFrame_LocalsToFast(PyFrameObject *, int);..../* -- Caveat emptor --.. * The concept of entry frames is an implementation detail of the CPython.. * interpreter. This API is considered unstable and is provided for the.. * convenience of debuggers, profilers and state-inspecting tools. Notice that.. * this API can be changed in future minor versions if the underlying frame.. * mechanism change or the concept of an 'entry frame' or its semantics becomes.. * obsolete or outdated. */....PyAPI_FUNC(int) _PyFrame_IsEntryFrame(PyFrameObjec

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\funcobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7338
                                          Entropy (8bit):5.1622423296866335
                                          Encrypted:false
                                          SSDEEP:192:96qUpUfRKIR1jIRwvIRhAtIRg2IR4KIRR1IR+Faa8Z:gqUORKK1jKwvKWtKg2K4KKR1K+Fal
                                          MD5:F7ACA6238FFFCECE1F959EB7FB7F91D1
                                          SHA1:F4571B635B99D8DEB3011B50C321B220B25897FD
                                          SHA-256:F5C7DC476D9420E43424197F20F700072A2FDB7315D299E9E460A912CEE62939
                                          SHA-512:7A5D7F918DF72D0B14AC3D711558098BB70B95AFC9574E0FE649AB288954CA86582148B766F6502F936250CBCB7392397C177A5CA84455FAE1045FB69DFF957C
                                          Malicious:false
                                          Preview:/* Function object interface */....#ifndef Py_LIMITED_API..#ifndef Py_FUNCOBJECT_H..#define Py_FUNCOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif......#define COMMON_FIELDS(PREFIX) \.. PyObject *PREFIX ## globals; \.. PyObject *PREFIX ## builtins; \.. PyObject *PREFIX ## name; \.. PyObject *PREFIX ## qualname; \.. PyObject *PREFIX ## code; /* A code object, the __code__ attribute */ \.. PyObject *PREFIX ## defaults; /* NULL or a tuple */ \.. PyObject *PREFIX ## kwdefaults; /* NULL or a dict */ \.. PyObject *PREFIX ## closure; /* NULL or a tuple of cell objects */....typedef struct {.. COMMON_FIELDS(fc_)..} PyFrameConstructor;..../* Function objects and code objects should not be confused with each other:.. *.. * Function objects are created by the execution of the 'def' statement... * They reference a code object in their __code__ attribute, which is a.. * purely syntactic object, i.e. nothing more than a compiled version of some.. * source

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\genobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3405
                                          Entropy (8bit):4.675583115077192
                                          Encrypted:false
                                          SSDEEP:48:7XhUlI/VuHcOaobPC7fI2jyYtkFrhvr3BLy4:z8yVAiWPUzTtkf7
                                          MD5:7823F44F066C4E51523A90ECA985F807
                                          SHA1:40DFB3E3489BC4B0AF7204CE70C7BAC6A5A143AC
                                          SHA-256:64BE4324F7F9A09E46DBC9997085B04B0B32537A08837073A95BEB2FF4ABCDBA
                                          SHA-512:9AB4A28BE2C0258BCDCF79A625AE91F9D40849F0B53B48FA73C5C6F4B22E6C203C2AA6F66E61D6372DCBD818C0721D55E16943B583BAC1BC9BEC5B4D167691C7
                                          Malicious:false
                                          Preview:/* Generator object interface */....#ifndef Py_LIMITED_API..#ifndef Py_GENOBJECT_H..#define Py_GENOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif..../* --- Generators --------------------------------------------------------- */..../* _PyGenObject_HEAD defines the initial segment of generator.. and coroutine objects. */..#define _PyGenObject_HEAD(prefix) \.. PyObject_HEAD \.. /* List of weak reference. */ \.. PyObject *prefix##_weakreflist; \.. /* Name of the generator. */ \.. PyObject *prefix##_name; \.. /* Qualified name of the generator. */ \.. PyObject *prefix##_qualname; \.. _PyErr_StackItem prefix##_exc_state;

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\import.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1669
                                          Entropy (8bit):5.0202452456319815
                                          Encrypted:false
                                          SSDEEP:24:/wxibOvcHWcJQx1cof1ofBRYgGlw1svu4GRfco4G2aJaGR11k:/cgOvl3x1h9EewXeCpk
                                          MD5:A6CB48CC7E0F692D2FC13A1976E6926D
                                          SHA1:458F01E4BF7F68B5A806392746E723F576CF450F
                                          SHA-256:2233CC06D149A194C2185D5C3DB82256833459C51902AE0DF5CD237A6973CB97
                                          SHA-512:CF2AB21B74D04712D08089036D73F90C605FF3CDD349E628D97B8325A85F3E935CEC48C3D4AF911BE07A5489A21A7742F1C476242C81806C0AE2F4D9C75AC590
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_IMPORT_H..# error "this header file must not be included directly"..#endif....PyMODINIT_FUNC PyInit__imp(void);....PyAPI_FUNC(int) _PyImport_IsInitialized(PyInterpreterState *);....PyAPI_FUNC(PyObject *) _PyImport_GetModuleId(_Py_Identifier *name);..PyAPI_FUNC(int) _PyImport_SetModule(PyObject *name, PyObject *module);..PyAPI_FUNC(int) _PyImport_SetModuleString(const char *name, PyObject* module);....PyAPI_FUNC(void) _PyImport_AcquireLock(PyInterpreterState *interp);..PyAPI_FUNC(int) _PyImport_ReleaseLock(PyInterpreterState *interp);....PyAPI_FUNC(int) _PyImport_FixupBuiltin(.. PyObject *mod,.. const char *name, /* UTF-8 encoded string */.. PyObject *modules.. );..PyAPI_FUNC(int) _PyImport_FixupExtensionObject(PyObject*, PyObject *,.. PyObject *, PyObject *);....struct _inittab {.. const char *name; /* ASCII encoded string */.. PyObject* (*initfunc)(void);..};..// This is not used a

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\initconfig.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8076
                                          Entropy (8bit):5.025788943646213
                                          Encrypted:false
                                          SSDEEP:96:iauwyXtV/fW/VTKNBfwKdfNy+1yQfAH+E22i+xO+haFl/8RCFtCFSkcr0p1u7VOi:B+ZmK3FyXK21Hfu7VTH0e
                                          MD5:E785460D0437E300AAE9CC595A419D13
                                          SHA1:65BA8DEB5F4307C99B70AF112557FACD335997FE
                                          SHA-256:0B77B3C209F8D212D75416338B7E519ECD37D33CC8EF11F4564D64662D59EFE1
                                          SHA-512:CB5807FEACBAF258A1909AF7CB289624E66EF076F39CFE33819CA505C171C0D610B675CD63C8D80B267A0CE08E887F53B630218E81F12D61E2903D6F5A59106D
                                          Malicious:false
                                          Preview:#ifndef Py_PYCORECONFIG_H..#define Py_PYCORECONFIG_H..#ifndef Py_LIMITED_API..#ifdef __cplusplus..extern "C" {..#endif..../* --- PyStatus ----------------------------------------------- */....typedef struct {.. enum {.. _PyStatus_TYPE_OK=0,.. _PyStatus_TYPE_ERROR=1,.. _PyStatus_TYPE_EXIT=2.. } _type;.. const char *func;.. const char *err_msg;.. int exitcode;..} PyStatus;....PyAPI_FUNC(PyStatus) PyStatus_Ok(void);..PyAPI_FUNC(PyStatus) PyStatus_Error(const char *err_msg);..PyAPI_FUNC(PyStatus) PyStatus_NoMemory(void);..PyAPI_FUNC(PyStatus) PyStatus_Exit(int exitcode);..PyAPI_FUNC(int) PyStatus_IsError(PyStatus err);..PyAPI_FUNC(int) PyStatus_IsExit(PyStatus err);..PyAPI_FUNC(int) PyStatus_Exception(PyStatus err);..PyAPI_FUNC(PyObject *) _PyErr_SetFromPyStatus(PyStatus status);..../* --- PyWideStringList ------------------------------------------------ */....typedef struct {.. /* If length is greater than zero, items must be non-NULL.. and all

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\interpreteridobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):398
                                          Entropy (8bit):5.034285965364742
                                          Encrypted:false
                                          SSDEEP:6:BwS24ds/HQxz2bBAER6QQv8a7Nph6iyeWSbph62oeWSbzRz8PRlzR4KeWuzRM6pd:Bl2R/HQxib2EsQcDXhUnIhYncknUhWPC
                                          MD5:3D49C40583E099B05F31BED767B5DA8F
                                          SHA1:2C118B60E9A4335A9EA9673AB8D39D94F56B150F
                                          SHA-256:07D04990AE07FBEFCDF0DB99ADFD8C1781EAE324A10CE946A837482AA588A679
                                          SHA-512:A494775D154938A2A65C30703F152628FE6CE03520EFCECA98610B2FDD3355BB7B538D34F13F732C71FDAF4906FD1A89B19753438FEA2D90026288C7D32D0CE3
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_INTERPRETERIDOBJECT_H..# error "this header file must not be included directly"..#endif..../* Interpreter ID Object */....PyAPI_DATA(PyTypeObject) _PyInterpreterID_Type;....PyAPI_FUNC(PyObject *) _PyInterpreterID_New(int64_t);..PyAPI_FUNC(PyObject *) _PyInterpreterState_GetIDObject(PyInterpreterState *);..PyAPI_FUNC(PyInterpreterState *) _PyInterpreterID_LookUp(PyObject *);..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\listobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1680
                                          Entropy (8bit):5.1075478875485105
                                          Encrypted:false
                                          SSDEEP:24:AYwxib+x6ANvXDT3JxKsr/tf4SstZ3X8X/olw0eQkJZoYiYSBW1G+yIk4zjYS3ot:AYcgY6KnfJmLw0ePJZoPYa+y3WjY8o1z
                                          MD5:F2EA530A98E222E4BF313F3DFBBE466B
                                          SHA1:2A57EB788EF5C5B62A5A16AD478795F947D5B53D
                                          SHA-256:D64EC47C66671FE2B216FD49010D149DF3103A6C8BE0D442E429B1DDA6001F5B
                                          SHA-512:0048C05043ED750E10A5246F161F555322305C43E675152D2E8A927F774B0F6D41AE535F7185F5406DA5DD4118E04A98C750B186FF73277C9CABEB7B33550485
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_LISTOBJECT_H..# error "this header file must not be included directly"..#endif....typedef struct {.. PyObject_VAR_HEAD.. /* Vector of pointers to list elements. list[0] is ob_item[0], etc. */.. PyObject **ob_item;.... /* ob_item contains space for 'allocated' elements. The number.. * currently in use is ob_size... * Invariants:.. * 0 <= ob_size <= allocated.. * len(list) == ob_size.. * ob_item == NULL implies ob_size == allocated == 0.. * list.sort() temporarily sets allocated to -1 to detect mutations... *.. * Items must normally not be NULL, except during construction when.. * the list is not yet visible outside the function that builds it... */.. Py_ssize_t allocated;..} PyListObject;....PyAPI_FUNC(PyObject *) _PyList_Extend(PyListObject *, PyObject *);..PyAPI_FUNC(void) _PyList_DebugMallocStats(FILE *out);..../* Cast argument to PyListObject* type. */..#define _PyList_CAST(op) \.. (assert(Py

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\longintrepr.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5022
                                          Entropy (8bit):5.197921354121365
                                          Encrypted:false
                                          SSDEEP:48:IfiDJToXS7dco/1uKXHLKdUJfC5JxkM8UrJ4okJ4HYzXy9RSyHGJLrm9lYTBph3p:OiDJUo4KXrKSyjkMWoNHYbmScGT7VeKl
                                          MD5:74823487B7F6BE5AC48BFC6103D150B3
                                          SHA1:9859882BFB80C2D1756046415D4E250185D1687E
                                          SHA-256:053452993BF183144BECB9EF4CD0293D51F022182CEF83C41BB0089DC2B0563D
                                          SHA-512:1FD8F504305CA5C4201D8D829A71CA4877B555EACC84E49BBBE6D557E79BE7378289ED72D5529BF80A13CAEADC20864F548ACCC2790E627E19314ACF8A0D8493
                                          Malicious:false
                                          Preview:#ifndef Py_LIMITED_API..#ifndef Py_LONGINTREPR_H..#define Py_LONGINTREPR_H..#ifdef __cplusplus..extern "C" {..#endif....../* This is published for the benefit of "friends" marshal.c and _decimal.c. */..../* Parameters of the integer representation. There are two different.. sets of parameters: one set for 30-bit digits, stored in an unsigned 32-bit.. integer type, and one set for 15-bit digits with each digit stored in an.. unsigned short. The value of PYLONG_BITS_IN_DIGIT, defined either at.. configure time or in pyport.h, is used to decide which digit size to use..... Type 'digit' should be able to hold 2*PyLong_BASE-1, and type 'twodigits'.. should be an unsigned integer type able to hold all integers up to.. PyLong_BASE*PyLong_BASE-1. x_sub assumes that 'digit' is an unsigned type,.. and that overflow is handled by taking the result modulo 2**N for some N >.. PyLong_SHIFT. The majority of the code doesn't care about the precise.. value of PyLong_SHIFT, but t

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\longobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4779
                                          Entropy (8bit):5.022578501994966
                                          Encrypted:false
                                          SSDEEP:96:fcj9um0J3q3D21C8YjnNSUbK45MvgDrPFZ27GK5SbfTZYQF3QfkDKbko6:05/AYjn4I5MvgDrPFZ2NqfTZYQxQMDQA
                                          MD5:76A77068FAAB3F960E916EE115BCF625
                                          SHA1:24F240C23CD6931EACF99C15E4A63B7F9E6F424E
                                          SHA-256:E098266A6ABB52079966D12F04E34B419CCCA2D5E121F62ABCB523F867A7D972
                                          SHA-512:B786E7AF8FE60D0C865B3B76DF74E7DB2395A79DEB22210F3A4A292729918B7E39BB33FEFAFB9A4957C5CAD79EE3E24ACA92B101B33D80257D3AA567AF5BEAF0
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_LONGOBJECT_H..# error "this header file must not be included directly"..#endif....PyAPI_FUNC(int) _PyLong_AsInt(PyObject *);....PyAPI_FUNC(int) _PyLong_UnsignedShort_Converter(PyObject *, void *);..PyAPI_FUNC(int) _PyLong_UnsignedInt_Converter(PyObject *, void *);..PyAPI_FUNC(int) _PyLong_UnsignedLong_Converter(PyObject *, void *);..PyAPI_FUNC(int) _PyLong_UnsignedLongLong_Converter(PyObject *, void *);..PyAPI_FUNC(int) _PyLong_Size_t_Converter(PyObject *, void *);..../* _PyLong_Frexp returns a double x and an exponent e such that the.. true value is approximately equal to x * 2**e. e is >= 0. x is.. 0.0 if and only if the input is 0 (in which case, e and x are both.. zeroes); otherwise, 0.5 <= abs(x) < 1.0. On overflow, which is.. possible if the number of bits doesn't fit into a Py_ssize_t, sets.. OverflowError and returns -1.0 for x, 0 for e. */..PyAPI_FUNC(double) _PyLong_Frexp(PyLongObject *a, Py_ssize_t *e);....PyAPI_FUNC(PyObject *) PyLong_FromUn

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\memoryobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2324
                                          Entropy (8bit):5.1886231790241695
                                          Encrypted:false
                                          SSDEEP:48:mcgVeqkbYCfCrgNIYXZ0wbRar89MUBuZ27MZkZjedRc3X:mc4kMIn/Ddx9MUG2uijYRE
                                          MD5:9A825F485A251686003D9229909C7000
                                          SHA1:E714B79D7CF19589BAF296553437D1BA2DDA0B78
                                          SHA-256:9FEECE501D4CD48E8F3A233DB4C46BB822A80376361BD5753E76B493CA3A78B8
                                          SHA-512:A4E110730FC5F2729EA04362811F83849B0D40A47E2579D49FC268A3BBDB6DC5341B0F8AD838D3341C95B1EED57E09DCC11C935FEA7EC3C6469AA15E88120617
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_MEMORYOBJECT_H..# error "this header file must not be included directly"..#endif....PyAPI_DATA(PyTypeObject) _PyManagedBuffer_Type;..../* The structs are declared here so that macros can work, but they shouldn't.. be considered public. Don't access their fields directly, use the macros.. and functions instead! */..#define _Py_MANAGED_BUFFER_RELEASED 0x001 /* access to exporter blocked */..#define _Py_MANAGED_BUFFER_FREE_FORMAT 0x002 /* free format */....typedef struct {.. PyObject_HEAD.. int flags; /* state flags */.. Py_ssize_t exports; /* number of direct memoryview exports */.. Py_buffer master; /* snapshot buffer obtained from the original exporter */..} _PyManagedBufferObject;....../* memoryview state flags */..#define _Py_MEMORYVIEW_RELEASED 0x001 /* access to master buffer blocked */..#define _Py_MEMORYVIEW_C 0x002 /* C-contiguous layout */..#define _Py_MEMORYVIEW_FORTRAN 0x004 /* Fortran contiguous layout */.

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\methodobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2342
                                          Entropy (8bit):5.182525087815372
                                          Encrypted:false
                                          SSDEEP:48:scgQlOn4dtx1HEvd7UEQ7zEH75lWIR2QLnEzapVnl9u8wWIReFPEzapVnxUmaR9X:scxT1HYd7UH7z+75MIR2IEgvPTIRcMg4
                                          MD5:3E864CCED9C81ED0CCDD0D4623ABF286
                                          SHA1:7F7AB10428BC3BDD687BE5A89CAAAD0A304D1ABB
                                          SHA-256:38293361CBDFD45DF12E1893BF033C25F2FFE3D9DAD13B0FD3FCBC98C7997C49
                                          SHA-512:46F24F8BAB51E99F83084F525C23F6AB7DF8E9B958FA49D54D6163CAD8A9F0DD026C8983021ABDFA425D9F88DD1C90A286CFEC8F0F6215C1B15199E124514C83
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_METHODOBJECT_H..# error "this header file must not be included directly"..#endif....// PyCFunctionObject structure....typedef struct {.. PyObject_HEAD.. PyMethodDef *m_ml; /* Description of the C function to call */.. PyObject *m_self; /* Passed as 'self' arg to the C func, can be NULL */.. PyObject *m_module; /* The __module__ attribute, can be anything */.. PyObject *m_weakreflist; /* List of weak references */.. vectorcallfunc vectorcall;..} PyCFunctionObject;....#define _PyCFunctionObject_CAST(func) \.. (assert(PyCFunction_Check(func)), \.. _Py_CAST(PyCFunctionObject*, (func)))......// PyCMethodObject structure....typedef struct {.. PyCFunctionObject func;.. PyTypeObject *mm_class; /* Class that defines this method */..} PyCMethodObject;....#define _PyCMethodObject_CAST(func) \.. (assert(PyCMethod_Check(func)), \.. _Py_CAST(PyCMethodObject*, (func)))....PyAPI_DATA(PyTypeObject) PyCMethod_Type;....#define PyCMethod_C

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\modsupport.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4445
                                          Entropy (8bit):5.05351456250695
                                          Encrypted:false
                                          SSDEEP:96:1cVTD7GW+jo5ea+vFI20+3k+PaPF36b2yHzV:Kh7GS5ea++LD36b2w
                                          MD5:0FC62BC4A9D6795DAC7E83E55F204798
                                          SHA1:A203F510EECDD8C44F226FA157180516E317B60F
                                          SHA-256:3DC42D6F9801AFF80BBF0CBF847211A480E78CF4DFA49ECA3CE6A7A784DAF692
                                          SHA-512:0217D7765833E82E23C217440BB7170469070FA8A557381286FA52C60716BAFC1059ADA59CE9B5BF3B9AC260E391F53B31BA1130B8C1330B1FCDF22C6861BD61
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_MODSUPPORT_H..# error "this header file must not be included directly"..#endif..../* If PY_SSIZE_T_CLEAN is defined, each functions treats #-specifier.. to mean Py_ssize_t */..#ifdef PY_SSIZE_T_CLEAN..#define _Py_VaBuildStack _Py_VaBuildStack_SizeT..#else..PyAPI_FUNC(PyObject *) _Py_VaBuildValue_SizeT(const char *, va_list);..PyAPI_FUNC(PyObject **) _Py_VaBuildStack_SizeT(.. PyObject **small_stack,.. Py_ssize_t small_stack_len,.. const char *format,.. va_list va,.. Py_ssize_t *p_nargs);..#endif....PyAPI_FUNC(int) _PyArg_UnpackStack(.. PyObject *const *args,.. Py_ssize_t nargs,.. const char *name,.. Py_ssize_t min,.. Py_ssize_t max,.. ...);....PyAPI_FUNC(int) _PyArg_NoKeywords(const char *funcname, PyObject *kwargs);..PyAPI_FUNC(int) _PyArg_NoKwnames(const char *funcname, PyObject *kwnames);..PyAPI_FUNC(int) _PyArg_NoPositional(const char *funcname, PyObject *args);..#define _PyArg_NoKeywords(funcname, kwargs) \..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\object.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):21787
                                          Entropy (8bit):5.058391137738562
                                          Encrypted:false
                                          SSDEEP:384:OgHDxPOeSmmqRrVqH7FeEKyH0qLIoPXY2Lwvu95IWawvc95IWKzYv8Z7v2L2Xkui:OgHdOWmqqHXH0YXZd/S/KzYvoD2L2XkZ
                                          MD5:DB36423AA52F401070332AC25A6A7432
                                          SHA1:E20536B95CD39BE7FD1660A758D9E6A060056717
                                          SHA-256:82EC2077CD103254A2D366CD857E4C734DD261FD750FA39940A3E4975CF8D616
                                          SHA-512:D78CB02D0F19CA8313065D755B8ACDDFE530BF946AA027E0560E2FC44818FCA797AC9982E444FFEDBA1E6074B7BF8C59F9D66CAD2DF88EC3A9A4317D6D96ED2E
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_OBJECT_H..# error "this header file must not be included directly"..#endif....PyAPI_FUNC(void) _Py_NewReference(PyObject *op);..PyAPI_FUNC(void) _Py_NewReferenceNoTotal(PyObject *op);....#ifdef Py_TRACE_REFS../* Py_TRACE_REFS is such major surgery that we call external routines. */..PyAPI_FUNC(void) _Py_ForgetReference(PyObject *);..#endif....#ifdef Py_REF_DEBUG../* These are useful as debugging aids when chasing down refleaks. */..PyAPI_FUNC(Py_ssize_t) _Py_GetGlobalRefTotal(void);..# define _Py_GetRefTotal() _Py_GetGlobalRefTotal()..PyAPI_FUNC(Py_ssize_t) _Py_GetLegacyRefTotal(void);..PyAPI_FUNC(Py_ssize_t) _PyInterpreterState_GetRefTotal(PyInterpreterState *);..#endif....../********************* String Literals ****************************************/../* This structure helps managing static strings. The basic usage goes like this:.. Instead of doing.... r = PyObject_CallMethod(o, "foo", "args", ...);.... do.... _Py_IDENTIFIER(foo);.. ....

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\objimpl.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3411
                                          Entropy (8bit):5.0684324671002665
                                          Encrypted:false
                                          SSDEEP:96:5ccuRtVM6X5Oint5LRqe2TCjPKsTW7QALGsL2V+F7I26:2cuRjMYoizRqe2T5sT0Q2CV+FM26
                                          MD5:3AAF56D62D3B0F11B109ABAE1037D3E4
                                          SHA1:F965A602F9F9577EDC4C63CCFDEEEDE17BFDE202
                                          SHA-256:1A6FE8DD3E89B288DE512CB87DD6BD583D8B5AA4B985BFC0567C6BDA983C4554
                                          SHA-512:23F9E71F2861CB984238C59A68C7C9BC1DCD5481D16CA1DE1C8D1F16DCBB686C1D63E8DE2A323F4EAA2E1801D8299B2E841ABCD8DADE450D9AF5D956E994D024
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_OBJIMPL_H..# error "this header file must not be included directly"..#endif....static inline size_t _PyObject_SIZE(PyTypeObject *type) {.. return _Py_STATIC_CAST(size_t, type->tp_basicsize);..}..../* _PyObject_VAR_SIZE returns the number of bytes (as size_t) allocated for a.. vrbl-size object with nitems items, exclusive of gc overhead (if any). The.. value is rounded up to the closest multiple of sizeof(void *), in order to.. ensure that pointer fields at the end of the object are correctly aligned.. for the platform (this is of special importance for subclasses of, e.g.,.. str or int, so that pointers can be stored after the embedded data)..... Note that there's no memory wastage in doing this, as malloc has to.. return (at worst) pointer-aligned memory anyway...*/..#if ((SIZEOF_VOID_P - 1) & SIZEOF_VOID_P) != 0..# error "_PyObject_VAR_SIZE requires SIZEOF_VOID_P be a power of 2"..#endif....static inline size_t _PyObject_VAR_SIZE(PyTypeObject *

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\odictobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1354
                                          Entropy (8bit):5.183460169106451
                                          Encrypted:false
                                          SSDEEP:12:BOpgldiy2tuYrCJLrox9tLNQIY3ncGEWKMS5nHqG+u35XXPgF8waXQijTab:0W3/2sH6x9t+FE2CnKG/toF8zjab
                                          MD5:6BB61C20651C43AF4A1FEAEAC50B525C
                                          SHA1:5B4356F048F9385195878B9EA14A3B6044890219
                                          SHA-256:1C53B02FCE72611A21A403CE367903DDB21F523965179AE5C77D3281EEC1D696
                                          SHA-512:23A1F65CE542704D84879F6391010881F0F04B799EF9D56CA96D0B6A464F7ACB6A8D9FAB5FBC33D0A306A9849982F5EFA21A5F23A8A5ED4E332172CF85720085
                                          Malicious:false
                                          Preview:#ifndef Py_ODICTOBJECT_H..#define Py_ODICTOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....../* OrderedDict */../* This API is optional and mostly redundant. */....#ifndef Py_LIMITED_API....typedef struct _odictobject PyODictObject;....PyAPI_DATA(PyTypeObject) PyODict_Type;..PyAPI_DATA(PyTypeObject) PyODictIter_Type;..PyAPI_DATA(PyTypeObject) PyODictKeys_Type;..PyAPI_DATA(PyTypeObject) PyODictItems_Type;..PyAPI_DATA(PyTypeObject) PyODictValues_Type;....#define PyODict_Check(op) PyObject_TypeCheck((op), &PyODict_Type)..#define PyODict_CheckExact(op) Py_IS_TYPE((op), &PyODict_Type)..#define PyODict_SIZE(op) PyDict_GET_SIZE((op))....PyAPI_FUNC(PyObject *) PyODict_New(void);..PyAPI_FUNC(int) PyODict_SetItem(PyObject *od, PyObject *key, PyObject *item);..PyAPI_FUNC(int) PyODict_DelItem(PyObject *od, PyObject *key);..../* wrappers around PyDict* functions */..#define PyODict_GetItem(od, key) PyDict_GetItem(_PyObject_CAST(od), (key))..#define PyODict_GetItemWithError(od, key) \.. PyDi

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\picklebufobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):879
                                          Entropy (8bit):5.267148701395894
                                          Encrypted:false
                                          SSDEEP:12:UPpna5ooK5reGc4q4rCJ/2p2p2IYQSpdR9p0zFnCp1ep5wyKZDBpsPpQ/6EjZpuK:Z5XKc4sFG43Od//6l/Ul
                                          MD5:A4C31AF078BC034992677A5AA57E3538
                                          SHA1:20AE77034D5E188C0948F915E7FB5D5DD8F797B1
                                          SHA-256:ECB05C81E6EC87A0442DD01FAA6DEA7FF10C81555CB43A8D9D5A0A2EA7E3BE92
                                          SHA-512:F70D3C6D2B83E91E0D274A0D414BC3522509BB184D12FBFAA8370F2250FE5DB13B44D4B60AAB8BC05B6CA52C4D17286E0716F74A96EE16FD3CCD727548A2C32A
                                          Malicious:false
                                          Preview:/* PickleBuffer object. This is built-in for ease of use from third-party.. * C extensions... */....#ifndef Py_PICKLEBUFOBJECT_H..#define Py_PICKLEBUFOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_LIMITED_API....PyAPI_DATA(PyTypeObject) PyPickleBuffer_Type;....#define PyPickleBuffer_Check(op) Py_IS_TYPE((op), &PyPickleBuffer_Type)..../* Create a PickleBuffer redirecting to the given buffer-enabled object */..PyAPI_FUNC(PyObject *) PyPickleBuffer_FromObject(PyObject *);../* Get the PickleBuffer's underlying view to the original object.. * (NULL if released).. */..PyAPI_FUNC(const Py_buffer *) PyPickleBuffer_GetBuffer(PyObject *);../* Release the PickleBuffer. Returns 0 on success, -1 on error. */..PyAPI_FUNC(int) PyPickleBuffer_Release(PyObject *);....#endif /* !Py_LIMITED_API */....#ifdef __cplusplus..}..#endif..#endif /* !Py_PICKLEBUFOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pthread_stubs.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3593
                                          Entropy (8bit):4.90105688574451
                                          Encrypted:false
                                          SSDEEP:48:Ul3OVclerU8SXnA9mpbB0CD0cEQx9BX4GRm461PbVX58TXsDzz:UZOVcBB7IcEQx9BX4GRm46nGXsT
                                          MD5:5042956670A8ECA4C543D14B62A8063C
                                          SHA1:A023CB5E91870D50CD1222D5F0DDF90EBD408E6A
                                          SHA-256:125515BD49C0BBEFBE7B9A4219EE0F671C70E5E8052277DD1BBB00E08DA76F8F
                                          SHA-512:7A8795E604886B6C344CAD2596872149B1346A8DE86B86063DCB3F258F8D744502B9D94E501723390FA074B06DBDACC4A7FF7079DB022CF8B9A16A40D827C50E
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_PTRHEAD_STUBS_H..#define Py_CPYTHON_PTRHEAD_STUBS_H....#if !defined(HAVE_PTHREAD_STUBS)..# error "this header file requires stubbed pthreads."..#endif....#ifndef _POSIX_THREADS..# define _POSIX_THREADS 1..#endif..../* Minimal pthread stubs for CPython... *.. * The stubs implement the minimum pthread API for CPython... * - pthread_create() fails... * - pthread_exit() calls exit(0)... * - pthread_key_*() functions implement minimal TSS without destructor... * - all other functions do nothing and return 0... */....#ifdef __wasi__..// WASI's bits/alltypes.h provides type definitions when __NEED_ is set...// The header file can be included multiple times...# define __NEED_pthread_cond_t 1..# define __NEED_pthread_condattr_t 1..# define __NEED_pthread_mutex_t 1..# define __NEED_pthread_mutexattr_t 1..# define __NEED_pthread_key_t 1..# define __NEED_pthread_t 1..# define __NEED_pthread_attr_t 1..# include <bits/alltypes.h>..#else..typedef struct { void *__x; } pth

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pyctype.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1426
                                          Entropy (8bit):5.414626346930993
                                          Encrypted:false
                                          SSDEEP:24:oUIMUhanrrI1lE2gM6CS5XphKLPIQIG8ImINPxIBIsI2fBAv2Er1ZW:EMUhannI1lEkuXsIQILImIN5IBIsIgB5
                                          MD5:91891583393561856B0C66D384A1B6E9
                                          SHA1:6816BAB590022535ED637B1A7FAD8A5DD4C8B33F
                                          SHA-256:5B0CF2697E86E054D0A0721670D0A8E0318ED9ACB05EA0E93CD543E263F2F97A
                                          SHA-512:616949A2566F0FEB26C12B2106A3BBFA1CF8BFC8686E75CAE0A5DF679626A06FD7A83364DC4D908993CF12AA300A75A0EE87496A7B66EF7B165369470B06CC03
                                          Malicious:false
                                          Preview:#ifndef Py_LIMITED_API..#ifndef PYCTYPE_H..#define PYCTYPE_H..#ifdef __cplusplus..extern "C" {..#endif....#define PY_CTF_LOWER 0x01..#define PY_CTF_UPPER 0x02..#define PY_CTF_ALPHA (PY_CTF_LOWER|PY_CTF_UPPER)..#define PY_CTF_DIGIT 0x04..#define PY_CTF_ALNUM (PY_CTF_ALPHA|PY_CTF_DIGIT)..#define PY_CTF_SPACE 0x08..#define PY_CTF_XDIGIT 0x10....PyAPI_DATA(const unsigned int) _Py_ctype_table[256];..../* Unlike their C counterparts, the following macros are not meant to.. * handle an int with any of the values [EOF, 0-UCHAR_MAX]. The argument.. * must be a signed/unsigned char. */..#define Py_ISLOWER(c) (_Py_ctype_table[Py_CHARMASK(c)] & PY_CTF_LOWER)..#define Py_ISUPPER(c) (_Py_ctype_table[Py_CHARMASK(c)] & PY_CTF_UPPER)..#define Py_ISALPHA(c) (_Py_ctype_table[Py_CHARMASK(c)] & PY_CTF_ALPHA)..#define Py_ISDIGIT(c) (_Py_ctype_table[Py_CHARMASK(c)] & PY_CTF_DIGIT)..#define Py_ISXDIGIT(c) (_Py_ctype_table[Py_CHARMASK(c)] & PY_CTF_XDIGIT)..#define Py_ISALNUM(c) (_Py_ctype_table[Py_C

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pydebug.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1451
                                          Entropy (8bit):5.316330902074438
                                          Encrypted:false
                                          SSDEEP:24:ohgc9wFHjttJJutAjI/O/qsDva65TAIN0OgxcKkubNJUg8:Qf9wFHjttJItAjMO/bDvaGXN0dkGNp8
                                          MD5:AF8BC9EFAD59DF43AF0AB0916983E807
                                          SHA1:F13FF49E7B7117D0D4C3D87FFB4EB53BEBED61F3
                                          SHA-256:3A12471FFF6DC26957CC4C8A540D291B1DBB4D1CA1E2181538272520CBBC5077
                                          SHA-512:BC75CAD4387204F8D4B466E1EBD8F7BCEFD3BF31A180B182B631A6CEAA680FEBB16DD54916547BD3E30CDFAE08C0F48D6676B71F33863693A03BB97E956C0186
                                          Malicious:false
                                          Preview:#ifndef Py_LIMITED_API..#ifndef Py_PYDEBUG_H..#define Py_PYDEBUG_H..#ifdef __cplusplus..extern "C" {..#endif....Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_DebugFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_VerboseFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_QuietFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_InteractiveFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_InspectFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_OptimizeFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_NoSiteFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_BytesWarningFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_FrozenFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_IgnoreEnvironmentFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_DontWriteBytecodeFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_NoUserSiteDirectory;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_UnbufferedStdioFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_HashRandomizationFlag;..Py_DEPRECATED(3.12) PyAPI_DATA(int) Py_IsolatedFlag;....#ifdef MS_WINDOWS..Py_DEPRECATED(3.12) P

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pyerrors.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4454
                                          Entropy (8bit):5.035902312634121
                                          Encrypted:false
                                          SSDEEP:96:dHcbUkGrBZcmQ4xTmCHijFHd+vqALj5CpJQCupUDuUe:ObJOZcDcqCHQBsNH5CHQCupUDuUe
                                          MD5:864B9D08D0E1F82FB1752036D44E0D6F
                                          SHA1:0617481BC794800CEB0030E5D757B7BBC858D14D
                                          SHA-256:51F18CC3DB616DD36AF97D54471D31557BFAD155CFCF65875CB8F4954CF1566E
                                          SHA-512:78ED571BB9FDEA3BC5504BBC5E6C039C114C1D7C5867435A06C3DD91A77989B128348C2444481A7D3AD36B0A5940F4E594AC4812B97E715749ED8E509AE717A4
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_ERRORS_H..# error "this header file must not be included directly"..#endif..../* Error objects */..../* PyException_HEAD defines the initial segment of every exception class. */..#define PyException_HEAD PyObject_HEAD PyObject *dict;\.. PyObject *args; PyObject *notes; PyObject *traceback;\.. PyObject *context; PyObject *cause;\.. char suppress_context;....typedef struct {.. PyException_HEAD..} PyBaseExceptionObject;....typedef struct {.. PyException_HEAD.. PyObject *msg;.. PyObject *excs;..} PyBaseExceptionGroupObject;....typedef struct {.. PyException_HEAD.. PyObject *msg;.. PyObject *filename;.. PyObject *lineno;.. PyObject *offset;.. PyObject *end_lineno;.. PyObject *end_offset;.. PyObject *text;.. PyObject *print_file_and_line;..} PySyntaxErrorObject;....typedef struct {.. PyException_HEAD.. PyObject *msg;.. PyObject *name;.. PyObject *path;.. PyObject *name_from;..} PyImp

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pyfpe.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):5.152600348696546
                                          Encrypted:false
                                          SSDEEP:12:BemmYxSnlF9rrCJp5NA1Jocl4WWWVsE2I0cD:LmYMMLA1xhWTjI0cD
                                          MD5:BBC7515EBD44C181429DE06707AA39E0
                                          SHA1:3948330184B82E3BFB6390D0740B1F43A67CA1DD
                                          SHA-256:B8B42E4F39DBC5F267E8E1FF0C4A52B431A422E6CB58C2380826A0C478334316
                                          SHA-512:A4E6AF8F865B45A81D842558277382FFF5357EC6B97ABBBB5D6AC2D25942EEFACF321CE58615A3112D799CECD4AE9AB32CAE6D1B725A92A40797D2FD80C9622A
                                          Malicious:false
                                          Preview:#ifndef Py_PYFPE_H..#define Py_PYFPE_H../* Header excluded from the stable API */..#ifndef Py_LIMITED_API..../* These macros used to do something when Python was built with --with-fpectl,.. * but support for that was dropped in 3.7. We continue to define them though,.. * to avoid breaking API users... */....#define PyFPE_START_PROTECT(err_string, leave_stmt)..#define PyFPE_END_PROTECT(v)....#endif /* !defined(Py_LIMITED_API) */..#endif /* !Py_PYFPE_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pyframe.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1514
                                          Entropy (8bit):5.057379170402737
                                          Encrypted:false
                                          SSDEEP:24:+wxibxSWidC7/VKwCfmC7C2gLS7tEVWMpKxNJ0Hl5vGDbHG5tF6i3HG5kP:+cgxrqC7/vCfmC7C2gW73Mwxozvcut4+
                                          MD5:C1A0DC707BC3107F9EB2C6E5315E2DDF
                                          SHA1:FBC2E034644EA40C95D5F69615C7FA90DA38EAD1
                                          SHA-256:A7135A048A548202B90582D5F39FF7BCB4456861D4C69640F844A86284F31031
                                          SHA-512:F6C8593A05706D9ED6C4A3CB046425324EB4FDA675A29F68801DFB0C6AB8BB92E80E41D1A74627F3A0C4FE053F5D464AB1B3DB575756403FF0A70578510E3ABC
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_PYFRAME_H..# error "this header file must not be included directly"..#endif....PyAPI_DATA(PyTypeObject) PyFrame_Type;....#define PyFrame_Check(op) Py_IS_TYPE((op), &PyFrame_Type)....PyAPI_FUNC(PyFrameObject *) PyFrame_GetBack(PyFrameObject *frame);..PyAPI_FUNC(PyObject *) PyFrame_GetLocals(PyFrameObject *frame);....PyAPI_FUNC(PyObject *) PyFrame_GetGlobals(PyFrameObject *frame);..PyAPI_FUNC(PyObject *) PyFrame_GetBuiltins(PyFrameObject *frame);....PyAPI_FUNC(PyObject *) PyFrame_GetGenerator(PyFrameObject *frame);..PyAPI_FUNC(int) PyFrame_GetLasti(PyFrameObject *frame);..PyAPI_FUNC(PyObject*) PyFrame_GetVar(PyFrameObject *frame, PyObject *name);..PyAPI_FUNC(PyObject*) PyFrame_GetVarString(PyFrameObject *frame, const char *name);..../* The following functions are for use by debuggers and other tools.. * implementing custom frame evaluators with PEP 523. */....struct _PyInterpreterFrame;..../* Returns the code object of the frame (strong reference)... * Does not raise

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pylifecycle.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3534
                                          Entropy (8bit):5.19569784275282
                                          Encrypted:false
                                          SSDEEP:48:PcgTHHiDGIa4t3zL1D/PWchz/cl/4j/JNtDb4O8RS4VC+7B4MQXStYZ:PcyiDGInzZDPWiOAj/Dp8Mc7BGXSuZ
                                          MD5:13A99D2EB897AED79A2CD18BEF9A7E27
                                          SHA1:FFF48239E805411C7C0B4831DCF4E700FEC2AF06
                                          SHA-256:E3D38D7856B32348F7DFFEDDDF1BA9B65749D7C71BBB931877C33559636B32B2
                                          SHA-512:02E319424ABE45A848E976AB21E6BBA2DF10AAF3A5E3CF3F628186C01A4217AA0E81575690C4BFF06DE50A67457F06A34ED5041FE630B8A82202728B667DBCA5
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_PYLIFECYCLE_H..# error "this header file must not be included directly"..#endif..../* Py_FrozenMain is kept out of the Limited API until documented and present.. in all builds of Python */..PyAPI_FUNC(int) Py_FrozenMain(int argc, char **argv);..../* Only used by applications that embed the interpreter and need to.. * override the standard encoding determination mechanism.. */..Py_DEPRECATED(3.11) PyAPI_FUNC(int) Py_SetStandardStreamEncoding(.. const char *encoding,.. const char *errors);..../* PEP 432 Multi-phase initialization API (Private while provisional!) */....PyAPI_FUNC(PyStatus) Py_PreInitialize(.. const PyPreConfig *src_config);..PyAPI_FUNC(PyStatus) Py_PreInitializeFromBytesArgs(.. const PyPreConfig *src_config,.. Py_ssize_t argc,.. char **argv);..PyAPI_FUNC(PyStatus) Py_PreInitializeFromArgs(.. const PyPreConfig *src_config,.. Py_ssize_t argc,.. wchar_t **argv);....PyAPI_FUNC(int) _Py_IsCoreInitialized(void);....../* Initializ

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pymem.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3477
                                          Entropy (8bit):5.1286140259952795
                                          Encrypted:false
                                          SSDEEP:48:Wcgj7h1hKfuuw0hiNmpNzTHo7G97yXQLFUuGliSsvQdNZd65liN3q7lcPRsA4G4W:Wc4fwsr8HTwQA1XNZ8z030A4G4ogJy
                                          MD5:E5E62995E21FDDB3F0B29DDAC77D7C9C
                                          SHA1:ABFE1179761F2E7F714209DD84DE7CD0C2B80C69
                                          SHA-256:4471EE830A01532450D95B83003DC2A8319267FB5ABBFBDEA20133DB0E640831
                                          SHA-512:512C7A37D6AAF55431746BAD694A0BCF5BEC0D72CAC8FAECD808C8B733DB9A72AB00808E2D21A4DB5E48464FBBB4CF7F4BD75157E66EE7EC3859866408EBDCFD
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_PYMEM_H..# error "this header file must not be included directly"..#endif....PyAPI_FUNC(void *) PyMem_RawMalloc(size_t size);..PyAPI_FUNC(void *) PyMem_RawCalloc(size_t nelem, size_t elsize);..PyAPI_FUNC(void *) PyMem_RawRealloc(void *ptr, size_t new_size);..PyAPI_FUNC(void) PyMem_RawFree(void *ptr);..../* Try to get the allocators name set by _PyMem_SetupAllocators(). */..PyAPI_FUNC(const char*) _PyMem_GetCurrentAllocatorName(void);..../* strdup() using PyMem_RawMalloc() */..PyAPI_FUNC(char *) _PyMem_RawStrdup(const char *str);..../* strdup() using PyMem_Malloc() */..PyAPI_FUNC(char *) _PyMem_Strdup(const char *str);..../* wcsdup() using PyMem_RawMalloc() */..PyAPI_FUNC(wchar_t*) _PyMem_RawWcsdup(const wchar_t *str);......typedef enum {.. /* PyMem_RawMalloc(), PyMem_RawRealloc() and PyMem_RawFree() */.. PYMEM_DOMAIN_RAW,.... /* PyMem_Malloc(), PyMem_Realloc() and PyMem_Free() */.. PYMEM_DOMAIN_MEM,.... /* PyObject_Malloc(), PyObject_Realloc() and PyO

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pystate.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17684
                                          Entropy (8bit):4.890581331936376
                                          Encrypted:false
                                          SSDEEP:384:aG3E5IBh8kGj9684NiyRLHD1f1o4h5sOVX79wDMc:aG3KIv8QrFU4hL79wIc
                                          MD5:97A2A818F681EC57524F50F49473EAC8
                                          SHA1:D95280BF15F51B3FE639063CF2E72D8772BD0648
                                          SHA-256:A2CE906E386C4896A862E4B2ED53733DE4E3C3C71923B50066E7A98AA099AEA0
                                          SHA-512:F5090E91C0E36E9A2C7223399306003C906B338BE67533D8BB0C28A18574AD94ED808C2E7B0FB5D2AD5E52A6BC50AA4DE6E8A2B422C876986CF8D29DE8BBF78D
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_PYSTATE_H..# error "this header file must not be included directly"..#endif....../*..Runtime Feature Flags....Each flag indicate whether or not a specific runtime feature..is available in a given context. For example, forking the process..might not be allowed in the current interpreter (i.e. os.fork() would fail)...*/..../* Set if the interpreter share obmalloc runtime state.. with the main interpreter. */..#define Py_RTFLAGS_USE_MAIN_OBMALLOC (1UL << 5)..../* Set if import should check a module for subinterpreter support. */..#define Py_RTFLAGS_MULTI_INTERP_EXTENSIONS (1UL << 8)..../* Set if threads are allowed. */..#define Py_RTFLAGS_THREADS (1UL << 10)..../* Set if daemon threads are allowed. */..#define Py_RTFLAGS_DAEMON_THREADS (1UL << 11)..../* Set if os.fork() is allowed. */..#define Py_RTFLAGS_FORK (1UL << 15)..../* Set if os.exec*() is allowed. */..#define Py_RTFLAGS_EXEC (1UL << 16)......PyAPI_FUNC(int) _PyInterpreterState_HasFeature(PyInterpreterState

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pythonrun.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5024
                                          Entropy (8bit):5.074670184727984
                                          Encrypted:false
                                          SSDEEP:96:hfcTyk0Vew9T8e7ZkadKZ/cTJm2JMQMSoWa4wfe+kqXeqXcqW5lh:qTyk0Vew9we76adKZ/cT72eV5f
                                          MD5:8377103014C3A1366D9C20E911313843
                                          SHA1:2F4408695609B71F8BF8B2520F37AB7AA47F4199
                                          SHA-256:9C415BC5DFCB585DBEF4034C8F74F8FFAE2844CB7864E67A155C5F9923D3613C
                                          SHA-512:39863C5761EEBDDFC5DDF6CB4E93D72527451FD8FE7C41893A915C62C82162804AF7C97B1BAEC939B0F28DC7947D8F3236C31C0835734D34FBDE8B0F468EAC90
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_PYTHONRUN_H..# error "this header file must not be included directly"..#endif....PyAPI_FUNC(int) PyRun_SimpleStringFlags(const char *, PyCompilerFlags *);..PyAPI_FUNC(int) _PyRun_SimpleFileObject(.. FILE *fp,.. PyObject *filename,.. int closeit,.. PyCompilerFlags *flags);..PyAPI_FUNC(int) PyRun_AnyFileExFlags(.. FILE *fp,.. const char *filename, /* decoded from the filesystem encoding */.. int closeit,.. PyCompilerFlags *flags);..PyAPI_FUNC(int) _PyRun_AnyFileObject(.. FILE *fp,.. PyObject *filename,.. int closeit,.. PyCompilerFlags *flags);..PyAPI_FUNC(int) PyRun_SimpleFileExFlags(.. FILE *fp,.. const char *filename, /* decoded from the filesystem encoding */.. int closeit,.. PyCompilerFlags *flags);..PyAPI_FUNC(int) PyRun_InteractiveOneFlags(.. FILE *fp,.. const char *filename, /* decoded from the filesystem encoding */.. PyCompilerFlags *flags);..PyAPI_FUNC(int) PyRun_InteractiveOneObject(

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pythread.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1468
                                          Entropy (8bit):5.1184739568883915
                                          Encrypted:false
                                          SSDEEP:24:twxibGLeGV9oc9raLUq3oZJM4TNYoZyt0ZqcBZZnRKQBxFCdVK//rxmxyovn:tcgY9gkGIZdTNYoZyt0Z9fNRLPFCdV2w
                                          MD5:F1995D4E98C3E9167A5CE7D764F3240B
                                          SHA1:AE44E07C00227C214F637A795E02FEB2985589AB
                                          SHA-256:D5CBA29AC2A11A7D31296BD43E5262D28919C91FC1BDEDF9D60FECFDC7E100F0
                                          SHA-512:382841A57688CA36630A956820370C8C305E0A31D43F1C478CAF864A01618590511B667051D1884A12A1E3A9D8F772F65B0CF6145E1CC29F13ED213AA4051394
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_PYTHREAD_H..# error "this header file must not be included directly"..#endif....#define PYTHREAD_INVALID_THREAD_ID ((unsigned long)-1)....#ifdef HAVE_FORK../* Private function to reinitialize a lock at fork in the child process... Reset the lock to the unlocked state... Return 0 on success, return -1 on error. */..PyAPI_FUNC(int) _PyThread_at_fork_reinit(PyThread_type_lock *lock);..#endif /* HAVE_FORK */....#ifdef HAVE_PTHREAD_H.. /* Darwin needs pthread.h to know type name the pthread_key_t. */..# include <pthread.h>..# define NATIVE_TSS_KEY_T pthread_key_t..#elif defined(NT_THREADS).. /* In Windows, native TSS key type is DWORD,.. but hardcode the unsigned long to avoid errors for include directive... */..# define NATIVE_TSS_KEY_T unsigned long..#elif defined(HAVE_PTHREAD_STUBS)..# include "cpython/pthread_stubs.h"..# define NATIVE_TSS_KEY_T pthread_key_t..#else..# error "Require native threads. See https://bugs.python.o

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\pytime.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12706
                                          Entropy (8bit):5.053869993604238
                                          Encrypted:false
                                          SSDEEP:384:CY5n/tXWPKCv5HjsEyy5oUpKQbIAPhF48TWO9BSY1Y8Ca:d5lXWPKo5HjsxOoUppIAJFfWO31Ca
                                          MD5:6442F7D49EBD82022E00678B24EAB974
                                          SHA1:6915A57D6D2ECAAEDEA4CD2F00EE6F87A4B8BEC8
                                          SHA-256:D3E525D1BBD1DD162D834B691F4083D1BFD55288971CCB7BAE2F3ADF460ABBC8
                                          SHA-512:77BC2919D2F4C1B9692F3BC32F1BC16EC5162117C6895452788D14C47086E42FBEC7BDAA4653A32EBF033B129C0D50C27226E3550B7FCF2593F33C9D06240C14
                                          Malicious:false
                                          Preview:// The _PyTime_t API is written to use timestamp and timeout values stored in..// various formats and to read clocks...//..// The _PyTime_t type is an integer to support directly common arithmetic..// operations like t1 + t2...//..// The _PyTime_t API supports a resolution of 1 nanosecond. The _PyTime_t type..// is signed to support negative timestamps. The supported range is around..// [-292.3 years; +292.3 years]. Using the Unix epoch (January 1st, 1970), the..// supported date range is around [1677-09-21; 2262-04-11]...//..// Formats:..//..// * seconds..// * seconds as a floating pointer number (C double)..// * milliseconds (10^-3 seconds)..// * microseconds (10^-6 seconds)..// * 100 nanoseconds (10^-7 seconds)..// * nanoseconds (10^-9 seconds)..// * timeval structure, 1 microsecond resolution (10^-6 seconds)..// * timespec structure, 1 nanosecond resolution (10^-9 seconds)..//..// Integer overflows are detected and raise OverflowError. Conversion to a..// resolution worse than 1 na

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\setobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2218
                                          Entropy (8bit):4.946357429772549
                                          Encrypted:false
                                          SSDEEP:48:IgcgVVCOiFNh+TyrAefqIFAlUeFoRLnktGH:5cKFi5nfqIFsaRLktGH
                                          MD5:890E79BA2C73F9EBE32EB8DBBD40EBBE
                                          SHA1:DB868B233630426A8AD75F06D910329606E4490C
                                          SHA-256:DAEA0D49FD15250859F20387B5BE4A6C85B6D01D810984D6B6E88263F328C069
                                          SHA-512:10A22F7F47876BFCF9AFD649C58839F245883679360F4D974F381A8B0DE244AC99A2245BD0CA0A99569912E3F3922E74622575CAB8281740E51E60B7B7713CDB
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_SETOBJECT_H..# error "this header file must not be included directly"..#endif..../* There are three kinds of entries in the table:....1. Unused: key == NULL and hash == 0..2. Dummy: key == dummy and hash == -1..3. Active: key != NULL and key != dummy and hash != -1....The hash field of Unused slots is always zero.....The hash field of Dummy slots are set to -1..meaning that dummy entries can be detected by..either entry->key==dummy or by entry->hash==-1...*/....#define PySet_MINSIZE 8....typedef struct {.. PyObject *key;.. Py_hash_t hash; /* Cached hash code of the key */..} setentry;..../* The SetObject data structure is shared by set and frozenset objects.....Invariant for sets:.. - hash is -1....Invariants for frozensets:.. - data is immutable... - hash is the hash of the frozenset or -1 if not computed yet.....*/....typedef struct {.. PyObject_HEAD.... Py_ssize_t fill; /* Number active and dummy entries*/.. Py_ssize_t us

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\sysmodule.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):505
                                          Entropy (8bit):4.99108483454011
                                          Encrypted:false
                                          SSDEEP:12:BSa/HQxib2E5nF36+Iq+JeqlSdd0J+7/vAn7pF:bwxibjlIpidSe6pF
                                          MD5:58FECAA2AEB3B93428BEDAD8A547F304
                                          SHA1:8150D2BF365DC611ED5EB8E5DBD9FA576285DA94
                                          SHA-256:3DE1277A0D20F6C4258AD7B63C6AF9377D8EB2A66667CD1C5709616A1E466CB6
                                          SHA-512:8D49D9C0A691922B6B633487EE0EAEBB0368D122B1441959BCAEC745CEE8760C19A60C48DE33F402D18FD4B8916FD7138D20512A98C9B7DF29D8ACC62B9B0FDE
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_SYSMODULE_H..# error "this header file must not be included directly"..#endif....PyAPI_FUNC(PyObject *) _PySys_GetAttr(PyThreadState *tstate,.. PyObject *name);....PyAPI_FUNC(size_t) _PySys_GetSizeOf(PyObject *);....typedef int(*Py_AuditHookFunction)(const char *, PyObject *, void *);....PyAPI_FUNC(int) PySys_Audit(.. const char *event,.. const char *argFormat,.. ...);..PyAPI_FUNC(int) PySys_AddAuditHook(Py_AuditHookFunction, void*);..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\traceback.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):460
                                          Entropy (8bit):4.99833604415647
                                          Encrypted:false
                                          SSDEEP:12:Bd2/HQxib2ERox0elhyLvu5lE02COWPdv:Uwxib+x0elhyLGE02ZWPdv
                                          MD5:AEE42A8030D1AD6C1C51BA1B9D26966E
                                          SHA1:C315296382339D2B5C05996A19B040EBA3F10417
                                          SHA-256:0C8306BDD6F4D5ECE7DB4F798024F8B59527C314FABB12ADD093BECD41E9F687
                                          SHA-512:816E8F902BD562D6EED69FEFF4B1DC90D34E95C8BD14DA0201D50D5A4FC3BC210A5B5925CE2F5E5DB7F033444789FD07F0C0A35C834F2B166426BFBF05367FA1
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_TRACEBACK_H..# error "this header file must not be included directly"..#endif....typedef struct _traceback PyTracebackObject;....struct _traceback {.. PyObject_HEAD.. PyTracebackObject *tb_next;.. PyFrameObject *tb_frame;.. int tb_lasti;.. int tb_lineno;..};....PyAPI_FUNC(int) _Py_DisplaySourceLine(PyObject *, PyObject *, int, int, int *, PyObject **);..PyAPI_FUNC(void) _PyTraceback_Add(const char *, const char *, int);..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\tupleobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1416
                                          Entropy (8bit):5.217048189115929
                                          Encrypted:false
                                          SSDEEP:24:plwxib+xpKtf4Ssh3XBEGeA08u+r5JZzaYSxshSp+J+yJ52zLJYSfJo1G7G:XcgYpQlM5FJZ2YZbJ+yjELJYyJo1eG
                                          MD5:48BD8528C0647BD552B28EBD495C270B
                                          SHA1:8AFA53CA1F4A25C3D6688104AA6403925FC87170
                                          SHA-256:71F4C54D1176F413217F0FC6041B3CFA86E76D692249E685DAE51427EFDC5818
                                          SHA-512:64496D931E0D79E925672B06632BCE950BA10FD7534AE0438EC88CBA717F3CCA6452544F6A129944C30DCFCE7AB65228F89C016C7F78E2DC64F09DEF8F1693F7
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_TUPLEOBJECT_H..# error "this header file must not be included directly"..#endif....typedef struct {.. PyObject_VAR_HEAD.. /* ob_item contains space for 'ob_size' elements... Items must normally not be NULL, except during construction when.. the tuple is not yet visible outside the function that builds it. */.. PyObject *ob_item[1];..} PyTupleObject;....PyAPI_FUNC(int) _PyTuple_Resize(PyObject **, Py_ssize_t);..PyAPI_FUNC(void) _PyTuple_MaybeUntrack(PyObject *);..../* Cast argument to PyTupleObject* type. */..#define _PyTuple_CAST(op) \.. (assert(PyTuple_Check(op)), _Py_CAST(PyTupleObject*, (op)))....// Macros and static inline functions, trading safety for speed....static inline Py_ssize_t PyTuple_GET_SIZE(PyObject *op) {.. PyTupleObject *tuple = _PyTuple_CAST(op);.. return Py_SIZE(tuple);..}..#define PyTuple_GET_SIZE(op) PyTuple_GET_SIZE(_PyObject_CAST(op))....#define PyTuple_GET_ITEM(op, index) (_PyTuple_CAST(op)->ob_item[(index)])...

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\unicodeobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):35430
                                          Entropy (8bit):5.092850151891502
                                          Encrypted:false
                                          SSDEEP:768:J5I1esU8jW8KHFuRsilJpIpZdk50vSC3MP:01eKp+1a
                                          MD5:1AB0A7BFEC371897F3AA59B2F94BB100
                                          SHA1:02677FC1EA7177593B850352ACAE2DA5F4BC0EDC
                                          SHA-256:E30309CEF3121311C2909F98CAC72C681C9CD5D01289E10E86CD8F2172ABE8FE
                                          SHA-512:060877D68A78B189DFE3ED697B26662730CF9A843C21508961732E8F0DFCC5C22153E134E86C6CE8B3743794847C90F56310F72AF0B5FD9029148C7B61686434
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_UNICODEOBJECT_H..# error "this header file must not be included directly"..#endif..../* Py_UNICODE was the native Unicode storage format (code unit) used by.. Python and represents a single Unicode element in the Unicode type... With PEP 393, Py_UNICODE is deprecated and replaced with a.. typedef to wchar_t. */..#define PY_UNICODE_TYPE wchar_t../* Py_DEPRECATED(3.3) */ typedef wchar_t Py_UNICODE;..../* --- Internal Unicode Operations ---------------------------------------- */....// Static inline functions to work with surrogates..static inline int Py_UNICODE_IS_SURROGATE(Py_UCS4 ch) {.. return (0xD800 <= ch && ch <= 0xDFFF);..}..static inline int Py_UNICODE_IS_HIGH_SURROGATE(Py_UCS4 ch) {.. return (0xD800 <= ch && ch <= 0xDBFF);..}..static inline int Py_UNICODE_IS_LOW_SURROGATE(Py_UCS4 ch) {.. return (0xDC00 <= ch && ch <= 0xDFFF);..}....// Join two surrogate characters and return a single Py_UCS4 value...static inline Py_UCS4 Py_UNICODE_JOIN_SURROGA

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\warnings.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):584
                                          Entropy (8bit):5.0246901215639435
                                          Encrypted:false
                                          SSDEEP:12:BB/HQxib2E5nlBKFvaKXXTnl2eh8XXQ/KIBPlUcEov:vwxibvBuaWhl8Q/K69P
                                          MD5:5D7E4BAB3FF84D842B58A08DD6BBFE4C
                                          SHA1:7F04AFE50508FC045172174004C2DB195AD6B0BA
                                          SHA-256:ED804F27A16BD31574F523D2539A6EFC97164AF32589DBE8363DF556E05754F2
                                          SHA-512:D86459922DB9E96CD985870F4EAC5549FEBC68FFBA296322E47FC4C12E86573AC635C0737997291254739CC719AC3584A9C24AF42770AE639234909C7D10E02C
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_WARNINGS_H..# error "this header file must not be included directly"..#endif....PyAPI_FUNC(int) PyErr_WarnExplicitObject(.. PyObject *category,.. PyObject *message,.. PyObject *filename,.. int lineno,.. PyObject *module,.. PyObject *registry);....PyAPI_FUNC(int) PyErr_WarnExplicitFormat(.. PyObject *category,.. const char *filename, int lineno,.. const char *module, PyObject *registry,.. const char *format, ...);....// DEPRECATED: Use PyErr_WarnEx() instead...#define PyErr_Warn(category, msg) PyErr_WarnEx((category), (msg), 1)..

                                          C:\Users\user\AppData\Roaming\windows\include\cpython\weakrefobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2088
                                          Entropy (8bit):4.903128485553285
                                          Encrypted:false
                                          SSDEEP:48:gcgpsjf3htgu30YUqx9wdDYP7MYi3RAKaknYCShFL7fPxnBKiH:gcJx4Yj0dsPsakYHhFvfPxB/H
                                          MD5:0CF27CC20309F2A1CBE835F3DD0C522E
                                          SHA1:5DC1B78FEEE892C0BED430369C578E8FD038306B
                                          SHA-256:F970FDF00AEFFC1EF6BC757118540B60FDCA99406FC9A7A844409A0D845E7A3F
                                          SHA-512:E82A82EC26235E741A463C23A78D49FB3FF05827B5F264D0E27BAD40DF1ADFF523DBB6B785FDD88459D6211F617C9624DFA4119D7B378AAFE11475275D8EB28A
                                          Malicious:false
                                          Preview:#ifndef Py_CPYTHON_WEAKREFOBJECT_H..# error "this header file must not be included directly"..#endif..../* PyWeakReference is the base struct for the Python ReferenceType, ProxyType,.. * and CallableProxyType... */..struct _PyWeakReference {.. PyObject_HEAD.... /* The object to which this is a weak reference, or Py_None if none... * Note that this is a stealth reference: wr_object's refcount is.. * not incremented to reflect this pointer... */.. PyObject *wr_object;.... /* A callable to invoke when wr_object dies, or NULL if none. */.. PyObject *wr_callback;.... /* A cache for wr_object's hash code. As usual for hashes, this is -1.. * if the hash code isn't known yet... */.. Py_hash_t hash;.... /* If wr_object is weakly referenced, wr_object has a doubly-linked NULL-.. * terminated list of weak references to it. These are the list pointers... * If wr_object goes away, wr_object is set to Py_None, and these pointers.. * have no

                                          C:\Users\user\AppData\Roaming\windows\include\datetime.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):10036
                                          Entropy (8bit):5.122122897743283
                                          Encrypted:false
                                          SSDEEP:96:nSAPj/BvFx1QZU5f5kU+HnVfBTyOC8nhnwN9okQcp7owPuB/JqM/5qRkAu/vZEO:nnP9NrQZAfsHnBwI5hZxaO
                                          MD5:5FEB604C021EB11655B90F0FC127431B
                                          SHA1:D6BE8187547F9E4D0B1F3DE2919C28808269A4DE
                                          SHA-256:19C1EA449F85E317BA55C23C95732A68F6203C777D8CF17F85C94D0C136EB9A2
                                          SHA-512:D20FAB6A92490D97DDFA762963DFB8F577FE4F92DB9A3C5F4C4FB65BA80B4C5535CAC7B446538379F0E3E95A02D907D584915B0ED64E6CDEB6B0002A9BE974A0
                                          Malicious:false
                                          Preview:/* datetime.h.. */..#ifndef Py_LIMITED_API..#ifndef DATETIME_H..#define DATETIME_H..#ifdef __cplusplus..extern "C" {..#endif..../* Fields are packed into successive bytes, each viewed as unsigned and.. * big-endian, unless otherwise noted:.. *.. * byte offset.. * 0 year 2 bytes, 1-9999.. * 2 month 1 byte, 1-12.. * 3 day 1 byte, 1-31.. * 4 hour 1 byte, 0-23.. * 5 minute 1 byte, 0-59.. * 6 second 1 byte, 0-59.. * 7 usecond 3 bytes, 0-999999.. * 10.. */..../* # of bytes for year, month, and day. */..#define _PyDateTime_DATE_DATASIZE 4..../* # of bytes for hour, minute, second, and usecond. */..#define _PyDateTime_TIME_DATASIZE 6..../* # of bytes for year, month, day, hour, minute, second, and usecond. */..#define _PyDateTime_DATETIME_DATASIZE 10......typedef struct..{.. PyObject_HEAD.. Py_hash_t hashcode; /* -1 when unknown */.. int days; /* -MAX_DELTA_DAYS

                                          C:\Users\user\AppData\Roaming\windows\include\descrobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3180
                                          Entropy (8bit):5.212921496890911
                                          Encrypted:false
                                          SSDEEP:48:ZfWwaGsI9t7GSuVlIi4KKY5XX/HKNJg+1ZQYSmFo:ZfWPo9t7GSuV2gfqQYSmFo
                                          MD5:B29F59C74716C469F9C8182CB06A7802
                                          SHA1:5DDC4AD0809AB3003E3EEE90086F90A93D156A76
                                          SHA-256:2E4F09C249040A11C26428EAAA0619960A658DFDDC20ED34D3D4CF818F2A4867
                                          SHA-512:A9D60B3BEDCA1937CB9C0C59E509053BD2C79C6E36C8088A1BBA457254674294041C4E58B5D4919798C5D17EC36A803D85194A1B68EEEC7264A387445ABBA990
                                          Malicious:false
                                          Preview:/* Descriptors */..#ifndef Py_DESCROBJECT_H..#define Py_DESCROBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....typedef PyObject *(*getter)(PyObject *, void *);..typedef int (*setter)(PyObject *, PyObject *, void *);....struct PyGetSetDef {.. const char *name;.. getter get;.. setter set;.. const char *doc;.. void *closure;..};....PyAPI_DATA(PyTypeObject) PyClassMethodDescr_Type;..PyAPI_DATA(PyTypeObject) PyGetSetDescr_Type;..PyAPI_DATA(PyTypeObject) PyMemberDescr_Type;..PyAPI_DATA(PyTypeObject) PyMethodDescr_Type;..PyAPI_DATA(PyTypeObject) PyWrapperDescr_Type;..PyAPI_DATA(PyTypeObject) PyDictProxy_Type;..PyAPI_DATA(PyTypeObject) PyProperty_Type;....PyAPI_FUNC(PyObject *) PyDescr_NewMethod(PyTypeObject *, PyMethodDef *);..PyAPI_FUNC(PyObject *) PyDescr_NewClassMethod(PyTypeObject *, PyMethodDef *);..PyAPI_FUNC(PyObject *) PyDescr_NewMember(PyTypeObject *, PyMemberDef *);..PyAPI_FUNC(PyObject *) PyDescr_NewGetSet(PyTypeObject *, PyGetSetDef *);....PyAPI_FUNC(PyObject *)

                                          C:\Users\user\AppData\Roaming\windows\include\dictobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3957
                                          Entropy (8bit):5.1908930842166825
                                          Encrypted:false
                                          SSDEEP:48:gMsfukOK4T5scN2CrOHex8FAEneZA3xAguRZJDA:gnFM9b4Crdx8XpfkZJDA
                                          MD5:D20468E39BD51A166F7C86510A11212E
                                          SHA1:693DBD03EC44BC8FAA850890931C045371A97D0D
                                          SHA-256:5CF8D61D4B6C0CCBD3E25CBCF2C4C90CB59898A9B483B61F38049010C64464F5
                                          SHA-512:980FF4A001EDAECF9928D8AF96CA678973001DD0185BBE01B18266132D27A942382AC1EB29DD1A06872DBA0A1DFC42EA5344EC969EDDD47A02C6A8A51E0A1916
                                          Malicious:false
                                          Preview:#ifndef Py_DICTOBJECT_H..#define Py_DICTOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif..../* Dictionary object type -- mapping from hashable object to object */..../* The distribution includes a separate file, Objects/dictnotes.txt,.. describing explorations into dictionary design and optimization... It covers typical dictionary use patterns, the parameters for.. tuning dictionaries, and several ideas for possible optimizations...*/....PyAPI_DATA(PyTypeObject) PyDict_Type;....#define PyDict_Check(op) \.. PyType_FastSubclass(Py_TYPE(op), Py_TPFLAGS_DICT_SUBCLASS)..#define PyDict_CheckExact(op) Py_IS_TYPE((op), &PyDict_Type)....PyAPI_FUNC(PyObject *) PyDict_New(void);..PyAPI_FUNC(PyObject *) PyDict_GetItem(PyObject *mp, PyObject *key);..PyAPI_FUNC(PyObject *) PyDict_GetItemWithError(PyObject *mp, PyObject *key);..PyAPI_FUNC(int) PyDict_SetItem(PyObject *mp, PyObject *key, PyObject *item);..PyAPI_FUNC(int) PyDict_DelItem(PyObject *mp, PyObject *key);..PyAPI_FUNC(

                                          C:\Users\user\AppData\Roaming\windows\include\dynamic_annotations.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22970
                                          Entropy (8bit):5.103276806113682
                                          Encrypted:false
                                          SSDEEP:384:jrsZqwzgPjymk1Va56g4WAQRodgImv9USD5p2TIv4F7Z3iyGdUbC/:jAzgPjlkjaVAQRodhmv9pn2TDF93iyG1
                                          MD5:4F07D9613490E5D737060B0B4C293ADC
                                          SHA1:4D88371BAB39A92D9A660ADE90BF28D60148ABA5
                                          SHA-256:BF89A0C7BF40CF5C97BED63BB8C9C25ED93544833BF4CFF483FAFAC8245C9B0F
                                          SHA-512:A08DCDAF7082B1F7B091BC9D9ECBD7F6EF8FEA72B7798AC218407406EBDE591C3A38F3E410E4A17D63A44680B20D50BC04A4D558A7D4DCCE0C4BD39FD6CACE6C
                                          Malicious:false
                                          Preview:/* Copyright (c) 2008-2009, Google Inc... * All rights reserved... *.. * Redistribution and use in source and binary forms, with or without.. * modification, are permitted provided that the following conditions are.. * met:.. *.. * * Redistributions of source code must retain the above copyright.. * notice, this list of conditions and the following disclaimer... * * Neither the name of Google Inc. nor the names of its.. * contributors may be used to endorse or promote products derived from.. * this software without specific prior written permission... *.. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT.. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,.. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT.

                                          C:\Users\user\AppData\Roaming\windows\include\enumobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):270
                                          Entropy (8bit):5.124776919282634
                                          Encrypted:false
                                          SSDEEP:3:YkLko+6P2Q0Pjo+6h8FOQI28AGRKmGjQ6QMtZb6TzJ581iHe7YJ581DFEvGHGjQc:BD2Q0u8Ad2xjQ6z3ueBhG5jQ6dKQ
                                          MD5:EF325605B8543385361518B5851C081C
                                          SHA1:E5547AAF812F76ADD841C4DD473EF6B87F9BF5D3
                                          SHA-256:469C8A7BBCA8A67FD17BC728A1D6D4225C4C0566475774B5DEB655462F058659
                                          SHA-512:A7A676339EA79E81D82B59A298DB0F9C3A2E304592828FD95903017F2613EF049AAA13B89C87A7ACEBE45A7B8B9F938E7A05802FC42CD75E40D1C025D99E2E9E
                                          Malicious:false
                                          Preview:#ifndef Py_ENUMOBJECT_H..#define Py_ENUMOBJECT_H..../* Enumerate Object */....#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PyEnum_Type;..PyAPI_DATA(PyTypeObject) PyReversed_Type;....#ifdef __cplusplus..}..#endif....#endif /* !Py_ENUMOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\errcode.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1817
                                          Entropy (8bit):4.645101362811805
                                          Encrypted:false
                                          SSDEEP:24:UsYLLCAHrNiZVUUmcF8r6F4d1sjlFgt2veBKAAscjNC6wH//CLcB+Ek/:8brQUi8sjXMKg2wHccB+p/
                                          MD5:07679B5432B9FEF1FE8FC28AAC2FC591
                                          SHA1:48812742ABC6C994B449E061C3015FEF441C202C
                                          SHA-256:737D53F8259E5B46765D48C154669A6EECE8177CB7B0702039D6C24792C7201E
                                          SHA-512:318F0C8FBCA50F67316D564C94992B77F6B37A330B5722254E539515D9976CDDF272E2563202F63C3E78C9B92A2F2BD0AF0A44E33F24F12B573706418533B46E
                                          Malicious:false
                                          Preview:#ifndef Py_ERRCODE_H..#define Py_ERRCODE_H..#ifdef __cplusplus..extern "C" {..#endif..../* Error codes passed around between file input, tokenizer, parser and.. interpreter. This is necessary so we can turn them into Python.. exceptions at a higher level. Note that some errors have a.. slightly different meaning when passed from the tokenizer to the.. parser than when passed from the parser to the interpreter; e.g... the parser only returns E_EOF when it hits EOF immediately, and it.. never returns E_OK. */....#define E_OK 10 /* No error */..#define E_EOF 11 /* End Of File */..#define E_INTR 12 /* Interrupted */..#define E_TOKEN 13 /* Bad token */..#define E_SYNTAX 14 /* Syntax error */..#define E_NOMEM 15 /* Ran out of memory */..#define E_DONE 16 /* Parsing complete */..#define E_ERROR 17 /* Execution error */..#define E_TABSPACE 18 /* Inconsi

                                          C:\Users\user\AppData\Roaming\windows\include\exports.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1303
                                          Entropy (8bit):5.0377119664077945
                                          Encrypted:false
                                          SSDEEP:24:5lfgGr/RQrNRIeXHWQkTPGI4qeR74nju2kQQL:nfgGlH+IaR8y3
                                          MD5:E93C3D37A144F0217DB37091E7652F6A
                                          SHA1:01E37A39587DCFE5E922F86B20926975C2AF5869
                                          SHA-256:D0FB5200D025BB849A1B0D9DA5C9D9CB7D3E8634CD1521AAE9FC5FC76FF5B623
                                          SHA-512:4E90F7E67C83431514C1EA65F8992C0780ED5A0E6638CD22481054B481B1C418696FFD6A369CA05086F7D063EB69E50BB8B26DF354E56077E0E7E56C00991AD7
                                          Malicious:false
                                          Preview:#ifndef Py_EXPORTS_H..#define Py_EXPORTS_H....#if defined(_WIN32) || defined(__CYGWIN__).. #if defined(Py_ENABLE_SHARED).. #define Py_IMPORTED_SYMBOL __declspec(dllimport).. #define Py_EXPORTED_SYMBOL __declspec(dllexport).. #define Py_LOCAL_SYMBOL.. #else.. #define Py_IMPORTED_SYMBOL.. #define Py_EXPORTED_SYMBOL.. #define Py_LOCAL_SYMBOL.. #endif..#else../*.. * If we only ever used gcc >= 5, we could use __has_attribute(visibility).. * as a cross-platform way to determine if visibility is supported. However,.. * we may still need to support gcc >= 4, as some Ubuntu LTS and Centos versions.. * have 4 < gcc < 5... */.. #ifndef __has_attribute.. #define __has_attribute(x) 0 // Compatibility with non-clang compilers... #endif.. #if (defined(__GNUC__) && (__GNUC__ >= 4)) ||\.. (defined(__clang__) && __has_attribute(visibility)).. #define Py_IMPORTED_SYMBOL __attribute__ ((visibility ("default"))).. #defi

                                          C:\Users\user\AppData\Roaming\windows\include\fileobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1699
                                          Entropy (8bit):5.316102365915941
                                          Encrypted:false
                                          SSDEEP:24:pyFYJ4vAQm3ujhFr7Qs7GaDPfMMvz6sGTqEV/KIdiYCY/oujnjalj0UE:wFLzm3ujEtaDHMY6sGTqkzml2
                                          MD5:1509869174E08BF2FE7C91A4FB23CF0A
                                          SHA1:F3D8F1C37F77FCD9EFE2C9D64CAD5EAC479B3D2A
                                          SHA-256:44E912F70D933B6A5C1DF1584799671D10B984DAB9B940B37EEE0E6E1B94378B
                                          SHA-512:04CCE974AEDCB90A024FA15A1185516276220D11BCCAE41BA6C6E057793A8415A8785FBFC9FCA318831E0D9A4D3F1B0533B37AB76BF2CDDD39E4106785297B84
                                          Malicious:false
                                          Preview:/* File object interface (what's left of it -- see io.py) */....#ifndef Py_FILEOBJECT_H..#define Py_FILEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#define PY_STDIOTEXTMODE "b"....PyAPI_FUNC(PyObject *) PyFile_FromFd(int, const char *, const char *, int,.. const char *, const char *,.. const char *, int);..PyAPI_FUNC(PyObject *) PyFile_GetLine(PyObject *, int);..PyAPI_FUNC(int) PyFile_WriteObject(PyObject *, PyObject *, int);..PyAPI_FUNC(int) PyFile_WriteString(const char *, PyObject *);..PyAPI_FUNC(int) PyObject_AsFileDescriptor(PyObject *);..../* The default encoding used by the platform file system APIs.. If non-NULL, this is different than the default encoding for strings..*/..Py_DEPRECATED(3.12) PyAPI_DATA(const char *) Py_FileSystemDefaultEncoding;..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03060000..Py_DEPRECATED(3.12) PyAPI_DATA(const char *) Py_FileSystemDefaultEncodeErrors;..#endif

                                          C:\Users\user\AppData\Roaming\windows\include\fileutils.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):533
                                          Entropy (8bit):5.262910041141389
                                          Encrypted:false
                                          SSDEEP:12:BAOfsmNELN8zlZNE0JqQerCJ7sotc7oFBLorrPD:VbCOPN7qauF0lyzD
                                          MD5:467643A21BBDF939E59D7C53BA5821AB
                                          SHA1:4BB4A5A7867DA4957EC577C08793E3F4E4A10BF7
                                          SHA-256:B07EA9C8C3975A1FF9D289B8DDAAE2A3BDDA2D4B3AD28615950EDE52B325F591
                                          SHA-512:CE7CF8DDB8ACBBE8B81B6197555343293C24B4AFCBDF62E54F74BB395438DF104104E958056550DDD5419C6F280FFFA6DAB4B744A4F748D0CCC32A0BEBE600E5
                                          Malicious:false
                                          Preview:#ifndef Py_FILEUTILS_H..#define Py_FILEUTILS_H..#ifdef __cplusplus..extern "C" {..#endif....#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03050000..PyAPI_FUNC(wchar_t *) Py_DecodeLocale(.. const char *arg,.. size_t *size);....PyAPI_FUNC(char*) Py_EncodeLocale(.. const wchar_t *text,.. size_t *error_pos);..#endif....#ifndef Py_LIMITED_API..# define Py_CPYTHON_FILEUTILS_H..# include "cpython/fileutils.h"..# undef Py_CPYTHON_FILEUTILS_H..#endif....#ifdef __cplusplus..}..#endif..#endif /* !Py_FILEUTILS_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\floatobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1586
                                          Entropy (8bit):4.944717018882962
                                          Encrypted:false
                                          SSDEEP:24:jdjzQVkZQoRDC6O5XHPCPsOq1SuPGGm+twt:jROCW3PCPsT1SuPm+tC
                                          MD5:349DB80A65D2891EB51CC03BC2FC9417
                                          SHA1:966C11341E57E932240672B0566D5BBAB86F0D9C
                                          SHA-256:143630CCF4E2445581DB09F8ADBA2C86D5380EEE68D8A752F7F9B9017F109DCA
                                          SHA-512:0F08F8C7A733F6286E5F21161A3CC652704BDED719D6F7A915F1E2CA1D81CC6A7B7C43BC249A8A91F6478AC503BD5EF2EC5EBAFB955BB3A5CB3CDD71932F457B
                                          Malicious:false
                                          Preview:../* Float object interface */..../*..PyFloatObject represents a (double precision) floating point number...*/....#ifndef Py_FLOATOBJECT_H..#define Py_FLOATOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PyFloat_Type;....#define PyFloat_Check(op) PyObject_TypeCheck(op, &PyFloat_Type)..#define PyFloat_CheckExact(op) Py_IS_TYPE((op), &PyFloat_Type)....#define Py_RETURN_NAN return PyFloat_FromDouble(Py_NAN)....#define Py_RETURN_INF(sign) \.. do { \.. if (copysign(1., sign) == 1.) { \.. return PyFloat_FromDouble(Py_HUGE_VAL); \.. } \.. else { \.. return PyFloat_FromDouble(-Py_HUGE_VAL); \.. } \.. } while(0)....PyAPI_FUNC(double) PyFloat_GetMax(void);..PyAPI_FUNC(double) PyFloat_GetMin(void);..PyAPI_FU

                                          C:\Users\user\AppData\Roaming\windows\include\frameobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):356
                                          Entropy (8bit):5.166839299334996
                                          Encrypted:false
                                          SSDEEP:6:UbSHKoqrIxv4mA2Q0Phv4mAmjQ6zMAserCJs0fSq4mAwAkV5Kzy3Bpq4mAVjQ6dO:UbSmrRcaqMAserCJ7G/cp3BFZ2l
                                          MD5:EBC4DAF5237CECED6E0692668597F2CB
                                          SHA1:C651EA83ABCB608FB363D21D408239880394EA7D
                                          SHA-256:52E7B1F56DA8F7E78A2567FE9AF98C6F97250F0BBB81951DF4215C8BD1C468F7
                                          SHA-512:3A1D4F1CA1C69BEBCFEB7DC9F3E0BB71DB225184AEAB9639DC5BD5BE2F8753B3619F82109B3935E274833DA6C80A87F66A6DDD7CB1E16BB1368A92D8AD427CEE
                                          Malicious:false
                                          Preview:/* Frame object interface */....#ifndef Py_FRAMEOBJECT_H..#define Py_FRAMEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#include "pyframe.h"....#ifndef Py_LIMITED_API..# define Py_CPYTHON_FRAMEOBJECT_H..# include "cpython/frameobject.h"..# undef Py_CPYTHON_FRAMEOBJECT_H..#endif....#ifdef __cplusplus..}..#endif..#endif /* !Py_FRAMEOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\genericaliasobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):348
                                          Entropy (8bit):5.354149111571425
                                          Encrypted:false
                                          SSDEEP:6:j7eE41HOQFn3v1rx2Q0PimjQ6zheWENrF+i5jQ6dne:j7U1Hpv1rgHVhnEqge
                                          MD5:8F84875A052BF2CC69C8695AB9CE8BC0
                                          SHA1:841CA5B940D9B7E27B825F1E9600D4F778C658C5
                                          SHA-256:3EBD563F70F3D317558774E74916AF1C294852FD943E041A79DC46C8FBCC458E
                                          SHA-512:3571A31790779EB12BDFADE31CEC79D6299336041E483D87DED81000CE1E56451B495199B61F48B3F4856C1433CE5FDA21BD15BF83E8A78431CB541C707D5B5D
                                          Malicious:false
                                          Preview:// Implementation of PEP 585: support list[int] etc...#ifndef Py_GENERICALIASOBJECT_H..#define Py_GENERICALIASOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_FUNC(PyObject *) Py_GenericAlias(PyObject *, PyObject *);..PyAPI_DATA(PyTypeObject) Py_GenericAliasType;....#ifdef __cplusplus..}..#endif..#endif /* !Py_GENERICALIASOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\import.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3131
                                          Entropy (8bit):5.162233212678965
                                          Encrypted:false
                                          SSDEEP:48:5s0HAnqznc1vH8tAYimSHomuQsnDHYL+Rk:jYQAH8WHuVb7k
                                          MD5:BB067CEE86A2558D0D7107180E53EEDE
                                          SHA1:94181ED1CBD11173D2656BCFAD5CAC897C2BB647
                                          SHA-256:EBCEDC84109D94B9A1525055BBC5E33997F51A92597525ABA037372FDEE83065
                                          SHA-512:00039A81D143EB44A128A52121BB2218A7DFB15F69BF63C186B685A9B0837CDE15AAC81C60BAADEB5FE9A57FE06F001483288BD485BB03E801235EF3CC08F825
                                          Malicious:false
                                          Preview:/* Module definition and import interface */....#ifndef Py_IMPORT_H..#define Py_IMPORT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_FUNC(long) PyImport_GetMagicNumber(void);..PyAPI_FUNC(const char *) PyImport_GetMagicTag(void);..PyAPI_FUNC(PyObject *) PyImport_ExecCodeModule(.. const char *name, /* UTF-8 encoded string */.. PyObject *co.. );..PyAPI_FUNC(PyObject *) PyImport_ExecCodeModuleEx(.. const char *name, /* UTF-8 encoded string */.. PyObject *co,.. const char *pathname /* decoded from the filesystem encoding */.. );..PyAPI_FUNC(PyObject *) PyImport_ExecCodeModuleWithPathnames(.. const char *name, /* UTF-8 encoded string */.. PyObject *co,.. const char *pathname, /* decoded from the filesystem encoding */.. const char *cpathname /* decoded from the filesystem encoding */.. );..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03030000..PyAPI_FUNC(PyObject *) PyImport_ExecCodeModuleObj

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_abstract.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):636
                                          Entropy (8bit):5.361409062040798
                                          Encrypted:false
                                          SSDEEP:12:B65HL5R4r3Z/HQUZaQGILK51KHEEWM7zctcyClGv6p7QXETxWp7QXETn8:ghLQxwUZaGLKrzOctPClFpypRn8
                                          MD5:937A46B9B22DD30FE421F80C6EEFB7E1
                                          SHA1:A12AB55C2ED65F39092BDC3E470CEEE05583C2E3
                                          SHA-256:6543DF7069F341CF7E02E74848BA5D8DDCBEC7417FF246C774DC53CC2EF6EC09
                                          SHA-512:6234838C7E93B6E2945454EB3D0A2CFD3B7C5A4299CE16DA6D234511D4BB44DD7876AB855105CF6FDA18E015A26E83F00B508788CD4B96EBF8179BF14E740631
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_ABSTRACT_H..#define Py_INTERNAL_ABSTRACT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....// Fast inlined version of PyIndex_Check()..static inline int.._PyIndex_Check(PyObject *obj)..{.. PyNumberMethods *tp_as_number = Py_TYPE(obj)->tp_as_number;.. return (tp_as_number != NULL && tp_as_number->nb_index != NULL);..}....PyObject *_PyNumber_PowerNoMod(PyObject *lhs, PyObject *rhs);..PyObject *_PyNumber_InPlacePowerNoMod(PyObject *lhs, PyObject *rhs);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_ABSTRACT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_asdl.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3147
                                          Entropy (8bit):5.121648955294648
                                          Encrypted:false
                                          SSDEEP:96:Jx+ksczjKtKK6TYNCfl0twpSsqwsf/sdM+I7mbqb9:JckskKtKK6TYel0D/su+I7mbqb9
                                          MD5:FBAC80DB779D16C9825E00F010B1EA8F
                                          SHA1:71CD564596F135BCFEADD576E34C93F31D4C4499
                                          SHA-256:528062FC59B7D04054CF23D05998BBB265681C6C25F192A75F31A91B9C9C061E
                                          SHA-512:259C98821554F7C8E2C761DA9BE31F4A0C985A50CA2AEDAEB3A834A05EFC7CCEA92F9197314951B5D661578662D67A2BD8CF0E1CD38BFE135092B0EC11075B6F
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_ASDL_H..#define Py_INTERNAL_ASDL_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_pyarena.h" // _PyArena_Malloc()....typedef PyObject * identifier;..typedef PyObject * string;..typedef PyObject * object;..typedef PyObject * constant;..../* It would be nice if the code generated by asdl_c.py was completely.. independent of Python, but it is a goal the requires too much work.. at this stage. So, for example, I'll represent identifiers as.. interned Python strings...*/....#define _ASDL_SEQ_HEAD \.. Py_ssize_t size; \.. void **elements;....typedef struct {.. _ASDL_SEQ_HEAD..} asdl_seq;....typedef struct {.. _ASDL_SEQ_HEAD.. void *typed_elements[1];..} asdl_generic_seq;....typedef struct {.. _ASDL_SEQ_HEAD.. PyObject *typed_elements[1];..} asdl_identifier_seq;....typedef struct {.. _ASDL_SEQ_HEAD.. int typed_elements[1];..} asdl_

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_ast.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):32210
                                          Entropy (8bit):4.331248539773084
                                          Encrypted:false
                                          SSDEEP:768:F9fpUq9KCb9lFwsO4sehRmsNPQhxsxByKjTu7KXgf6bfLEKZJ311gJhISKhc186a:PpUq9ZBwsO4sehlaxsjyKjTuOgf6bfLF
                                          MD5:B18CE53245064E1FFDFB095CF21FE3B5
                                          SHA1:55A757066DEF2B0CD8B84BA3D38352602836F6E1
                                          SHA-256:41BC1CAD10A1C5AB356F755564E66BBA103BC69299DDE37A08E0F2C13BAC0968
                                          SHA-512:EB17E8353A781B89F85B97DAC474B8B50A075C1B12CBC872C2C438B87C66BF0B68C6FE7A98B087151812214CD4C4B59810F30008DB7AD06F17E2543DBA21A4E4
                                          Malicious:false
                                          Preview:// File automatically generated by Parser/asdl_c.py.....#ifndef Py_INTERNAL_AST_H..#define Py_INTERNAL_AST_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_asdl.h"....typedef struct _mod *mod_ty;....typedef struct _stmt *stmt_ty;....typedef struct _expr *expr_ty;....typedef enum _expr_context { Load=1, Store=2, Del=3 } expr_context_ty;....typedef enum _boolop { And=1, Or=2 } boolop_ty;....typedef enum _operator { Add=1, Sub=2, Mult=3, MatMult=4, Div=5, Mod=6, Pow=7,.. LShift=8, RShift=9, BitOr=10, BitXor=11, BitAnd=12,.. FloorDiv=13 } operator_ty;....typedef enum _unaryop { Invert=1, Not=2, UAdd=3, USub=4 } unaryop_ty;....typedef enum _cmpop { Eq=1, NotEq=2, Lt=3, LtE=4, Gt=5, GtE=6, Is=7, IsNot=8,.. In=9, NotIn=10 } cmpop_ty;....typedef struct _comprehension *comprehension_ty;....typedef struct _excepthandler *except

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_ast_state.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7014
                                          Entropy (8bit):4.591399887344521
                                          Encrypted:false
                                          SSDEEP:192:vcV6kWgpjrqL/z/qFbD3jJAuLNFV2OaB/HlaFtt+H:DaFtU
                                          MD5:1F782E7676314ABEC7F782A0F25713E5
                                          SHA1:697B4E91C52FFBC114B12918A4C01247DD5D54AC
                                          SHA-256:F68F3D75B9CE0D2B10484D5A55F432A3253E425F91E22D92699D9A95BB0E4382
                                          SHA-512:9FF51C407CFF42C268727EE5ED2AA8EEAF07F8C64CF7ECB21F41FA5AEF4E658E1EA85F6E3DD3911A2A4938F90C8DC472955C0AAE3DEAD1ADC8A8FA40DB24E512
                                          Malicious:false
                                          Preview:// File automatically generated by Parser/asdl_c.py.....#ifndef Py_INTERNAL_AST_STATE_H..#define Py_INTERNAL_AST_STATE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....struct ast_state {.. int initialized;.. int unused_recursion_depth;.. int unused_recursion_limit;.. PyObject *AST_type;.. PyObject *Add_singleton;.. PyObject *Add_type;.. PyObject *And_singleton;.. PyObject *And_type;.. PyObject *AnnAssign_type;.. PyObject *Assert_type;.. PyObject *Assign_type;.. PyObject *AsyncFor_type;.. PyObject *AsyncFunctionDef_type;.. PyObject *AsyncWith_type;.. PyObject *Attribute_type;.. PyObject *AugAssign_type;.. PyObject *Await_type;.. PyObject *BinOp_type;.. PyObject *BitAnd_singleton;.. PyObject *BitAnd_type;.. PyObject *BitOr_singleton;.. PyObject *BitOr_type;.. PyObject *BitXor_singleton;.. PyObject *BitXor_type;.. PyObject *BoolOp_

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_atexit.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1206
                                          Entropy (8bit):4.992514407433396
                                          Encrypted:false
                                          SSDEEP:24:gGLTxwUZaGTRago0rOhr/x4gVx9YaASv6EIBRTnqy:gOTxbadS4p4gT956RDqy
                                          MD5:1D1AB51D133DF7A7FBFDE70E47B72033
                                          SHA1:1B4823EDD89DDC9F3359C491F291C3C14D79D59C
                                          SHA-256:FBBCD4A2C8FFE806E232A4EA3F73FC4DF5E58E912D5264A6A9B26BF9ABD7DA72
                                          SHA-512:18BEC63543BA4F044D6CDD07CA5C3DFA64F1C9AA64AE4B2C880B3D7810BC3392995F0CD6049274A549B267E3E33B883B069AFFE2774AFEC3D787E711975793AE
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_ATEXIT_H..#define Py_INTERNAL_ATEXIT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......//###############..// runtime atexit....typedef void (*atexit_callbackfunc)(void);....struct _atexit_runtime_state {.. PyThread_type_lock mutex;..#define NEXITFUNCS 32.. atexit_callbackfunc callbacks[NEXITFUNCS];.. int ncallbacks;..};......//###################..// interpreter atexit....struct atexit_callback;..typedef struct atexit_callback {.. atexit_datacallbackfunc func;.. void *data;.. struct atexit_callback *next;..} atexit_callback;....typedef struct {.. PyObject *func;.. PyObject *args;.. PyObject *kwargs;..} atexit_py_callback;....struct atexit_state {.. atexit_callback *ll_callbacks;.. atexit_callback *last_ll_callback;.... // XXX The rest of the state could be moved to the atexit module state.. // and a low-level callback added for it during modul

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_atomic.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):17536
                                          Entropy (8bit):5.072704150767552
                                          Encrypted:false
                                          SSDEEP:384:YeRnIoV5tPM8n5aKoiVRiRaKMI+3Imatm7BbE6W+kQKM6tlbvwj0bROKn5:/JvyiCChu6Sp5
                                          MD5:A44C450C10E31E8BC2DD32B9F9277918
                                          SHA1:877FC5C9D2E5434BCA35CBD50E92DC2E57F1B1AB
                                          SHA-256:8F5BF76B7AACC3BDD0B305DE42947BCE33E20B32A31BD0E7F827756EF45AEA07
                                          SHA-512:315948953BD8EB0B74CF5167515DDDB4C94CEB18F563611FD2C2B6D1065236FD587C31C66045438BEF563F97691867FA915194FBEE405BAE20D7AE240120C187
                                          Malicious:false
                                          Preview:#ifndef Py_ATOMIC_H..#define Py_ATOMIC_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "dynamic_annotations.h" /* _Py_ANNOTATE_MEMORY_ORDER */..#include "pyconfig.h"....#ifdef HAVE_STD_ATOMIC..# include <stdatomic.h>..#endif......#if defined(_MSC_VER)..#include <intrin.h>..#if defined(_M_IX86) || defined(_M_X64)..# include <immintrin.h>..#endif..#endif..../* This is modeled after the atomics interface from C1x, according to.. * the draft at.. * http://www.open-std.org/JTC1/SC22/wg14/www/docs/n1425.pdf... * Operations and types are named the same except with a _Py_ prefix.. * and have the same semantics... *.. * Beware, the implementations here are deep magic... */....#if defined(HAVE_STD_ATOMIC)....typedef enum _Py_memory_order {.. _Py_memory_order_relaxed = memory_order_relaxed,.. _Py_memory_order_acquire = memory_order_acquire,.. _Py_memory_order_release = memory_order_release,

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_atomic_funcs.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2532
                                          Entropy (8bit):5.096240366600643
                                          Encrypted:false
                                          SSDEEP:48:0fb3FdenpLxban0yLdd+RddKYqSj/hjSYhtMYKdh/sdi0l6:4b1QpLx+nPpYRddKfSjRSYjMphEi0l6
                                          MD5:6CF03CFD0AA8D67D7B3DB29FF9D21A25
                                          SHA1:E2D3DF71CDA964302B513433DD2B90CF276D06C3
                                          SHA-256:9E01A0C8EA3E54B1D939C8752539DAC42F7C3628D8DE7D80837A714616095887
                                          SHA-512:39AF5E8023C0CFA41851A83F366A99DBBED16E7EB7F49FEDDF4C8E4BDF0F78BF4633DBC6AA59ABABB38689CD428B67A76A8FBE96BC93D69548D871F7BA4C125E
                                          Malicious:false
                                          Preview:/* Atomic functions: similar to pycore_atomic.h, but don't need.. to declare variables as atomic..... Py_ssize_t type:.... * value = _Py_atomic_size_get(&var).. * _Py_atomic_size_set(&var, value).... Use sequentially-consistent ordering (__ATOMIC_SEQ_CST memory order):.. enforce total ordering with all other atomic functions...*/..#ifndef Py_ATOMIC_FUNC_H..#define Py_ATOMIC_FUNC_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#if defined(_MSC_VER)..# include <intrin.h> // _InterlockedExchange()..#endif......// Use builtin atomic operations in GCC >= 4.7 and clang..#ifdef HAVE_BUILTIN_ATOMIC....static inline Py_ssize_t _Py_atomic_size_get(Py_ssize_t *var)..{.. return __atomic_load_n(var, __ATOMIC_SEQ_CST);..}....static inline void _Py_atomic_size_set(Py_ssize_t *var, Py_ssize_t value)..{.. __atomic_store_n(var, value, __ATOMIC_SEQ_CST);..}....#elif defined(_MSC_VER)....st

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_bitutils.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, Unicode text, UTF-8 text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6248
                                          Entropy (8bit):5.222207727131199
                                          Encrypted:false
                                          SSDEEP:192:bcn8ZFGdRONkRNYHRYNiRJdkRpnRw+/8HU80RLrR5EWrSnQCU84/OIvL:+8ZFGjONWKxYNofWpRF0HU8mBXrklU8S
                                          MD5:B3ECD795E52B67845E4ACADCD56B6119
                                          SHA1:6160206A15FDAB5F831891939ECEDACA90C8FEAC
                                          SHA-256:599354E65503E1FE76FD1D7EDF75BA1B0ACB2151CA12C541E5DE4DF207695D5E
                                          SHA-512:9715922927499707F9141A8E8EEEEFF0CD0BE9A60E7A4743699FAEDA28F754987C36CA71DEBD9DB47E08950ADE998CDB870C3067E01C549EA360DB29834876D0
                                          Malicious:false
                                          Preview:/* Bit and bytes utilities..... Bytes swap functions, reverse order of bytes:.... - _Py_bswap16(uint16_t).. - _Py_bswap32(uint32_t).. - _Py_bswap64(uint64_t)..*/....#ifndef Py_INTERNAL_BITUTILS_H..#define Py_INTERNAL_BITUTILS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#if defined(__GNUC__) \.. && ((__GNUC__ >= 5) || (__GNUC__ == 4) && (__GNUC_MINOR__ >= 8)).. /* __builtin_bswap16() is available since GCC 4.8,.. __builtin_bswap32() is available since GCC 4.3,.. __builtin_bswap64() is available since GCC 4.3. */..# define _PY_HAVE_BUILTIN_BSWAP..#endif....#ifdef _MSC_VER.. /* Get _byteswap_ushort(), _byteswap_ulong(), _byteswap_uint64() */..# include <intrin.h>..#endif....static inline uint16_t.._Py_bswap16(uint16_t word)..{..#if defined(_PY_HAVE_BUILTIN_BSWAP) || _Py__has_builtin(__builtin_bswap16).. return __builtin_bswap16(word);..#elif defined(_MSC_VER).. Py_B

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_blocks_output_buffer.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9004
                                          Entropy (8bit):5.061855730041505
                                          Encrypted:false
                                          SSDEEP:192:aZQNGdG2GRmGRDLSrdmq833lI8ElURUtR3tmoV+l+RO+g/xGb:N7DLkTU3SORO3tBYl+RO+k+
                                          MD5:C7F4F7B3C1325AC902929248DB77C968
                                          SHA1:19C95173C6EB40608B788312734FE3655D1A2656
                                          SHA-256:2D9640645019C4BD889530F95811CBB4E6D85CCA8DE21744406E117B0F82887C
                                          SHA-512:1EC2253E11E9FA05A34474E64E2B789ED39162F1CBBF0E6B24E0C902A31F3B499A21CC5EF970ED0ADBF31088A64A89A7D29800EE651448A2B9D19622A9A3AFFC
                                          Malicious:false
                                          Preview:/*.. _BlocksOutputBuffer is used to maintain an output buffer.. that has unpredictable size. Suitable for compression/decompression.. API (bz2/lzma/zlib) that has stream->next_out and stream->avail_out:.... stream->next_out: point to the next output position... stream->avail_out: the number of available bytes left in the buffer..... It maintains a list of bytes object, so there is no overhead of resizing.. the buffer..... Usage:.... 1, Initialize the struct instance like this:.. _BlocksOutputBuffer buffer = {.list = NULL};.. Set .list to NULL for _BlocksOutputBuffer_OnError().... 2, Initialize the buffer use one of these functions:.. _BlocksOutputBuffer_InitAndGrow().. _BlocksOutputBuffer_InitWithSize().... 3, If (avail_out == 0), grow the buffer:.. _BlocksOutputBuffer_Grow().... 4, Get the current outputted data size:.. _BlocksOutputBuffer_GetDataSize().... 5, Finish the buffer, and return a bytes object:..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_bytes_methods.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3457
                                          Entropy (8bit):4.851970899710655
                                          Encrypted:false
                                          SSDEEP:24:od1xwUZaG8rYXQFGM9n40O2D/ot/wk9CBC8ie/mIeW9BTJbhYhzbhfmhKiKIlh3c:axbanrYgTaak9Q64L9RJuWQXGs/0hcuo
                                          MD5:AA3251198DB61E8412E78A6F4402C3DA
                                          SHA1:6162CCE24F8E33784761145163652C61BA0AC356
                                          SHA-256:7F0E14A0E97255A066600EF715824BB4446A7B0951B00D9562AEAD25DB49743A
                                          SHA-512:34CD89C85E76EDF55089DFFD38D18E4F785C28B679A2C8CC245BBE18FC2A60CBE109EABB317211CC785D1301464773B17AA20007C93F8EB535672F7736719B68
                                          Malicious:false
                                          Preview:#ifndef Py_LIMITED_API..#ifndef Py_BYTES_CTYPE_H..#define Py_BYTES_CTYPE_H....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../*.. * The internal implementation behind PyBytes (bytes) and PyByteArray (bytearray).. * methods of the given names, they operate on ASCII byte strings... */..extern PyObject* _Py_bytes_isspace(const char *cptr, Py_ssize_t len);..extern PyObject* _Py_bytes_isalpha(const char *cptr, Py_ssize_t len);..extern PyObject* _Py_bytes_isalnum(const char *cptr, Py_ssize_t len);..extern PyObject* _Py_bytes_isascii(const char *cptr, Py_ssize_t len);..extern PyObject* _Py_bytes_isdigit(const char *cptr, Py_ssize_t len);..extern PyObject* _Py_bytes_islower(const char *cptr, Py_ssize_t len);..extern PyObject* _Py_bytes_isupper(const char *cptr, Py_ssize_t len);..extern PyObject* _Py_bytes_istitle(const char *cptr, Py_ssize_t len);..../* These store their len sized answer in the given preallocated *result arg. */..extern void _Py_bytes_lo

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_bytesobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1386
                                          Entropy (8bit):4.923874326082432
                                          Encrypted:false
                                          SSDEEP:24:gkOLkbxwUZaGAUlwtWGM1vUGW1u5y98DWDRKOylD+oG8nkr:gdwxbaZKeKq4OCRGQc
                                          MD5:FC9317D65C8C71614CE842F4652AC6E3
                                          SHA1:1D9273FDB9B00C0263C41B30092CD497A7C3322B
                                          SHA-256:2679408BD10568B48680D0EA417CB63E229CFDAE02B4345BB42BE3B2EBB83A9E
                                          SHA-512:CE160F803EA8D663EB707DD1B9FE739A3AB87AE24C3F3CD15C8E90FB35F17B4410483A64B4D9B973450C4AD2A9E7C193CDEEC7B4641F3744ACE30FF49FA161C9
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_BYTESOBJECT_H..#define Py_INTERNAL_BYTESOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* Substring Search..... Returns the index of the first occurrence of.. a substring ("needle") in a larger text ("haystack")... If the needle is not found, return -1... If the needle is found, add offset to the index...*/....PyAPI_FUNC(Py_ssize_t).._PyBytes_Find(const char *haystack, Py_ssize_t len_haystack,.. const char *needle, Py_ssize_t len_needle,.. Py_ssize_t offset);..../* Same as above, but search right-to-left */..PyAPI_FUNC(Py_ssize_t).._PyBytes_ReverseFind(const char *haystack, Py_ssize_t len_haystack,.. const char *needle, Py_ssize_t len_needle,.. Py_ssize_t offset);....../** Helper function to implement the repeat and inplace repeat methods on a buffer.. *.. * len_dest is assumed to be an integer mult

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_call.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4053
                                          Entropy (8bit):5.092574812146778
                                          Encrypted:false
                                          SSDEEP:96:Jx+IWweq6MzrNhlle6qjeJtRlRrpqtIRtsactYmbRtsxq9tIRtxg:JcIWweq6Y3BqaJflRtqtIRpnmbRWqwRI
                                          MD5:1FBCB9B3DE3647CD91419817FA6C8400
                                          SHA1:26BB941E2C19E72748466BE76DDC64D100D957E4
                                          SHA-256:0549399B619A2C07617D574056FEEBAC29D15F67DF81DFB1FEBF76B7C418475C
                                          SHA-512:1C59DAD983F6108667129D71189DD6664B47A2527190A3E2502787E9A1E4A37CDD5AE6A4D12059E82C8F7B95269715DB272A21EB476D74077FED18FD81A380C2
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CALL_H..#define Py_INTERNAL_CALL_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_pystate.h" // _PyThreadState_GET()....PyAPI_FUNC(PyObject *) _PyObject_Call_Prepend(.. PyThreadState *tstate,.. PyObject *callable,.. PyObject *obj,.. PyObject *args,.. PyObject *kwargs);....PyAPI_FUNC(PyObject *) _PyObject_FastCallDictTstate(.. PyThreadState *tstate,.. PyObject *callable,.. PyObject *const *args,.. size_t nargsf,.. PyObject *kwargs);....PyAPI_FUNC(PyObject *) _PyObject_Call(.. PyThreadState *tstate,.. PyObject *callable,.. PyObject *args,.. PyObject *kwargs);....extern PyObject * _PyObject_CallMethodFormat(.. PyThreadState *tstate, PyObject *callable, const char *format, ...);......// Static inline variant of public PyVectorcall_Function()...static inline vectorcallfunc.._PyVectorcall_FunctionInline(PyObject *call

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_ceval.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5429
                                          Entropy (8bit):5.1379383221703065
                                          Encrypted:false
                                          SSDEEP:96:3E6x+IUzD39N2bOa9wdaPS8Srodna3j1fJROi/w3HzKycbzBA5UHVQaUmbRpjmGq:3E6cjzz9eOUwUPgrodna31JM3TKy4BAf
                                          MD5:94DF794A6F502A028CDC478E757C999B
                                          SHA1:8C17E7D3BD6EA91F5E4A91F7CA20CE01CE19F83F
                                          SHA-256:DC81DA71B01275ABE5F411DFEAC02FE5C01C42E99F8870F7A449EE4D5D674286
                                          SHA-512:8AC45C81EC8EC75300158308355826A30B5DA5CB5AC6F6A62892951C47EDE4C39D68003E9A9FEB9E3A365C3E19CAA1FD5FB6F0BB6D799FD5484398AF33EB1EC1
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CEVAL_H..#define Py_INTERNAL_CEVAL_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* Forward declarations */..struct pyruntimestate;..struct _ceval_runtime_state;....#ifndef Py_DEFAULT_RECURSION_LIMIT..# define Py_DEFAULT_RECURSION_LIMIT 1000..#endif....#include "pycore_interp.h" // PyInterpreterState.eval_frame..#include "pycore_pystate.h" // _PyThreadState_GET()......extern void _Py_FinishPendingCalls(PyThreadState *tstate);..extern void _PyEval_InitState(PyInterpreterState *, PyThread_type_lock);..extern void _PyEval_FiniState(struct _ceval_state *ceval);..PyAPI_FUNC(void) _PyEval_SignalReceived(PyInterpreterState *interp);..PyAPI_FUNC(int) _PyEval_AddPendingCall(.. PyInterpreterState *interp,.. int (*func)(void *),.. void *arg,.. int mainthreadonly);..PyAPI_FUNC(void) _PyEval_SignalAsyncExc(PyInterpreterState *interp);..#ifdef HAVE_FORK..extern PyStat

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_ceval_state.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2847
                                          Entropy (8bit):4.946857767063596
                                          Encrypted:false
                                          SSDEEP:48:g81xbaaUP4UCZPnJjThczAlq+qSJQiLs1VH54Af3pFK51:Tx+aUP4U4NKzAtqSJBgJ4Af3pFK/
                                          MD5:11193300F34BA4D35D41A11B011016B3
                                          SHA1:92496B2C78C8B9F3391D75739891ECE2BF9383EB
                                          SHA-256:ED5ACE313D68CA9F1A49EC50F69F2B8B4D39932F7ECC96D59581094718D17A7F
                                          SHA-512:F41C6749A6472B2CEEAE30E49AB8F1333D8A33A3E1E2642B742B5FED72984E22355A1F253357C5592580E9081F9C4DC1800458C6B7BD0489A374C5A67CD049AF
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CEVAL_STATE_H..#define Py_INTERNAL_CEVAL_STATE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......#include "pycore_atomic.h" /* _Py_atomic_address */..#include "pycore_gil.h" // struct _gil_runtime_state......struct _pending_calls {.. int busy;.. PyThread_type_lock lock;.. /* Request for running pending calls. */.. _Py_atomic_int calls_to_do;.. /* Request for looking at the `async_exc` field of the current.. thread state... Guarded by the GIL. */.. int async_exc;..#define NPENDINGCALLS 32.. struct _pending_call {.. int (*func)(void *);.. void *arg;.. } calls[NPENDINGCALLS];.. int first;.. int last;..};....typedef enum {.. PERF_STATUS_FAILED = -1, // Perf trampoline is in an invalid state.. PERF_STATUS_NO_INIT = 0, // Perf trampoline is not initialized.. PERF_STATUS_OK = 1, // Perf trampolin

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_code.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):16331
                                          Entropy (8bit):5.230268952453892
                                          Encrypted:false
                                          SSDEEP:192:SKiQgAQlQRQQnQtSC4uQGQcQRQqJ29XqLnWziVqRglecrAxF5Ash+l+cYBDscLGl:SCNJUXCnWzig2leceysX4UG7Adp3kr
                                          MD5:CDAAF3C246330554552CBCBB1F63BD43
                                          SHA1:B52ADF7AC7223941913C1CA34A9E2D145038B914
                                          SHA-256:D5913280FC2AACEDE588E7EFBB9C861016CBA29CA8A286E65B085EA45D94FFAA
                                          SHA-512:17F8B95057E5BD5BE1E8AA612C451DEE644C36DEF85E5B5CE4FBF6DDEC55EE65C79CE5368A7A84AC3E32D1DFD50F09C62807B89225D89BAD33AC50667BD641E5
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CODE_H..#define Py_INTERNAL_CODE_H..#ifdef __cplusplus..extern "C" {..#endif....#define CODE_MAX_WATCHERS 8..../* PEP 659.. * Specialization and quickening structs and helper functions.. */......// Inline caches. If you change the number of cache entries for an instruction,..// you must *also* update the number of cache entries in Lib/opcode.py and bump..// the magic number in Lib/importlib/_bootstrap_external.py!....#define CACHE_ENTRIES(cache) (sizeof(cache)/sizeof(_Py_CODEUNIT))....typedef struct {.. uint16_t counter;.. uint16_t index;.. uint16_t module_keys_version;.. uint16_t builtin_keys_version;..} _PyLoadGlobalCache;....#define INLINE_CACHE_ENTRIES_LOAD_GLOBAL CACHE_ENTRIES(_PyLoadGlobalCache)....typedef struct {.. uint16_t counter;..} _PyBinaryOpCache;....#define INLINE_CACHE_ENTRIES_BINARY_OP CACHE_ENTRIES(_PyBinaryOpCache)....typedef struct {.. uint16_t counter;..} _PyUnpackSequenceCache;....#define INLINE_CACHE_ENTRIES_UNPACK_SEQUENCE \

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_compile.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3571
                                          Entropy (8bit):4.827207256036986
                                          Encrypted:false
                                          SSDEEP:48:gNuNzxbaRugQsK8MlOmvAe1+kkid1b2DFyMXdckd9Qs0fLXDCl1NeKUh2N0YZafA:Lx+R7g3VdqFyMX19UykNKmIBSpg
                                          MD5:D7FCD9ACB21ECB6C43CE75F31FC9D2EF
                                          SHA1:598683031F1F761372C437E1A070232C1519C5D7
                                          SHA-256:DC5862D6F6E585D9A3626A904110EFACE4B589C53C6FE8CADD3158E1CAC5422D
                                          SHA-512:1E91771D0913D43E9553326A49C808146ABD090F020AD30D8D61A1111F331407468E8449653872F0BC54EFB082C5E05D6799EFED43A4FC38998421749C2C24C7
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_COMPILE_H..#define Py_INTERNAL_COMPILE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....struct _arena; // Type defined in pycore_pyarena.h..struct _mod; // Type defined in pycore_ast.h....// Export the symbol for test_peg_generator (built as a library)..PyAPI_FUNC(PyCodeObject*) _PyAST_Compile(.. struct _mod *mod,.. PyObject *filename,.. PyCompilerFlags *flags,.. int optimize,.. struct _arena *arena);....static const _PyCompilerSrcLocation NO_LOCATION = {-1, -1, -1, -1};....typedef struct {.. int optimize;.. int ff_features;.... int recursion_depth; /* current recursion depth */.. int recursion_limit; /* recursion limit */..} _PyASTOptimizeState;....extern int _PyAST_Optimize(.. struct _mod *,.. struct _arena *arena,.. _PyASTOptimizeState *state);....typedef struct {.. int h_offset;.. int h_startdepth;.. int h_

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_condvar.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2936
                                          Entropy (8bit):5.175874369919254
                                          Encrypted:false
                                          SSDEEP:48:goxxba4gRdtyHpGaenltskUWimGMfjlczGLSCS1N9ajkBSrYOIsDQUIp:Px+4CtyVenFimrZhkZaNkZ
                                          MD5:5D902EE0239275761AA1C82057C9B052
                                          SHA1:4D6B88069CD1381567140FF1EB69C20CEEED53EB
                                          SHA-256:B257B9B1C3A0DFA548E2C7E780F9FC8AD388FD640ABF55F7501298B8FF07328C
                                          SHA-512:7EB318F8FF1F4A2652F7107EB6E2AC8B856917C19C30DD1DDA83D5839315A380C2D40AB0A74AB5F0581BDA13E368A52968514BFACB4E72106093F41D4F1C9DFF
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CONDVAR_H..#define Py_INTERNAL_CONDVAR_H....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#ifndef _POSIX_THREADS../* This means pthreads are not implemented in libc headers, hence the macro.. not present in unistd.h. But they still can be implemented as an external.. library (e.g. gnu pth in pthread emulation) */..# ifdef HAVE_PTHREAD_H..# include <pthread.h> /* _POSIX_THREADS */..# endif..#endif....#ifdef _POSIX_THREADS../*.. * POSIX support.. */..#define Py_HAVE_CONDVAR....#ifdef HAVE_PTHREAD_H..# include <pthread.h>..#endif....#define PyMUTEX_T pthread_mutex_t..#define PyCOND_T pthread_cond_t....#elif defined(NT_THREADS)../*.. * Windows (XP, 2003 server and later, as well as (hopefully) CE) support.. *.. * Emulated condition variables ones that work with XP and later, plus.. * example native support on VISTA and onwards... */..#define Py_HAVE_CONDVAR..../* include windows if it hasn't been done before */..#define WIN

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_context.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1372
                                          Entropy (8bit):5.124431506928372
                                          Encrypted:false
                                          SSDEEP:24:gqLPxwUZaGUbtPuHQtxQTXOK6EGV4/dxok2ynFvXoBnP:gCPxbajPgQrg+Ebdmk2ynFvXolP
                                          MD5:59DCF3D8220BF77B9C03ABE4B2C2D89B
                                          SHA1:20CD4A2542AA87339297F921415297024D33503D
                                          SHA-256:8291E5B2000F38BC725F57A274DA271DD39C6DD23FC9081A06704AAA5398B761
                                          SHA-512:1AFE14EC37C78FAAC2726C0F86849B8E34F83B99F7B9D7DA3FA2F2568B45E6084F946ED1657753562178A744CDC30980DA86770EC0DBB6D27A12CC4EAC5B2175
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CONTEXT_H..#define Py_INTERNAL_CONTEXT_H....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_hamt.h" /* PyHamtObject */......extern PyTypeObject _PyContextTokenMissing_Type;..../* runtime lifecycle */....PyStatus _PyContext_Init(PyInterpreterState *);..void _PyContext_Fini(PyInterpreterState *);....../* other API */....typedef struct {.. PyObject_HEAD..} _PyContextTokenMissing;....#ifndef WITH_FREELISTS..// without freelists..# define PyContext_MAXFREELIST 0..#endif....#ifndef PyContext_MAXFREELIST..# define PyContext_MAXFREELIST 255..#endif....struct _Py_context_state {..#if PyContext_MAXFREELIST > 0.. // List of free PyContext objects.. PyContext *freelist;.. int numfree;..#endif..};....struct _pycontextobject {.. PyObject_HEAD.. PyContext *ctx_prev;.. PyHamtObject *ctx_vars;.. PyObject *ctx_weakreflist;.. int ctx_entered;..};......struct _pycontextvarobject {.. PyObject_HEAD.

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_descrobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):525
                                          Entropy (8bit):5.058446061769977
                                          Encrypted:false
                                          SSDEEP:6:B6gL2Q0jgLmjQ6z4rMa5H/HQUZnaQGIvGKDsxvR7XKQNLXKQxLXKQuLXKQbXKQ4t:B6PL54r3Z/HQUZaQGIRoxa0aASnW
                                          MD5:4FC4FD980D15E13D075B75F66618401C
                                          SHA1:40A7BD4DC636DEA4ED58840016A416A85E9B4B52
                                          SHA-256:BF5838541A43209C9DE99D7E2F71FE598B67AFC221E669198EBED95B3DE4BD9B
                                          SHA-512:60D0DBAA1681F5D1C57DC6353A32526B4233DF6B30F91AAA8FD72F4BBFC74973C228BBB0C53273E58A7D10FCB8D8BE9C0D94AB14C88DC1EC101664985698F113
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_DESCROBJECT_H..#define Py_INTERNAL_DESCROBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....typedef struct {.. PyObject_HEAD.. PyObject *prop_get;.. PyObject *prop_set;.. PyObject *prop_del;.. PyObject *prop_doc;.. PyObject *prop_name;.. int getter_doc;..} propertyobject;....typedef propertyobject _PyPropertyObject;....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_DESCROBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_dict.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6583
                                          Entropy (8bit):5.248095920697895
                                          Encrypted:false
                                          SSDEEP:96:qx+ev4UjyX821VIg043docEKsKx6IYoKW0mTXkblHkN7/O/qrbNav4IlEFdi7SuP:qcYyXB1VIIrBx6IDKW05U7/UlCjSP
                                          MD5:320E314272C5BE63E9104509E6BD0CED
                                          SHA1:7A1731B8A1FBF9B172F2DCB1FAE3A27B96BA5BE0
                                          SHA-256:15AB5BB9939E5E9F9691B0C76E4502E8D804B090972BC80B19BC95B167030052
                                          SHA-512:164863D82B01352DAA2B0D177A8A6D5BC5EF9CAB5DDABB267AEC07F63FDD94412A2848DD12F43AA97FEE8F2FD04D024D654093647D7C0EBD9B8A6B0D538B5838
                                          Malicious:false
                                          Preview:..#ifndef Py_INTERNAL_DICT_H..#define Py_INTERNAL_DICT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_dict_state.h"..#include "pycore_runtime.h" // _PyRuntime....../* runtime lifecycle */....extern void _PyDict_Fini(PyInterpreterState *interp);....../* other API */....typedef struct {.. /* Cached hash code of me_key. */.. Py_hash_t me_hash;.. PyObject *me_key;.. PyObject *me_value; /* This field is only meaningful for combined tables */..} PyDictKeyEntry;....typedef struct {.. PyObject *me_key; /* The key must be Unicode and have hash. */.. PyObject *me_value; /* This field is only meaningful for combined tables */..} PyDictUnicodeEntry;....extern PyDictKeysObject *_PyDict_NewKeysForClass(void);..extern PyObject *_PyDict_FromKeys(PyObject *, PyObject *, PyObject *);..../* Gets a version number unique to the current state of the keys of dict, if possible...

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_dict_state.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1145
                                          Entropy (8bit):5.1677505666002554
                                          Encrypted:false
                                          SSDEEP:24:g1LMxwUZaGe/Wg3HJeONXneffYUKU6r+RggS22P3v/AbmbVniD:gxMxbaBZIOFeff6r/gZ2IKV4
                                          MD5:BF144F7A8C6E6691368EA13AEB03979F
                                          SHA1:CFF31ADE744848F8D919418EA0E9E89220CB8805
                                          SHA-256:AAB4CFDBEBF00CB44FA58EB33C08084F814C715E00F2E41F3A7DA4C95B974B7C
                                          SHA-512:8683CE1D7CDDA63093CFE6DF0AB1E95C717BCEB650024DCC1C4981DB35F96776056176AAE7454C75A5AC9F5AA09569584F1F4C69071B72587F08FD71CEB0AE47
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_DICT_STATE_H..#define Py_INTERNAL_DICT_STATE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......#ifndef WITH_FREELISTS..// without freelists..# define PyDict_MAXFREELIST 0..#endif....#ifndef PyDict_MAXFREELIST..# define PyDict_MAXFREELIST 80..#endif....#define DICT_MAX_WATCHERS 8....struct _Py_dict_state {.. /*Global counter used to set ma_version_tag field of dictionary... * It is incremented each time that a dictionary is created and each.. * time that a dictionary is modified. */.. uint64_t global_version;.. uint32_t next_keys_version;....#if PyDict_MAXFREELIST > 0.. /* Dictionary reuse scheme to save calls to malloc and free */.. PyDictObject *free_list[PyDict_MAXFREELIST];.. PyDictKeysObject *keys_free_list[PyDict_MAXFREELIST];.. int numfree;.. int keys_numfree;..#endif.... PyDict_WatchCallback watchers[DICT_MAX_WATCHERS];..};....#define _di

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_dtoa.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1699
                                          Entropy (8bit):5.338272531732804
                                          Encrypted:false
                                          SSDEEP:48:gr6xbazuJlMS8ya/CKZIKHa/iq+yr2mmxhxyQSIchSyNTklAWZoJHu:Bx+QMS6/CcIKH7NJfYhxIlAWZF
                                          MD5:70048A629C5313AFBDC26DBC9CD4E493
                                          SHA1:3605BF8AEFC846D2F9B6FE05DD2F2A34053D1668
                                          SHA-256:F983AD0F8EA586DDF004CB082C1A4C40B4C6CE497853B3DE56B5303BC8D72AEC
                                          SHA-512:436446D1B3516173CB1B4BCC07B9F0BC958015A08835FEC5D4D1B5EEC90310FF8277AFD0E5ED3813CDCA3EEB40338CFCCF69B0CFE02520B504CD9F14645C6E02
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_DTOA_H..#define Py_INTERNAL_DTOA_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_pymath.h" // _PY_SHORT_FLOAT_REPR......#if _PY_SHORT_FLOAT_REPR == 1....typedef uint32_t ULong;....struct..Bigint {.. struct Bigint *next;.. int k, maxwds, sign, wds;.. ULong x[1];..};....#ifdef Py_USING_MEMORY_DEBUGGER....struct _dtoa_state {.. int _not_used;..};..#define _dtoa_interp_state_INIT(INTERP) \.. {0}....#else // !Py_USING_MEMORY_DEBUGGER..../* The size of the Bigint freelist */..#define Bigint_Kmax 7....#ifndef PRIVATE_MEM..#define PRIVATE_MEM 2304..#endif..#define Bigint_PREALLOC_SIZE \.. ((PRIVATE_MEM+sizeof(double)-1)/sizeof(double))....struct _dtoa_state {.. /* p5s is a linked list of powers of 5 of the form 5**(2**i), i >= 2 */.. // XXX This should be freed during runtime fini... struct Bigint *p5s;.. struct Bigint *freelist[Bigint

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_emscripten_signal.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):587
                                          Entropy (8bit):5.12027802082258
                                          Encrypted:false
                                          SSDEEP:12:BVdMqc+cOV+WOO3EOOoHTHrp2vOOiHppCMYOOoHTHqVO/aWHppppCMKW+cOV+Vd:hVC21g6C++VIaW2xxC
                                          MD5:50E3323F757269062FEA568BCA3389C2
                                          SHA1:1B21F6B0D8D55E881BDE2F13AE53282B0B4AD198
                                          SHA-256:F2A9789DA02C3FF76C175567B3E842009903F800FE4AB65D008D9B9BEF4D157E
                                          SHA-512:27F02F5EF388C20E6F77F6512F97109A63B49C34FACB19886EF8B33EDD91BCA15C18AF27E4C37048E3EE609CBA84DA494B19176F9D5FDD2D0787C31DFD58FFDE
                                          Malicious:false
                                          Preview:#ifndef Py_EMSCRIPTEN_SIGNAL_H..#define Py_EMSCRIPTEN_SIGNAL_H....#if defined(__EMSCRIPTEN__)....void.._Py_CheckEmscriptenSignals(void);....void.._Py_CheckEmscriptenSignalsPeriodically(void);....#define _Py_CHECK_EMSCRIPTEN_SIGNALS() _Py_CheckEmscriptenSignals()....#define _Py_CHECK_EMSCRIPTEN_SIGNALS_PERIODICALLY() _Py_CheckEmscriptenSignalsPeriodically()....extern int Py_EMSCRIPTEN_SIGNAL_HANDLING;....#else....#define _Py_CHECK_EMSCRIPTEN_SIGNALS()..#define _Py_CHECK_EMSCRIPTEN_SIGNALS_PERIODICALLY()....#endif // defined(__EMSCRIPTEN__)....#endif // ndef Py_EMSCRIPTEN_SIGNAL_H..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_exceptions.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):879
                                          Entropy (8bit):5.0758133430691315
                                          Encrypted:false
                                          SSDEEP:12:B6YeLY84r3Z/HQUZaQGIsESAG1JyeAKUcVpBANe2WFEXeiiGD1Aw1OnY7:g9LUxwUZaGsS+JOK0N0EXe9GD1ARnA
                                          MD5:2C238166349A8949860259160097DC22
                                          SHA1:FDE3650365938159404D50D3356A0D98FEDAA15A
                                          SHA-256:74E2B1374FF5A4E98774FC0F089914DBBA738F32C6AE338336AE97AB03E96436
                                          SHA-512:0BB3B298CBFC3632453EC02BDF48E177FD60A6003309D951AB021A50193E5C5C4E03059BB69A9C808D9EDA246233C16FD89E204FD821F0DE305B6777947D63C7
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_EXCEPTIONS_H..#define Py_INTERNAL_EXCEPTIONS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* runtime lifecycle */....extern PyStatus _PyExc_InitState(PyInterpreterState *);..extern PyStatus _PyExc_InitGlobalObjects(PyInterpreterState *);..extern int _PyExc_InitTypes(PyInterpreterState *);..extern void _PyExc_Fini(PyInterpreterState *);....../* other API */....struct _Py_exc_state {.. // The dict mapping from errno codes to OSError subclasses.. PyObject *errnomap;.. PyBaseExceptionObject *memerrors_freelist;.. int memerrors_numfree;.. // The ExceptionGroup type.. PyObject *PyExc_ExceptionGroup;..};....extern void _PyExc_ClearExceptionGroupType(PyInterpreterState *);......#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_EXCEPTIONS_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_faulthandler.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2319
                                          Entropy (8bit):4.957876874419767
                                          Encrypted:false
                                          SSDEEP:48:g3+xbara5TfVSeNabLJhrGLRF3sRL1eVRFH8qd8W72ayIILGPikei:Jx+ra1AeNabfmFct1kFc7Y2ayIIF0
                                          MD5:4D3711C58F02A44ADEE505543B2431A5
                                          SHA1:A40C6D3EA35338628B9FD031B7E9336726794D83
                                          SHA-256:65D654AC930664D2586B95094F2D2A142C7A5FC9089481F526D97BAFEEA1A827
                                          SHA-512:3D82FA560D170B616D53C5D3687ABC254A11F78C5E03E467D4F1C89F2B5446AB1D958B743311E0976B7BAF0F4F9E5650A967552F034D7EF09F0D565A2D6E2F7A
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_FAULTHANDLER_H..#define Py_INTERNAL_FAULTHANDLER_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#ifdef HAVE_SIGACTION..# include <signal.h>..#endif......#ifndef MS_WINDOWS.. /* register() is useless on Windows, because only SIGSEGV, SIGABRT and.. SIGILL can be handled by the process, and these signals can only be used.. with enable(), not using register() */..# define FAULTHANDLER_USER..#endif......#ifdef HAVE_SIGACTION../* Using an alternative stack requires sigaltstack().. and sigaction() SA_ONSTACK */..# ifdef HAVE_SIGALTSTACK..# define FAULTHANDLER_USE_ALT_STACK..# endif..typedef struct sigaction _Py_sighandler_t;..#else..typedef PyOS_sighandler_t _Py_sighandler_t;..#endif // HAVE_SIGACTION......#ifdef FAULTHANDLER_USER..struct faulthandler_user_signal {.. int enabled;.. PyObject *file;.. int fd;.. int all_threads;.. int chain;.. _Py_sig

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_fileutils.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8202
                                          Entropy (8bit):5.152298228966963
                                          Encrypted:false
                                          SSDEEP:192:7V4JZHm7HEZ4JqBdcF9X7oKfuV6iC71eDaQf:CWwZ4JqBdyFuV6iC7gHf
                                          MD5:5708285DB06F185723CC984D78DCA49F
                                          SHA1:566F1E706BC700305C9CE4DE0041271329F8299C
                                          SHA-256:7C71B2B4E16CE156D1570F966D607EBD07AD67D9004EF36B74C264AE1F2A2227
                                          SHA-512:02FB7503AB2FFDB750B3985120B846498512BC783B821E1D4C8B67C7FBC02D2F240E945E08C5C22D024FCD237711F3FD0B9F6C62F22D3F63E945AE365D9DECC7
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_FILEUTILS_H..#define Py_INTERNAL_FILEUTILS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "Py_BUILD_CORE must be defined to include this header"..#endif....#include <locale.h> /* struct lconv */......struct _fileutils_state {.. int force_ascii;..};....typedef enum {.. _Py_ERROR_UNKNOWN=0,.. _Py_ERROR_STRICT,.. _Py_ERROR_SURROGATEESCAPE,.. _Py_ERROR_REPLACE,.. _Py_ERROR_IGNORE,.. _Py_ERROR_BACKSLASHREPLACE,.. _Py_ERROR_SURROGATEPASS,.. _Py_ERROR_XMLCHARREFREPLACE,.. _Py_ERROR_OTHER..} _Py_error_handler;....PyAPI_FUNC(_Py_error_handler) _Py_GetErrorHandler(const char *errors);....PyAPI_FUNC(int) _Py_DecodeLocaleEx(.. const char *arg,.. wchar_t **wstr,.. size_t *wlen,.. const char **reason,.. int current_locale,.. _Py_error_handler errors);....PyAPI_FUNC(int) _Py_EncodeLocaleEx(.. const wchar_t *text,.. char **str,.. size_t *error_pos,.. const char **reason,.. int current_l

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_fileutils_windows.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2822
                                          Entropy (8bit):5.0965172912237104
                                          Encrypted:false
                                          SSDEEP:48:gGrG6VPPKvbdO3EeAJER/FLpxpZN6YajWjcjgI+NxApBNBTpApBNBTAKmbjxlgKF:vVPCbdO3EeAJER/FZZN/NENBwNBEFqgl
                                          MD5:EB6574D769560D87874D0430813621D5
                                          SHA1:17C65C2CC8947C92CD2E94571875E4131323587F
                                          SHA-256:2685077F48974F021900D7D324C61291E5C847755B96B548D0667A2A744FF95B
                                          SHA-512:A02CDB93CEB8B786268E5F3635B5CE35DCF8D9B507D39C8ED8F2536486B74278D4945B3B8371D64F7DD66B0666223551E4306116F196080A3423663A895227D6
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_FILEUTILS_WINDOWS_H..#define Py_INTERNAL_FILEUTILS_WINDOWS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "Py_BUILD_CORE must be defined to include this header"..#endif....#ifdef MS_WINDOWS....#if !defined(NTDDI_WIN10_NI) || !(NTDDI_VERSION >= NTDDI_WIN10_NI)..typedef struct _FILE_STAT_BASIC_INFORMATION {.. LARGE_INTEGER FileId;.. LARGE_INTEGER CreationTime;.. LARGE_INTEGER LastAccessTime;.. LARGE_INTEGER LastWriteTime;.. LARGE_INTEGER ChangeTime;.. LARGE_INTEGER AllocationSize;.. LARGE_INTEGER EndOfFile;.. ULONG FileAttributes;.. ULONG ReparseTag;.. ULONG NumberOfLinks;.. ULONG DeviceType;.. ULONG DeviceCharacteristics;.. ULONG Reserved;.. LARGE_INTEGER VolumeSerialNumber;.. FILE_ID_128 FileId128;..} FILE_STAT_BASIC_INFORMATION;....typedef enum _FILE_INFO_BY_NAME_CLASS {.. FileStatByNameInfo,.. FileStatLxByNameInfo,.. FileCaseSensitiveByNameInfo,.. FileStatBasicByNameInfo,..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_floatobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1649
                                          Entropy (8bit):5.154158566337912
                                          Encrypted:false
                                          SSDEEP:24:g8LlxwUZaGNSndkd/lU9gjCe49Jh6HLwElu05b6yt8hvqY7nF:gslxba+td/lUr9KHLg05jt85FbF
                                          MD5:1608012C9EBB83EE6FC22840E1E6D0F1
                                          SHA1:55B9932FEBC47EF5A684073BC2F6EEA6D9A0AB70
                                          SHA-256:BF0271AB04F88D82546808E35AFC87DED98FE784C509F29BF8BAF201FDADC95E
                                          SHA-512:9C2A3396855F3B6357DBDFAAF75648CC9DB3D27D60BA4652F97D367F349EF7698DAC42F181B21FF6FEAAE95DB5C34807B298DBC8F5F26B3C027AD5CB2B16EFC7
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_FLOATOBJECT_H..#define Py_INTERNAL_FLOATOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* runtime lifecycle */....extern void _PyFloat_InitState(PyInterpreterState *);..extern PyStatus _PyFloat_InitTypes(PyInterpreterState *);..extern void _PyFloat_Fini(PyInterpreterState *);..extern void _PyFloat_FiniType(PyInterpreterState *);....../* other API */....enum _py_float_format_type {.. _py_float_format_unknown,.. _py_float_format_ieee_big_endian,.. _py_float_format_ieee_little_endian,..};....struct _Py_float_runtime_state {.. enum _py_float_format_type float_format;.. enum _py_float_format_type double_format;..};......#ifndef WITH_FREELISTS..// without freelists..# define PyFloat_MAXFREELIST 0..#endif....#ifndef PyFloat_MAXFREELIST..# define PyFloat_MAXFREELIST 100..#endif....struct _Py_float_state {..#if PyFloat_MAXFREELIST > 0.. /* Special free list..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_flowgraph.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4750
                                          Entropy (8bit):4.9711597221849235
                                          Encrypted:false
                                          SSDEEP:96:1x+E91dJpQ5emFqKtgXr/pAKx/bukBhK6a1WhIm:1cwJp6aKObxhNykby0r
                                          MD5:61693288F4CC3E17B12AE32AEFC661EC
                                          SHA1:D1C673A6B09429A2C5660D53B5A5781E4A81D048
                                          SHA-256:A9D349FDDB088E4B21B21ADE9D7A0588A307AE5EC2C242BB1564CF46F680B74F
                                          SHA-512:05D36A4EC1740C91208FA3DBF9BD76F1A8E948073039D27520084A4F11B0C48C13F7EFCE3FC614417F98A170318F72626CC4B0D49DA06CAE1C8A7498C685372D
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CFG_H..#define Py_INTERNAL_CFG_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_opcode_utils.h"..#include "pycore_compile.h"......typedef struct {.. int i_opcode;.. int i_oparg;.. _PyCompilerSrcLocation i_loc;.. struct _PyCfgBasicblock_ *i_target; /* target block (if jump instruction) */.. struct _PyCfgBasicblock_ *i_except; /* target block when exception is raised */..} _PyCfgInstruction;....typedef struct {.. int id;..} _PyCfgJumpTargetLabel;......typedef struct {.. struct _PyCfgBasicblock_ *handlers[CO_MAXBLOCKS+2];.. int depth;..} _PyCfgExceptStack;....typedef struct _PyCfgBasicblock_ {.. /* Each basicblock in a compilation unit is linked via b_list in the.. reverse order that the block are allocated. b_list points to the next.. block in this list, not to be confused with b_next, which is next by.. control flow. */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_format.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):507
                                          Entropy (8bit):5.113586354077547
                                          Encrypted:false
                                          SSDEEP:12:B6e6eLe684r3Z/HQUZaQGIEK8TwYZ4Ovyjne67:geHLe6xwUZaGEK8Tfkneu
                                          MD5:D79F831931932208D27AC58C946C295F
                                          SHA1:4BB622E4AB01BE3AB3B87060C7F8C8FFF9ECB516
                                          SHA-256:B0E56D87F2C63F609632EE20D1208BED13CF0EA445118EBB1D9A7773750195CB
                                          SHA-512:85F2B65E22EAC92FC9FE3200377976F4716EE26A35BE0BEF73080897C98CCA7C5727CA238C59AA3DD5CFC3AB382917B9006C35DD6B72BDB70BEFCACC368E6FA6
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_FORMAT_H..#define Py_INTERNAL_FORMAT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* Format codes.. * F_LJUST '-'.. * F_SIGN '+'.. * F_BLANK ' '.. * F_ALT '#'.. * F_ZERO '0'.. */..#define F_LJUST (1<<0)..#define F_SIGN (1<<1)..#define F_BLANK (1<<2)..#define F_ALT (1<<3)..#define F_ZERO (1<<4)....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_FORMAT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_frame.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9539
                                          Entropy (8bit):5.0828008909381
                                          Encrypted:false
                                          SSDEEP:192:LPhS9o9FfPnObgtKiQeYEfmpB5cplZ1S9kXkYwAwoo7nEXWzYvCLCRGYgMg/RtR0:LPhYqfPnObBiJ/mpwPRUKw/wWz25gMgu
                                          MD5:928B4DCF4B0C72E9E7A93ADBDAAAE8BD
                                          SHA1:41E3321D4B2FD32C803CC9D09600FAD5425235DD
                                          SHA-256:118BF02F596B72F9FE7F962B64F77CE2130C473B77B3C8FB5C9A7FCD30FA22B5
                                          SHA-512:E5E4EFC4AE90576D319ACBFE3BD978A14E54013FC4EFFCD3A81C89A532F202852547937D0C433263D22B980E42C9D3A36214368355E8C35893D0DED29A2A1212
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_FRAME_H..#define Py_INTERNAL_FRAME_H..#ifdef __cplusplus..extern "C" {..#endif....#include <stdbool.h>..#include <stddef.h>..#include "pycore_code.h" // STATS..../* See Objects/frame_layout.md for an explanation of the frame stack.. * including explanation of the PyFrameObject and _PyInterpreterFrame.. * structs. */......struct _frame {.. PyObject_HEAD.. PyFrameObject *f_back; /* previous frame, or NULL */.. struct _PyInterpreterFrame *f_frame; /* points to the frame data */.. PyObject *f_trace; /* Trace function */.. int f_lineno; /* Current line number. Only valid if non-zero */.. char f_trace_lines; /* Emit per-line trace events? */.. char f_trace_opcodes; /* Emit per-opcode trace events? */.. char f_fast_as_locals; /* Have the fast locals of this frame been converted to a dict? */.. /* The frame data, if this frame object owns the frame */.. PyObject *_f_frame_data[1];..};....ex

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_function.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):637
                                          Entropy (8bit):5.228957277722532
                                          Encrypted:false
                                          SSDEEP:12:B6kytWALkytR4r3Z/HQUZaQGICE3MMe+bowSEMKEBQADybL9An1dWDBz+EOnkywr:gk0WALk06xwUZaGCMpt4QA+bLi1kdz7j
                                          MD5:51E2239CE223DABEB79AEB86FA623BCA
                                          SHA1:F392C17851F9108A5E73AE0369691BEE1726AF5F
                                          SHA-256:7B16A8596049F9B95E4C8A83969E4122B39A88C993AB1C795290D277FECBD533
                                          SHA-512:D114A5DA73BBBE6143977DED285B39917B388C2290C4B6A6460A0136202AADDE122658D418BAE11F70F3AB7597560708FBBB41C4E5E59E1A9078711783B2600B
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_FUNCTION_H..#define Py_INTERNAL_FUNCTION_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#define FUNC_MAX_WATCHERS 8....struct _py_func_state {.. uint32_t next_version;..};....extern PyFunctionObject* _PyFunction_FromConstructor(PyFrameConstructor *constr);....extern uint32_t _PyFunction_GetVersionForCurrentState(PyFunctionObject *func);..extern PyObject *_Py_set_function_type_params(.. PyThreadState* unused, PyObject *func, PyObject *type_params);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_FUNCTION_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_gc.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7869
                                          Entropy (8bit):5.026388119286245
                                          Encrypted:false
                                          SSDEEP:192:NcwRQSOvVWf7R/tRG7FNRGFCj/TV64G1qa4j0M:YSOvsr4G8/TnMqZ
                                          MD5:5065974CBBF2B153A50DB6614D3BC5F2
                                          SHA1:FCD845FF6AE2CCB9498B737E7A83B2D3D291059D
                                          SHA-256:2848963CB124D322ED0DBE3BF96754C8733E111DE51F775BD8573C362BCD6C51
                                          SHA-512:012DF98B16E1AB32FE78B9FC1AB5038EFC2B0BFCA8F645AE85811C510813C07A75273B055E1042B74148CE3AD427B1DCB2E33D60F897F51551839789424A3C94
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_GC_H..#define Py_INTERNAL_GC_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* GC information is stored BEFORE the object structure. */..typedef struct {.. // Pointer to next object in the list... // 0 means the object is not tracked.. uintptr_t _gc_next;.... // Pointer to previous object in the list... // Lowest two bits are used for flags documented later... uintptr_t _gc_prev;..} PyGC_Head;....static inline PyGC_Head* _Py_AS_GC(PyObject *op) {.. return (_Py_CAST(PyGC_Head*, op) - 1);..}..#define _PyGC_Head_UNUSED PyGC_Head..../* True if the object is currently tracked by the GC. */..static inline int _PyObject_GC_IS_TRACKED(PyObject *op) {.. PyGC_Head *gc = _Py_AS_GC(op);.. return (gc->_gc_next != 0);..}..#define _PyObject_GC_IS_TRACKED(op) _PyObject_GC_IS_TRACKED(_Py_CAST(PyObject*, op))..../* True if the object may be tracked by the GC in the future

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_genobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1235
                                          Entropy (8bit):5.245291423857987
                                          Encrypted:false
                                          SSDEEP:24:g8LlxwUZaGqi1Dyg8mrByyj6/KUz73BDoXK5zbbRnF:gslxbaYP8mriCU/3tosxF
                                          MD5:FB8D202C7F26221EA181114DD1735FF7
                                          SHA1:29F574BD4DCB7A4609E42310B84277826FA98D72
                                          SHA-256:31E006A8128F94EFEA40D2BDDFD1477A1277F5E3C351749A3BDB0A325ED54127
                                          SHA-512:B445424970FCD2D57236A763D89298768202B5C737A2A44DD300BF321157B4CBFC4AA33C68F82A30589A715D3DA9FB08CF7E581C642E14E7D15DA53D5E76E4A3
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_GENOBJECT_H..#define Py_INTERNAL_GENOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....extern PyObject *_PyGen_yf(PyGenObject *);..extern PyObject *_PyCoro_GetAwaitableIter(PyObject *o);..extern PyObject *_PyAsyncGenValueWrapperNew(PyThreadState *state, PyObject *);..../* runtime lifecycle */....extern void _PyAsyncGen_Fini(PyInterpreterState *);....../* other API */....#ifndef WITH_FREELISTS..// without freelists..# define _PyAsyncGen_MAXFREELIST 0..#endif....#ifndef _PyAsyncGen_MAXFREELIST..# define _PyAsyncGen_MAXFREELIST 80..#endif....struct _Py_async_gen_state {..#if _PyAsyncGen_MAXFREELIST > 0.. /* Freelists boost performance 6-10%; they also reduce memory.. fragmentation, as _PyAsyncGenWrappedValue and PyAsyncGenASend.. are short-living objects that are instantiated for every.. __anext__() call. */.. struct _PyAsyncGenWrappedValue* value_freelis

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_getopt.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):512
                                          Entropy (8bit):5.109692979030304
                                          Encrypted:false
                                          SSDEEP:12:B6y3V2Ly3Jr3Z/HQUZaQGILUZJbNj0Q5doxPsLQczHLL6IGC0Pny3FPD:gc2L4xwUZaGLUZz086xPOQc7LL6IGCw4
                                          MD5:42F00137CE3A318EE39D33DB6607E1D6
                                          SHA1:51B472FF408EDB04A34BBE20567475D27923F814
                                          SHA-256:4592E97F536C2AB2392057ABE08CAAA0E0E755750F2998D31637E427EC95A05C
                                          SHA-512:C106FAEA1A2281675342B6B68A397275257245ED2404B489F699FB8149E919FF2C2AF2DF0734A1141FF4080D420C96CC9AFD760D818D50D4F4A94DC6DFE3BCBE
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PYGETOPT_H..#define Py_INTERNAL_PYGETOPT_H....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....extern int _PyOS_opterr;..extern Py_ssize_t _PyOS_optind;..extern const wchar_t *_PyOS_optarg;....extern void _PyOS_ResetGetOpt(void);....typedef struct {.. const wchar_t *name;.. int has_arg;.. int val;..} _PyOS_LongOption;....extern int _PyOS_GetOpt(Py_ssize_t argc, wchar_t * const *argv, int *longindex);....#endif /* !Py_INTERNAL_PYGETOPT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_gil.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1615
                                          Entropy (8bit):5.019129986315321
                                          Encrypted:false
                                          SSDEEP:48:g5r56xbaorcvuq0DOUJtF6XKTfebBCjIi5u:S96x+ogGVDXF/T6BEIUu
                                          MD5:6D41BB3793B74EA9DE14983D91A06C1B
                                          SHA1:CA5EA097370D89BEC6037413D144FBF7AE23C4A2
                                          SHA-256:B6F1E407C086A487B896DEBE164C7D22678062CAFEDC8B248E4B5CA9B51D4EAB
                                          SHA-512:6A4153BBE5A6A31AECBF973E4A941BF07016E16635811308B071DC5C834531077140466AB1BFBB086A66965CF1A745EE5F2F3862437C58BE5D77B6D2E64015AA
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_GIL_H..#define Py_INTERNAL_GIL_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_atomic.h" /* _Py_atomic_address */..#include "pycore_condvar.h" /* PyCOND_T */....#ifndef Py_HAVE_CONDVAR..# error You need either a POSIX-compatible or a Windows system!..#endif..../* Enable if you want to force the switching of threads at least.. every `interval`. */..#undef FORCE_SWITCHING..#define FORCE_SWITCHING....struct _gil_runtime_state {.. /* microseconds (the Python API uses seconds, though) */.. unsigned long interval;.. /* Last PyThreadState holding / having held the GIL. This helps us.. know whether anyone else was scheduled after we dropped the GIL. */.. _Py_atomic_address last_holder;.. /* Whether the GIL is already taken (-1 if uninitialized). This is.. atomic because it can be read without any lock taken in ceval.c. */.. _Py_atomic_

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_global_objects.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3140
                                          Entropy (8bit):5.085294580482641
                                          Encrypted:false
                                          SSDEEP:48:gZ1Z4xbai+QPRjZrpmW8r5/uFf/FZfzsv0xBCu/eQirDF5eq8FvnkZk:Rx+SPR3mWwmF3F1xeQivF5e7FvnN
                                          MD5:20AEE8F2816641829672F4A86F6DE262
                                          SHA1:270F0A68B48AD7E69FD618047F5D226BB249F326
                                          SHA-256:67A9F4CA099649AFF8AB3AA9C98CA8C26C161EB6AFD50DC216727D6197558307
                                          SHA-512:4F19E47D5AA1A40278F66285337F907C88EB3277CA13759A6BBD2AE77BD0E0D89E8735F8E54B5B4578EE17B958C6BB5BD9F5289626EE7C05B4AF856BB9AE9125
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_GLOBAL_OBJECTS_H..#define Py_INTERNAL_GLOBAL_OBJECTS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_hashtable.h" // _Py_hashtable_t..#include "pycore_gc.h" // PyGC_Head..#include "pycore_global_strings.h" // struct _Py_global_strings..#include "pycore_hamt.h" // PyHamtNode_Bitmap..#include "pycore_context.h" // _PyContextTokenMissing..#include "pycore_typeobject.h" // pytype_slotdef......// These would be in pycore_long.h if it weren't for an include cycle...#define _PY_NSMALLPOSINTS 257..#define _PY_NSMALLNEGINTS 5......// Only immutable objects should be considered runtime-global...// All others must be per-interpreter.....#define _Py_GLOBAL_OBJECT(NAME) \.. _PyRuntime.static_objects.NAME..#define _Py_SINGLETON(NAME) \.. _Py_GLOBAL_OBJECT(singletons.NAME)....struct _Py_cached_objects {.. //

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_global_objects_fini_generated.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):117706
                                          Entropy (8bit):5.129256599356043
                                          Encrypted:false
                                          SSDEEP:768:nbZ0OBQG5UGSHvXkgpOLeFJucrUyw3TFCB1jf:n+n5zk1qFJuVe
                                          MD5:C6B0A1BA0AB3442DA970975873D8E5B9
                                          SHA1:84CE5166ADBB918781FE996CB4FECD8377487B8A
                                          SHA-256:7BEF964EA3F98AF44D625DE2D8627E3E368A33821B6E717F43C07DA4910AD840
                                          SHA-512:B24ECCE9C887A2B65C2563538951CB529D5DF78AE58D2F3C77E49352EC15B3EBA47DC7663543CF3FF079EF01C375592A5E35E3CC83C5FA4B0C615600BF476FAF
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_GLOBAL_OBJECTS_FINI_GENERATED_INIT_H..#define Py_INTERNAL_GLOBAL_OBJECTS_FINI_GENERATED_INIT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#ifdef Py_DEBUG..static inline void.._PyStaticObject_CheckRefcnt(PyObject *obj) {.. if (Py_REFCNT(obj) < _Py_IMMORTAL_REFCNT) {.. fprintf(stderr, "Immortal Object has less refcnt than expected.\n");.. _PyObject_Dump(obj);.. }..}..#endif..../* The following is auto-generated by Tools/build/generate_global_objects.py. */..#ifdef Py_DEBUG..static inline void.._PyStaticObjects_CheckRefcnt(PyInterpreterState *interp) {.. /* generated runtime-global */.. // (see pycore_runtime_init_generated.h).. _PyStaticObject_CheckRefcnt((PyObject *)&_Py_SINGLETON(small_ints)[_PY_NSMALLNEGINTS + -5]);.. _PyStaticObject_CheckRefcnt((PyObject *)&_Py_SINGLETON(small_ints)[_PY_NSMALLNEGINTS + -4]);.. _PyStaticObject_CheckRefcnt((PyO

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_global_strings.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26452
                                          Entropy (8bit):4.546928602659489
                                          Encrypted:false
                                          SSDEEP:192:pcaI0otSdHmvKF9lOpRrRHzo/zYHHxDpQDNCY5yM35Y2k:VI0ovvK8LBzCzQRdQjI0YN
                                          MD5:1C879CF32EE6A59E46A01D143F2F420B
                                          SHA1:3EA596565C4EC345B87B219849FB3756F7214AE5
                                          SHA-256:F2A4B67AAED67B87A1DBDF2D868CE063E1110DD7D241510A0D1D152785B468FA
                                          SHA-512:97E0C3FBDD4B41CB59AE19CEBA37A05E418C0A6D085D638B1944AC513D7174CE41EAF113CFA08F7F0328BB2E11DD971A9EF5411FDBF0A9C0D6D77CF313E41296
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_GLOBAL_STRINGS_H..#define Py_INTERNAL_GLOBAL_STRINGS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....// The data structure & init here are inspired by Tools/build/deepfreeze.py.....// All field names generated by ASCII_STR() have a common prefix,..// to help avoid collisions with keywords, macros, etc.....#define STRUCT_FOR_ASCII_STR(LITERAL) \.. struct { \.. PyASCIIObject _ascii; \.. uint8_t _data[sizeof(LITERAL)]; \.. }..#define STRUCT_FOR_STR(NAME, LITERAL) \.. STRUCT_FOR_ASCII_STR(LITERAL) _py_ ## NAME;..#define STRUCT_FOR_ID(NAME) \.. STRUCT_FOR_ASCII_STR(#NAME) _py_ ## NAME;....// XXX Order by frequency of use?..../* The following is auto-generated by Tools/build/generate_global_objects.py. */..struct _Py_global_strings {.. struct {.. STRUCT_FOR_STR(anon_dictcomp, "<dictcomp>").. STRUCT_FOR_STR(anon_genexpr, "<genexpr>").. STR

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_hamt.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3876
                                          Entropy (8bit):5.063464997210379
                                          Encrypted:false
                                          SSDEEP:96:dx+XnNsDnEwGtN8nL0caSzZ9/TYJ40iMLIVW2uIdv:dcXwSm0HSzgJ40ev
                                          MD5:E35AE5FC16CF2E187295BA2EB1CD4A4D
                                          SHA1:87D7CE6B9220C76B440C5CB7E4FD26337D96764E
                                          SHA-256:1B064C93D0E36CC1AB8AE298C88EB8C2A9D6467224741BAA9B946D9088286803
                                          SHA-512:765C5A1A432DCC596F4E6E6A87D4D025BEA34B4CB69DD4EA5606FAFDC5DD7D3CD4A566901CC96A7E9F9160072CB1C18CDBD510A199529FD09123D00F32ADD0B6
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_HAMT_H..#define Py_INTERNAL_HAMT_H....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../*..HAMT tree is shaped by hashes of keys. Every group of 5 bits of a hash denotes..the exact position of the key in one level of the tree. Since we're using..32 bit hashes, we can have at most 7 such levels. Although if there are..two distinct keys with equal hashes, they will have to occupy the same..cell in the 7th level of the tree -- so we'd put them in a "collision" node...Which brings the total possible tree depth to 8. Read more about the actual..layout of the HAMT tree in `hamt.c`.....This constant is used to define a datastucture for storing iteration state...*/..#define _Py_HAMT_MAX_TREE_DEPTH 8......extern PyTypeObject _PyHamt_Type;..extern PyTypeObject _PyHamt_ArrayNode_Type;..extern PyTypeObject _PyHamt_BitmapNode_Type;..extern PyTypeObject _PyHamt_CollisionNode_Type;..extern PyTypeObject _PyHamtKeys_Type;..extern PyTypeObject

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_hashtable.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4435
                                          Entropy (8bit):4.898908506879194
                                          Encrypted:false
                                          SSDEEP:96:xx+ctdv7PndGKOzq8vKJ8sZCm9nxzyshVtlGTMYD/gJvBgBdDK:xcc3Tku0KO3m9nxTfz+jEJad2
                                          MD5:F7AF9F616C919E08AA9EE14F8971357E
                                          SHA1:24EAAE5CF371F702109A90CC0D40772F2486BA79
                                          SHA-256:5E2B5ED21CE78AB482FE64135530A137084563FF8656E86B4DC7B3167F97ACCB
                                          SHA-512:8447C1FE1A13A34B26374BD4B9E928AF3DCDE42C6CD007A7E38176E211929102C614ACFEA36BE472C0FD764B6F368FF63FE3D8A08D9D7C6FAE0AB6C2C9A88690
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_HASHTABLE_H..#define Py_INTERNAL_HASHTABLE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* Single linked list */....typedef struct _Py_slist_item_s {.. struct _Py_slist_item_s *next;..} _Py_slist_item_t;....typedef struct {.. _Py_slist_item_t *head;..} _Py_slist_t;....#define _Py_SLIST_ITEM_NEXT(ITEM) _Py_RVALUE(((_Py_slist_item_t *)(ITEM))->next)....#define _Py_SLIST_HEAD(SLIST) _Py_RVALUE(((_Py_slist_t *)(SLIST))->head)....../* _Py_hashtable: table entry */....typedef struct {.. /* used by _Py_hashtable_t.buckets to link entries */.. _Py_slist_item_t _Py_slist_item;.... Py_uhash_t key_hash;.. void *key;.. void *value;..} _Py_hashtable_entry_t;....../* _Py_hashtable: prototypes */..../* Forward declaration */..struct _Py_hashtable_t;..typedef struct _Py_hashtable_t _Py_hashtable_t;....typedef Py_uhash_t (*_Py_hashtable_hash_func) (const void *key);..typedef

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_import.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6541
                                          Entropy (8bit):4.926282306813162
                                          Encrypted:false
                                          SSDEEP:96:G7760+lIcau65Jd11hB+yPrB+bIUHIFaxC/Z5dUf+7kV9fpMl:U60+2cauMJdXh7PrB+VHzAzdUf+fl
                                          MD5:4E269BD4C1E1B16DD29E89019386C735
                                          SHA1:F006CB75EC91036A265EAD9AF11E5AFDDD8D86E3
                                          SHA-256:E75C974FD3BAAC69DCE401ADDB733BF39AB222BE384C46B3C8C65BC7EE611B24
                                          SHA-512:1E765BB6FECB1622A14282CC81478CF5079E2A15CEA20EBFEF7369754798405C776D63A04D5D6C97ED7194EADB446FDD65A5BE2B7B63D3F963B03F2CA87AB7C9
                                          Malicious:false
                                          Preview:#ifndef Py_LIMITED_API..#ifndef Py_INTERNAL_IMPORT_H..#define Py_INTERNAL_IMPORT_H..#ifdef __cplusplus..extern "C" {..#endif....#include "pycore_hashtable.h" // _Py_hashtable_t..#include "pycore_time.h" // _PyTime_t......struct _import_runtime_state {.. /* The builtin modules (defined in config.c). */.. struct _inittab *inittab;.. /* The most recent value assigned to a PyModuleDef.m_base.m_index... This is incremented each time PyModuleDef_Init() is called,.. which is just about every time an extension module is imported... See PyInterpreterState.modules_by_index for more info. */.. Py_ssize_t last_module_index;.. struct {.. /* A lock to guard the cache. */.. PyThread_type_lock mutex;.. /* The actual cache of (filename, name, PyModuleDef) for modules... Only legacy (single-phase init) extension modules are added.. and only if they support multiple initialization (m_size >- 0).. or are impor

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_initconfig.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5885
                                          Entropy (8bit):5.18248172061452
                                          Encrypted:false
                                          SSDEEP:96:Vx+7jKS2GxGKjEZ6Hk5dyn/eWv/9N/mKrht6vum+x9Gt+0QH9WE7jgMDPTa5:Vcb2GYKjEZp5GtJeWBntWEvpP25
                                          MD5:7AAB32ED126C933B99E6073EF275C357
                                          SHA1:43E0862545D79415167131A32CE2F4A33AD269CE
                                          SHA-256:0E232A772E7A1C71DF2738860666DAB4203BE95E2B0279835D41FFD3F88399F4
                                          SHA-512:03EF7B8251A870ECAF8973B13FD4AFE566AE14A358167CFF17C3C8A692E0DE642AE062C38F15DA80F8AB036BAB9C0FFC94B0EFA78F1BE739404A4FBFFA58E5D0
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_CORECONFIG_H..#define Py_INTERNAL_CORECONFIG_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* Forward declaration */..struct pyruntimestate;..../* --- PyStatus ----------------------------------------------- */..../* Almost all errors causing Python initialization to fail */..#ifdef _MSC_VER.. /* Visual Studio 2015 doesn't implement C99 __func__ in C */..# define _PyStatus_GET_FUNC() __FUNCTION__..#else..# define _PyStatus_GET_FUNC() __func__..#endif....#define _PyStatus_OK() \.. (PyStatus){._type = _PyStatus_TYPE_OK,}.. /* other fields are set to 0 */..#define _PyStatus_ERR(ERR_MSG) \.. (PyStatus){ \.. ._type = _PyStatus_TYPE_ERROR, \.. .func = _PyStatus_GET_FUNC(), \.. .err_msg = (ERR_MSG)}.. /* other fields are set to 0 */..#define _PyStatus_NO_MEMORY() _PyStatus_ERR("memory allocation failed")..#define _PyStatus_EXIT(EXITCODE) \.. (

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_instruments.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3104
                                          Entropy (8bit):5.29845566401929
                                          Encrypted:false
                                          SSDEEP:96:Hu2DonqiCK94NeJsyNsq+J0UxiEUYL7GtoG/GT6m0sopo6J0nl0D0Q0ftv:HuC7GWVF8nJsl6vKv
                                          MD5:D11C1DA3D33E1A3BB0C2EC87D4A9986A
                                          SHA1:024FE8ADD7F209CB31E69AACA8FFDAE8548C6AE6
                                          SHA-256:C480AE0CF7ACC08EC61062835C8FFF2C3CEBBE4C684F736263363DA7E458710F
                                          SHA-512:2F9DED2EBB1A52E2DBAC8DE622670BD74ABB5AFD96A8BA5148F914E4F64EF4005B1A63CEE842DA509F7AC3FBE5123E397EC8D0562B7A1DF949640922EF76CB68
                                          Malicious:false
                                          Preview:..#ifndef Py_INTERNAL_INSTRUMENT_H..#define Py_INTERNAL_INSTRUMENT_H......#include "pycore_bitutils.h" // _Py_popcount32..#include "pycore_frame.h"....#include "cpython/code.h"....#ifdef __cplusplus..extern "C" {..#endif....#define PY_MONITORING_TOOL_IDS 8..../* Local events... * These require bytecode instrumentation */....#define PY_MONITORING_EVENT_PY_START 0..#define PY_MONITORING_EVENT_PY_RESUME 1..#define PY_MONITORING_EVENT_PY_RETURN 2..#define PY_MONITORING_EVENT_PY_YIELD 3..#define PY_MONITORING_EVENT_CALL 4..#define PY_MONITORING_EVENT_LINE 5..#define PY_MONITORING_EVENT_INSTRUCTION 6..#define PY_MONITORING_EVENT_JUMP 7..#define PY_MONITORING_EVENT_BRANCH 8..#define PY_MONITORING_EVENT_STOP_ITERATION 9....#define PY_MONITORING_IS_INSTRUMENTED_EVENT(ev) \.. ((ev) < _PY_MONITORING_LOCAL_EVENTS)..../* Other events, mainly exceptions */....#define PY_MONITORING_EVENT_RAISE 10..#define PY_MONITORING_EVENT_EXCEPTION_HANDLED 11..#define PY_MONITORING_EVENT_PY_UNWIND 12..#def

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_interp.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9361
                                          Entropy (8bit):4.868871673172092
                                          Encrypted:false
                                          SSDEEP:96:Vx+nUzlHlFNYX56GmLXBCbFdW5e6SUmI+LIJ4m4ACUQzLVXFLFYe64TDXXAqhe2G:VcevFuj3CmlIKECV6yXwmefP
                                          MD5:DA037A99F9C8C76B33DCF77149652048
                                          SHA1:B759656C996A31FF1EBE2B6D4D1A846ABE228059
                                          SHA-256:1B6FCF9465D26CC541905B9385C65B08DD04B92A20B2D49311A5194E73CCEEBE
                                          SHA-512:F4B831F50B8EE00308BF00DF97136B22E26D4050C5606B0D43393B4C80957A9642AF724915C5FB762A30452EAD9E76574AA582CF198A7D555A55FAA63D013DEE
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_INTERP_H..#define Py_INTERNAL_INTERP_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include <stdbool.h>....#include "pycore_ast_state.h" // struct ast_state..#include "pycore_atexit.h" // struct atexit_state..#include "pycore_atomic.h" // _Py_atomic_address..#include "pycore_ceval_state.h" // struct _ceval_state..#include "pycore_code.h" // struct callable_cache..#include "pycore_context.h" // struct _Py_context_state..#include "pycore_dict_state.h" // struct _Py_dict_state..#include "pycore_dtoa.h" // struct _dtoa_state..#include "pycore_exceptions.h" // struct _Py_exc_state..#include "pycore_floatobject.h" // struct _Py_float_state..#include "pycore_function.h" // FUNC_MAX_WATCHERS..#include "pycore_genobject.h" // struct _Py_async_gen_state..#include "pycore_gc.h" // struct _gc_runtime_state..#include "pyc

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_intrinsics.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1429
                                          Entropy (8bit):4.687796507098304
                                          Encrypted:false
                                          SSDEEP:12:jaCjr/yPMEXG/+/k6/XXZkjQHS2AMfjoZ8ATWodXHehogHPMEolAcvocoa8XYBnk:uMgR/+uor7NgmaPBPiy8Tc8TJLmwU0o
                                          MD5:05D14B4C1BA08C46C293AE2FED93C163
                                          SHA1:21DC1F666D129B0B928508F313E7040ECD81BDE5
                                          SHA-256:AE37A5B354F7095315B90D9D6532D87E330057CA015EA6A5630AE2E216B82E11
                                          SHA-512:E2F5744FC2D53018D746E462E48C574984CECE82892C8A68EF43BFAF9048DE7B9C7B801A065754EC5C7D0882D6469A5AD3904CBED7F2A188E939A2F7E339790D
                                          Malicious:false
                                          Preview:// Auto-generated by Tools/build/generate_opcode_h.py from Lib/opcode.py..../* Unary Functions: */..#define INTRINSIC_1_INVALID 0..#define INTRINSIC_PRINT 1..#define INTRINSIC_IMPORT_STAR 2..#define INTRINSIC_STOPITERATION_ERROR 3..#define INTRINSIC_ASYNC_GEN_WRAP 4..#define INTRINSIC_UNARY_POSITIVE 5..#define INTRINSIC_LIST_TO_TUPLE 6..#define INTRINSIC_TYPEVAR 7..#define INTRINSIC_PARAMSPEC 8..#define INTRINSIC_TYPEVARTUPLE 9..#define INTRINSIC_SUBSCRIPT_GENERIC 10..#define INTRINSIC_TYPEALIAS 11....#define MAX_INTRINSIC_1 11....../* Binary Functions: */..#define INTRINSIC_2_INVALID 0..#define INTRINSIC_PREP_RERAISE_STAR 1..#define INTRINSIC_TYPEVAR_WITH_BOUND 2..#define INTRINSIC_TYPEVAR_WITH_CONSTR

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_list.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2063
                                          Entropy (8bit):5.128638787773507
                                          Encrypted:false
                                          SSDEEP:48:gPGxba6WMR5Z3v/FtjobhRP4sn0PbJMyeRq:Zx+6NHFtj+hRP4sn0PbJMxc
                                          MD5:FA444444D9419C6BD88F86B364756EB0
                                          SHA1:1C1BB2A3F3EAD65796E808B4CEF0D5CF7EA289F7
                                          SHA-256:8880829F9C9304D6A4AD4A4BA953BDDC32D80FBAAA9D3B3C8B08EC30647B4CF5
                                          SHA-512:AA7F4F17A0E06F048F3C14977F93E81B686D5BAFA01DE8135AC8687B35B8387DAA4B4C3FF8275D6C9D2B265429DC008EC7173DEC5E9C10FF9EAF516B2D042737
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_LIST_H..#define Py_INTERNAL_LIST_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "listobject.h" // _PyList_CAST()....../* runtime lifecycle */....extern void _PyList_Fini(PyInterpreterState *);....../* other API */....#ifndef WITH_FREELISTS..// without freelists..# define PyList_MAXFREELIST 0..#endif..../* Empty list reuse scheme to save calls to malloc and free */..#ifndef PyList_MAXFREELIST..# define PyList_MAXFREELIST 80..#endif....struct _Py_list_state {..#if PyList_MAXFREELIST > 0.. PyListObject *free_list[PyList_MAXFREELIST];.. int numfree;..#endif..};....#define _PyList_ITEMS(op) _Py_RVALUE(_PyList_CAST(op)->ob_item)....extern int.._PyList_AppendTakeRefListResize(PyListObject *self, PyObject *newitem);....static inline int.._PyList_AppendTakeRef(PyListObject *self, PyObject *newitem)..{.. assert(self != NULL && newitem != NULL);.. assert(PyLi

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_long.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8063
                                          Entropy (8bit):5.400816969435063
                                          Encrypted:false
                                          SSDEEP:192:BcIP8y5htA3q0/3P5pxQvfQKk9dmtcbPrY5LGNVxZ6t:pl5DA3qqP5DQIQMVY
                                          MD5:25CBB2FCBC526BEC19FE38E4511343E3
                                          SHA1:3A802FBC30363B6BAD5D239C9D2AB3006C51662F
                                          SHA-256:9067AFA2CA0CE6A989EEA17AA6B72DFBE157148725190E7907D88199F4374A45
                                          SHA-512:BE6E22831A03712EEF49A21BDDE4B12B4F363F8A00FAA47C6E8CDB631BF28C760ABCF1CC52A38D1991C28DECC628E63E9703984D1B14577DEF37A1AAE082D74B
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_LONG_H..#define Py_INTERNAL_LONG_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_global_objects.h" // _PY_NSMALLNEGINTS..#include "pycore_runtime.h" // _PyRuntime..../*.. * Default int base conversion size limitation: Denial of Service prevention... *.. * Chosen such that this isn't wildly slow on modern hardware and so that.. * everyone's existing deployed numpy test suite passes before.. * https://github.com/numpy/numpy/issues/22098 is widely available... *.. * $ python -m timeit -s 's = "1"*4300' 'int(s)'.. * 2000 loops, best of 5: 125 usec per loop.. * $ python -m timeit -s 's = "1"*4300; v = int(s)' 'str(v)'.. * 1000 loops, best of 5: 311 usec per loop.. * (zen2 cloud VM).. *.. * 4300 decimal digits fits a ~14284 bit number... */..#define _PY_LONG_DEFAULT_MAX_STR_DIGITS 4300../*.. * Threshold for max digits check. For performance reasons int() and.. *

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_memoryobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):401
                                          Entropy (8bit):5.164057155044281
                                          Encrypted:false
                                          SSDEEP:6:B6gOg2Q0jgOgmjQ6z4rMa5H/HQUZnaQGIvGeC3Ka1bzJuDzkGXEGXxov0jQ6dnn+:B6ppLpr4r3Z/HQUZaQGIEFz0PEAxLnpk
                                          MD5:07F9EBD5FCD93D7CC1FFD28115729A84
                                          SHA1:E01A226204E638EF64A37A926D9990749A92F01E
                                          SHA-256:DF19377F51FE67281CF38D9AF9DF83A7AD0F7BB2379E7ABF763ADDB1EDAB0884
                                          SHA-512:1445FCE3086B5CD2E00EA6E0D1298987DC41266ADF84DE9CD5E9DD072D650AD5215DBECC935AD9A9B2C626D205153E8C062D45A22E3DB4D3D6FB046281919F1D
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_MEMORYOBJECT_H..#define Py_INTERNAL_MEMORYOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....PyObject *.._PyMemoryView_FromBufferProc(PyObject *v, int flags,.. getbufferproc bufferproc);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_MEMORYOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_moduleobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1237
                                          Entropy (8bit):5.149896015502378
                                          Encrypted:false
                                          SSDEEP:24:g+JL+YxwUZaG+xPtbv2wJhDGEijhDGGdJZ6vpkuwTzwMn+E:gUdxbaB9DJhvehbJEazXd
                                          MD5:E358B137E5D1633BA76252E7F4112C7E
                                          SHA1:2ABB37D01A2E331733BAAEA10B0F90F5B88A350D
                                          SHA-256:802ACE0436705813FDDC5A4DBCEEE466D6EF81B21AD82C4331FD637B1A9D6278
                                          SHA-512:F6C9738EF263A31E39E887DD2823B8831B11EBF2DEB6EBB685CEF5E17B429B7FFA5E2F39501A43E656749DE61030C0119D3D6345524A3B6FC88C52B809B1E759
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_MODULEOBJECT_H..#define Py_INTERNAL_MODULEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....typedef struct {.. PyObject_HEAD.. PyObject *md_dict;.. PyModuleDef *md_def;.. void *md_state;.. PyObject *md_weaklist;.. // for logging purposes after md_dict is cleared.. PyObject *md_name;..} PyModuleObject;....static inline PyModuleDef* _PyModule_GetDef(PyObject *mod) {.. assert(PyModule_Check(mod));.. return ((PyModuleObject *)mod)->md_def;..}....static inline void* _PyModule_GetState(PyObject* mod) {.. assert(PyModule_Check(mod));.. return ((PyModuleObject *)mod)->md_state;..}....static inline PyObject* _PyModule_GetDict(PyObject *mod) {.. assert(PyModule_Check(mod));.. PyObject *dict = ((PyModuleObject *)mod) -> md_dict;.. // _PyModule_GetDict(mod) must not be used after calling module_clear(mod).. assert(dict != NULL);.. return dic

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_namespace.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):412
                                          Entropy (8bit):5.228991104819668
                                          Encrypted:false
                                          SSDEEP:12:jcVvWuv/r6YRHLYRR4r3Z/HQUZaQGI+enfEeBLzYRn:YVvmEHLE6xwUZaG+sEEEn
                                          MD5:B40376AC3D9038E8B70D4BCD22BE5442
                                          SHA1:4F6B8114995D78002C9E9AC3EBCC19CCA12160BE
                                          SHA-256:BAF192C63B21A85248DD57A16096919451AB2E102A8176E1B22F72B417E8E011
                                          SHA-512:680F54E6E69BF14E928F591ED0C99D787DDF33AA8E519D00CD019A11BBC0F63FCB485AED503EC7BB99936AB09C52116AD8717A9D1C10510628675CE750D20CF0
                                          Malicious:false
                                          Preview:// Simple namespace object interface....#ifndef Py_INTERNAL_NAMESPACE_H..#define Py_INTERNAL_NAMESPACE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....PyAPI_DATA(PyTypeObject) _PyNamespace_Type;....PyAPI_FUNC(PyObject *) _PyNamespace_New(PyObject *kwds);....#ifdef __cplusplus..}..#endif..#endif // !Py_INTERNAL_NAMESPACE_H..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_object.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):14872
                                          Entropy (8bit):5.166403904122217
                                          Encrypted:false
                                          SSDEEP:192:JcONbDUj7qfJigf+94u8qamAbE2VFAbxkIfZnDWShoi5crLsIuh1C5R/yjS2HgfB:dDUvqfJigfsNjadbEOWbZ5d5rM/76c1J
                                          MD5:A71623C2FA40882955B3506AA7A3EB23
                                          SHA1:1CE16CB89C1EFD14C5E96E21DB5FA1F86D55C70F
                                          SHA-256:2D6E79E193B1F6FB28952C6B6E262C2A0F132F9432F6D9DA662F3C31FD05C252
                                          SHA-512:6E10A62E6604EB1D6383601FB425E6B8EF1F0376E2F35930B6897807780572ECF510AE8875550B4428D15A8131F99084A4010AA3013084374B5830E6B1ECC610
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_OBJECT_H..#define Py_INTERNAL_OBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include <stdbool.h>..#include "pycore_gc.h" // _PyObject_GC_IS_TRACKED()..#include "pycore_interp.h" // PyInterpreterState.gc..#include "pycore_pystate.h" // _PyInterpreterState_GET()..#include "pycore_runtime.h" // _PyRuntime..../* We need to maintain an internal copy of Py{Var}Object_HEAD_INIT to avoid.. designated initializer conflicts in C++20. If we use the deinition in.. object.h, we will be mixing designated and non-designated initializers in.. pycore objects which is forbiddent in C++20. However, if we then use.. designated initializers in object.h then Extensions without designated break... Furthermore, we can't use designated initializers in Extensions since these.. are not supported pre-C++20. Thus, keeping an internal copy here is the most..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_object_state.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):773
                                          Entropy (8bit):5.093754970228738
                                          Encrypted:false
                                          SSDEEP:12:B6EPfLEPJ4r3Z/HQUZaQGIY+pgeTA3+9e62K/76QrdXvZVu1XyGx/0knEsD:gOLbxwUZaGvpgG9T2InXvZVuAGx/bnPD
                                          MD5:4BD9890E459D3FA15FD5EDAA81D21348
                                          SHA1:B937B0CBAC3E2606938A87E09840891EB153AC93
                                          SHA-256:53ABD5B87F87DB23473394D9B56F82BFC20F959D074B5C90000C1F86ADFFE344
                                          SHA-512:081347722A2C9D16DED49BCEDDCA8CAC62D5A2CD3631A6720594C96F41F75F3AD826BEABC1754926A1EA2FD78FF08052A7415F6382A6A2ADDC591DD9239AC5DA
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_OBJECT_STATE_H..#define Py_INTERNAL_OBJECT_STATE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....struct _py_object_runtime_state {..#ifdef Py_REF_DEBUG.. Py_ssize_t interpreter_leaks;..#endif.. int _not_used;..};....struct _py_object_state {..#ifdef Py_REF_DEBUG.. Py_ssize_t reftotal;..#endif..#ifdef Py_TRACE_REFS.. /* Head of circular doubly-linked list of all objects. These are linked.. * together via the _ob_prev and _ob_next members of a PyObject, which.. * exist only in a Py_TRACE_REFS build... */.. PyObject refchain;..#endif.. int _not_used;..};......#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_OBJECT_STATE_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_obmalloc.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):27984
                                          Entropy (8bit):5.021780449941066
                                          Encrypted:false
                                          SSDEEP:384:RCguypKuqn4PJMuHN/N+MOs244roalG5mH0/1S/VDf82LSY5:RCEpKuWKJMuHDw/NPGIH0/1MVDfZLSY5
                                          MD5:CDA7A5C58F771FDFBD3F87EBA3D8B867
                                          SHA1:7DBFBC68B689C6F113F7FDFC4EF6E5D3690176CA
                                          SHA-256:7721EC80ABC9B3961021FD50CD8BF07507A494FDB731FBDD246BCA2F36AD2EFC
                                          SHA-512:88755920BBE84452B69CEC0CED2B7B97F56CBE136CED408B1CADBABD4C245E32A0A99674488737E7D97062D9F2A0D602AC00EF6C0BCCFB5A6A7FB4CB9629536C
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_OBMALLOC_H..#define Py_INTERNAL_OBMALLOC_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......typedef unsigned int pymem_uint; /* assuming >= 16 bits */....#undef uint..#define uint pymem_uint....../* An object allocator for Python..... Here is an introduction to the layers of the Python memory architecture,.. showing where the object allocator is actually used (layer +2), It is.. called for every object allocation and deallocation (PyObject_New/Del),.. unless the object-specific allocators implement a proprietary allocation.. scheme (ex.: ints use a simple free list). This is also the place where.. the cyclic garbage collector operates selectively on container objects....... Object-specific allocators.. _____ ______ ______ ________.. [ int ] [ dict ] [ list ] ... [ string ] Python core |..+3 | <----- Object-specific memory -----> | <-- No

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_obmalloc_init.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2158
                                          Entropy (8bit):5.230419609308527
                                          Encrypted:false
                                          SSDEEP:24:gB3LBKxwUZaGwtLBKd/gpJyhuWbzaVhov+RGPVhNRNovN3NbUNFNN059Lv7uvX+X:gFIxbalLB4/gpJIVSLXWvUh
                                          MD5:62E77A574918E4967CAE812C4E3A593D
                                          SHA1:4BFA4F2746A77C2EC2B81A74384A11D8FFAA173A
                                          SHA-256:DA1381021C39A84FC45DE052692857170E35E3CBC0B2DAC4EB236AEDC62C3981
                                          SHA-512:ECEFCE6512E323EEFB67D7970F4620397F339D1CE6F5EEC2642A6318E224C4FBBCF864F0095CFD27EF46A0E900F17C00FD4CD3E03C45285A8778A16AED7CEA29
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_OBMALLOC_INIT_H..#define Py_INTERNAL_OBMALLOC_INIT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../****************************************************/../* the default object allocator's state initializer */....#define PTA(pools, x) \.. ((poolp )((uint8_t *)&(pools.used[2*(x)]) - 2*sizeof(pymem_block *)))..#define PT(p, x) PTA(p, x), PTA(p, x)....#define PT_8(p, start) \.. PT(p, start), \.. PT(p, start+1), \.. PT(p, start+2), \.. PT(p, start+3), \.. PT(p, start+4), \.. PT(p, start+5), \.. PT(p, start+6), \.. PT(p, start+7)....#if NB_SMALL_SIZE_CLASSES <= 8..# define _obmalloc_pools_INIT(p) \.. { PT_8(p, 0) }..#elif NB_SMALL_SIZE_CLASSES <= 16..# define _obmalloc_pools_INIT(p) \.. { PT_8(p, 0), PT_8(p, 8) }..#elif NB_SMALL_SIZE_CLASSES <= 24..# define _obmalloc_pools_INIT(p) \.. { PT_8(p, 0), PT_8(p, 8), PT_8(p, 16) }..#elif NB_SMALL_SIZE

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_opcode.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):20668
                                          Entropy (8bit):4.927444956384423
                                          Encrypted:false
                                          SSDEEP:384:UMBbTB9xKtZuzj1L7nH9cx8LS0+fNzLQZBbxpeEtCx96FZls5bB4Z:1BbTB9XL7nH9cuAfNzLQnxpjFsP4Z
                                          MD5:5C8DF4014D6279F2CB759696807274A7
                                          SHA1:F9E45CBF9C12D16448992196A2A908B5CC135201
                                          SHA-256:309227C639025BDB3F5D8C912E4CEC0A980D05D3DEB9C6C7DE4C295EEFC0AE09
                                          SHA-512:A85F65FC4BBF485398BA8A108DE7102ABF0F2877C436E431011BE47E01E8A1E3D42685978DCC7632EA895723314E684CAC5D850CD2B6AF05A52C3ABA541CC0FB
                                          Malicious:false
                                          Preview:// Auto-generated by Tools/build/generate_opcode_h.py from Lib/opcode.py....#ifndef Py_INTERNAL_OPCODE_H..#define Py_INTERNAL_OPCODE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "opcode.h"....extern const uint32_t _PyOpcode_Jump[9];....extern const uint8_t _PyOpcode_Caches[256];....extern const uint8_t _PyOpcode_Deopt[256];....#ifdef NEED_OPCODE_TABLES..const uint32_t _PyOpcode_Jump[9] = {.. 0U,.. 0U,.. 536870912U,.. 135020544U,.. 4163U,.. 0U,.. 0U,.. 0U,.. 48U,..};....const uint8_t _PyOpcode_Caches[256] = {.. [BINARY_SUBSCR] = 1,.. [STORE_SUBSCR] = 1,.. [UNPACK_SEQUENCE] = 1,.. [FOR_ITER] = 1,.. [STORE_ATTR] = 4,.. [LOAD_ATTR] = 9,.. [COMPARE_OP] = 1,.. [LOAD_GLOBAL] = 4,.. [BINARY_OP] = 1,.. [SEND] = 1,.. [LOAD_SUPER_ATTR] = 1,.. [CALL] = 3,..};....const uint8_t _PyOpcode_Deopt[256] = {.. [BEFORE_ASYNC_WITH] = BEFORE_ASYNC

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_opcode_utils.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2778
                                          Entropy (8bit):5.178298482662185
                                          Encrypted:false
                                          SSDEEP:48:gkckVxbaJ3rlPDU8v7H47HRNhv7HPXpmw8uu7rfqrkV:TvVx+JbymC5PZmjvV
                                          MD5:D8D1B42499CF5D61B530F30610B4372E
                                          SHA1:A372F7CB8DB23628AE6014D4609C460DADC85A2A
                                          SHA-256:D6B2501DA85571202C5748DFB0C7B42AA90AD53C7A2F81827D8208D29F5958F9
                                          SHA-512:66F8BDB2E9268EBE9F99E50D9CBB73584ED89885C87FCB9CD69710C176FF2FA03B5D27E27387EA891E8DE5DE00850ED048DD3933B18808884C679CFDC275C2E1
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_OPCODE_UTILS_H..#define Py_INTERNAL_OPCODE_UTILS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_opcode.h" // _PyOpcode_Jump......#define MAX_REAL_OPCODE 254....#define IS_WITHIN_OPCODE_RANGE(opcode) \.. (((opcode) >= 0 && (opcode) <= MAX_REAL_OPCODE) || \.. IS_PSEUDO_OPCODE(opcode))....#define IS_JUMP_OPCODE(opcode) \.. is_bit_set_in_table(_PyOpcode_Jump, opcode)....#define IS_BLOCK_PUSH_OPCODE(opcode) \.. ((opcode) == SETUP_FINALLY || \.. (opcode) == SETUP_WITH || \.. (opcode) == SETUP_CLEANUP)....#define HAS_TARGET(opcode) \.. (IS_JUMP_OPCODE(opcode) || IS_BLOCK_PUSH_OPCODE(opcode))..../* opcodes that must be last in the basicblock */..#define IS_TERMINATOR_OPCODE(opcode) \.. (IS_JUMP_OPCODE(opcode) || IS_SCOPE_EXIT_OPCODE(opcode))..../* opcodes which are not emitted in codegen stage, only by the

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_parser.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1424
                                          Entropy (8bit):4.990061179996831
                                          Encrypted:false
                                          SSDEEP:24:gMLVxwUZaG3bHhb72bxPsY9gc6EdF5Lrp/qkAgI4n14RpDJHqvnV:gcVxbaMmPsYJ6ogD7GSRpD8fV
                                          MD5:92680D76EE8FEFCE5D15CDC9EE460715
                                          SHA1:CA71B0E6D4A74B54EC3F78F3DD0ACDF151DEF667
                                          SHA-256:80CE6400C4B780FAF60B3D0C276A44ED97A29772B6143D15BEAEABC90325BC90
                                          SHA-512:BE9B113A8AC5004D143D89F058CEF212D042F60A3E1B066A8FD5D5119573A1A7B3E8FDE9EFA78CF496A2A5B97DF2044BF591CAABB7BF0B6BFABF92B136AB2956
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PARSER_H..#define Py_INTERNAL_PARSER_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......#include "pycore_ast.h" // struct _expr..#include "pycore_global_strings.h" // _Py_DECLARE_STR()..#include "pycore_pyarena.h" // PyArena......#ifdef Py_DEBUG..#define _PYPEGEN_NSTATISTICS 2000..#endif....struct _parser_runtime_state {..#ifdef Py_DEBUG.. long memo_statistics[_PYPEGEN_NSTATISTICS];..#else.. int _not_used;..#endif.. struct _expr dummy_name;..};...._Py_DECLARE_STR(empty, "")..#define _parser_runtime_state_INIT \.. { \.. .dummy_name = { \.. .kind = Name_kind, \.. .v.Name.id = &_Py_STR(empty), \.. .v.Name.ctx = Load, \.. .lineno = 1, \.. .col_offset = 0, \.. .end_lineno = 1, \.. .end_col_offset = 0, \.. }, \.. }....extern struct _mod* _PyParser_ASTFromString(..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pathconfig.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):630
                                          Entropy (8bit):5.302933373107816
                                          Encrypted:false
                                          SSDEEP:12:B60THL0TR4r3Z/HQUZaQGI5OvmQgbArmhEmArml5AAMmtaRE9YOJmuEv8n06:g0LL02xwUZaGovmcrmS3rmlezmtaREiG
                                          MD5:BE825814CC794CB6D8720D67BBD204E6
                                          SHA1:0CF19CDF3A0FDF47BD1F7E041770AABE5CF023AB
                                          SHA-256:7D1F56DE591AA1DD4096F697D6CA8BB15EF3F74C4813779629B923BD584EFAD4
                                          SHA-512:2764DBF976A12B4D94C664327CA7B80F0361CE6B4CF970FB9022362469906E7FD763B8E614C0835173992D8A297D5B216FC206E00E85735FBF408BFD133100DF
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PATHCONFIG_H..#define Py_INTERNAL_PATHCONFIG_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....PyAPI_FUNC(void) _PyPathConfig_ClearGlobal(void);..extern PyStatus _PyPathConfig_ReadGlobal(PyConfig *config);..extern PyStatus _PyPathConfig_UpdateGlobal(const PyConfig *config);..extern const wchar_t * _PyPathConfig_GetGlobalModuleSearchPath(void);....extern int _PyPathConfig_ComputeSysPath0(.. const PyWideStringList *argv,.. PyObject **path0);......#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_PATHCONFIG_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pyarena.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2797
                                          Entropy (8bit):4.915857699766388
                                          Encrypted:false
                                          SSDEEP:48:34tDixbaBaXEGuJMTohTPnXj5wlJ3gxnAHKaN3WNZyBvjTZmAjFmISH5PkfzYl92:34wx+2RuJMT0TPnXj5wlxtKuWKB7ksPX
                                          MD5:47EDC5FF2506B956BE8D5BFD0A3C1581
                                          SHA1:6B52E1DAA62A125CA327F69A5AECC549E0B56C7F
                                          SHA-256:A43A0C6D97213D42E810454AD9D82ECC8AE899C53D26A60AAF90D31EE54FAF05
                                          SHA-512:4A30FB7FC737A7C10691855E32787638611381862AA4AA8BB69CBC2CE39C23A3AF7F74913C643C4C352C88D74595F0796D73D415713F2D634B70782EADA10A78
                                          Malicious:false
                                          Preview:/* An arena-like memory interface for the compiler... */....#ifndef Py_INTERNAL_PYARENA_H..#define Py_INTERNAL_PYARENA_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....typedef struct _arena PyArena;..../* _PyArena_New() and _PyArena_Free() create a new arena and free it,.. respectively. Once an arena has been created, it can be used.. to allocate memory via _PyArena_Malloc(). Pointers to PyObject can.. also be registered with the arena via _PyArena_AddPyObject(), and the.. arena will ensure that the PyObjects stay alive at least until.. _PyArena_Free() is called. When an arena is freed, all the memory it.. allocated is freed, the arena releases internal references to registered.. PyObject*, and none of its pointers are valid... XXX (tim) What does "none of its pointers are valid" mean? Does it.. XXX mean that pointers previously obtained via _PyArena_Malloc() are.. XXX no longer

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pyerrors.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2900
                                          Entropy (8bit):5.081591464904711
                                          Encrypted:false
                                          SSDEEP:48:gHTHyxba+df0Q8uRkKOaOVOoutvI3a5iq8pAJlJkL4JauNOTm9/q829YHYjEJjJY:ATyx+Q0/u+uVI3aMqaAJ3m4Jajm9/qXJ
                                          MD5:1D83592906D4D686617A18E8251789C1
                                          SHA1:2C1E411D605281D9EB35E760104AF4FA99F3D424
                                          SHA-256:7C1A105D56A340EBEF77827EAD9FE2B54931A005FD54A3E69E20CEDC07F3D091
                                          SHA-512:C79A98A4C27BAD11E8585A7D9E5CFD636B16B55A90BB77E349C87D812A07F60A1D8113F7437F342C526227AED5A64964F0DF4B0F6C0C02F4B4B86614F27A3D21
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PYERRORS_H..#define Py_INTERNAL_PYERRORS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* runtime lifecycle */....extern PyStatus _PyErr_InitTypes(PyInterpreterState *);..extern void _PyErr_FiniTypes(PyInterpreterState *);....../* other API */....static inline PyObject* _PyErr_Occurred(PyThreadState *tstate)..{.. assert(tstate != NULL);.. if (tstate->current_exception == NULL) {.. return NULL;.. }.. return (PyObject *)Py_TYPE(tstate->current_exception);..}....static inline void _PyErr_ClearExcState(_PyErr_StackItem *exc_state)..{.. Py_CLEAR(exc_state->exc_value);..}....PyAPI_FUNC(PyObject*) _PyErr_StackItemToExcInfoTuple(.. _PyErr_StackItem *err_info);....PyAPI_FUNC(void) _PyErr_Fetch(.. PyThreadState *tstate,.. PyObject **type,.. PyObject **value,.. PyObject **traceback);....extern PyObject *.._PyErr_GetRaisedException(PyThreadState *tstate

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pyhash.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):749
                                          Entropy (8bit):4.95208291420838
                                          Encrypted:false
                                          SSDEEP:12:B6rLWr3Z/HQUZaQGI5JgeZcThwLoCd/+Ql0O1cmAvCQFC8teabAvCQF+MFCcZ203:grL6xwUZaG5JgDTUdrGLXfkEMjZPJDz
                                          MD5:F57CB099C2C98B3B88C420D1B4D3FBC5
                                          SHA1:ABDA0365FBC37F9C81E8D14A526A5D364FB50CD8
                                          SHA-256:E2958A3E13BEF4015D2B40E9E088E0289718F9E539B221B1AE7F2ED4835FE98D
                                          SHA-512:EE62A5AA466CA65143343962A504BF1CF5107E05067887E7FCB940E12CE93D3535762321FCFC8D098B0815ABD0EA7DD742F37E32DFB4EAB0AA1EE55AC5A5C0CE
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_HASH_H..#define Py_INTERNAL_HASH_H....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......struct pyhash_runtime_state {.. struct {..#ifndef MS_WINDOWS.. int fd;.. dev_t st_dev;.. ino_t st_ino;..#else.. // This is a placeholder so the struct isn't empty on Windows... int _not_used;..#endif.. } urandom_cache;..};....#ifndef MS_WINDOWS..# define _py_urandom_cache_INIT \.. { \.. .fd = -1, \.. }..#else..# define _py_urandom_cache_INIT {0}..#endif....#define pyhash_state_INIT \.. { \.. .urandom_cache = _py_urandom_cache_INIT, \.. }......uint64_t _Py_KeyedHash(uint64_t, const char *, Py_ssize_t);......#endif // Py_INTERNAL_HASH_H..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pylifecycle.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3464
                                          Entropy (8bit):5.0722294649437725
                                          Encrypted:false
                                          SSDEEP:48:gJ0xbaNNcYeH5n/r7azvN/dr6FE2JsR5O+n6QnwTTW+vP6W08+qPpmqTtg:px+NNcYeZ/r7azvP64OI6QcTWBWJ3Dy
                                          MD5:CAA418AE86B7DD82DF56E56C8843C0DB
                                          SHA1:4BEBD7C2170826134975821C0902E2F67A5466A3
                                          SHA-256:CEB30923FF67A97ED996F0449144ACAA988D08784CDE0E4A4CBB057994B4C4FD
                                          SHA-512:DD1CF0D5638C3F60B3CA0CFA3A05614D78AB677824CCFFCB15A834A12BABEE32BC96C1074FF2E78CC65FF92421770ED61868265916035CC8F6FFC4043F489B0D
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_LIFECYCLE_H..#define Py_INTERNAL_LIFECYCLE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_runtime.h" // _PyRuntimeState..../* Forward declarations */..struct _PyArgv;..struct pyruntimestate;....extern int _Py_SetFileSystemEncoding(.. const char *encoding,.. const char *errors);..extern void _Py_ClearFileSystemEncoding(void);..extern PyStatus _PyUnicode_InitEncodings(PyThreadState *tstate);..#ifdef MS_WINDOWS..extern int _PyUnicode_EnableLegacyWindowsFSEncoding(void);..#endif....PyAPI_FUNC(void) _Py_ClearStandardStreamEncoding(void);....PyAPI_FUNC(int) _Py_IsLocaleCoercionTarget(const char *ctype_loc);..../* Various one-time initializers */....extern void _Py_InitVersion(void);..extern PyStatus _PyFaulthandler_Init(int enable);..extern PyObject * _PyBuiltin_Init(PyInterpreterState *interp);..extern PyStatus _PySys_Create(.. PyThreadState *tstate,..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pymath.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8805
                                          Entropy (8bit):4.765982094837208
                                          Encrypted:false
                                          SSDEEP:96:tx+qtG+p4gfjrGtD6UcpqOE2okalu1oIxvEwzqvqzqvUuk1voPA:tcqRpXGtD6Fpbn1Su1oIxMHtpkGPA
                                          MD5:61FE415663ADF2B4311BAC556DF06D2A
                                          SHA1:9B608178574C70EA6424BCF31ABD6F566E60558B
                                          SHA-256:42FD1528B6DF8484B7C64308F399F11C806C497EE32BF2D94E0CBF407BD7FB0D
                                          SHA-512:28B6B9223C65597CC1A0917C6E0703B4E9A699EEE4C5519D131A069DC63363724A810C1D42DAEB4690CEE3ECB4FB4FCDE656963DB154D7AFB9F3F6F9A279474F
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PYMATH_H..#define Py_INTERNAL_PYMATH_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* _Py_ADJUST_ERANGE1(x).. * _Py_ADJUST_ERANGE2(x, y).. * Set errno to 0 before calling a libm function, and invoke one of these.. * macros after, passing the function result(s) (_Py_ADJUST_ERANGE2 is useful.. * for functions returning complex results). This makes two kinds of.. * adjustments to errno: (A) If it looks like the platform libm set.. * errno=ERANGE due to underflow, clear errno. (B) If it looks like the.. * platform libm overflowed but didn't set errno, force errno to ERANGE. In.. * effect, we're trying to force a useful implementation of C89 errno.. * behavior... * Caution:.. * This isn't reliable. C99 no longer requires libm to set errno under.. * any exceptional condition, but does require +- HUGE_VAL return.. * values on overflow. A 754 box *probably* maps H

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pymem.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3138
                                          Entropy (8bit):5.134039822780308
                                          Encrypted:false
                                          SSDEEP:48:gpUxbaAaY+aN8YKTn7JZA0CpX/0bl/yWYxTwyTKlQK/Z/Z/hQK/Z/Z/wWPAA:Zx+sN7KTFbNyWYdArRR5rRRIWP9
                                          MD5:2CC48DA2C8DBE5B5F1456571D14A8AEB
                                          SHA1:891B61904BB025240F769A72B9A9C0ABC3E163AF
                                          SHA-256:EDA5669C9FFFF1CC6232EBB3F5F858A4A0045E8F4B4D09C6EF7AB057BA74DCBA
                                          SHA-512:B2FAFD90F6A891ECC1A97CD82C6FFF3A12A2FDE5D8A1FC95E7FC97D7E62FC89B8FE9C4F4F96856CE4E00980A7ABC39A48CD47B5C5AAE362ED78EB9AE5AA9397E
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PYMEM_H..#define Py_INTERNAL_PYMEM_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pymem.h" // PyMemAllocatorName......typedef struct {.. /* We tag each block with an API ID in order to tag API violations */.. char api_id;.. PyMemAllocatorEx alloc;..} debug_alloc_api_t;....struct _pymem_allocators {.. PyThread_type_lock mutex;.. struct {.. PyMemAllocatorEx raw;.. PyMemAllocatorEx mem;.. PyMemAllocatorEx obj;.. } standard;.. struct {.. debug_alloc_api_t raw;.. debug_alloc_api_t mem;.. debug_alloc_api_t obj;.. } debug;.. PyObjectArenaAllocator obj_arena;..};....../* Set the memory allocator of the specified domain to the default... Save the old allocator into *old_alloc if it's non-NULL... Return on success, or return -1 if the domain is unknown. */..PyAPI_FUNC(int) _PyMem_SetDefaultAllocator(..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pymem_init.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2739
                                          Entropy (8bit):5.304668630136815
                                          Encrypted:false
                                          SSDEEP:24:gkLtxwUZaGUbfTiocfmuydmumbmsYXLSKuYuUuMafmk0dmPwkkKBzlMmofmqdmuJ:gktxbagoOmKJZHj8XzrodFi
                                          MD5:1282EADC86D6C05371076117F7E529D0
                                          SHA1:3BB3382C02D9D7A532D90C9216F81970A56DBCC2
                                          SHA-256:BCAA175CA734A34412E8B064EABEDA357699D147C72DF6ED0A6333B3947B2A41
                                          SHA-512:8EC4E3EF46A8ACD5A0CA624CFA63B743A4886C9464F0BABA6436CB7327B672ED9B3D9ADC78C5B10025ED4BE8CF93523667C4D2F7BA6481DBF9AC008FA3D30B48
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PYMEM_INIT_H..#define Py_INTERNAL_PYMEM_INIT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_pymem.h"....../********************************/../* the allocators' initializers */....extern void * _PyMem_RawMalloc(void *, size_t);..extern void * _PyMem_RawCalloc(void *, size_t, size_t);..extern void * _PyMem_RawRealloc(void *, void *, size_t);..extern void _PyMem_RawFree(void *, void *);..#define PYRAW_ALLOC {NULL, _PyMem_RawMalloc, _PyMem_RawCalloc, _PyMem_RawRealloc, _PyMem_RawFree}....#ifdef WITH_PYMALLOC..extern void* _PyObject_Malloc(void *, size_t);..extern void* _PyObject_Calloc(void *, size_t, size_t);..extern void _PyObject_Free(void *, void *);..extern void* _PyObject_Realloc(void *, void *, size_t);..# define PYOBJ_ALLOC {NULL, _PyObject_Malloc, _PyObject_Calloc, _PyObject_Realloc, _PyObject_Free}..#else..# define PYOBJ_ALLOC PYRAW_ALLOC..#endif // WITH_

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pystate.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5162
                                          Entropy (8bit):5.032805029051689
                                          Encrypted:false
                                          SSDEEP:96:Zx+M6gR6nRGQY9UHEz3B9vRYuLTa9IKA5mAj8bGRjRMXJDU3K4S4jcKiXAbNm52J:Zc4snRGQCMEz3PvR/2mm5GRjRMJPccJg
                                          MD5:66E479281651645786C57DD3D58401E3
                                          SHA1:B3C709688E1D94F2DC721C15E2421077B517246F
                                          SHA-256:8103199535D13CDB918AD257106623B69CA94EFBA9FC23C7FB71185084A7D7F2
                                          SHA-512:57FBB9B82797F62A6371BBCFA375830B49460A59E147499A1CC5100E7D2D00F1132998B698C8D85156625CC124495923B4B08CC6CCB5D92C362325CF079C4D56
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PYSTATE_H..#define Py_INTERNAL_PYSTATE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_runtime.h" /* PyRuntimeState */....../* Check if the current thread is the main thread... Use _Py_IsMainInterpreter() to check if it's the main interpreter. */..static inline int.._Py_IsMainThread(void)..{.. unsigned long thread = PyThread_get_thread_ident();.. return (thread == _PyRuntime.main_thread);..}......static inline PyInterpreterState *.._PyInterpreterState_Main(void)..{.. return _PyRuntime.interpreters.main;..}....static inline int.._Py_IsMainInterpreter(PyInterpreterState *interp)..{.. return (interp == _PyInterpreterState_Main());..}....static inline int.._Py_IsMainInterpreterFinalizing(PyInterpreterState *interp)..{.. /* bpo-39877: Access _PyRuntime directly rather than using.. tstate->interp->runtime to support calls from Python daemon threa

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_pythread.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2156
                                          Entropy (8bit):5.205263013651963
                                          Encrypted:false
                                          SSDEEP:24:gYLJxwUZaGeht7dieQGg36wZfNNL2gtKEq7ERegbyW6+ObBynxggnUov:goJxbaTge/A6wZfL+dPNkUov
                                          MD5:38D23CD9C908A38C66A424CBACB10DF4
                                          SHA1:8852E0572DD03358BBD8C0BFF1EA87623FFB246A
                                          SHA-256:430F9915130CDEA46C7AA3C4FB14D699CF2CE0ADA1391917EBC739A2AB834128
                                          SHA-512:F7916272B5BA40E5A191C5A4950BB523F333A5D8F81C72FB010A4024471C7DFDAC51D40BD90713CB2016CBDF45E1182D9D4216EA627AC41477AD35A9D72E9700
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_PYTHREAD_H..#define Py_INTERNAL_PYTHREAD_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......#ifndef _POSIX_THREADS../* This means pthreads are not implemented in libc headers, hence the macro.. not present in unistd.h. But they still can be implemented as an external.. library (e.g. gnu pth in pthread emulation) */..# ifdef HAVE_PTHREAD_H..# include <pthread.h> /* _POSIX_THREADS */..# endif..# ifndef _POSIX_THREADS../* Check if we're running on HP-UX and _SC_THREADS is defined. If so, then.. enough of the Posix threads package is implemented to support python.. threads..... This is valid for HP-UX 11.23 running on an ia64 system. If needed, add.. a check of __ia64 to verify that we're running on an ia64 system instead.. of a pa-risc system...*/..# ifdef __hpux..# ifdef _SC_THREADS..# define _POSIX_THREADS..# endif..# endif..# endif /* _POSIX_THREADS */..#endi

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_range.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):367
                                          Entropy (8bit):5.041133257594457
                                          Encrypted:false
                                          SSDEEP:6:B6gV2AQ0jgVZjQ6z4rMa5H/HQUZnaQGIvGKDsxvR6nEtanA0y/F8fkQc020jQ6dl:B6snLsx4r3Z/HQUZaQGIRoxoEMA0CF8T
                                          MD5:246882BB9642A82A35C2D7E4EE319495
                                          SHA1:0F4519E2107B064166BA18719829AD0105E74C68
                                          SHA-256:A5EB6BA5F8698C73A2C7ED116473F70DE41373AFDB011DC9EFDC4FB4CCF9A466
                                          SHA-512:390F20F23D2539605701C0448C19E3FD927DC0B3698B6397F577434EB54AE6138679645B2ED4CB7C4A9FBB66B806141BC5B1549E71EE00E7A7DF3D43C23EEDD0
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_RANGE_H..#define Py_INTERNAL_RANGE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....typedef struct {.. PyObject_HEAD.. long start;.. long step;.. long len;..} _PyRangeIterObject;....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_RANGE_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_runtime.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8664
                                          Entropy (8bit):4.803787430933107
                                          Encrypted:false
                                          SSDEEP:96:xx+6hqPC4ToF+4+aDMyCAeigMJCmwSKCnl7gARU+MC/489GMwRLQjWRnwXbqekP:xc5ag4+SBJgStnwRLQaRnwLjkP
                                          MD5:D468A27732C545D8CB7F0EDEAB74E9B0
                                          SHA1:0886D88592034F5FD1B3F9B76ED425C2936416B8
                                          SHA-256:DA06D3A2035A1744222BC95CB2822AEA59415443C2B95E78AB18FA61327E5265
                                          SHA-512:2BD7DC092357AF39F52A6BDDD0B15A6E4A04801A82189A81CE0F903DB31FF9014ADE2F9E7FC95B64F5615CD49C1FB368432AB28B33ABD8ECF65BBE2527006B63
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_RUNTIME_H..#define Py_INTERNAL_RUNTIME_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_atexit.h" // struct atexit_runtime_state..#include "pycore_atomic.h" /* _Py_atomic_address */..#include "pycore_ceval_state.h" // struct _ceval_runtime_state..#include "pycore_floatobject.h" // struct _Py_float_runtime_state..#include "pycore_faulthandler.h" // struct _faulthandler_runtime_state..#include "pycore_global_objects.h" // struct _Py_global_objects..#include "pycore_import.h" // struct _import_runtime_state..#include "pycore_interp.h" // PyInterpreterState..#include "pycore_object_state.h" // struct _py_object_runtime_state..#include "pycore_parser.h" // struct _parser_runtime_state..#include "pycore_pymem.h" // struct _pymem_allocators..#include "pycore_pyhash.h" // struct pyhash_runtime_st

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_runtime_init.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6282
                                          Entropy (8bit):4.6274829877255454
                                          Encrypted:false
                                          SSDEEP:96:lx+KDDbKuWGbthpN387ou4QBx5fB/dPPgEMKqrC93PRidaGxspQSy:lcju7ZxGOiFHdqa2KXy
                                          MD5:ADE40EC4649E104FA69C9006A7436659
                                          SHA1:9DD57B4786A545846CBD98422E5B21720D459B8D
                                          SHA-256:DA712D16E1D76DE44A59C6BE4BE4DEED1EB04ACEEE3426288BB341370682E1D1
                                          SHA-512:6D7587203BFA25DBDE7764D63FE3815508DF6989D8A971851E1C810432290D227950B0AA16C99529F58CB30E977A89C3C86F6586A3247BD0B56A63921870177D
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_RUNTIME_INIT_H..#define Py_INTERNAL_RUNTIME_INIT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_long.h"..#include "pycore_object.h"..#include "pycore_parser.h"..#include "pycore_pymem_init.h"..#include "pycore_obmalloc_init.h"......extern PyTypeObject _PyExc_MemoryError;....../* The static initializers defined here should only be used.. in the runtime init code (in pystate.c and pylifecycle.c). */......#define _PyRuntimeState_INIT(runtime) \.. { \.. .allocators = { \.. .standard = _pymem_allocators_standard_INIT(runtime), \.. .debug = _pymem_allocators_debug_INIT, \.. .obj_arena = _pymem_allocators_obj_arena_INIT, \.. }, \.. .obmalloc = _obmalloc_global_state_INIT, \.. .pyhash_state = pyhash_state_INIT, \.. .signals = _signals_RUNTIME_INIT, \.. .interpreters = { \.. /* This

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_runtime_init_generated.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):47570
                                          Entropy (8bit):4.915963981190016
                                          Encrypted:false
                                          SSDEEP:384:UB/4lnr+PrKE0TZifMlJN40Gr8L+MuU3asDXW3ALV5KSsqv:UBQlr+y8fMlz41B3mh1v
                                          MD5:A5947495A4D6052E7AD34E8DBD4D653A
                                          SHA1:D42014C10030D58D433F58F5EDC984F999D926BC
                                          SHA-256:90B521DD38A42F6A369C08C3C7C0C407C9115D3F0BAB4229BC7753FF41EBF8CC
                                          SHA-512:AD342F891DDB76A51AD29F62A128E7606CD52F27D618DC69EB7AF70BF85D7205336326CB9E3E2079C9D9851B2BCFD153BF5768ADD68626C8C5475F50201EEA0D
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_RUNTIME_INIT_GENERATED_H..#define Py_INTERNAL_RUNTIME_INIT_GENERATED_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* The following is auto-generated by Tools/build/generate_global_objects.py. */..#define _Py_small_ints_INIT { \.. _PyLong_DIGIT_INIT(-5), \.. _PyLong_DIGIT_INIT(-4), \.. _PyLong_DIGIT_INIT(-3), \.. _PyLong_DIGIT_INIT(-2), \.. _PyLong_DIGIT_INIT(-1), \.. _PyLong_DIGIT_INIT(0), \.. _PyLong_DIGIT_INIT(1), \.. _PyLong_DIGIT_INIT(2), \.. _PyLong_DIGIT_INIT(3), \.. _PyLong_DIGIT_INIT(4), \.. _PyLong_DIGIT_INIT(5), \.. _PyLong_DIGIT_INIT(6), \.. _PyLong_DIGIT_INIT(7), \.. _PyLong_DIGIT_INIT(8), \.. _PyLong_DIGIT_INIT(9), \.. _PyLong_DIGIT_INIT(10), \.. _PyLong_DIGIT_INIT(11), \.. _PyLong_DIGIT_INIT(12), \.. _PyLong_DIGIT_INIT(13), \.. _PyLong_DIGIT_INIT(14), \.. _PyLong_DIGIT_INIT(15), \.. _PyLong_DIGIT_INI

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_signal.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2709
                                          Entropy (8bit):5.115234184490954
                                          Encrypted:false
                                          SSDEEP:48:cXexba7ecgDIrOIdWFd5dNiQ47egxW61A2Jar7X+r:Vx+icgDIrddWFd5dl47egNK2JaXQ
                                          MD5:37774AE9215DBD5D12E8A228B6CD43DC
                                          SHA1:CAD46DCD9B77DCAC5DE08EC9D375E08E5A3E8055
                                          SHA-256:E296ED1763C2F083913F7817441F214F5EE2EBF611F741A72AB90107FC5FB07B
                                          SHA-512:EC653BEB01A8BB3A59A797A5E694BF4778473C3D00D0644799B0F116C86F4F44DF9A178E366E265050E4B16ECAE9DF6B46D75735C8299C317306410672E85CEB
                                          Malicious:false
                                          Preview:// Define Py_NSIG constant for signal handling.....#ifndef Py_INTERNAL_SIGNAL_H..#define Py_INTERNAL_SIGNAL_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_atomic.h" // _Py_atomic_address....#include <signal.h> // NSIG......#ifdef _SIG_MAXSIG.. // gh-91145: On FreeBSD, <signal.h> defines NSIG as 32: it doesn't include.. // realtime signals: [SIGRTMIN,SIGRTMAX]. Use _SIG_MAXSIG instead. For.. // example on x86-64 FreeBSD 13, SIGRTMAX is 126 and _SIG_MAXSIG is 128...# define Py_NSIG _SIG_MAXSIG..#elif defined(NSIG)..# define Py_NSIG NSIG..#elif defined(_NSIG)..# define Py_NSIG _NSIG // BSD/SysV..#elif defined(_SIGMAX)..# define Py_NSIG (_SIGMAX + 1) // QNX..#elif defined(SIGMAX)..# define Py_NSIG (SIGMAX + 1) // djgpp..#else..# define Py_NSIG 64 // Use a reasonable default value..#endif....#define INVALID_FD (-1)....stru

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_sliceobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):436
                                          Entropy (8bit):5.21410391078549
                                          Encrypted:false
                                          SSDEEP:12:B6yNLyX4r3Z/HQUZaQGIPNcBOJzDKVXnyQ:ggLxxwUZaGeOxIXnx
                                          MD5:2B7F7F0F93D74E31F7313F4543F863A8
                                          SHA1:F6C5FAD34F7D9D99552198E4B36F6F39AECBA2EE
                                          SHA-256:344790E9461FEE92F52359685C00B1B8B781F0B11EE12621F6A8BED320E03965
                                          SHA-512:2E316A6367EFE4B930131A45089CD7D1276CC163178B3D882F861E7E42A5F52C68AFE2B0783341C5997DEFEEEEA92B89F4C1FFD3BCDCE62C7506DDBD37F45D91
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_SLICEOBJECT_H..#define Py_INTERNAL_SLICEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* runtime lifecycle */....extern void _PySlice_Fini(PyInterpreterState *);....extern PyObject *.._PyBuildSlice_ConsumeRefs(PyObject *start, PyObject *stop);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_SLICEOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_strhex.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):973
                                          Entropy (8bit):5.099449530775489
                                          Encrypted:false
                                          SSDEEP:24:gAqvHLAqv6xwUZaGSKUE9f2diponoMnAL:gAqvrAqv6xba0pfWieAL
                                          MD5:B05057ADE92717ACF6888B85FADECD1E
                                          SHA1:3EEBDDAF984377ACBF69E8C31ED585E773D44C97
                                          SHA-256:57EAD535E7F16A387CE14C7B4FFA1C9086A03D53EBCE25FA3C6D7AFF06413EDA
                                          SHA-512:CA1C1A78625B099330AC34543FCF81106EF0C40D5279C713AF755095AC9AB72A9D4AFF981E357A92A3400C5EA696076D037EDDD3828D24E072A71BA72B6D37F4
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_STRHEX_H..#define Py_INTERNAL_STRHEX_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....// Returns a str() containing the hex representation of argbuf...PyAPI_FUNC(PyObject*) _Py_strhex(const.. char* argbuf,.. const Py_ssize_t arglen);....// Returns a bytes() containing the ASCII hex representation of argbuf...PyAPI_FUNC(PyObject*) _Py_strhex_bytes(.. const char* argbuf,.. const Py_ssize_t arglen);....// These variants include support for a separator between every N bytes:..PyAPI_FUNC(PyObject*) _Py_strhex_with_sep(.. const char* argbuf,.. const Py_ssize_t arglen,.. PyObject* sep,.. const int bytes_per_group);..PyAPI_FUNC(PyObject*) _Py_strhex_bytes_with_sep(.. const char* argbuf,.. const Py_ssize_t arglen,.. PyObject* sep,.. const int bytes_per_group);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_STRHEX_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_structseq.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):962
                                          Entropy (8bit):4.949045563351663
                                          Encrypted:false
                                          SSDEEP:12:B6kCLkI4r3Z/HQUZaQGI3onI22gREtQ82pgJ9JWeREtQWKLNeRIMyRxngJMPUI1V:g9LUxwUZaGi2Vb794nKND/RutTnA
                                          MD5:04518F9BF5B20AE2372EB5682531C373
                                          SHA1:0BFE0FEB9C7C9307ACC4C0B4AEC706D9CF80622E
                                          SHA-256:A3DEDC26E3CCD9829E256ADE405EA71B92BA4947E39C8366D06DDFC2F9966C98
                                          SHA-512:37311C6B736897A21285BF13CB86DE0A3EA38FD2C8A3C6B1CB49A9D5A6827A14800DF2B3A168DECA33593D9F66B7DE7ED4C824D0A983FFBC880081CD9A3BD8CC
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_STRUCTSEQ_H..#define Py_INTERNAL_STRUCTSEQ_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* other API */....PyAPI_FUNC(PyTypeObject *) _PyStructSequence_NewType(.. PyStructSequence_Desc *desc,.. unsigned long tp_flags);....extern int _PyStructSequence_InitBuiltinWithFlags(.. PyInterpreterState *interp,.. PyTypeObject *type,.. PyStructSequence_Desc *desc,.. unsigned long tp_flags);....static inline int.._PyStructSequence_InitBuiltin(PyInterpreterState *interp,.. PyTypeObject *type,.. PyStructSequence_Desc *desc)..{.. return _PyStructSequence_InitBuiltinWithFlags(interp, type, desc, 0);..}....extern void _PyStructSequence_FiniBuiltin(.. PyInterpreterState *interp,.. PyTypeObject *type);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_STRUCTSEQ_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_symtable.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):7010
                                          Entropy (8bit):4.76792099134271
                                          Encrypted:false
                                          SSDEEP:192:pchurJ+eGUr4U7UD3M3YYQBV9IgwNV+pLOPsrROq:qulN4wA3VpIgwX+pLONq
                                          MD5:476E49DDCA2D212E9946BB58FC5B35D9
                                          SHA1:ECAB9ABD9EF66CB0CFAF332E0E4AF04133799733
                                          SHA-256:67F32D9488563ED4F0C1C33A236DB54F197B6E5D013C93A6FBDE599793C079F9
                                          SHA-512:1A64FB2A08076924F4C55C55C30DD675BBFC3F2664EB9CEB031F3CC123C245666A6961228436BE8672024781FE86999147F2E20C83E2651DAD109CD922B58DB2
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_SYMTABLE_H..#define Py_INTERNAL_SYMTABLE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....struct _mod; // Type defined in pycore_ast.h....typedef enum _block_type {.. FunctionBlock, ClassBlock, ModuleBlock,.. // Used for annotations if 'from __future__ import annotations' is active... // Annotation blocks cannot bind names and are not evaluated... AnnotationBlock,.. // Used for generics and type aliases. These work mostly like functions.. // (see PEP 695 for details). The three different blocks function identically;.. // they are different enum entries only so that error messages can be more.. // precise... TypeVarBoundBlock, TypeAliasBlock, TypeParamBlock..} _Py_block_ty;....typedef enum _comprehension_type {.. NoComprehension = 0,.. ListComprehension = 1,.. DictComprehension = 2,.. SetComprehension = 3,.. GeneratorExpression = 4 } _Py_co

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_sysmodule.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):763
                                          Entropy (8bit):5.124316840415001
                                          Encrypted:false
                                          SSDEEP:12:B6ELy4r3Z/HQUZaQGI5EJNvQ/BjkF/TMAMixnsf8+GEJEaJ4rnFD:gELNxwUZaGKUpidMganPlynFD
                                          MD5:5A5B1F214A5A664D37AB8B4811BA4FCA
                                          SHA1:8C596100E252CB796C6A75BF992907B42D7DDC16
                                          SHA-256:1D2C253C17453E4178747221EE27BD1A9A7B0C894ED76C7B578AEFD7EA29FD04
                                          SHA-512:E5CC4AB6607DF9D8836043C2D60F39EC86A53E9E9F8CCBD116E5EF4144E8758EEF2ACED4BEFDCE70132E848656DEE758927F7D0BDD9EF0303B5927EBD1E1BF8E
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_SYSMODULE_H..#define Py_INTERNAL_SYSMODULE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....PyAPI_FUNC(int) _PySys_Audit(.. PyThreadState *tstate,.. const char *event,.. const char *argFormat,.. ...);..../* We want minimal exposure of this function, so use extern rather than.. PyAPI_FUNC() to not export the symbol. */..extern void _PySys_ClearAuditHooks(PyThreadState *tstate);....PyAPI_FUNC(int) _PySys_SetAttr(PyObject *, PyObject *);....extern int _PySys_ClearAttrString(PyInterpreterState *interp,.. const char *name, int verbose);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_SYSMODULE_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_time.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):413
                                          Entropy (8bit):4.989171995114627
                                          Encrypted:false
                                          SSDEEP:12:B6yL44r3Z/HQUZaQGIkgelp8mAF8JQd/7LnX:gyL3xwUZaGkg88mAF8JQdPnX
                                          MD5:31C6C0E355DC0F833313063EFB9DD120
                                          SHA1:89F093CC762C38DFC0050B59251C250EECAB08B9
                                          SHA-256:5CBF892A21B2D86179BCF5D590604CCD3C9D02B90F6506F0B4291181EA00313E
                                          SHA-512:11829E2854E1A0DC01525F8D42FF25C70A6DD3F5C7043B815DFE55575A6BAD468BEB46A25413956A126849478AF32A154E6A976B1D2ED73DFA18820E9F10D223
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_TIME_H..#define Py_INTERNAL_TIME_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif......struct _time_runtime_state {..#ifdef HAVE_TIMES.. int ticks_per_second_initialized;.. long ticks_per_second;..#else.. int _not_used;..#endif..};......#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_TIME_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_token.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3158
                                          Entropy (8bit):4.707096920574035
                                          Encrypted:false
                                          SSDEEP:48:+3rA39xbaNEL3Zv0ffp1xYqwAJS1hPzbU6JwzGOZ9JBz8FokoYY0SzD3y:Jx+Nsd86aJmLbU6Gvnz8B4u
                                          MD5:EC60F2B35326B5BA51D0A6AAAFC260BE
                                          SHA1:6DFB369F50702F86FA2DDD00B447964B4111A46D
                                          SHA-256:0ADD32AE018B32BA99E24313450C488111AD3CB259F3F7C329F6B99742502BED
                                          SHA-512:392528E890B8ABA59708E181F9509DD112E9FEC6D6FE80C5038C4AB4B19FB2310E82102C6278256C220EE9D9CDDA0237C7EA7BFEEA40F3C524701E915689FC01
                                          Malicious:false
                                          Preview:/* Auto-generated by Tools/build/generate_token.py */..../* Token types */..#ifndef Py_INTERNAL_TOKEN_H..#define Py_INTERNAL_TOKEN_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#undef TILDE /* Prevent clash of our definition with system macro. Ex AIX, ioctl.h */....#define ENDMARKER 0..#define NAME 1..#define NUMBER 2..#define STRING 3..#define NEWLINE 4..#define INDENT 5..#define DEDENT 6..#define LPAR 7..#define RPAR 8..#define LSQB 9..#define RSQB 10..#define COLON 11..#define COMMA 12..#define SEMI 13..#define PLUS 14..#define MINUS 15..#define STAR 16..#define SLASH 17..#define VBAR 18..#define AMPER 19..#define LESS 20..#define GREATER 21..#define EQUAL 22..#define DO

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_traceback.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3602
                                          Entropy (8bit):4.953209956640188
                                          Encrypted:false
                                          SSDEEP:96:dx+a8BZsk83bbcBVGOjZ2LIjvwPSGJY5nMRe:dcJZsk8rbcrXYaGq5MRe
                                          MD5:E361329603A56050E7BD3610C06BC80C
                                          SHA1:5C530A26A9BF630BEDCD1C775EA267CB23098849
                                          SHA-256:9A74237545502B63F687AFF160C9858746A215B0E94903250631F3BB257842D5
                                          SHA-512:F8B1994D36069F45EDE03CB70732DE73C7BCD451C4D104A4A17E68EC47643B317292A59573A6B1BF585EF1F7FBA1B6999F4D902392C6DA530F6FB4856411A00D
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_TRACEBACK_H..#define Py_INTERNAL_TRACEBACK_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* Write the Python traceback into the file 'fd'. For example:.... Traceback (most recent call first):.. File "xxx", line xxx in <xxx>.. File "xxx", line xxx in <xxx>.. ..... File "xxx", line xxx in <xxx>.... This function is written for debug purpose only, to dump the traceback in.. the worst case: after a segmentation fault, at fatal error, etc. That's why,.. it is very limited. Strings are truncated to 100 characters and encoded to.. ASCII with backslashreplace. It doesn't write the source code, only the.. function name, filename and line number of each frame. Write only the first.. 100 frames: if the traceback is truncated, write the line " ..."..... This function is signal safe. */....PyAPI_FUNC(void) _Py_DumpTraceback(.. int fd,..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_tracemalloc.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3198
                                          Entropy (8bit):4.990189309721041
                                          Encrypted:false
                                          SSDEEP:48:gMFxbaT6pk49m13fnulO0YJgaKTOdgMrdanlKK:jx+WSffuHYaaKTsgKdanF
                                          MD5:517A9FA98AB0F2BF78778B8B4E0E12B1
                                          SHA1:0613AFD9BA8A8511B1A018C6F286FC84CD694033
                                          SHA-256:B984A5A5B332215FA7D6FE93FE6E3805132D13448D09922F109D7D358EE32E6E
                                          SHA-512:5B68B6C27F5AB6812631E83202E79A470CFB217BC4FDDCE1DDA8DE0B3F8ACA14A428D1EC7464359C879C422EB823782852537E70684269EDF73F9179B4DA67DB
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_TRACEMALLOC_H..#define Py_INTERNAL_TRACEMALLOC_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_hashtable.h" // _Py_hashtable_t....../* Trace memory blocks allocated by PyMem_RawMalloc() */..#define TRACE_RAW_MALLOC......struct _PyTraceMalloc_Config {.. /* Module initialized?.. Variable protected by the GIL */.. enum {.. TRACEMALLOC_NOT_INITIALIZED,.. TRACEMALLOC_INITIALIZED,.. TRACEMALLOC_FINALIZED.. } initialized;.... /* Is tracemalloc tracing memory allocations?.. Variable protected by the GIL */.. int tracing;.... /* limit of the number of frames in a traceback, 1 by default... Variable protected by the GIL. */.. int max_nframe;..};....../* Pack the frame_t structure to reduce the memory footprint on 64-bit.. architectures: 12 bytes instead of 16. */..#if defined(_MSC_VER)..#pragma pack(push, 4)..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_tuple.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2276
                                          Entropy (8bit):5.185238043190409
                                          Encrypted:false
                                          SSDEEP:48:gfWxba1XQv7Upwt0we+Hl80ou3ebgYFxcZvHSfpMVtWvA3a:Zx+1Agpwt0weIlRZebgY+vyfCVtuV
                                          MD5:A70B24B28DA2FB918E3DEE1CF162E017
                                          SHA1:8E0E78B7345956121D9A5A8EA3246C78CA754C63
                                          SHA-256:E031A72A510A2D6C77B0F00019C80F7B580A54AA05121E8E8DA840C4B9BA245E
                                          SHA-512:25C38F7B1A5DEACB8AF0A7B521B078B90EC68D66DD0FFD1793349168994F2F19997A8B6CF9B627C9EB2F071C7620253783C6E5FCA15F96F6402B05210736A0B1
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_TUPLE_H..#define Py_INTERNAL_TUPLE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "tupleobject.h" /* _PyTuple_CAST() */....../* runtime lifecycle */....extern PyStatus _PyTuple_InitGlobalObjects(PyInterpreterState *);..extern void _PyTuple_Fini(PyInterpreterState *);....../* other API */....// PyTuple_MAXSAVESIZE - largest tuple to save on free list..// PyTuple_MAXFREELIST - maximum number of tuples of each size to save....#if defined(PyTuple_MAXSAVESIZE) && PyTuple_MAXSAVESIZE <= 0.. // A build indicated that tuple freelists should not be used...# define PyTuple_NFREELISTS 0..# undef PyTuple_MAXSAVESIZE..# undef PyTuple_MAXFREELIST....#elif !defined(WITH_FREELISTS)..# define PyTuple_NFREELISTS 0..# undef PyTuple_MAXSAVESIZE..# undef PyTuple_MAXFREELIST....#else.. // We are using a freelist for tuples...# ifndef PyTuple_MAXSAVESIZE..# define PyTuple_MAXSAV

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_typeobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4818
                                          Entropy (8bit):5.13369915423666
                                          Encrypted:false
                                          SSDEEP:96:Cx+x2A4NCzTf4rxqgcz6Xo1FchdCGjZIt5C3aZC4REwbTW:CcKMn4/gJGNMCP4RECW
                                          MD5:F1631BD09D2942FDC14103EC7F6A82C0
                                          SHA1:479E7AC0A7903D5516CB355F335CFD5DBB921473
                                          SHA-256:900F820BD0943198D88AA04C9D03D727D3CEC4D6A9FF342338809F19A1053D16
                                          SHA-512:79888B565D8A2FC96B2852A9BF81877766104890D5A84049E3CB1965583F795EBD5CA037DB6CF23A82F1C619C76749C20BEB7CF7E9C0856FA803B460F3037AC8
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_TYPEOBJECT_H..#define Py_INTERNAL_TYPEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#include "pycore_moduleobject.h"....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....../* state */....#define _Py_TYPE_BASE_VERSION_TAG (2<<16)..#define _Py_MAX_GLOBAL_TYPE_VERSION_TAG (_Py_TYPE_BASE_VERSION_TAG - 1)....struct _types_runtime_state {.. /* Used to set PyTypeObject.tp_version_tag for core static types. */.. // bpo-42745: next_version_tag remains shared by all interpreters.. // because of static types... unsigned int next_version_tag;..};......// Type attribute lookup cache: speed up attribute and method lookups,..// see _PyType_Lookup()...struct type_cache_entry {.. unsigned int version; // initialized from type->tp_version_tag.. PyObject *name; // reference to exactly a str or None.. PyObject *value; // borrowed reference or NULL..};....#define MCACHE_SIZE_EXP 12....struct type_cache {..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_typevarobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):787
                                          Entropy (8bit):5.156798384513193
                                          Encrypted:false
                                          SSDEEP:12:B6zjLzV4r3Z/HQUZaQGIKWfAnAuAyAniAyAngsbAyAnr7AyAKCPAmXyaCuhM/lnm:gfLyxwUZaG2MTjTgsETATKC49ara/lnm
                                          MD5:39208F64BAC27E487FB5C36682242B4D
                                          SHA1:6D3836D45D342EF129DCD1F8BD33129BC6A0A1B9
                                          SHA-256:C678D5BC7DAC629E8D659BDCF3DFA4FAB2911F33BB215BC442DFC9A134757563
                                          SHA-512:FBB505F013D8F4E91C186D170D99B8D17431CABE65323BABF45F5BE8F3FF566D38D7C2BC77314C3D3A2D9033789DB4DE7E96540C6459B6ED5DF0D6365563ADCC
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_TYPEVAROBJECT_H..#define Py_INTERNAL_TYPEVAROBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....extern PyObject *_Py_make_typevar(PyObject *, PyObject *, PyObject *);..extern PyObject *_Py_make_paramspec(PyThreadState *, PyObject *);..extern PyObject *_Py_make_typevartuple(PyThreadState *, PyObject *);..extern PyObject *_Py_make_typealias(PyThreadState *, PyObject *);..extern PyObject *_Py_subscript_generic(PyThreadState *, PyObject *);..extern int _Py_initialize_generic(PyInterpreterState *);..extern void _Py_clear_generic_types(PyInterpreterState *);....extern PyTypeObject _PyTypeAlias_Type;....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_TYPEVAROBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_ucnhash.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):932
                                          Entropy (8bit):4.985736505636948
                                          Encrypted:false
                                          SSDEEP:24:drLWxwUZaGJlHeay3SxY/LjmGAQdN5UDcx6gnvy:dfWxbaIlHel0QLjqQd4Wvy
                                          MD5:01DFAC0284CA64E5C407C6CA6A62CBFD
                                          SHA1:7C8D3A69BA108B0C495ECEA0D8724642820394D5
                                          SHA-256:13FF6A5688E724B4B560EA4E3B3BD787F0EDBB8B0DDEB5028A77D5F094B25A77
                                          SHA-512:2649018068B3D7B273C765021E807EA411D756A7D94AA8473ABC71AD574D1F660E3180390DF9CE264FADAA633FA705FF2F729C9BD524854F4C85D04E96190292
                                          Malicious:false
                                          Preview:/* Unicode name database interface */..#ifndef Py_INTERNAL_UCNHASH_H..#define Py_INTERNAL_UCNHASH_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* revised ucnhash CAPI interface (exported through a "wrapper") */....#define PyUnicodeData_CAPSULE_NAME "unicodedata._ucnhash_CAPI"....typedef struct {.... /* Get name for a given character code... Returns non-zero if success, zero if not... Does not set Python exceptions. */.. int (*getname)(Py_UCS4 code, char* buffer, int buflen,.. int with_alias_and_seq);.... /* Get character code for a given name... Same error handling as for getname(). */.. int (*getcode)(const char* name, int namelen, Py_UCS4* code,.. int with_named_seq);....} _PyUnicode_Name_CAPI;....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_UCNHASH_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_unicodeobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2036
                                          Entropy (8bit):5.043398419833589
                                          Encrypted:false
                                          SSDEEP:24:gVLsxwUZaGUbjbs+6zoSVJOaJ6kWyvHgce6KvQIWCX+ehtM6MoNGsXtyVg3mxgk8:gRsxbai+aoSWgeTILK+y26pkVg3WFY
                                          MD5:F930CE80A53FCDFA5E1FE941656B19F4
                                          SHA1:80BDFA1D848CF8239A2CD0EF94BA594AC760D96A
                                          SHA-256:8813C57A05F9FB21998BEE8A23FDAAD993C9A4217354CE078CFDA05883C4386C
                                          SHA-512:BC565519CB13012BA1D0D93F8F6E73754E466BA8AA53DB4C112FC5EFF1631E58ABF3EAC49AACC0609A8F21B783167A18A4D7B3DD7047FFA932D875A4032C143C
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_UNICODEOBJECT_H..#define Py_INTERNAL_UNICODEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....#include "pycore_fileutils.h" // _Py_error_handler..#include "pycore_ucnhash.h" // _PyUnicode_Name_CAPI....void _PyUnicode_ExactDealloc(PyObject *op);..Py_ssize_t _PyUnicode_InternedSize(void);..../* runtime lifecycle */....extern void _PyUnicode_InitState(PyInterpreterState *);..extern PyStatus _PyUnicode_InitGlobalObjects(PyInterpreterState *);..extern PyStatus _PyUnicode_InitTypes(PyInterpreterState *);..extern void _PyUnicode_Fini(PyInterpreterState *);..extern void _PyUnicode_FiniTypes(PyInterpreterState *);....extern PyTypeObject _PyUnicodeASCIIIter_Type;..../* other API */....struct _Py_unicode_runtime_ids {.. PyThread_type_lock lock;.. // next_index value must be preserved when Py_Initialize()/Py_Finalize().. // is called multiple times: see _PyUnicode_FromI

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_unicodeobject_generated.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):93548
                                          Entropy (8bit):4.673684125263898
                                          Encrypted:false
                                          SSDEEP:96:Fx+ausNZgx+zzz4YcoMEFhkr+LD2dzjM2soaXXdLnwcjv0B5nRf9v/JkhRPID6+u:FcalEHUhdLPjv0TXJrel6JPMorY/rVv
                                          MD5:6D54EE8AC659A4567815C08BF0B0D91B
                                          SHA1:32D4AC137A41FD919EEB2CCE4C73923E42111B6C
                                          SHA-256:09211D5E1040B65A37EC6C31275FB101342616872FADA876F2912AFDEF6E5FD2
                                          SHA-512:E5A7F242670670EE52A11B51CEF878E979FE07084E2E3D467C0BC67D566649B1E35760DE760CD81E1D848A57F3D8802E3748CF339BD65A78933798F68438F129
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_UNICODEOBJECT_GENERATED_H..#define Py_INTERNAL_UNICODEOBJECT_GENERATED_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif..../* The following is auto-generated by Tools/build/generate_global_objects.py. */..static inline void.._PyUnicode_InitStaticStrings(PyInterpreterState *interp) {.. PyObject *string;.. string = &_Py_ID(CANCELLED);.. assert(_PyUnicode_CheckConsistency(string, 1));.. _PyUnicode_InternInPlace(interp, &string);.. string = &_Py_ID(FINISHED);.. assert(_PyUnicode_CheckConsistency(string, 1));.. _PyUnicode_InternInPlace(interp, &string);.. string = &_Py_ID(False);.. assert(_PyUnicode_CheckConsistency(string, 1));.. _PyUnicode_InternInPlace(interp, &string);.. string = &_Py_ID(JSONDecodeError);.. assert(_PyUnicode_CheckConsistency(string, 1));.. _PyUnicode_InternInPlace(interp, &string);.. string = &_Py_ID(PENDING);.. assert(_PyUni

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_unionobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):705
                                          Entropy (8bit):5.224324067833738
                                          Encrypted:false
                                          SSDEEP:12:B6BLD4r3Z/HQUZaQGIWQIVvIYEWKHoMNoDPAAnAmAnTAonc:gBLwxwUZaGeVlITTnc
                                          MD5:7A6ED9DDD59BE1F5D00EB224D312D544
                                          SHA1:53FA5E32589F9F5943735C5FA4B793DCC4656695
                                          SHA-256:3BC8D52B0338B64F754BA21D7CA71F0EF2925DC022766A1D1DC8071EBB5CF88B
                                          SHA-512:D46E71E5153090987E68BD1C95D5EAC45DFF274F43765B6DA707065CCB91AEDF7FE9CB5555A8CB671562C127EAB420109A9D30B515799F28D4EE22BA77D411CF
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_UNIONOBJECT_H..#define Py_INTERNAL_UNIONOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....extern PyTypeObject _PyUnion_Type;..#define _PyUnion_Check(op) Py_IS_TYPE((op), &_PyUnion_Type)..extern PyObject *_Py_union_type_or(PyObject *, PyObject *);....#define _PyGenericAlias_Check(op) PyObject_TypeCheck((op), &Py_GenericAliasType)..extern PyObject *_Py_subs_parameters(PyObject *, PyObject *, PyObject *, PyObject *);..extern PyObject *_Py_make_parameters(PyObject *);..extern PyObject *_Py_union_args(PyObject *self);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_UNIONOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\internal\pycore_warnings.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):769
                                          Entropy (8bit):5.149372802457639
                                          Encrypted:false
                                          SSDEEP:24:gTeLTLxwUZaGgagFQCNaa+3gFR/G/KQG8l6AV20mwBMLnT7:gaXxbaDHQOF+ARuy0l65dwar3
                                          MD5:03AF1DAE207D281E7DF21E2F9DA9E093
                                          SHA1:68BF4266FD56F12C9BDF8935CA5D9284E0E0C541
                                          SHA-256:75293776D2B802A9ED353467D386DB8B0FE897F7E23BD64DE97EA951F2C84890
                                          SHA-512:4073AE9C27559489E018301E38F5CED9FE4A67DB29D3A06E000E83F42FB46B83C7326C07A975EB25FEC80050BEFE7BB1B38D07D3D98F61E945576CED2E3E4758
                                          Malicious:false
                                          Preview:#ifndef Py_INTERNAL_WARNINGS_H..#define Py_INTERNAL_WARNINGS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_BUILD_CORE..# error "this header requires Py_BUILD_CORE define"..#endif....struct _warnings_runtime_state {.. /* Both 'filters' and 'onceregistry' can be set in warnings.py;.. get_warnings_attr() will reset these variables accordingly. */.. PyObject *filters; /* List */.. PyObject *once_registry; /* Dict */.. PyObject *default_action; /* String */.. long filters_version;..};....extern int _PyWarnings_InitState(PyInterpreterState *interp);....PyAPI_FUNC(PyObject*) _PyWarnings_Init(void);....extern void _PyErr_WarnUnawaitedCoroutine(PyObject *coro);....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERNAL_WARNINGS_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\interpreteridobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):350
                                          Entropy (8bit):5.027298706061021
                                          Encrypted:false
                                          SSDEEP:6:BkS24d2Q09S24zxjQ6z4rCJs0fpS24dwAkVjLCAJ8zy3BwS24dVjQ6dn5S24l:Bx21o2yJ4rCJ702YcjeCh3Bl2wk24
                                          MD5:970113CB4E7F5F80A46EB8AABA18AACA
                                          SHA1:75EA1F3F06DC22CF794B47F31F2E454258807075
                                          SHA-256:8F6DF60C006D873772426D42E4A18B0A7A303CE43FE1B2FE06104F02CE38B629
                                          SHA-512:657B059FC865B9CA830EF558D18EC7044804BC63A20CB75CF7CFACAD3949E948E81828FA25C4AD290DF1D8908A5B1736F2BAD8D205F62F55E9F0734C63B20258
                                          Malicious:false
                                          Preview:#ifndef Py_INTERPRETERIDOBJECT_H..#define Py_INTERPRETERIDOBJECT_H....#ifdef __cplusplus..extern "C" {..#endif....#ifndef Py_LIMITED_API..# define Py_CPYTHON_INTERPRETERIDOBJECT_H..# include "cpython/interpreteridobject.h"..# undef Py_CPYTHON_INTERPRETERIDOBJECT_H..#endif....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTERPRETERIDOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\intrcheck.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):802
                                          Entropy (8bit):5.3966021620614475
                                          Encrypted:false
                                          SSDEEP:12:Br8hx7xaNSl8jXlqqC3lqqCJhdS8FoqCJIb24MlqqVrCJWEmDlc4gGq/3:FAaqgFGFyX9Nbt+FItm9q/3
                                          MD5:4C2DC2673FF0C29A24E94E5CB5A84465
                                          SHA1:BD699667DC136D77B5EFCF945D9CA1BFB4142C1A
                                          SHA-256:16492246BF15A2D1FA3E53B2D3BB7D7651EF4CCAA46BB4089CAC8F3C84F6DF7F
                                          SHA-512:04DF5C5EE1C5B8FD38515DD76CB85F25F2F1FE018E2053DF0E7BDA2B2214B3FDF4DC055097CF8815F0C98B8C6A42CC5FC5C95671F297CAE19B95A8F1AE1DDCD9
                                          Malicious:false
                                          Preview:#ifndef Py_INTRCHECK_H..#define Py_INTRCHECK_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_FUNC(int) PyOS_InterruptOccurred(void);..#ifdef HAVE_FORK..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03070000..PyAPI_FUNC(void) PyOS_BeforeFork(void);..PyAPI_FUNC(void) PyOS_AfterFork_Parent(void);..PyAPI_FUNC(void) PyOS_AfterFork_Child(void);..#endif..#endif../* Deprecated, please use PyOS_AfterFork_Child() instead */..Py_DEPRECATED(3.7) PyAPI_FUNC(void) PyOS_AfterFork(void);....#ifndef Py_LIMITED_API..PyAPI_FUNC(int) _PyOS_IsMainThread(void);....#ifdef MS_WINDOWS../* windows.h is not included by Python.h so use void* instead of HANDLE */..PyAPI_FUNC(void*) _PyOS_SigintEvent(void);..#endif..#endif /* !Py_LIMITED_API */....#ifdef __cplusplus..}..#endif..#endif /* !Py_INTRCHECK_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\iterobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):624
                                          Entropy (8bit):5.238681088275007
                                          Encrypted:false
                                          SSDEEP:6:B02Q07ORBMKmQjQ6z3grkBUMW1af7+AK704R1IYdk1yeWqD3rH0FpR1IYRsW1yej:BNinMqQr3Qf7/GIYdvnhIYqnRa
                                          MD5:EEDA170CE051C316D2A6C47519F40A9E
                                          SHA1:3844EBEC7BB001D5A8C2822E28C7CA7E4711202F
                                          SHA-256:F2C2AB0EEDC2B48CB982B51BF43352EA63CBACC2BCAB9CB5F00FA247F5D95819
                                          SHA-512:3BF5D2341AAFE2F4E24667E6FEAAAD03D2FBF6A62F00D818CC31966DE844A149B1D9A0332F16D1737669FEDA72A7B77E02B3C78871941B327DB7D82CE8DAD926
                                          Malicious:false
                                          Preview:#ifndef Py_ITEROBJECT_H..#define Py_ITEROBJECT_H../* Iterators (the basic kind, over a sequence) */..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PySeqIter_Type;..PyAPI_DATA(PyTypeObject) PyCallIter_Type;..#ifdef Py_BUILD_CORE..extern PyTypeObject _PyAnextAwaitable_Type;..#endif....#define PySeqIter_Check(op) Py_IS_TYPE((op), &PySeqIter_Type)....PyAPI_FUNC(PyObject *) PySeqIter_New(PyObject *);......#define PyCallIter_Check(op) Py_IS_TYPE((op), &PyCallIter_Type)....PyAPI_FUNC(PyObject *) PyCallIter_New(PyObject *, PyObject *);....#ifdef __cplusplus..}..#endif..#endif /* !Py_ITEROBJECT_H */....

                                          C:\Users\user\AppData\Roaming\windows\include\listobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1834
                                          Entropy (8bit):5.171773792041171
                                          Encrypted:false
                                          SSDEEP:24:ARFljjGngRvjehuskSYXG3H2XkhudounNrO8HkNJoOoRMpdABJ:8ljCngRO5zCsJg7azvoOoREdAz
                                          MD5:94070822C20A821E08D9CCB6486DDD9A
                                          SHA1:BFAC9C6F078BCCEAA7C781269FA4C2D7B637ECE3
                                          SHA-256:00899F5ED695A936A387CBAA122CC21959566FD6C36A2B886459C5D1C5959DE5
                                          SHA-512:5A6916A858A230E5A1C1EF6D5719851A59AA60279A7C4F57261D62212F7EB11D22DFA777C58590C4C59493244698FAD0312C0C415B76BF51E24864596E301BBD
                                          Malicious:false
                                          Preview:/* List object interface.... Another generally useful object type is a list of object pointers... This is a mutable type: the list items can be changed, and items can be.. added or removed. Out-of-range indices or non-list objects are ignored..... WARNING: PyList_SetItem does not increment the new item's reference count,.. but does decrement the reference count of the item it replaces, if not nil... It does *decrement* the reference count if it is *not* inserted in the list... Similarly, PyList_GetItem does not increment the returned item's reference.. count...*/....#ifndef Py_LISTOBJECT_H..#define Py_LISTOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PyList_Type;..PyAPI_DATA(PyTypeObject) PyListIter_Type;..PyAPI_DATA(PyTypeObject) PyListRevIter_Type;....#define PyList_Check(op) \.. PyType_FastSubclass(Py_TYPE(op), Py_TPFLAGS_LIST_SUBCLASS)..#define PyList_CheckExact(op) Py_IS_TYPE((op), &PyList_Type)....PyAPI_FUNC(PyObject *) PyList_N

                                          C:\Users\user\AppData\Roaming\windows\include\longobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3847
                                          Entropy (8bit):5.342164551674294
                                          Encrypted:false
                                          SSDEEP:48:0LPJKKaXzaZe1lgaQBXBZHliFVnaeOU9LKl0Y0G13b3C66YZXnuPC3aXNR8ZBNZR:nWsoaOijnp5LKlxT177MKl/0ztY
                                          MD5:A0420157BEC9EA2C8661AEBB7032EA25
                                          SHA1:652192AA9E84BD59E1E268271573228FD82CA4AB
                                          SHA-256:A4F8BCF10F4DBED58EC7D6D04BD92A1852E951A270FEFAF5D191F91B5C84226E
                                          SHA-512:457B84FEF117402932E10681FEF88F73D30DF8C2B146B4E99F4BDC5FA00A122CD9BAC8E788A4AC9D43D61F5EEDA1116816E81F9AEAB1E0229C5B5D3434D04EC5
                                          Malicious:false
                                          Preview:#ifndef Py_LONGOBJECT_H..#define Py_LONGOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....../* Long (arbitrary precision) integer object interface */....// PyLong_Type is declared by object.h....#define PyLong_Check(op) \.. PyType_FastSubclass(Py_TYPE(op), Py_TPFLAGS_LONG_SUBCLASS)..#define PyLong_CheckExact(op) Py_IS_TYPE((op), &PyLong_Type)....PyAPI_FUNC(PyObject *) PyLong_FromLong(long);..PyAPI_FUNC(PyObject *) PyLong_FromUnsignedLong(unsigned long);..PyAPI_FUNC(PyObject *) PyLong_FromSize_t(size_t);..PyAPI_FUNC(PyObject *) PyLong_FromSsize_t(Py_ssize_t);..PyAPI_FUNC(PyObject *) PyLong_FromDouble(double);..PyAPI_FUNC(long) PyLong_AsLong(PyObject *);..PyAPI_FUNC(long) PyLong_AsLongAndOverflow(PyObject *, int *);..PyAPI_FUNC(Py_ssize_t) PyLong_AsSsize_t(PyObject *);..PyAPI_FUNC(size_t) PyLong_AsSize_t(PyObject *);..PyAPI_FUNC(unsigned long) PyLong_AsUnsignedLong(PyObject *);..PyAPI_FUNC(unsigned long) PyLong_AsUnsignedLongMask(PyObject *);..PyAPI_FUNC(PyObject *) PyLong_Get

                                          C:\Users\user\AppData\Roaming\windows\include\marshal.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):858
                                          Entropy (8bit):5.263897187263659
                                          Encrypted:false
                                          SSDEEP:24:whFwUUNXU87Lf4PWzUTxUxwRuU7ZUunaY9:fn0ndr
                                          MD5:ECA3E448E6E8EBB96F4715D5BDE0504F
                                          SHA1:472364097F1F8B010FBE4452AAA1E840157ED029
                                          SHA-256:8F8D8B4453B83B023176FC156435330E25BCBF0B36E18106429824ABC69269D5
                                          SHA-512:B2AAF724052B91AF54FBA2CEB0BF7570758623347A094FE4B4B7218A016CDBA9CEF6284732BAAE3CCF404EA85330F43EF1CED6F342B145EA0152F3695A309FEE
                                          Malicious:false
                                          Preview:../* Interface for marshal.c */....#ifndef Py_MARSHAL_H..#define Py_MARSHAL_H..#ifndef Py_LIMITED_API....#ifdef __cplusplus..extern "C" {..#endif....PyAPI_FUNC(PyObject *) PyMarshal_ReadObjectFromString(const char *,.. Py_ssize_t);..PyAPI_FUNC(PyObject *) PyMarshal_WriteObjectToString(PyObject *, int);....#define Py_MARSHAL_VERSION 4....PyAPI_FUNC(long) PyMarshal_ReadLongFromFile(FILE *);..PyAPI_FUNC(int) PyMarshal_ReadShortFromFile(FILE *);..PyAPI_FUNC(PyObject *) PyMarshal_ReadObjectFromFile(FILE *);..PyAPI_FUNC(PyObject *) PyMarshal_ReadLastObjectFromFile(FILE *);....PyAPI_FUNC(void) PyMarshal_WriteLongToFile(long, FILE *, int);..PyAPI_FUNC(void) PyMarshal_WriteObjectToFile(PyObject *, FILE *, int);....#ifdef __cplusplus..}..#endif....#endif /* Py_LIMITED_API */..#endif /* !Py_MARSHAL_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\memoryobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1115
                                          Entropy (8bit):5.154842424860504
                                          Encrypted:false
                                          SSDEEP:12:UFEOgUrAFUIYOnyVJNOngXDATNHnReDnOanLnyXSrCJ7ucnX/3BB2:IfMifrDAT/ALydTT2
                                          MD5:65CACDA4D8DE52B809843170E2D06870
                                          SHA1:624E4967D4FD0834141329F0D679B724CDA75DBB
                                          SHA-256:76A9031FA94C7D9A8681FAB065F9CEE0BBD9C91F4355B91BC407BF992C100796
                                          SHA-512:90B35BC9F43EB537E4CF78C3B10D9C00159DD05DC49F7AE5CC7AB0DB98381501437A4129FA0AEBFE34561107C7E92967017C0BDFE58725BE5A4E8574B2299C36
                                          Malicious:false
                                          Preview:/* Memory view object. In Python this is available as "memoryview". */....#ifndef Py_MEMORYOBJECT_H..#define Py_MEMORYOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PyMemoryView_Type;....#define PyMemoryView_Check(op) Py_IS_TYPE((op), &PyMemoryView_Type)....PyAPI_FUNC(PyObject *) PyMemoryView_FromObject(PyObject *base);..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03030000..PyAPI_FUNC(PyObject *) PyMemoryView_FromMemory(char *mem, Py_ssize_t size,.. int flags);..#endif..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x030b0000..PyAPI_FUNC(PyObject *) PyMemoryView_FromBuffer(const Py_buffer *info);..#endif..PyAPI_FUNC(PyObject *) PyMemoryView_GetContiguous(PyObject *base,.. int buffertype,.. char order);....#ifndef Py_LIMITED_API..# define Py_CPYTHON_MEMORYOBJECT_H..# include "cpython/memoryobject

                                          C:\Users\user\AppData\Roaming\windows\include\methodobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5208
                                          Entropy (8bit):5.201137905797359
                                          Encrypted:false
                                          SSDEEP:96:ERtYET3Kv84gT2LkVl/xulMrIygK0KiqW:AYs3G9gT2k7FrIBqW
                                          MD5:0FEDB076F2AAEDAFCA0E4E4C5B167E56
                                          SHA1:D1C48404373DA51AC03F7FA281CFA59472D4BE32
                                          SHA-256:F1C4E87ED7D30DDC56F04614B3B389FA5565818E575EEB761EB1691463E0292A
                                          SHA-512:60B11C91949C2A3B0BAF244D9C52709286479568E08D012564698D9C15F42B79842BF0D7B3FAC036696BE6227AD9DC0EDFE7CDE17A9BC0246EA62A6665AABDA8
                                          Malicious:false
                                          Preview:../* Method object interface */....#ifndef Py_METHODOBJECT_H..#define Py_METHODOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif..../* This is about the type 'builtin_function_or_method',.. not Python methods in user-defined classes. See classobject.h.. for the latter. */....PyAPI_DATA(PyTypeObject) PyCFunction_Type;....#define PyCFunction_CheckExact(op) Py_IS_TYPE((op), &PyCFunction_Type)..#define PyCFunction_Check(op) PyObject_TypeCheck((op), &PyCFunction_Type)....typedef PyObject *(*PyCFunction)(PyObject *, PyObject *);..typedef PyObject *(*_PyCFunctionFast) (PyObject *, PyObject *const *, Py_ssize_t);..typedef PyObject *(*PyCFunctionWithKeywords)(PyObject *, PyObject *,.. PyObject *);..typedef PyObject *(*_PyCFunctionFastWithKeywords) (PyObject *,.. PyObject *const *, Py_ssize_t,.. PyObject *);..typedef PyObject *(*PyCMethod)(PyObject

                                          C:\Users\user\AppData\Roaming\windows\include\modsupport.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6683
                                          Entropy (8bit):5.26756535447221
                                          Encrypted:false
                                          SSDEEP:96:mTuSvBJ1azzUzndMzzHsjTCOCEITzXIWidjCHMZ439HeWk2k8N55FNoQy7kKQ:O0zcdMPHmmZTzqjCsC/kaIQ
                                          MD5:2D9981FF05AD21CE23B936640DB2136A
                                          SHA1:685615A104FA3B48A74976436F8B1DAC5638552B
                                          SHA-256:C3DE44C07D6A002D320B680854019675AD9D4610517F48B4187A4E8F5BC100AD
                                          SHA-512:D92FEF156515B0F0821238D5EFC74354DA58E97B10D4F2CBC56032E99E6A62016E25902307D36D29D7F49C6F16E03F088E9F4222C9600C8274E98E5A8A2CF9D9
                                          Malicious:false
                                          Preview:..#ifndef Py_MODSUPPORT_H..#define Py_MODSUPPORT_H..#ifdef __cplusplus..extern "C" {..#endif..../* Module support interface */....#include <stdarg.h> // va_list..../* If PY_SSIZE_T_CLEAN is defined, each functions treats #-specifier.. to mean Py_ssize_t */..#ifdef PY_SSIZE_T_CLEAN..#define PyArg_Parse _PyArg_Parse_SizeT..#define PyArg_ParseTuple _PyArg_ParseTuple_SizeT..#define PyArg_ParseTupleAndKeywords _PyArg_ParseTupleAndKeywords_SizeT..#define PyArg_VaParse _PyArg_VaParse_SizeT..#define PyArg_VaParseTupleAndKeywords _PyArg_VaParseTupleAndKeywords_SizeT..#define Py_BuildValue _Py_BuildValue_SizeT..#define Py_VaBuildValue _Py_VaBuildValue_SizeT..#endif..../* Due to a glitch in 3.2, the _SizeT versions weren't exported from the DLL. */..#if !defined(PY_SSIZE_T_CLEAN) || !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03030000..PyAPI_FUNC(int) PyArg_Parse(PyObject *, const ch

                                          C:\Users\user\AppData\Roaming\windows\include\moduleobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):3678
                                          Entropy (8bit):5.323575842197303
                                          Encrypted:false
                                          SSDEEP:48:j95EH+hzLlGoJCAuMh6DK/maJLeoVwVnfr4JVm2mV:xrzLlGoJk66DKfJLeoVwVeQ2mV
                                          MD5:3E89CD49F281444A8C877B18AB741023
                                          SHA1:121A988516A7891D4C820A4E28A4DC25B56690BA
                                          SHA-256:C8B1D556783B6BD0EAAA1E7A670DF6A1F217666C6B80130049DB6DDB8554D95F
                                          SHA-512:825992DC23CDD7832968D9FF929D6577184A4CAE9033F5F07F5ADC82D2F2EC18403A66EAA330C3AA55B8CE8B47B7C78DE74DDAF119AE8E9E62012C424DEFD056
                                          Malicious:false
                                          Preview:../* Module object interface */....#ifndef Py_MODULEOBJECT_H..#define Py_MODULEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PyModule_Type;....#define PyModule_Check(op) PyObject_TypeCheck((op), &PyModule_Type)..#define PyModule_CheckExact(op) Py_IS_TYPE((op), &PyModule_Type)....#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03030000..PyAPI_FUNC(PyObject *) PyModule_NewObject(.. PyObject *name.. );..#endif..PyAPI_FUNC(PyObject *) PyModule_New(.. const char *name /* UTF-8 encoded string */.. );..PyAPI_FUNC(PyObject *) PyModule_GetDict(PyObject *);..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03030000..PyAPI_FUNC(PyObject *) PyModule_GetNameObject(PyObject *);..#endif..PyAPI_FUNC(const char *) PyModule_GetName(PyObject *);..Py_DEPRECATED(3.2) PyAPI_FUNC(const char *) PyModule_GetFilename(PyObject *);..PyAPI_FUNC(PyObject *) PyModule_GetFilenameObject(PyObject *);..#ifndef Py_LIMITED_API..PyAPI_FUNC(void) _PyModule_C

                                          C:\Users\user\AppData\Roaming\windows\include\object.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):38148
                                          Entropy (8bit):5.241295603708881
                                          Encrypted:false
                                          SSDEEP:768:BAnhqkkhs5X5PWXwlnh4ioiL+W/b5NFRxH6KsJT4NVnMUUOMk8/LDB:BA3x4Zibx/b5dN6K6O0B
                                          MD5:14989E98ED285499667E230DE04B3EA7
                                          SHA1:9C75B866563846767DC9DF2AD59D9306A9C0AA71
                                          SHA-256:9485A0379172B12DE69E52AAF3AD061BABF3DB4D67EA80027A1F5FCB40EEAE6E
                                          SHA-512:2C26B9B871A6524556E3329DAC0F304A65B6F89C705E9E6813B8CC42F2E2703127F39EC349EF40FA4582B665DDA2CBF29536E0D32D81B857FBB84E4DC9F61DD3
                                          Malicious:false
                                          Preview:#ifndef Py_OBJECT_H..#define Py_OBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....../* Object and type object interface */..../*..Objects are structures allocated on the heap. Special rules apply to..the use of objects to ensure they are properly garbage-collected...Objects are never allocated statically or on the stack; they must be..accessed through special macros and functions only. (Type objects are..exceptions to the first rule; the standard types are represented by..statically initialized type objects, although work on type/class unification..for Python 2.2 made it possible to have heap-allocated type objects too).....An object has a 'reference count' that is increased or decreased when a..pointer to the object is copied or deleted; when the reference count..reaches zero there are no references to the object left and it can be..removed from the heap.....An object has a 'type' that determines what it represents and what kind..of data it contains. An object's type is fixed w

                                          C:\Users\user\AppData\Roaming\windows\include\objimpl.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):9472
                                          Entropy (8bit):5.0186415051384765
                                          Encrypted:false
                                          SSDEEP:96:8Zcrdb8taWxOqxtFJ3R84GCkJmwT4bGr4HuvkvzImvKO/hFXGCDIQU6eNM215yIQ:aaWxOqxw+kJlkOwvJTXDElD5zM1gw
                                          MD5:2F1AC43E576A651C9C8D73A90EC53B41
                                          SHA1:D55DD0275E680F8D97AECE9C8036B99DA978B93F
                                          SHA-256:91C4377012C9610217614939BD045819A6DC92EC7BF7AA590B730A65C9577BCC
                                          SHA-512:A3F3BEFA38B6F0D4C0596BA5CD19B0DDFAE05E5C25C36AD7981F2CEE8F4BF0DBFCDE44F403C8EE284A9D12589C8F690E2AD935557DAC3C1DDE06F7B9E41AD741
                                          Malicious:false
                                          Preview:/* The PyObject_ memory family: high-level object memory interfaces... See pymem.h for the low-level PyMem_ family...*/....#ifndef Py_OBJIMPL_H..#define Py_OBJIMPL_H....#include "pymem.h"....#ifdef __cplusplus..extern "C" {..#endif..../* BEWARE:.... Each interface exports both functions and macros. Extension modules should.. use the functions, to ensure binary compatibility across Python versions... Because the Python implementation is free to change internal details, and.. the macros may (or may not) expose details for speed, if you do use the.. macros you must recompile your extensions with each Python release..... Never mix calls to PyObject_ memory functions with calls to the platform.. malloc/realloc/ calloc/free, or with calls to PyMem_...*/..../*..Functions and macros for modules that implement new object types..... - PyObject_New(type, typeobj) allocates memory for a new object of the given.. type, and initializes part of it. 'type' must be the C structure

                                          C:\Users\user\AppData\Roaming\windows\include\opcode.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13079
                                          Entropy (8bit):3.822848097098393
                                          Encrypted:false
                                          SSDEEP:192:Gs8UdSjJ/oihW/B3KPZIDSwAGI9p3Jwk4O:GsIjJ/oihcAZIDSwu3Jwk4O
                                          MD5:484365F9B26B6F60D134594DCAB46881
                                          SHA1:98C47B3BEB8149BA8B435E087E11554EE48DF8B8
                                          SHA-256:8363339ABFE2A87FE3936CE3C35175D3F7D5DB37463922540A0F8401B1C097F6
                                          SHA-512:1A434FFA7684C10E3E40A9B947517EF1C2F142850290C9C7A22846B184F7A42B1588117181FF4D21DCEDB39AE9595A4935B95FAFFC300D5A62E11A4D6F0B9ECD
                                          Malicious:false
                                          Preview:// Auto-generated by Tools/build/generate_opcode_h.py from Lib/opcode.py....#ifndef Py_OPCODE_H..#define Py_OPCODE_H..#ifdef __cplusplus..extern "C" {..#endif....../* Instruction opcodes for compiled code */..#define CACHE 0..#define POP_TOP 1..#define PUSH_NULL 2..#define INTERPRETER_EXIT 3..#define END_FOR 4..#define END_SEND 5..#define NOP 9..#define UNARY_NEGATIVE 11..#define UNARY_NOT 12..#define UNARY_INVERT 15..#define RESERVED 17..#define BINARY_SUBSCR 25..#define BINARY_SLICE 26..#define STORE_SLICE 27..#define GET_LEN 30..#define MAT

                                          C:\Users\user\AppData\Roaming\windows\include\osdefs.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):788
                                          Entropy (8bit):5.107607896657543
                                          Encrypted:false
                                          SSDEEP:12:BtvUuvCftviGkECQTCMs/ERIAqJOAGIXoTlD43KMQXNeBYrz0qiv9:3UkAtviGZMdPOBIX0iQ9oq49
                                          MD5:E39ACD45EAACDCFD5AFA071B7DC90AC1
                                          SHA1:2CF9EA045A02CFD396B9923D232BE5ED10EE29B0
                                          SHA-256:A32FD8D498C342B0263917A1CCADFF7A8D7CADC9B7DC711C822BFA3EC756893B
                                          SHA-512:9BF096FCCE75361836EBDFD398815B1D00CB2D547C964D653FB6F66042F10137F950E74D66E02FC12BB80897BE9A9DC5C6D1780EBAAC0CD6ECDE91E9AB481A0E
                                          Malicious:false
                                          Preview:#ifndef Py_OSDEFS_H..#define Py_OSDEFS_H..#ifdef __cplusplus..extern "C" {..#endif....../* Operating system dependencies */....#ifdef MS_WINDOWS..#define SEP L'\\'..#define ALTSEP L'/'..#define MAXPATHLEN 256..#define DELIM L';'..#endif....#ifdef __VXWORKS__..#define DELIM L';'..#endif..../* Filename separator */..#ifndef SEP..#define SEP L'/'..#endif..../* Max pathname length */..#ifdef __hpux..#include <sys/param.h>..#include <limits.h>..#ifndef PATH_MAX..#define PATH_MAX MAXPATHLEN..#endif..#endif....#ifndef MAXPATHLEN..#if defined(PATH_MAX) && PATH_MAX > 1024..#define MAXPATHLEN PATH_MAX..#else..#define MAXPATHLEN 1024..#endif..#endif..../* Search path entry delimiter */..#ifndef DELIM..#define DELIM L':'..#endif....#ifdef __cplusplus..}..#endif..#endif /* !Py_OSDEFS_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\osmodule.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):308
                                          Entropy (8bit):5.291311183124595
                                          Encrypted:false
                                          SSDEEP:6:WvlKoqrN7pRAQ0ho7p2jQ6z7Ci0Ns2L/syeWFsjQ6dn67pnzv:ikrN70m7imN9dnagVD
                                          MD5:BCB8EBA549031E5DD8F15AED24297EB3
                                          SHA1:345FB6F92D32A64C9DB763B96C441BF6218FB582
                                          SHA-256:C3CF9EB8D709F9032E86E9ECEFDF2A26FDFCF5F3A0AFB6C3A1B470E8E97D6A0B
                                          SHA-512:248EBD66940733898B64CA1B16977132F4868FD7CF04EEAA782845AB9A42BBEF27A237410B3AF111DC973D7C6CABA12983DCEA85909E2DFA03274AF617DC9123
                                          Malicious:false
                                          Preview:../* os module interface */....#ifndef Py_OSMODULE_H..#define Py_OSMODULE_H..#ifdef __cplusplus..extern "C" {..#endif....#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03060000..PyAPI_FUNC(PyObject *) PyOS_FSPath(PyObject *path);..#endif....#ifdef __cplusplus..}..#endif..#endif /* !Py_OSMODULE_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\patchlevel.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1334
                                          Entropy (8bit):4.919635538839665
                                          Encrypted:false
                                          SSDEEP:24:jq364gF3BJL+4lx+SGIGpUX8Y0HqkXh+I0UUk0ucuFwN3PWke:jqbg5/4IIUMY0KkQTUBpcwwBPWke
                                          MD5:6CD3BC64026E09C35886B854E685096A
                                          SHA1:44808142366C66E260AAD9454CE9EC110CB2B062
                                          SHA-256:5734FEA6B4C1D6F1324345104EC48162810CEC6DBD2A78E3739837CAAC7C83E8
                                          SHA-512:8D0C11DC3F6C1A4606565C3B82DA55D27B23CBDB5A12BBEC3630C12CA33400F6C9E250E06B9F93859E7A961307489E67C89D6AE753C3CCCF3557790DAFA6C93A
                                          Malicious:false
                                          Preview:../* Python version identification scheme..... When the major or minor version changes, the VERSION variable in.. configure.ac must also be changed..... There is also (independent) API version information in modsupport.h...*/..../* Values for PY_RELEASE_LEVEL */..#define PY_RELEASE_LEVEL_ALPHA 0xA..#define PY_RELEASE_LEVEL_BETA 0xB..#define PY_RELEASE_LEVEL_GAMMA 0xC /* For release candidates */..#define PY_RELEASE_LEVEL_FINAL 0xF /* Serial should be 0 here */.. /* Higher for patch releases */..../* Version parsed out into numeric values */../*--start constants--*/..#define PY_MAJOR_VERSION 3..#define PY_MINOR_VERSION 12..#define PY_MICRO_VERSION 3..#define PY_RELEASE_LEVEL PY_RELEASE_LEVEL_FINAL..#define PY_RELEASE_SERIAL 0..../* Version as a string */..#define PY_VERSION "3.12.3"../*--end constants--*/..../* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2... Us

                                          C:\Users\user\AppData\Roaming\windows\include\py_curses.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2572
                                          Entropy (8bit):5.362861844090131
                                          Encrypted:false
                                          SSDEEP:48:q+qVG7WouOuRJjKmA3BrJ50ERBGIMjqIZ:q+qVGqoHeKx3n5/BGIM1
                                          MD5:CDC419C7BBC4AEB38C25B20433DB642E
                                          SHA1:8B6DC1F031988AB38E127F1D6CB7DBE3D3ABD786
                                          SHA-256:1B6EDB73FD01255585EA69F7EE2E088E59B9928AE808153559A463B245F21389
                                          SHA-512:8C7DC6E8DD89659828B9D4FE517E063C66298919AE4E3A2C1D85CBC8500D30E5CA06A00D47AB49FF35DE4C1FF55AFF17DBC17C8ABE486ACB813227F6B870FC6B
                                          Malicious:false
                                          Preview:..#ifndef Py_CURSES_H..#define Py_CURSES_H....#ifdef __APPLE__../*..** On Mac OS X 10.2 [n]curses.h and stdlib.h use different guards..** against multiple definition of wchar_t...*/..#ifdef _BSD_WCHAR_T_DEFINED_..#define _WCHAR_T..#endif..#endif /* __APPLE__ */..../* On FreeBSD, [n]curses.h and stdlib.h/wchar.h use different guards.. against multiple definition of wchar_t and wint_t. */..#if defined(__FreeBSD__) && defined(_XOPEN_SOURCE_EXTENDED)..# ifndef __wchar_t..# define __wchar_t..# endif..# ifndef __wint_t..# define __wint_t..# endif..#endif....#if !defined(HAVE_CURSES_IS_PAD) && defined(WINDOW_HAS_FLAGS)../* The following definition is necessary for ncurses 5.7; without it,.. some of [n]curses.h set NCURSES_OPAQUE to 1, and then Python.. can't get at the WINDOW flags field. */..#define NCURSES_OPAQUE 0..#endif....#ifdef HAVE_NCURSES_H..#include <ncurses.h>..#else..#include <curses.h>..#endif....#ifdef HAVE_NCURSES_H../* configure was checking <curses.h>, but we will..

                                          C:\Users\user\AppData\Roaming\windows\include\pybuffer.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5427
                                          Entropy (8bit):5.069888537230864
                                          Encrypted:false
                                          SSDEEP:96:JdD1EcmJG5zgKD6oIeeBmM7n7K51XNHUmjiE7cC8be8kskBP2u:Jdheg50K2oTEF7KrXZUMiEjP2u
                                          MD5:7C9014E2594F3E67AAE5F7FDA4352860
                                          SHA1:55960B0911C92362E9AC878D0EB2726790B159A2
                                          SHA-256:0D147574D7BEEA4F959763520BB1AAC472F1B9E3392E2DE07D230CE21A3B7ED2
                                          SHA-512:D04EE682018BFAFA9C16005D71FC19422B6A36C51D20F2CAD5574680123B251941CBF5A94858709F32B5F754C450510E3EDF75B0D09950A09A2E30648DF7897A
                                          Malicious:false
                                          Preview:/* Public Py_buffer API */....#ifndef Py_BUFFER_H..#define Py_BUFFER_H..#ifdef __cplusplus..extern "C" {..#endif....#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x030b0000..../* === New Buffer API ============================================.. * Limited API and stable ABI since Python 3.11.. *.. * Py_buffer struct layout and size is now part of the stable abi3. The.. * struct layout and size must not be changed in any way, as it would.. * break the ABI... *.. */....typedef struct {.. void *buf;.. PyObject *obj; /* owned reference */.. Py_ssize_t len;.. Py_ssize_t itemsize; /* This is Py_ssize_t so it can be.. pointed to by strides in simple case.*/.. int readonly;.. int ndim;.. char *format;.. Py_ssize_t *shape;.. Py_ssize_t *strides;.. Py_ssize_t *suboffsets;.. void *internal;..} Py_buffer;....typedef int (*getbufferproc)(PyObject *, Py_buffer *, int);..typedef void (*releasebufferproc)(PyObject *, Py_buffer *

                                          C:\Users\user\AppData\Roaming\windows\include\pycapsule.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1786
                                          Entropy (8bit):5.081521306362361
                                          Encrypted:false
                                          SSDEEP:24:g2KeaX90KvX+L1qRdj3jT9CedbWbA6GkK6ey+v8iD5bJ7qK3DilPnGIfyQDD:g2Kl908+85teb5pK7n4KqKY
                                          MD5:3C71A299B676C7CBAD208F922A95E233
                                          SHA1:9D187B09729FB2D6D7E2559AD5BB3A1866A9887C
                                          SHA-256:B4672D7ECA787B0DE64F733F11A6937260440B668869090A310D7AAC35DCD678
                                          SHA-512:1C39B67EE88F526D9293D7B653AF630194887920A85BFCC41FD9AFCBEE23C0199014B991371AE5A0A2EB3872D4708E67D7D0C2573CC78CD2500249839364A5B8
                                          Malicious:false
                                          Preview:../* Capsule objects let you wrap a C "void *" pointer in a Python.. object. They're a way of passing data through the Python interpreter.. without creating your own custom type..... Capsules are used for communication between extension modules... They provide a way for an extension module to export a C interface.. to other extension modules, so that extension modules can use the.. Python import mechanism to link to one another..... For more information, please see "c-api/capsule.html" in the.. documentation...*/....#ifndef Py_CAPSULE_H..#define Py_CAPSULE_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PyCapsule_Type;....typedef void (*PyCapsule_Destructor)(PyObject *);....#define PyCapsule_CheckExact(op) Py_IS_TYPE((op), &PyCapsule_Type)......PyAPI_FUNC(PyObject *) PyCapsule_New(.. void *pointer,.. const char *name,.. PyCapsule_Destructor destructor);....PyAPI_FUNC(void *) PyCapsule_GetPointer(PyObject *capsule, const char *name);....

                                          C:\Users\user\AppData\Roaming\windows\include\pyconfig.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):22770
                                          Entropy (8bit):5.341385705973548
                                          Encrypted:false
                                          SSDEEP:384:rG3TFdt9uFpgNAkHX9R+jC8U29RrUz8fc8BsRV4igraYkW42zgsdgTaXxgClV:rG3TFdt9uFp4um67E8HSEJaW9kXhClV
                                          MD5:B2FF0D6F1035001213D7912D6E3D89C2
                                          SHA1:FC528BDD54982EE27E56B453D1A29564617058C6
                                          SHA-256:5D3B0E35FD3511A9B6A7312941B1F20DD26F06C18574AA53A5923D86BD39B919
                                          SHA-512:FC97BFFF389951EAC0D4A983F182FD6A29EEE1CED473A97D79F8897CA5D3657715081ACE931642586ECBE92BD16D3D390571820D1BE69E0A35CF028B2E148871
                                          Malicious:false
                                          Preview:#ifndef Py_CONFIG_H..#define Py_CONFIG_H..../* pyconfig.h. NOT Generated automatically by configure.....This is a manually maintained version used for the Watcom,..Borland and Microsoft Visual C++ compilers. It is a..standard part of the Python distribution.....WINDOWS DEFINES:..The code specific to Windows should be wrapped around one of..the following #defines....MS_WIN64 - Code specific to the MS Win64 API..MS_WIN32 - Code specific to the MS Win32 (and Win64) API (obsolete, this covers all supported APIs)..MS_WINDOWS - Code specific to Windows, but all versions...Py_ENABLE_SHARED - Code if the Python core is built as a DLL.....Also note that neither "_M_IX86" or "_MSC_VER" should be used for..any purpose other than "Windows Intel x86 specific" and "Microsoft..compiler specific". Therefore, these should be very rare.......NOTE: The following symbols are deprecated:..NT, USE_DL_EXPORT, USE_DL_IMPORT, DL_EXPORT, DL_IMPORT..MS_CORE_DLL.....WIN32 is still required for the locale modul

                                          C:\Users\user\AppData\Roaming\windows\include\pydtrace.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2463
                                          Entropy (8bit):5.248572405565276
                                          Encrypted:false
                                          SSDEEP:48:qK+wYVJPTF7ppO6ycfrO1KPoACIyIPRZP8jp:qK+weTJpgI60POI7f8F
                                          MD5:FA04A6A53E60E5AFCF1E3C80FE6A85F9
                                          SHA1:906119531A0B4E937B3D998996EAD7D24A38407A
                                          SHA-256:AB4304567D6F16E04159ADA9734D05B3F3C12C48DE39EC1386F38ADB3C5012BD
                                          SHA-512:E4D4DF5A716C65A58EF3312F84E30C9A0B95B2449A5C4748803A43B73AFC8A4AAC5269FE47186D39175C44F2B24424126FDD4976AB695C5B866DF107315D0911
                                          Malicious:false
                                          Preview:/* Static DTrace probes interface */....#ifndef Py_DTRACE_H..#define Py_DTRACE_H..#ifdef __cplusplus..extern "C" {..#endif....#ifdef WITH_DTRACE....#include "pydtrace_probes.h"..../* pydtrace_probes.h, on systems with DTrace, is auto-generated to include.. `PyDTrace_{PROBE}` and `PyDTrace_{PROBE}_ENABLED()` macros for every probe.. defined in pydtrace.d..... Calling these functions must be guarded by a `PyDTrace_{PROBE}_ENABLED()`.. check to minimize performance impact when probing is off. For example:.... if (PyDTrace_FUNCTION_ENTRY_ENABLED()).. PyDTrace_FUNCTION_ENTRY(f);..*/....#else..../* Without DTrace, compile to nothing. */....static inline void PyDTrace_LINE(const char *arg0, const char *arg1, int arg2) {}..static inline void PyDTrace_FUNCTION_ENTRY(const char *arg0, const char *arg1, int arg2) {}..static inline void PyDTrace_FUNCTION_RETURN(const char *arg0, const char *arg1, int arg2) {}..static inline void PyDTrace_GC_START(int arg0) {}..static inlin

                                          C:\Users\user\AppData\Roaming\windows\include\pyerrors.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):13354
                                          Entropy (8bit):5.255235411692984
                                          Encrypted:false
                                          SSDEEP:96:JoQHYnEjvkiuSDwuWaFwxQB3mzOFPMkYk7Tvsdh1ip4iDHIPw/CpGCiPYHC8m58F:lHfjvJuSDNsTo0GfwhUZoP9fZv3AJ9Q
                                          MD5:D72F2181C7AEF01428D4642040E29E94
                                          SHA1:27918E6520DFF90B5BA25C206E93D0BE732B561B
                                          SHA-256:A5E3D3A24AE4E35C694373C5AF52431F615A5B8DA1050C8CC0D0EAEC743CBE8E
                                          SHA-512:6A8439C9B5ABED86AD9401759E2E624F6588D611D971C19076704136D52911EB9A717AC446356E5EC4EF4A40131AF5C3570D09752E8BE518313606EF4992087B
                                          Malicious:false
                                          Preview:#ifndef Py_ERRORS_H..#define Py_ERRORS_H..#ifdef __cplusplus..extern "C" {..#endif....#include <stdarg.h> // va_list..../* Error handling definitions */....PyAPI_FUNC(void) PyErr_SetNone(PyObject *);..PyAPI_FUNC(void) PyErr_SetObject(PyObject *, PyObject *);..PyAPI_FUNC(void) PyErr_SetString(.. PyObject *exception,.. const char *string /* decoded from utf-8 */.. );..PyAPI_FUNC(PyObject *) PyErr_Occurred(void);..PyAPI_FUNC(void) PyErr_Clear(void);..PyAPI_FUNC(void) PyErr_Fetch(PyObject **, PyObject **, PyObject **);..PyAPI_FUNC(void) PyErr_Restore(PyObject *, PyObject *, PyObject *);..PyAPI_FUNC(PyObject *) PyErr_GetRaisedException(void);..PyAPI_FUNC(void) PyErr_SetRaisedException(PyObject *);..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x030b0000..PyAPI_FUNC(PyObject*) PyErr_GetHandledException(void);..PyAPI_FUNC(void) PyErr_SetHandledException(PyObject *);..#endif..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03030000..PyAPI_FUNC(void) PyErr_

                                          C:\Users\user\AppData\Roaming\windows\include\pyexpat.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2629
                                          Entropy (8bit):4.93000961505113
                                          Encrypted:false
                                          SSDEEP:48:Ia2teebxzfQAikOlXixVXLVXLVgbAmV7ZUFHgHYl6wPPDDw3E1f0BP+D3+TEFx:Ia2tjbxzoAnIixVXLVXLVgbVV7ZUFHg8
                                          MD5:744B2E747B113336757D1A91ADD3BCFC
                                          SHA1:C6CA40FB2002E055355CB4F466C89312F19F8146
                                          SHA-256:3184380D037E557F3EA5080028DFBFFDD57B25074F0F7772491A24EBAE404AB6
                                          SHA-512:381BBB3D9BA6A69AB801710A99F285FD29904D3B2532066A5A76AC796545D06EFB6E0040C40EFDA5C3E15EF1CCA83A4FD6ABAFA5C10852399992B1543B1CB902
                                          Malicious:false
                                          Preview:/* Stuff to export relevant 'expat' entry points from pyexpat to other.. * parser modules, such as cElementTree. */..../* note: you must import expat.h before importing this module! */....#define PyExpat_CAPI_MAGIC "pyexpat.expat_CAPI 1.1"..#define PyExpat_CAPSULE_NAME "pyexpat.expat_CAPI"....struct PyExpat_CAPI..{.. char* magic; /* set to PyExpat_CAPI_MAGIC */.. int size; /* set to sizeof(struct PyExpat_CAPI) */.. int MAJOR_VERSION;.. int MINOR_VERSION;.. int MICRO_VERSION;.. /* pointers to selected expat functions. add new functions at.. the end, if needed */.. const XML_LChar * (*ErrorString)(enum XML_Error code);.. enum XML_Error (*GetErrorCode)(XML_Parser parser);.. XML_Size (*GetErrorColumnNumber)(XML_Parser parser);.. XML_Size (*GetErrorLineNumber)(XML_Parser parser);.. enum XML_Status (*Parse)(.. XML_Parser parser, const char *s, int len, int isFinal);.. XML_Parser (*ParserCreate_MM)(.. const XML_Char *encoding, const XM

                                          C:\Users\user\AppData\Roaming\windows\include\pyframe.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):577
                                          Entropy (8bit):5.189767002122922
                                          Encrypted:false
                                          SSDEEP:6:UtruhGFsD6klSrekTAQ0ysjQ6zbyOPD+STc9yeMeoryeWDl76rCJs0fjAkVjBDji:UxuQsArejPjD+STlgnh2rCJ78cjB9U
                                          MD5:1A369280A69D2A590919E676B7912DB1
                                          SHA1:13F6860E51BB021D20CD0F38A800BB814B59FCF1
                                          SHA-256:F9BF8550E78682111C980DBE556B7337FD6C23CF99C2B604180A59161B1ACE6A
                                          SHA-512:38027C77D374762F37310F5969EDA596F4872F85265E66207BC9A0C9FCACC29449D27EC14E06DE91227EADADFE98A7EE2C999CA2A3B51B7C5C4C0B20E0F0090B
                                          Malicious:false
                                          Preview:/* Limited C API of PyFrame API.. *.. * Include "frameobject.h" to get the PyFrameObject structure... */....#ifndef Py_PYFRAME_H..#define Py_PYFRAME_H..#ifdef __cplusplus..extern "C" {..#endif..../* Return the line of code the frame is currently executing. */..PyAPI_FUNC(int) PyFrame_GetLineNumber(PyFrameObject *);....PyAPI_FUNC(PyCodeObject *) PyFrame_GetCode(PyFrameObject *frame);....#ifndef Py_LIMITED_API..# define Py_CPYTHON_PYFRAME_H..# include "cpython/pyframe.h"..# undef Py_CPYTHON_PYFRAME_H..#endif....#ifdef __cplusplus..}..#endif..#endif /* !Py_PYFRAME_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\pyhash.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4298
                                          Entropy (8bit):5.254023686902442
                                          Encrypted:false
                                          SSDEEP:48:TG4eHjbX5FEjFgiuKrCXYz7jdRjyDyt1719VNVUVHQVyd+m1LnJGLIdMJoqdzjAB:Sp4SmC235J1cKm78IdgoujAujrc
                                          MD5:DA7C6D806C3D7784C30B42440D1A89DA
                                          SHA1:DAB6510FE6A9490CD897D17F89782872C78AA55F
                                          SHA-256:12E61F600B74A9ED310684AEEE1D90FC18ACBDA7996E5C33942E2CD610491E8B
                                          SHA-512:5E2C9EA659FA04304E484CCB3720D4B864D6DAF87DA57F489EF79AC73C5C33943B23C0D18B30E2E15919946B7C25D7A3C5C0C58DC43FB03C14E278E163986BC4
                                          Malicious:false
                                          Preview:#ifndef Py_HASH_H....#define Py_HASH_H..#ifdef __cplusplus..extern "C" {..#endif..../* Helpers for hash functions */..#ifndef Py_LIMITED_API..PyAPI_FUNC(Py_hash_t) _Py_HashDouble(PyObject *, double);..PyAPI_FUNC(Py_hash_t) _Py_HashPointer(const void*);..// Similar to _Py_HashPointer(), but don't replace -1 with -2..PyAPI_FUNC(Py_hash_t) _Py_HashPointerRaw(const void*);..PyAPI_FUNC(Py_hash_t) _Py_HashBytes(const void*, Py_ssize_t);..#endif..../* Prime multiplier used in string and various other hashes. */..#define _PyHASH_MULTIPLIER 1000003UL /* 0xf4243 */..../* Parameters used for the numeric hash implementation. See notes for.. _Py_HashDouble in Python/pyhash.c. Numeric hashes are based on.. reduction modulo the prime 2**_PyHASH_BITS - 1. */....#if SIZEOF_VOID_P >= 8..# define _PyHASH_BITS 61..#else..# define _PyHASH_BITS 31..#endif....#define _PyHASH_MODULUS (((size_t)1 << _PyHASH_BITS) - 1)..#define _PyHASH_INF 314159..#define _PyHASH_IMAG _PyHASH_MULTIPLIER....../* hash se

                                          C:\Users\user\AppData\Roaming\windows\include\pylifecycle.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2327
                                          Entropy (8bit):5.380690029352174
                                          Encrypted:false
                                          SSDEEP:48:lXVNiHDyL8YRcAw9viniJtNtVD/XPrtPkYk:lFVL8YRcY2XjJk
                                          MD5:A4999224788D89737D77C793066AF45A
                                          SHA1:B0A93D35B1C5198701CC034A30E2601014C14A14
                                          SHA-256:DAE21F8FA25D4B71D195EF2F0A4E079B523BACE866025883158BB6CF2A765E37
                                          SHA-512:A4B4A0567878907FECD94A754BAE9B00E1F3D6B69891DE5C9976F106DC26D83961C04856C24BCFA1BC347C542A3AC2AA4AA012B3C7C77F6DC7D0E747470CC6FA
                                          Malicious:false
                                          Preview:../* Interfaces to configure, query, create & destroy the Python runtime */....#ifndef Py_PYLIFECYCLE_H..#define Py_PYLIFECYCLE_H..#ifdef __cplusplus..extern "C" {..#endif....../* Initialization and finalization */..PyAPI_FUNC(void) Py_Initialize(void);..PyAPI_FUNC(void) Py_InitializeEx(int);..PyAPI_FUNC(void) Py_Finalize(void);..#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03060000..PyAPI_FUNC(int) Py_FinalizeEx(void);..#endif..PyAPI_FUNC(int) Py_IsInitialized(void);..../* Subinterpreter support */..PyAPI_FUNC(PyThreadState *) Py_NewInterpreter(void);..PyAPI_FUNC(void) Py_EndInterpreter(PyThreadState *);....../* Py_PyAtExit is for the atexit module, Py_AtExit is for low-level.. * exit functions... */..PyAPI_FUNC(int) Py_AtExit(void (*func)(void));....PyAPI_FUNC(void) _Py_NO_RETURN Py_Exit(int);..../* Bootstrap __main__ (defined in Modules/main.c) */..PyAPI_FUNC(int) Py_Main(int argc, wchar_t **argv);..PyAPI_FUNC(int) Py_BytesMain(int argc, char **argv);..../* In pathconfig.c

                                          C:\Users\user\AppData\Roaming\windows\include\pymacconfig.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2909
                                          Entropy (8bit):4.850845082898093
                                          Encrypted:false
                                          SSDEEP:48:qkICVJOk2F8aHca+ix2In9S3FTTxC9FecMTJleZRCIk27JRS/LLAcDC5hGFOSA:qkIe4nF8a8a+ixBn9S3jGJcLRDC5gA
                                          MD5:A021AF6295465B14119485C599339758
                                          SHA1:05539F83298BFACA644C33AC503C2A6F9100EF46
                                          SHA-256:24E1AD823600B4977D07834FB397FADC4C9E011649BE25EB6BB77D9A24287FBE
                                          SHA-512:D5715F8F6D04A3F46E11D7CBDC15E89B5673E7A7B45E3CB8334E7AAF2C99E10F3D0204A10FE476304567CBB53F644C754089908DBCEF8A88EA1FBC5DCA56352D
                                          Malicious:false
                                          Preview:#ifndef PYMACCONFIG_H..#define PYMACCONFIG_H.. /*.. * This file moves some of the autoconf magic to compile-time.. * when building on MacOSX. This is needed for building 4-way.. * universal binaries and for 64-bit universal binaries because.. * the values redefined below aren't configure-time constant but.. * only compile-time constant in these scenarios... */....#if defined(__APPLE__)....# undef ALIGNOF_MAX_ALIGN_T..# undef SIZEOF_LONG..# undef SIZEOF_LONG_DOUBLE..# undef SIZEOF_PTHREAD_T..# undef SIZEOF_SIZE_T..# undef SIZEOF_TIME_T..# undef SIZEOF_VOID_P..# undef SIZEOF__BOOL..# undef SIZEOF_UINTPTR_T..# undef SIZEOF_PTHREAD_T..# undef WORDS_BIGENDIAN..# undef DOUBLE_IS_ARM_MIXED_ENDIAN_IEEE754..# undef DOUBLE_IS_BIG_ENDIAN_IEEE754..# undef DOUBLE_IS_LITTLE_ENDIAN_IEEE754..# undef HAVE_GCC_ASM_FOR_X87..# undef HAVE_GCC_ASM_FOR_X64....# undef VA_LIST_IS_ARRAY..# if defined(__LP64__) && defined(__x86_64__)..# define VA_LIST_IS_ARRAY 1..#

                                          C:\Users\user\AppData\Roaming\windows\include\pymacro.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6481
                                          Entropy (8bit):5.29182130742359
                                          Encrypted:false
                                          SSDEEP:192:QA9HuK8pEpTBmp28UPbFJlF8pfdknMx8bUA3ng:H9OK8pEpTBmp28UPBJlF8p1N8bUA3ng
                                          MD5:4F383A11553F99D297E28A5660B4AEE1
                                          SHA1:7E199579F1FF1EEF772F640B27162E58860CBE91
                                          SHA-256:53FD1CB57064C35FC586583F2D61B277342C992C305762575F459406A17F1B6F
                                          SHA-512:AB15A16CEE757514D21B6BB2C8F3BD1177310512191BDA8131010E0C92297127355F6CBF9F9DC330678A2EE22BEF1097C15403F31E73CE7AE77749F00038457B
                                          Malicious:false
                                          Preview:#ifndef Py_PYMACRO_H..#define Py_PYMACRO_H....// gh-91782: On FreeBSD 12, if the _POSIX_C_SOURCE and _XOPEN_SOURCE macros are..// defined, <sys/cdefs.h> disables C11 support and <assert.h> does not define..// the static_assert() macro...// https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255290..//..// macOS <= 10.10 doesn't define static_assert in assert.h at all despite..// having C11 compiler support...//..// static_assert is defined in glibc from version 2.16. Compiler support for..// the C11 _Static_assert keyword is in gcc >= 4.6...//..// MSVC makes static_assert a keyword in C11-17, contrary to the standards...//..// In C++11 and C2x, static_assert is a keyword, redefining is undefined..// behaviour. So only define if building as C (if __STDC_VERSION__ is defined),..// not C++, and only for C11-17...#if !defined(static_assert) && (defined(__GNUC__) || defined(__clang__)) \.. && defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \.. && __STDC_VERSION__ <= 201710L..

                                          C:\Users\user\AppData\Roaming\windows\include\pymath.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1750
                                          Entropy (8bit):5.377756016331667
                                          Encrypted:false
                                          SSDEEP:48:oPZTUcnUD6+IH+vo9WvMNqXTs6VByE6AuvI/+uGA:oPZTwIahyPk
                                          MD5:ED3AB211AFD9A7C19EE611682E838B0B
                                          SHA1:B8D73DE6E8B41E9F6DE88F3FEC64F2BA630B508C
                                          SHA-256:935D36ED3717CE1240B36E4A9B1124D40C17D907071B564571ED97A6E83156BA
                                          SHA-512:A87BFBB1B4CA35E0081B6FD5E6AE55F82E4CE66BDC85B86D0C4C9E32642657AF261660B98858AE7E548AC62C7F39656AFAF759C9544CA630DD8E6D6C91502E2F
                                          Malicious:false
                                          Preview:// Symbols and macros to supply platform-independent interfaces to mathematical..// functions and constants.....#ifndef Py_PYMATH_H..#define Py_PYMATH_H..../* High precision definition of pi and e (Euler).. * The values are taken from libc6's math.h... */..#ifndef Py_MATH_PIl..#define Py_MATH_PIl 3.1415926535897932384626433832795029L..#endif..#ifndef Py_MATH_PI..#define Py_MATH_PI 3.14159265358979323846..#endif....#ifndef Py_MATH_El..#define Py_MATH_El 2.7182818284590452353602874713526625L..#endif....#ifndef Py_MATH_E..#define Py_MATH_E 2.7182818284590452354..#endif..../* Tau (2pi) to 40 digits, taken from tauday.com/tau-digits. */..#ifndef Py_MATH_TAU..#define Py_MATH_TAU 6.2831853071795864769252867665590057683943L..#endif....// Py_IS_NAN(X)..// Return 1 if float or double arg is a NaN, else 0...#define Py_IS_NAN(X) isnan(X)....// Py_IS_INFINITY(X)..// Return 1 if float or double arg is an infinity, else 0...#define Py_IS_INFINITY(X) isinf(X)....// Py_IS_FINITE(X)..// Return 1 if floa

                                          C:\Users\user\AppData\Roaming\windows\include\pymem.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4018
                                          Entropy (8bit):4.965355340929362
                                          Encrypted:false
                                          SSDEEP:96:Yscrdb8tCUPD693/9vHcXRu+nj0Wpk2VYjsZdQwI5:DC/99uor2VpZdI5
                                          MD5:CF73EC569EA6A1D96F91444578429675
                                          SHA1:835405B3878D88A9031E3B1D0A7A9F448D7CF54B
                                          SHA-256:00F511D0272B15FA197250F069D943A1FAE72D644E567A608C880232D7522337
                                          SHA-512:D69C8A097EDF8FFAE6284044B5C4C3757FDC7AA61D67E5858C7D58AF67F0D3999B45B39CEF7EEF8B0472B9F5AE44930F2A568344AEDE034B48843D389CFF0BA8
                                          Malicious:false
                                          Preview:/* The PyMem_ family: low-level memory allocation interfaces... See objimpl.h for the PyObject_ memory family...*/....#ifndef Py_PYMEM_H..#define Py_PYMEM_H....#include "pyport.h"....#ifdef __cplusplus..extern "C" {..#endif..../* BEWARE:.... Each interface exports both functions and macros. Extension modules should.. use the functions, to ensure binary compatibility across Python versions... Because the Python implementation is free to change internal details, and.. the macros may (or may not) expose details for speed, if you do use the.. macros you must recompile your extensions with each Python release..... Never mix calls to PyMem_ with calls to the platform malloc/realloc/.. calloc/free. For example, on Windows different DLLs may end up using.. different heaps, and if you use PyMem_Malloc you'll get the memory from the.. heap used by the Python DLL; it could be a disaster if you free()'ed that.. directly in your own extension. Using PyMem_Free instead ensu

                                          C:\Users\user\AppData\Roaming\windows\include\pyport.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):26295
                                          Entropy (8bit):5.283651022980506
                                          Encrypted:false
                                          SSDEEP:384:Y9+HZZw3+OYxL9WIdsj8/sHu8+dz8c8pU6z78pUxMB5b/ENWqd907Q3iF8Z8htsm:7YBYR9Bs4/+n/0RcNWSmhaLxvBLop
                                          MD5:A32EEF371437FFAFE15C2781AD1839CC
                                          SHA1:CD483AD6E5CF2299D81D667A598E6F60E01633D6
                                          SHA-256:33BC938ED3011DC5C35BE4075555B7592D8AE20C7D0A7C6E7BC4922F49817600
                                          SHA-512:426D7B53B2062FC671C72710CCE833C3FD81BF32CB50E479BD75B719F0609EEAD8650164C5547C369CD59C811451B9ABF9AEA90A4496BAF5FA96E9CCBD27131D
                                          Malicious:false
                                          Preview:#ifndef Py_PYPORT_H..#define Py_PYPORT_H....#include "pyconfig.h" /* include for defines */....#include <inttypes.h>....#include <limits.h>..#ifndef UCHAR_MAX..# error "limits.h must define UCHAR_MAX"..#endif..#if UCHAR_MAX != 255..# error "Python's source code assumes C's unsigned char is an 8-bit type"..#endif......// Macro to use C++ static_cast<> in the Python C API...#ifdef __cplusplus..# define _Py_STATIC_CAST(type, expr) static_cast<type>(expr)..#else..# define _Py_STATIC_CAST(type, expr) ((type)(expr))..#endif..// Macro to use the more powerful/dangerous C-style cast even in C++...#define _Py_CAST(type, expr) ((type)(expr))....// Static inline functions should use _Py_NULL rather than using directly NULL..// to prevent C++ compiler warnings. On C++11 and newer, _Py_NULL is defined as..// nullptr...#if defined(__cplusplus) && __cplusplus >= 201103..# define _Py_NULL nullptr..#else..# define _Py_NULL NULL..#endif....../* Defines to build Python and its standard library:.. *

                                          C:\Users\user\AppData\Roaming\windows\include\pystate.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4767
                                          Entropy (8bit):5.128059952751942
                                          Encrypted:false
                                          SSDEEP:96:EKvuYsaF1vT5TVwhRHoQghMY9/ZpVj2uaQ:EZYVBwhRHo1ZHLyjQ
                                          MD5:E20443B4C352780306EC4BD658B100CC
                                          SHA1:53C1EBFAB0EFC902E3507D0CB88E570B69C5D0F7
                                          SHA-256:811143ADE21A7C02DE7AEADF524FA06F31B5BABF8344CE32F657546A3CF93825
                                          SHA-512:F5817BD4FE4060D14DFE324E80D5028A244672D1B6EAB5A7A72D36DE89194184D11409270DAD921DFB078BF8C8102A141ECCC041932AD2CE3687300682272AEB
                                          Malicious:false
                                          Preview:/* Thread and interpreter state structures and their interfaces */......#ifndef Py_PYSTATE_H..#define Py_PYSTATE_H..#ifdef __cplusplus..extern "C" {..#endif..../* This limitation is for performance and simplicity. If needed it can be..removed (with effort). */..#define MAX_CO_EXTRA_USERS 255....PyAPI_FUNC(PyInterpreterState *) PyInterpreterState_New(void);..PyAPI_FUNC(void) PyInterpreterState_Clear(PyInterpreterState *);..PyAPI_FUNC(void) PyInterpreterState_Delete(PyInterpreterState *);....#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03090000../* New in 3.9 */../* Get the current interpreter state..... Issue a fatal error if there no current Python thread state or no current.. interpreter. It cannot return NULL..... The caller must hold the GIL. */..PyAPI_FUNC(PyInterpreterState *) PyInterpreterState_Get(void);..#endif....#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x03080000../* New in 3.8 */..PyAPI_FUNC(PyObject *) PyInterpreterState_GetDict(PyInterpreterState

                                          C:\Users\user\AppData\Roaming\windows\include\pystats.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2851
                                          Entropy (8bit):5.180040045075736
                                          Encrypted:false
                                          SSDEEP:48:SQd7tOUDecZyqgm/o75CKttF7cJTm4bJz/FciFx4rJJxZQlJLRjVGkWmkaCkknvB:Xd7tVDecZyqgm/o75RtFQ04bR/FtFx4Z
                                          MD5:8C21624A1EBDC0D9D83EAB84B821E488
                                          SHA1:80500768682D8E4D7D78CEDCFE732B53F2F4A101
                                          SHA-256:ADAC35BF8EC736A70939FF6E8C22AE726D26B0681916BC7848DFDAE73676FC0D
                                          SHA-512:3FAB1E011AE7480A2246E31090BF995B00D2942695E8E3FB2B30DD117C6C9929047262C7EA454B9EF4099CE601649EC91AD591196174187B8B03A4F836B12B7F
                                          Malicious:false
                                          Preview:....#ifndef Py_PYSTATS_H..#define Py_PYSTATS_H..#ifdef __cplusplus..extern "C" {..#endif....#ifdef Py_STATS....#define SPECIALIZATION_FAILURE_KINDS 36..../* Stats for determining who is calling PyEval_EvalFrame */..#define EVAL_CALL_TOTAL 0..#define EVAL_CALL_VECTOR 1..#define EVAL_CALL_GENERATOR 2..#define EVAL_CALL_LEGACY 3..#define EVAL_CALL_FUNCTION_VECTORCALL 4..#define EVAL_CALL_BUILD_CLASS 5..#define EVAL_CALL_SLOT 6..#define EVAL_CALL_FUNCTION_EX 7..#define EVAL_CALL_API 8..#define EVAL_CALL_METHOD 9....#define EVAL_CALL_KINDS 10....typedef struct _specialization_stats {.. uint64_t success;.. uint64_t failure;.. uint64_t hit;.. uint64_t deferred;.. uint64_t miss;.. uint64_t deopt;.. uint64_t failure_kinds[SPECIALIZATION_FAILURE_KINDS];..} SpecializationStats;....typedef struct _opcode_stats {.. SpecializationStats specialization;.. uint64_t execution_count;.. uint64_t pair_count[256];..} OpcodeStats;....typedef struct _call_stats {.. uint64_t in

                                          C:\Users\user\AppData\Roaming\windows\include\pystrcmp.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):459
                                          Entropy (8bit):5.022153673289837
                                          Encrypted:false
                                          SSDEEP:12:BboAEURhrTlQSj7yADv9Ne/9wADveWBov:BdEUf+Sj7PvLMrve3v
                                          MD5:1D69651494533AA0FB597A48341CE0C8
                                          SHA1:65AD7F6BB55774DEEEF734BD90D0739CBE8D19C7
                                          SHA-256:2DD23B6FB3B7A7FEF62B33170A7215F0B68F2CDD6EDBA5548D0D563C5B124055
                                          SHA-512:7A51EA3CACEAD1C3752F8F861C9E62300B3CE4B0690ADEBA4264CE5B9C420B1611652959CC88C7A0F788713B7E2D63584157243FEE9B1A0AAC9873B226EF222F
                                          Malicious:false
                                          Preview:#ifndef Py_STRCMP_H..#define Py_STRCMP_H....#ifdef __cplusplus..extern "C" {..#endif....PyAPI_FUNC(int) PyOS_mystrnicmp(const char *, const char *, Py_ssize_t);..PyAPI_FUNC(int) PyOS_mystricmp(const char *, const char *);....#ifdef MS_WINDOWS..#define PyOS_strnicmp strnicmp..#define PyOS_stricmp stricmp..#else..#define PyOS_strnicmp PyOS_mystrnicmp..#define PyOS_stricmp PyOS_mystricmp..#endif....#ifdef __cplusplus..}..#endif....#endif /* !Py_STRCMP_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\pystrtod.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1603
                                          Entropy (8bit):4.715096402574982
                                          Encrypted:false
                                          SSDEEP:24:BGERvPSJV7dNnZzcuoNlrNPdl7j08+PiE4K3AaltRNOv:B/RPSJbNnINtxdl7jh+P+FalQv
                                          MD5:DEE296E06D6F0CC4BAC9258EFAD19D1A
                                          SHA1:99EC0B64E54751EA70ACC013FB1B259DA8CBF3BC
                                          SHA-256:CC01DB06C999E075BF5A2E4DB6DDACEB1BB5BAFE201DCBD39C6969A37C29213C
                                          SHA-512:496F1D0A9C9BE9B0404C5C351D966550EE5C67E6B48CCE625D807D6991733D45075BD30D9A6E50C03EDE3EFE3424BCF5F84EF1CD452EDFA6167B22ED7FAD3910
                                          Malicious:false
                                          Preview:#ifndef Py_STRTOD_H..#define Py_STRTOD_H....#ifdef __cplusplus..extern "C" {..#endif......PyAPI_FUNC(double) PyOS_string_to_double(const char *str,.. char **endptr,.. PyObject *overflow_exception);..../* The caller is responsible for calling PyMem_Free to free the buffer.. that's is returned. */..PyAPI_FUNC(char *) PyOS_double_to_string(double val,.. char format_code,.. int precision,.. int flags,.. int *type);....#ifndef Py_LIMITED_API..PyAPI_FUNC(PyObject *) _Py_string_to_number_with_underscores(.. const char *str, Py_ssize_t len, const char *what, PyObject *obj, void *arg,.. PyObject *(*innerfunc)(const char *, Py_ssize_t, void *));....PyAPI_FUNC(double) _Py_parse_inf_or_nan(const char *p, char **endptr);..#endif....../* PyOS_double_to_str

                                          C:\Users\user\AppData\Roaming\windows\include\pythonrun.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1362
                                          Entropy (8bit):5.488347111542672
                                          Encrypted:false
                                          SSDEEP:24:wizJxGBA0GN+JBn7nj+p++LKwEMLrDUHov6id4JIkcwtxOl+G5hGzQu:3FxWVc+JZ76FLKISoN0qUSh/u
                                          MD5:474F9E4EED7DEB1322E87645FB371D2B
                                          SHA1:F085994A711755F2D76D876DE3F9F7A7DE1160A5
                                          SHA-256:B2D57B6E0A1C7409A6564D9C8BBF2FF4123952FC8B995C20C222845F76139DB9
                                          SHA-512:64CBF8240CA9C656E28F60309305849883485C799346D69636718EFC289244C565CF9EB3E7A714D15E7EF3EE4D85F2ABF313BCEDBDF558B7EE9C5382054F1D23
                                          Malicious:false
                                          Preview:../* Interfaces to parse and execute pieces of python code */....#ifndef Py_PYTHONRUN_H..#define Py_PYTHONRUN_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_FUNC(PyObject *) Py_CompileString(const char *, const char *, int);....PyAPI_FUNC(void) PyErr_Print(void);..PyAPI_FUNC(void) PyErr_PrintEx(int);..PyAPI_FUNC(void) PyErr_Display(PyObject *, PyObject *, PyObject *);....#if !defined(Py_LIMITED_API) || Py_LIMITED_API+0 >= 0x030C0000..PyAPI_FUNC(void) PyErr_DisplayException(PyObject *);..#endif....../* Stuff with no proper home (yet) */..PyAPI_DATA(int) (*PyOS_InputHook)(void);..../* Stack size, in "pointers" (so we get extra safety margins.. on 64-bit platforms). On a 32-bit platform, this translates.. to an 8k margin. */..#define PYOS_STACK_MARGIN 2048....#if defined(WIN32) && !defined(MS_WIN64) && !defined(_M_ARM) && defined(_MSC_VER) && _MSC_VER >= 1300../* Enable stack checking under Microsoft C */..// When changing the platforms, ensure PyOS_CheckStack() docs are still

                                          C:\Users\user\AppData\Roaming\windows\include\pythread.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):5010
                                          Entropy (8bit):5.295857313049067
                                          Encrypted:false
                                          SSDEEP:96:wV1qxKfOLVwiwwHf2ETs7fUbD3uJeiXV26G6tj2MZPlMRRkrYkxlyBNkZov:TOOLVwiwwHfWCbuUiX/tVPlM+oiZov
                                          MD5:BEF11805D87A31334F0CDDBE74117A00
                                          SHA1:79CAF71C62D38793F96F0E868DF8BF0F7A93A164
                                          SHA-256:8A5AC1D509B82BECC23C95E521AEF251722B4A7A939906C102CEEB0E6C6D3D7B
                                          SHA-512:909BE3EF2686FE0E6E1C319D8CA7500B361E3613C0803296C59BAA8D60A913271CD6F0081854068FCE2B7AA499BDDD7526FE322118EE80FED0292E875506188C
                                          Malicious:false
                                          Preview:#ifndef Py_PYTHREAD_H..#define Py_PYTHREAD_H....typedef void *PyThread_type_lock;....#ifdef __cplusplus..extern "C" {..#endif..../* Return status codes for Python lock acquisition. Chosen for maximum.. * backwards compatibility, ie failure -> 0, success -> 1. */..typedef enum PyLockStatus {.. PY_LOCK_FAILURE = 0,.. PY_LOCK_ACQUIRED = 1,.. PY_LOCK_INTR..} PyLockStatus;....PyAPI_FUNC(void) PyThread_init_thread(void);..PyAPI_FUNC(unsigned long) PyThread_start_new_thread(void (*)(void *), void *);..PyAPI_FUNC(void) _Py_NO_RETURN PyThread_exit_thread(void);..PyAPI_FUNC(unsigned long) PyThread_get_thread_ident(void);....#if (defined(__APPLE__) || defined(__linux__) || defined(_WIN32) \.. || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) \.. || defined(__DragonFly__) || defined(_AIX))..#define PY_HAVE_THREAD_NATIVE_ID..PyAPI_FUNC(unsigned long) PyThread_get_thread_native_id(void);..#endif....PyAPI_FUNC(PyThread_type_lock) PyThread_allocate_lock(void);..

                                          C:\Users\user\AppData\Roaming\windows\include\pytypedefs.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):881
                                          Entropy (8bit):4.832281870825026
                                          Encrypted:false
                                          SSDEEP:24:0Wy9Vax/Q/7xZxuShx8KtKWx9x0PjxJTxhx5xPxnx5xl5:ZWUx/sPtb4Q70PlJV3v5xvl5
                                          MD5:E418FB47E9CBF1EDBF3D27091520D3D6
                                          SHA1:BC5CEA031F9ADF17480C5D81E41AFB1D38262195
                                          SHA-256:CFE86E7DFF6E86B1F0C81991DB870D31FD5E38E3C7FDC7E898BD908876B38029
                                          SHA-512:F6A065D2512FD903FA06CFAFF8341D86B31988B10091F4D65EB0F90B483ACE866B69A83BB42FA9D8C669C65C0317DE64106515A1BA1B704A04D8D589D9944EB3
                                          Malicious:false
                                          Preview:// Forward declarations of types of the Python C API...// Declare them at the same place since redefining typedef is a C11 feature...// Only use a forward declaration if there is an interdependency between two..// header files.....#ifndef Py_PYTYPEDEFS_H..#define Py_PYTYPEDEFS_H..#ifdef __cplusplus..extern "C" {..#endif....typedef struct PyModuleDef PyModuleDef;..typedef struct PyModuleDef_Slot PyModuleDef_Slot;..typedef struct PyMethodDef PyMethodDef;..typedef struct PyGetSetDef PyGetSetDef;..typedef struct PyMemberDef PyMemberDef;....typedef struct _object PyObject;..typedef struct _longobject PyLongObject;..typedef struct _typeobject PyTypeObject;..typedef struct PyCodeObject PyCodeObject;..typedef struct _frame PyFrameObject;....typedef struct _ts PyThreadState;..typedef struct _is PyInterpreterState;....#ifdef __cplusplus..}..#endif..#endif // !Py_PYTYPEDEFS_H..

                                          C:\Users\user\AppData\Roaming\windows\include\rangeobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):657
                                          Entropy (8bit):5.141831945015928
                                          Encrypted:false
                                          SSDEEP:12:CwYNmrVceqg9ZdOK8vFRt+bREsDwYySNM5jwF9Rm64vKpzXIYqql:dYN6cej6Rt+usDwYySNM5sF9QvqzXiql
                                          MD5:73A5866C06E7D7E4E14E07311529F4D6
                                          SHA1:EC1FE3B37CDCECE0ADFC25E26F60F0B7994EE53A
                                          SHA-256:B923DC6CC084607666DAA74EB05D5893BDD0A83B1023B4794794FEDF77B10D34
                                          SHA-512:04684A4C5DCD9EE385D2ADD3BCD9D24459EA173C390ECBAED2A74212BF268C5D42839F7478D99144215BE9C100E3E54DA67E16C15DF2B66528066FEB6BBA292F
                                          Malicious:false
                                          Preview:../* Range object interface */....#ifndef Py_RANGEOBJECT_H..#define Py_RANGEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif..../*..A range object represents an integer range. This is an immutable object;..a range cannot change its value after creation.....Range objects behave like the corresponding tuple objects except that..they are represented by a start, stop, and step datamembers...*/....PyAPI_DATA(PyTypeObject) PyRange_Type;..PyAPI_DATA(PyTypeObject) PyRangeIter_Type;..PyAPI_DATA(PyTypeObject) PyLongRangeIter_Type;....#define PyRange_Check(op) Py_IS_TYPE((op), &PyRange_Type)....#ifdef __cplusplus..}..#endif..#endif /* !Py_RANGEOBJECT_H */..

                                          C:\Users\user\AppData\Roaming\windows\include\setobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1606
                                          Entropy (8bit):5.135639545258304
                                          Encrypted:false
                                          SSDEEP:24:Ta9cZyvwRADV7QEgj9djecMwtURjSRjecMfcMwtHYMcMwzrnIZNl:O9YyvwRADqEw99J6y1MrnIrl
                                          MD5:BB680B19CECABED7F8964A64013D279E
                                          SHA1:1DEC840A12C244AA172C083927DB005A2FFCA4E6
                                          SHA-256:0EC874216EEC40F88F61D9E473298F9AA0F7B9D21D897858B9EF439D7310A59C
                                          SHA-512:58AB8047EC874F8968C25A1582497026777CB72946ADA73D394C87A253F1D087EC28760C2852926DC8B93A84B06ED451F569EC68C9F1F8CF2DF7D9D42548AF51
                                          Malicious:false
                                          Preview:/* Set object interface */....#ifndef Py_SETOBJECT_H..#define Py_SETOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_DATA(PyTypeObject) PySet_Type;..PyAPI_DATA(PyTypeObject) PyFrozenSet_Type;..PyAPI_DATA(PyTypeObject) PySetIter_Type;....PyAPI_FUNC(PyObject *) PySet_New(PyObject *);..PyAPI_FUNC(PyObject *) PyFrozenSet_New(PyObject *);....PyAPI_FUNC(int) PySet_Add(PyObject *set, PyObject *key);..PyAPI_FUNC(int) PySet_Clear(PyObject *set);..PyAPI_FUNC(int) PySet_Contains(PyObject *anyset, PyObject *key);..PyAPI_FUNC(int) PySet_Discard(PyObject *set, PyObject *key);..PyAPI_FUNC(PyObject *) PySet_Pop(PyObject *set);..PyAPI_FUNC(Py_ssize_t) PySet_Size(PyObject *anyset);....#define PyFrozenSet_CheckExact(ob) Py_IS_TYPE((ob), &PyFrozenSet_Type)..#define PyFrozenSet_Check(ob) \.. (Py_IS_TYPE((ob), &PyFrozenSet_Type) || \.. PyType_IsSubtype(Py_TYPE(ob), &PyFrozenSet_Type))....#define PyAnySet_CheckExact(ob) \.. (Py_IS_TYPE((ob), &PySet_Type) || Py_IS_TYPE((ob), &PyFrozenSet

                                          C:\Users\user\AppData\Roaming\windows\include\sliceobject.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):2583
                                          Entropy (8bit):4.823020632875323
                                          Encrypted:false
                                          SSDEEP:48:K2TTR2znlKM0H0NO0QRbuSdV+tcdAi8cttkN:ulK/VxekjG
                                          MD5:2A1B94A96E7BCF0A14BF3AE5FD8E99D8
                                          SHA1:2EC5C23ABC9E2513E71F1355B19719BB0FFFA6A3
                                          SHA-256:9D3160778E2DF3BE789A2631B08D1D954F3CA434EA399B49881A9A62CB87C29B
                                          SHA-512:D24F255A186531194298BAAE0FC1ECAF085C76E1849DD2FC698C244D9A843C0978D6D79EF05E8B26930107DBC3A194E84F47C254F73FBF9268982DEBAD6AB5A3
                                          Malicious:false
                                          Preview:#ifndef Py_SLICEOBJECT_H..#define Py_SLICEOBJECT_H..#ifdef __cplusplus..extern "C" {..#endif..../* The unique ellipsis object "..." */....PyAPI_DATA(PyObject) _Py_EllipsisObject; /* Don't use this directly */....#define Py_Ellipsis (&_Py_EllipsisObject)..../* Slice object interface */..../*....A slice object containing start, stop, and step data members (the..names are from range). After much talk with Guido, it was decided to..let these be any arbitrary python type. Py_None stands for omitted values...*/..#ifndef Py_LIMITED_API..typedef struct {.. PyObject_HEAD.. PyObject *start, *stop, *step; /* not NULL */..} PySliceObject;..#endif....PyAPI_DATA(PyTypeObject) PySlice_Type;..PyAPI_DATA(PyTypeObject) PyEllipsis_Type;....#define PySlice_Check(op) Py_IS_TYPE((op), &PySlice_Type)....PyAPI_FUNC(PyObject *) PySlice_New(PyObject* start, PyObject* stop,.. PyObject* step);..#ifndef Py_LIMITED_API..PyAPI_FUNC(PyObject *) _PySlice_FromIndices(Py_ssi

                                          C:\Users\user\AppData\Roaming\windows\include\structmember.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1701
                                          Entropy (8bit):5.087401856696278
                                          Encrypted:false
                                          SSDEEP:24:BGDUEGD7wQ+Ib//vHN+TfUIEuLSkKvQXkfGNbfkb7V5mQwaJHPaBHRlxDfwxEOjB:BGDFGDUQ9/DIjNyQU+CbLmQwVBlYHD9
                                          MD5:C8B10A8E48BA94FCC7073A9F980C36AA
                                          SHA1:4737D40AA72F8C2D6E9385C31A0DDF1711A5272C
                                          SHA-256:E20883B9A81F1FC559DD89B1C454C86ADAECCF37241EDDFA2321E325FF0D612F
                                          SHA-512:DDF9BF7ADF161D62037AB950A2A17DE18C73B31729EE39388BC3A092D7E45BC3460700B1BF3127DEF3C012F89514A61E2D4939BF4D853AF39B0F50E8FE253640
                                          Malicious:false
                                          Preview:#ifndef Py_STRUCTMEMBER_H..#define Py_STRUCTMEMBER_H..#ifdef __cplusplus..extern "C" {..#endif....../* Interface to map C struct members to Python object attributes.. *.. * This header is deprecated: new code should not use stuff from here... * New definitions are in descrobject.h... *.. * However, there's nothing wrong with old code continuing to use it,.. * and there's not much mainenance overhead in maintaining a few aliases... * So, don't be too eager to convert old code... *.. * It uses names not prefixed with Py_... * It is also *not* included from Python.h and must be included individually... */....#include <stddef.h> /* For offsetof (not always provided by Python.h) */..../* Types */..#define T_SHORT Py_T_SHORT..#define T_INT Py_T_INT..#define T_LONG Py_T_LONG..#define T_FLOAT Py_T_FLOAT..#define T_DOUBLE Py_T_DOUBLE..#define T_STRING Py_T_STRING..#define T_OBJECT _Py_T_OBJECT..#define T_CHAR Py_T_CHAR..#define T_BYTE Py_T_BYTE..#define T_U

                                          C:\Users\user\AppData\Roaming\windows\include\structseq.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1447
                                          Entropy (8bit):5.016239129795396
                                          Encrypted:false
                                          SSDEEP:24:6A4EvxJxytxZGRULiR5tzf59zmM2YzCCShSnbYSncJ+BOnYS2+IRCenWeTo:6ApZ6YyMXfnmM5zmMYccJZYbbCaWz
                                          MD5:A1CBAA4EA21363E6FFC5A69ED42922CB
                                          SHA1:EC8EF78F23C97CD707AD2B688689FACCC14CE61D
                                          SHA-256:6477D33201766F5DC079B20018AEE48BA6D489BB03F67E10A8C3B640695FFE91
                                          SHA-512:C96E0636EB45B7D085B254476316DCAE856D970288036BA1527294515ECD424E632F6D1CB904D2F9ABCF893852EBA355F66BBAAC1DAD759CB2B51D93E2892C7F
                                          Malicious:false
                                          Preview:../* Named tuple object interface */....#ifndef Py_STRUCTSEQ_H..#define Py_STRUCTSEQ_H..#ifdef __cplusplus..extern "C" {..#endif....typedef struct PyStructSequence_Field {.. const char *name;.. const char *doc;..} PyStructSequence_Field;....typedef struct PyStructSequence_Desc {.. const char *name;.. const char *doc;.. PyStructSequence_Field *fields;.. int n_in_sequence;..} PyStructSequence_Desc;....PyAPI_DATA(const char * const) PyStructSequence_UnnamedField;....#ifndef Py_LIMITED_API..PyAPI_FUNC(void) PyStructSequence_InitType(PyTypeObject *type,.. PyStructSequence_Desc *desc);..PyAPI_FUNC(int) PyStructSequence_InitType2(PyTypeObject *type,.. PyStructSequence_Desc *desc);..#endif..PyAPI_FUNC(PyTypeObject*) PyStructSequence_NewType(PyStructSequence_Desc *desc);....PyAPI_FUNC(PyObject *) PyStructSequence_New(PyTypeObject* type);....#ifndef Py_LIMITED_API..typedef PyTupleObject PyStruct

                                          C:\Users\user\AppData\Roaming\windows\include\sysmodule.h

                                          Download File
                                          Process:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          File Type:C source, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1783
                                          Entropy (8bit):5.402160823955907
                                          Encrypted:false
                                          SSDEEP:24:QfNnHc+fl+YLfN++BqzZvWtRZvWtvORvaX+5+EGsP6+GExop6kukNwV7OtD:eHcolhLfN+jzZuZSO1mo5GsiCophKc
                                          MD5:8BE3E6DCE80A2ECB25A23611388F888F
                                          SHA1:05EA0D8536034FEA7CF491E1B64848495C42C92D
                                          SHA-256:E411229C5536F6F83272E896DB1765EC1827EB84573E0724E87C66CFCB0E0049
                                          SHA-512:BD8154B85EA8483072109F130023E42930DB158F558C0515F9350C0C239882666B75E8B2D89E1BEE2EDD8BEAC5CE3C9C48E8B462DE303C3A9765C37A5FB1E2CA
                                          Malicious:false
                                          Preview:../* System module interface */....#ifndef Py_SYSMODULE_H..#define Py_SYSMODULE_H..#ifdef __cplusplus..extern "C" {..#endif....PyAPI_FUNC(PyObject *) PySys_GetObject(const char *);..PyAPI_FUNC(int) PySys_SetObject(const char *, PyObject *);....Py_DEPRECATED(3.11) PyAPI_FUNC(void) PySys_SetArgv(int, wchar_t **);..Py_DEPRECATED(3.11) PyAPI_FUNC(void) PySys_SetArgvEx(int, wchar_t **, int);..Py_DEPRECATED(3.11) PyAPI_FUNC(void) PySys_SetPath(const wchar_t *);....PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...).. Py_GCC_ATTRIBUTE((format(printf, 1, 2)));..PyAPI_FUNC(void) PySys_WriteStderr(const char *format, ...).. Py_GCC_ATTRIBUTE((format(printf, 1, 2)));..PyAPI_FUNC(void) PySys_FormatStdout(const char *format, ...);..PyAPI_FUNC(void) PySys_FormatStderr(const char *format, ...);....PyAPI_FUNC(void) PySys_ResetWarnOptions(void);..Py_DEPRECATED(3.11) PyAPI_FUNC(void) PySys_AddWarnOption(const wchar_t *);..Py_DEPRECATED(3.11) PyAPI_FUNC(void) PySys_

                                          \Device\ConDrv

                                          Download File
                                          Process:C:\Users\user\AppData\Roaming\windows\python.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):352
                                          Entropy (8bit):5.0679347227956315
                                          Encrypted:false
                                          SSDEEP:6:NF3xUlADOB/RZU7hV1eAidRguuMQbTFk9BcIDeEXfWWoNPe5IGtiMv:NF+lDB5G7hV1cTN7QN+GISEXQCI2nv
                                          MD5:1DF6C2029C01A4D1D5835AC8BF5F8F61
                                          SHA1:5C4F13F4EC8F2F93ED44B6A0865711F3D5C89AC8
                                          SHA-256:7284D5424255C2A7F639DBE660868B6F482A0D4D8B0D4BA2751675EC11818EC8
                                          SHA-512:2F889A80D44D8A4A1D00B1D8C878C930BF6A0D8A635AA7807663C722B5BCA370A3E942B14229325751312B68EDB6ABF01E3DB6AA257034F7402876F2C9933DB0
                                          Malicious:false
                                          Preview:[+] Launching a sacrificial process. [*] Spoofed parent process: explorer.exe (PID: 4056). [*] Spawned process: .C:\Windows\System32\notepad.exe (PID: 1660)..[+] Injecting shellcode via Early Bird APC Queue. [*] Memory allocated. [-] Size: ..65536 bytes. [-] Address: ..0x00000264C6FD0000. [-] Protection: .PAGE_READWRITE.

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):7.9995874924741095
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                          • DOS Executable Generic (2002/1) 0.02%
                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                          File name:8n3W4yKYeB.exe
                                          File size:18'997'115 bytes
                                          MD5:89185e2191d0ba5a994e606ce200308f
                                          SHA1:5e471217b0c25915824346111bedbabb6bdf91f6
                                          SHA256:d434be38db7e05e636622e17661c027948d9eacbd58c9d0def9a6d1c4685553c
                                          SHA512:c458ec2a6ee11155e1b553515833f61852663c9dc4faf897b64280b20029dc1001ae77dd66b02178fe5bfb1cd25a9835f481cb5fdf08bd378d4071c12455bc5c
                                          SSDEEP:393216:P5a8jDfsDqR5Pa43GIFojAw8cRrvxJkS8blf5cyRyviUECdAE640T2Q:tjTsDqRdWDkw8cRr3glBcyRCiUECmEji
                                          TLSH:FA17332BBF8690F1F7CA33357202D30A6675CD54AF5685D7215FAA801C617C8AE3E0E9
                                          File Content Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...JD.W............................_.............@..................................."..............................................p...O.................

                                          File Icon

                                          Icon Hash:d8c6a6aaaaa6cc10

                                          Static PE Info

                                          General

                                          Entrypoint:0x41c35f
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:
                                          Time Stamp:0x5700444A [Sat Apr 2 22:14:34 2016 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:a1a66d588dcf1394354ebf6ec400c223

                                          Entrypoint Preview

                                          Instruction
                                          push ebp
                                          mov ebp, esp
                                          push FFFFFFFFh
                                          push 0041FA80h
                                          push 0041C4F0h
                                          mov eax, dword ptr fs:[00000000h]
                                          push eax
                                          mov dword ptr fs:[00000000h], esp
                                          sub esp, 68h
                                          push ebx
                                          push esi
                                          push edi
                                          mov dword ptr [ebp-18h], esp
                                          xor ebx, ebx
                                          mov dword ptr [ebp-04h], ebx
                                          push 00000002h
                                          call dword ptr [0041D1ECh]
                                          pop ecx
                                          or dword ptr [00426C88h], FFFFFFFFh
                                          or dword ptr [00426C8Ch], FFFFFFFFh
                                          call dword ptr [0041D1F0h]
                                          mov ecx, dword ptr [00424C74h]
                                          mov dword ptr [eax], ecx
                                          call dword ptr [0041D1F4h]
                                          mov ecx, dword ptr [00424C70h]
                                          mov dword ptr [eax], ecx
                                          mov eax, dword ptr [0041D1F8h]
                                          mov eax, dword ptr [eax]
                                          mov dword ptr [00426C84h], eax
                                          call 00007FD649490E02h
                                          cmp dword ptr [004226F0h], ebx
                                          jne 00007FD649490CEEh
                                          push 0041C4E8h
                                          call dword ptr [0041D1FCh]
                                          pop ecx
                                          call 00007FD649490DD4h
                                          push 00422080h
                                          push 0042207Ch
                                          call 00007FD649490DBFh
                                          mov eax, dword ptr [00424C6Ch]
                                          mov dword ptr [ebp-6Ch], eax
                                          lea eax, dword ptr [ebp-6Ch]
                                          push eax
                                          push dword ptr [00424C68h]
                                          lea eax, dword ptr [ebp-64h]
                                          push eax
                                          lea eax, dword ptr [ebp-70h]
                                          push eax
                                          lea eax, dword ptr [ebp-60h]
                                          push eax
                                          call dword ptr [0041D204h]
                                          push 00422078h
                                          push 00422000h
                                          call 00007FD649490D8Ch

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1feac0xc8.rdata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x270000x4f00.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x1d0000x390.rdata
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x10000x1bd4a0x1be00c820c58aedd8916d0cfdfacf6518a796False0.6028587443946188data6.710525331739984IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rdata0x1d0000x41a80x420061e5f1569be02d293c2f1941c8014c11False0.46123342803030304data5.74601891946531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .data0x220000x4c900x800df838379d053bbc0adb49e5333be876cFalse0.41357421875data3.6966107753084243IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                          .rsrc0x270000x4f000x5000588c13b1c22bd6f0774d5d4e57308c98False0.16416015625data4.293549718348912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_ICON0x271c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.29432624113475175
                                          RT_ICON0x276280x9b8Device independent bitmap graphic, 24 x 48 x 32, image size 24480.25442122186495175
                                          RT_ICON0x27fe00x1128Device independent bitmap graphic, 32 x 64 x 32, image size 43520.13820582877959928
                                          RT_ICON0x291080x2668Device independent bitmap graphic, 48 x 96 x 32, image size 97920.08177379983726607
                                          RT_GROUP_ICON0x2b7700x3edata0.8387096774193549
                                          RT_VERSION0x2b7b00x444data0.4835164835164835
                                          RT_MANIFEST0x2bbf40x309ASCII text0.5341055341055341

                                          Imports

                                          DLLImport
                                          COMCTL32.dll
                                          SHELL32.dllShellExecuteExW, ShellExecuteW, SHGetMalloc, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHGetSpecialFolderPathW
                                          GDI32.dllCreateCompatibleDC, CreateFontIndirectW, DeleteObject, DeleteDC, GetCurrentObject, StretchBlt, GetDeviceCaps, CreateCompatibleBitmap, SelectObject, SetStretchBltMode, GetObjectW
                                          ADVAPI32.dllFreeSid, AllocateAndInitializeSid, CheckTokenMembership
                                          USER32.dllGetParent, ScreenToClient, CreateWindowExW, GetDesktopWindow, GetWindowTextLengthW, SetWindowPos, SetTimer, GetMessageW, CopyImage, KillTimer, CharUpperW, SendMessageW, ShowWindow, BringWindowToTop, wsprintfW, MessageBoxW, EndDialog, ReleaseDC, GetWindowDC, GetMenu, GetWindowLongW, GetClassNameA, wsprintfA, DispatchMessageW, SetWindowTextW, GetSysColor, DestroyWindow, MessageBoxA, GetKeyState, IsWindow, GetDlgItem, GetClientRect, GetSystemMetrics, SetWindowLongW, UnhookWindowsHookEx, SetFocus, SystemParametersInfoW, DrawTextW, GetDC, ClientToScreen, GetWindow, DialogBoxIndirectParamW, DrawIconEx, CallWindowProcW, DefWindowProcW, CallNextHookEx, PtInRect, SetWindowsHookExW, LoadImageW, LoadIconW, MessageBeep, EnableWindow, EnableMenuItem, GetSystemMenu, CreateWindowExA, wvsprintfW, GetWindowTextW, GetWindowRect
                                          ole32.dllCreateStreamOnHGlobal, CoCreateInstance, CoInitialize
                                          OLEAUT32.dllSysAllocStringLen, VariantClear, SysFreeString, OleLoadPicture, SysAllocString
                                          KERNEL32.dllSetFileTime, SetEndOfFile, GetFileInformationByHandle, VirtualFree, GetModuleHandleA, WaitForMultipleObjects, VirtualAlloc, ReadFile, SetFilePointer, GetFileSize, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, FormatMessageW, lstrcpyW, LocalFree, IsBadReadPtr, GetSystemDirectoryW, GetCurrentThreadId, SuspendThread, TerminateThread, InitializeCriticalSection, ResetEvent, SetEvent, CreateEventW, GetVersionExW, GetModuleFileNameW, GetCurrentProcess, SetProcessWorkingSetSize, SetEnvironmentVariableW, GetDriveTypeW, CreateFileW, LoadLibraryA, SetThreadLocale, GetSystemTimeAsFileTime, ExpandEnvironmentStringsW, CompareFileTime, WideCharToMultiByte, GetTempPathW, GetCurrentDirectoryW, GetEnvironmentVariableW, lstrcmpiW, GetLocaleInfoW, MultiByteToWideChar, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetSystemDefaultLCID, lstrcmpiA, GlobalAlloc, GlobalFree, MulDiv, FindResourceExA, SizeofResource, LoadResource, LockResource, GetModuleHandleW, FindFirstFileW, lstrcmpW, DeleteFileW, FindNextFileW, FindClose, RemoveDirectoryW, GetStdHandle, WriteFile, lstrlenA, CreateDirectoryW, GetFileAttributesW, SetCurrentDirectoryW, GetLocalTime, SystemTimeToFileTime, CreateThread, GetExitCodeThread, Sleep, SetFileAttributesW, GetDiskFreeSpaceExW, SetLastError, GetTickCount, lstrlenW, ExitProcess, lstrcatW, GetProcAddress, CloseHandle, WaitForSingleObject, GetExitCodeProcess, GetQueuedCompletionStatus, ResumeThread, SetInformationJobObject, CreateIoCompletionPort, AssignProcessToJobObject, CreateJobObjectW, GetLastError, CreateProcessW, GetStartupInfoW, GetCommandLineW, GetStartupInfoA
                                          MSVCRT.dll_purecall, ??2@YAPAXI@Z, _wtol, memset, memmove, memcpy, _wcsnicmp, _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, ??1type_info@@UAE@XZ, _onexit, __dllonexit, malloc, realloc, free, wcsstr, _CxxThrowException, _beginthreadex, _EH_prolog, ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z, strncmp, wcsncmp, wcsncpy, strncpy, ??3@YAXPAX@Z

                                          Network Behavior

                                          No network behavior found

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:11:26:54
                                          Start date:17/09/2024
                                          Path:C:\Users\user\Desktop\8n3W4yKYeB.exe
                                          Wow64 process (32bit):true
                                          Commandline:"C:\Users\user\Desktop\8n3W4yKYeB.exe"
                                          Imagebase:0x400000
                                          File size:18'997'115 bytes
                                          MD5 hash:89185E2191D0BA5A994E606CE200308F
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          General

                                          Target ID:4
                                          Start time:13:03:30
                                          Start date:17/09/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\run.bat" /verysilent"
                                          Imagebase:0x410000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:5
                                          Start time:13:03:30
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:6
                                          Start time:13:03:30
                                          Start date:17/09/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:cmd /c "C:\Users\user\AppData\Roaming\windows\run.bat" min
                                          Imagebase:0x410000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:7
                                          Start time:13:03:30
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:8
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /K b.bat
                                          Imagebase:0x410000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:9
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:10
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /K startup.bat
                                          Imagebase:0x410000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:11
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:true

                                          General

                                          Target ID:12
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat"
                                          Imagebase:0x410000
                                          File size:236'544 bytes
                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:13
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          General

                                          Target ID:14
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Users\user\AppData\Roaming\windows\python.exe
                                          Wow64 process (32bit):false
                                          Commandline:python.exe na.py
                                          Imagebase:0x7ff7c1100000
                                          File size:103'192 bytes
                                          MD5 hash:3D44212BBA2D7A88D6C83CE8523BBA88
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_5c38878d, Description: unknown, Source: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000000E.00000002.2559039165.0000023FB0410000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_5c38878d, Description: unknown, Source: 0000000E.00000002.2559039165.0000023FB0410000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 0000000E.00000003.1575854995.0000023FAEBCD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_5c38878d, Description: unknown, Source: 0000000E.00000003.1575854995.0000023FAEBCD000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          Reputation:low
                                          Has exited:false

                                          General

                                          Target ID:15
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\SysWOW64\cscript.exe
                                          Wow64 process (32bit):true
                                          Commandline:cscript //nologo C:\Users\user~1\AppData\Local\Temp\CreateShortcut.vbs
                                          Imagebase:0xe50000
                                          File size:144'896 bytes
                                          MD5 hash:CB601B41D4C8074BE8A84AED564A94DC
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:moderate
                                          Has exited:true

                                          General

                                          Target ID:16
                                          Start time:13:03:31
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\notepad.exe
                                          Wow64 process (32bit):
                                          Commandline:C:\Windows\System32\notepad.exe
                                          Imagebase:
                                          File size:201'216 bytes
                                          MD5 hash:27F71B12CB585541885A31BE22F61C83
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_5c38878d, Description: unknown, Source: 00000010.00000002.2554703919.000001BD34AF0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                          Has exited:false

                                          General

                                          Target ID:17
                                          Start time:13:03:44
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\cmd.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\windows\start.bat" "
                                          Imagebase:0x7ff6c9d70000
                                          File size:289'792 bytes
                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:18
                                          Start time:13:03:45
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:19
                                          Start time:13:03:45
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\cmd.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\cmd.exe /K b.bat
                                          Imagebase:0x7ff6c9d70000
                                          File size:289'792 bytes
                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:20
                                          Start time:13:03:45
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:true

                                          General

                                          Target ID:21
                                          Start time:13:03:45
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\cmd.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\cmd.exe /K "C:\Users\user\AppData\Roaming\windows\b.bat"
                                          Imagebase:0x7ff6c9d70000
                                          File size:289'792 bytes
                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:22
                                          Start time:13:03:45
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff75da10000
                                          File size:862'208 bytes
                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Has exited:false

                                          General

                                          Target ID:23
                                          Start time:13:03:45
                                          Start date:17/09/2024
                                          Path:C:\Users\user\AppData\Roaming\windows\python.exe
                                          Wow64 process (32bit):false
                                          Commandline:python.exe na.py
                                          Imagebase:0x7ff7c1100000
                                          File size:103'192 bytes
                                          MD5 hash:3D44212BBA2D7A88D6C83CE8523BBA88
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000017.00000002.2558712756.000001F77B44C000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_5c38878d, Description: unknown, Source: 00000017.00000002.2558712756.000001F77B44C000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_5c38878d, Description: unknown, Source: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000017.00000003.1721088072.000001F77B3DF000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Windows_Trojan_Donutloader_5c38878d, Description: unknown, Source: 00000017.00000003.1721088072.000001F77B3DF000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                          Has exited:false

                                          General

                                          Target ID:24
                                          Start time:13:03:46
                                          Start date:17/09/2024
                                          Path:C:\Windows\System32\notepad.exe
                                          Wow64 process (32bit):
                                          Commandline:C:\Windows\System32\notepad.exe
                                          Imagebase:
                                          File size:201'216 bytes
                                          MD5 hash:27F71B12CB585541885A31BE22F61C83
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000018.00000002.2554701460.00000264C6FD0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                          Has exited:false

                                          Disassembly

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:15.1%
                                            Dynamic/Decrypted Code Coverage:0%
                                            Signature Coverage:22.1%
                                            Total number of Nodes:1755
                                            Total number of Limit Nodes:41
                                            execution_graph 11487 41be40 11488 41be44 11487->11488 11489 41be47 VirtualAlloc 11487->11489 11881 41c35f __set_app_type __p__fmode __p__commode 11882 41c3ce 11881->11882 11883 41c3e2 11882->11883 11884 41c3d6 __setusermatherr 11882->11884 11893 41c4d6 _controlfp 11883->11893 11884->11883 11886 41c3e7 _initterm __getmainargs _initterm 11887 41c43b GetStartupInfoA 11886->11887 11889 41c46f GetModuleHandleA 11887->11889 11894 407014 _EH_prolog 11889->11894 11893->11886 11897 406024 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z 11894->11897 12225 403834 GetModuleHandleW CreateWindowExW GetDesktopWindow GetWindowRect SetWindowPos 11897->12225 11900 406062 11901 406ff3 MessageBoxA 11900->11901 11903 40607c 11900->11903 11902 40700a exit _XcptFilter 11901->11902 12228 4147df ??2@YAPAXI 11903->12228 11905 406092 12229 4147df ??2@YAPAXI 11905->12229 11907 40609a 12230 4147df ??2@YAPAXI 11907->12230 11909 4060a2 12231 40541a LoadLibraryA #17 11909->12231 11914 414864 ctype 3 API calls 11915 4060c2 11914->11915 12260 40457e 11915->12260 11917 4060ca 12274 404f69 11917->12274 11919 4060e0 12292 403ef5 11919->12292 11922 404f69 19 API calls 11923 4060f2 GetCommandLineW 11922->11923 11924 404f69 19 API calls 11923->11924 11925 406101 11924->11925 11926 40420b 7 API calls 11925->11926 11927 406118 wsprintfW 11926->11927 11928 40612a 11927->11928 11929 404f69 19 API calls 11928->11929 11930 406138 11929->11930 12295 4056ba 11930->12295 11933 406164 11935 4056ba 3 API calls 11933->11935 11934 40614e _wtol 11934->11933 11936 40617f 11935->11936 11937 406183 11936->11937 11938 4061ac 11936->11938 12478 405ca1 11937->12478 11939 4056ba 3 API calls 11938->11939 11941 4061b8 11939->11941 11942 4061c7 11941->11942 11943 4061bc 11941->11943 11946 4056ba 3 API calls 11942->11946 12500 401fac 11943->12500 11947 4061d7 11946->11947 11948 40420b 7 API calls 11947->11948 11949 4061f4 GetModuleFileNameW 11948->11949 11950 406201 11949->11950 11951 406213 11949->11951 11952 409684 74 API calls 11950->11952 11953 4056ba 3 API calls 11951->11953 11955 406188 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 11952->11955 11967 406226 11953->11967 11954 4063bb 12300 4148c7 11954->12300 11955->11902 11958 4148c7 3 API calls 11961 4063d8 11958->11961 11959 4062fb 11963 406322 11959->11963 11964 40630b _wtol 11959->11964 11960 4056ba 3 API calls 11970 406372 11960->11970 11962 40645d 11961->11962 11968 414864 ctype 3 API calls 11961->11968 11965 403ef5 2 API calls 11962->11965 11963->11960 11964->11963 11969 40647d 11965->11969 11966 4062ed 11966->11955 11966->11959 11967->11954 11967->11955 11967->11959 11967->11963 11967->11966 11975 401585 ctype 4 API calls 11967->11975 11971 40640c 11968->11971 11972 414864 ctype 3 API calls 11969->11972 11970->11954 11974 403022 4 API calls 11970->11974 11973 414864 ctype 3 API calls 11971->11973 11976 406488 11972->11976 11982 406422 11973->11982 11977 4063a5 11974->11977 11975->11967 12305 4012cf 11976->12305 11977->11954 11980 4148c7 3 API calls 11977->11980 11980->11954 11981 4064ad 12309 4143c2 ??2@YAPAXI 11981->12309 11984 4148c7 3 API calls 11982->11984 11983 409684 74 API calls 11983->11981 11986 40644d 11984->11986 11988 403ce0 19 API calls 11986->11988 11987 4064bf 12310 405eeb 11987->12310 11990 406455 11988->11990 11992 414922 ctype 5 API calls 11990->11992 11992->11962 11994 4064da 11995 4064e0 ??3@YAXPAX 11994->11995 11996 4064ed 11994->11996 11995->11996 11997 406563 11996->11997 11999 4056ba 3 API calls 11996->11999 11998 406931 ??3@YAXPAX 11997->11998 12001 4065b1 11997->12001 12002 40657c wsprintfW 11997->12002 12009 404f69 19 API calls 11997->12009 12000 40693f CoInitialize 11998->12000 12006 406502 11999->12006 12007 404f59 lstrcmpW 12000->12007 12327 4053fb 12001->12327 12003 403ce0 19 API calls 12002->12003 12003->11997 12006->11997 12006->11998 12508 405f0f 12006->12508 12010 406964 12007->12010 12009->11997 12013 406975 12010->12013 12014 414864 ctype 3 API calls 12010->12014 12012 4065be 12015 4065d5 12012->12015 12016 4065c5 ??3@YAXPAX 12012->12016 12469 405517 12013->12469 12014->12013 12368 405729 12015->12368 12016->12015 12024 409684 74 API calls 12027 406551 ??3@YAXPAX 12024->12027 12027->11997 12028 4065e6 12031 4066c8 12028->12031 12038 4065fb lstrlenW 12028->12038 12434 401303 12031->12434 12537 40b350 12038->12537 12039 4066db 12043 405eeb 3 API calls 12039->12043 12045 4066e5 12043->12045 12047 405319 139 API calls 12045->12047 12048 4066f5 12047->12048 12050 405729 34 API calls 12048->12050 12052 4066fa 12050->12052 12442 401368 12052->12442 12056 406612 12064 414864 ctype 3 API calls 12056->12064 12059 4016fe 145 API calls 12061 406706 12059->12061 12063 405729 34 API calls 12061->12063 12067 40670b 12063->12067 12064->12031 12069 40684c 12067->12069 12544 403f0a AllocateAndInitializeSid 12067->12544 12073 404f59 lstrcmpW 12069->12073 12109 40685e 12073->12109 12086 4068b1 12463 405d92 12086->12463 12092 414803 ctype 2 API calls 12092->12109 12099 406737 12548 4147df ??2@YAPAXI 12099->12548 12106 40673f GetCommandLineW 12110 403022 4 API calls 12106->12110 12108 4068b3 ??3@YAXPAX 12108->12086 12109->12086 12109->12092 12109->12108 12116 404f69 19 API calls 12109->12116 12118 40674f 12110->12118 12121 406895 ??3@YAXPAX 12116->12121 12122 414803 ctype 2 API calls 12118->12122 12119 404f59 lstrcmpW 12123 4068e4 12119->12123 12124 404f59 lstrcmpW 12121->12124 12125 406758 12122->12125 12126 4068f2 12123->12126 12127 403ce0 19 API calls 12123->12127 12124->12109 12549 4147b1 12125->12549 12128 4075cf 3 API calls 12126->12128 12127->12126 12131 4068ff 12128->12131 12134 407941 39 API calls 12131->12134 12137 406926 12134->12137 12578 407630 ??3@YAXPAX 12137->12578 12141 414787 3 API calls 12143 40678a 12141->12143 12557 4146e1 12143->12557 12149 406795 12152 41476b 3 API calls 12149->12152 12155 4067a4 12152->12155 12156 414864 ctype 3 API calls 12155->12156 12159 4067ae 7 API calls 12156->12159 12560 401c59 12159->12560 12169 406800 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 12170 406827 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 12169->12170 12170->12069 12226 4038d0 GetVersionExW 12225->12226 12227 40389e SetTimer KiUserCallbackDispatcher DispatchMessageW KillTimer 12225->12227 12226->11900 12226->11901 12227->12226 12228->11905 12229->11907 12230->11909 12232 405441 12231->12232 12233 403c85 3 API calls 12232->12233 12234 405446 12233->12234 12235 403ce0 19 API calls 12234->12235 12236 40544e 12235->12236 12237 403ce0 19 API calls 12236->12237 12238 40545b 12237->12238 12239 403ce0 19 API calls 12238->12239 12240 405468 12239->12240 12241 403ce0 19 API calls 12240->12241 12242 405475 12241->12242 12243 403ce0 19 API calls 12242->12243 12244 405482 12243->12244 12245 403ce0 19 API calls 12244->12245 12246 40548f 12245->12246 12247 403ce0 19 API calls 12246->12247 12252 40549c 12247->12252 12248 4054b1 SHGetSpecialFolderPathW 12249 4054c5 wsprintfW 12248->12249 12248->12252 12251 404f69 19 API calls 12249->12251 12250 405512 GetCommandLineW 12254 403022 12250->12254 12251->12252 12252->12248 12252->12250 12253 404f69 19 API calls 12252->12253 12253->12252 12255 403030 12254->12255 12256 40305c 12254->12256 12257 403054 12255->12257 12258 401585 ctype 4 API calls 12255->12258 12256->12257 12259 401585 ctype 4 API calls 12256->12259 12257->11914 12258->12255 12259->12256 12579 4147df ??2@YAPAXI 12260->12579 12262 404593 12265 404670 12262->12265 12268 401585 ??2@YAPAXI memcpy ??3@YAXPAX _CxxThrowException ctype 12262->12268 12270 4148c7 3 API calls 12262->12270 12580 4143e4 12262->12580 12583 4147df ??2@YAPAXI 12262->12583 12584 404346 12262->12584 12263 4148c7 3 API calls 12264 40467d ??3@YAXPAX 12263->12264 12264->11917 12265->12263 12268->12262 12271 4045ee ??3@YAXPAX 12270->12271 12590 414962 12271->12590 12273 404603 ??3@YAXPAX ??3@YAXPAX 12273->12262 12595 4147df ??2@YAPAXI 12274->12595 12276 404f7d 12596 4147df ??2@YAPAXI 12276->12596 12278 404f85 12279 414864 ctype 3 API calls 12278->12279 12280 404f8e 12279->12280 12281 414864 ctype 3 API calls 12280->12281 12282 404f97 12281->12282 12597 40287b ??2@YAPAXI 12282->12597 12284 404fd6 ??3@YAXPAX ??3@YAXPAX 12284->11919 12286 414803 ctype 2 API calls 12287 404fb8 12286->12287 12288 414922 ctype 5 API calls 12287->12288 12289 404fc1 12288->12289 12290 404f69 16 API calls 12289->12290 12291 404fcd ??3@YAXPAX 12290->12291 12291->12284 12608 403eca GetProcAddress 12292->12608 12294 403efa 12294->11922 12296 4056c3 12295->12296 12297 40570d 12296->12297 12298 4056f3 lstrlenW lstrlenW 12296->12298 12297->11933 12297->11934 12611 403786 12298->12611 12301 4148d3 12300->12301 12302 4063cb 12300->12302 12303 414905 memcpy 12301->12303 12304 4148dc ??2@YAPAXI ??3@YAXPAX 12301->12304 12302->11958 12303->12302 12304->12303 12307 4012d7 12305->12307 12306 4012f9 12306->11981 12306->11983 12307->12306 12623 409e06 12307->12623 12309->11987 12311 405ef4 12310->12311 12312 405f09 12311->12312 12712 402565 ??3@YAXPAX ??3@YAXPAX 12311->12712 12314 405319 12312->12314 12715 4143c2 ??2@YAPAXI 12314->12715 12316 40532e 12716 404d7f 12316->12716 12318 405344 12319 40536b 12318->12319 12320 40534d 12318->12320 12321 40537a 12319->12321 12747 40502a 12319->12747 12324 409684 74 API calls 12320->12324 12323 40535a ??3@YAXPAX 12321->12323 12326 405355 12321->12326 12774 41447c 12321->12774 12323->11994 12324->12326 12326->12323 12328 414864 ctype 3 API calls 12327->12328 12329 40540b 12328->12329 12330 414922 ctype 5 API calls 12329->12330 12331 405416 12330->12331 12332 4016fe 12331->12332 12885 4147df ??2@YAPAXI 12332->12885 12334 401714 lstrlenW 12363 401729 12334->12363 12335 4019c8 12337 401a22 12335->12337 12338 414803 ctype 2 API calls 12335->12338 12336 402fec lstrlenW lstrlenW _wcsnicmp 12336->12363 12339 404f69 19 API calls 12337->12339 12340 4019e3 12338->12340 12341 401a49 12339->12341 12912 4146a6 12340->12912 12343 414803 ctype 2 API calls 12341->12343 12345 401a52 12343->12345 12344 4019f5 12346 414864 ctype 3 API calls 12344->12346 12347 4146a6 2 API calls 12345->12347 12349 401a00 ??3@YAXPAX ??3@YAXPAX 12346->12349 12350 401a66 12347->12350 12351 401a1a 12349->12351 12352 414864 ctype 3 API calls 12350->12352 12916 414aa5 12351->12916 12354 401a71 ??3@YAXPAX ??3@YAXPAX 12352->12354 12355 401a8b 12354->12355 12356 414aa5 memmove 12355->12356 12357 401a93 12356->12357 12358 404f69 19 API calls 12357->12358 12359 401a27 ??3@YAXPAX 12358->12359 12359->12012 12361 4018f2 _wtol 12361->12363 12363->12335 12363->12336 12363->12359 12363->12361 12364 403022 4 API calls 12363->12364 12365 414864 ctype 3 API calls 12363->12365 12886 4016a8 12363->12886 12897 4015b3 12363->12897 12911 4147df ??2@YAPAXI 12363->12911 12364->12363 12366 4019b3 ??3@YAXPAX 12365->12366 12366->12363 12369 404f59 lstrcmpW 12368->12369 12370 40573b 12369->12370 12371 405785 12370->12371 12372 414864 ctype 3 API calls 12370->12372 12373 404f59 lstrcmpW 12371->12373 12374 40574e 12372->12374 12375 4057a1 12373->12375 12376 403ce0 19 API calls 12374->12376 12377 404f59 lstrcmpW 12375->12377 12378 405756 12376->12378 12379 4057b6 12377->12379 12380 414922 ctype 5 API calls 12378->12380 12382 404f59 lstrcmpW 12379->12382 12381 40575e 12380->12381 12383 414864 ctype 3 API calls 12381->12383 12384 4057cb 12382->12384 12385 405775 12383->12385 12387 404f59 lstrcmpW 12384->12387 12386 403ce0 19 API calls 12385->12386 12388 40577d 12386->12388 12389 4057e0 12387->12389 12390 414922 ctype 5 API calls 12388->12390 12391 4057e4 lstrcmpiW 12389->12391 12392 4057f4 12389->12392 12390->12371 12391->12392 12393 404f59 lstrcmpW 12392->12393 12394 40580a 12393->12394 12395 404f59 lstrcmpW 12394->12395 12396 405831 12395->12396 12399 40583c 12396->12399 12941 405601 12396->12941 12398 404f59 lstrcmpW 12398->12399 12399->12398 12402 40585f 12399->12402 12945 4055bc 12399->12945 12401 404f59 lstrcmpW 12401->12402 12402->12401 12403 405881 12402->12403 12949 4055e3 12402->12949 12405 404f59 lstrcmpW 12403->12405 12406 40588d 12405->12406 12407 404f59 lstrcmpW 12406->12407 12408 40589e 12407->12408 12409 404f59 lstrcmpW 12408->12409 12410 4058af 12409->12410 12411 4058c2 12410->12411 12412 4058b9 _wtol 12410->12412 12413 404f59 lstrcmpW 12411->12413 12412->12411 12414 4058ce 12413->12414 12415 4058d2 _wtol 12414->12415 12416 4058db 12414->12416 12415->12416 12417 404f59 lstrcmpW 12416->12417 12418 4058e7 12417->12418 12419 404f59 lstrcmpW 12418->12419 12420 4058fc 12419->12420 12421 404f59 lstrcmpW 12420->12421 12422 405911 12421->12422 12423 404f59 lstrcmpW 12422->12423 12424 405926 12423->12424 12425 404f59 lstrcmpW 12424->12425 12426 405940 12425->12426 12427 40594c 12426->12427 12428 403ce0 19 API calls 12426->12428 12429 404f59 lstrcmpW 12427->12429 12428->12427 12430 40595d 12429->12430 12431 404f59 12430->12431 12432 404f11 lstrcmpW 12431->12432 12433 404f5e 12432->12433 12433->12028 12435 40130b 12434->12435 12436 401313 ??2@YAPAXI 12435->12436 12437 40130f 12435->12437 12438 401322 12436->12438 12437->12039 12957 419788 12438->12957 12961 418b0c _EH_prolog 12438->12961 12439 40135f 12439->12039 12443 401463 12442->12443 12444 40137f 12442->12444 12443->12059 12444->12443 12445 401303 152 API calls 12444->12445 12446 401391 12445->12446 12446->12443 12447 4013a0 ??2@YAPAXI 12446->12447 12448 4013e6 ??3@YAXPAX 12447->12448 12450 4013c3 12447->12450 12448->12443 12451 4013df 12450->12451 13425 407272 12450->13425 12451->12448 12452 4013f1 ??2@YAPAXI 12451->12452 12453 401404 12452->12453 12454 4013fd 12452->12454 12456 401414 GetTickCount 12453->12456 12457 40140e 12453->12457 13430 401238 ??2@YAPAXI 12454->13430 12458 401431 12456->12458 12457->12456 12459 401450 ??3@YAXPAX 12458->12459 12460 40143d ??3@YAXPAX 12458->12460 12459->12443 12461 40145d 12459->12461 12462 40144c 12460->12462 12461->12443 12462->12443 12464 405da3 12463->12464 12465 405de4 12463->12465 12466 414839 2 API calls 12464->12466 12467 405546 37 API calls 12464->12467 12465->12000 12465->12119 12466->12464 12468 405dbf SetEnvironmentVariableW ??3@YAXPAX 12467->12468 12468->12464 12468->12465 12470 404475 15 API calls 12469->12470 12471 40551f 12470->12471 12472 4035e0 18 API calls 12471->12472 12473 40552b 12472->12473 12474 40369a 18 API calls 12473->12474 12475 405537 12474->12475 12476 403754 10 API calls 12475->12476 12477 40553e 12476->12477 12479 4075cf 3 API calls 12478->12479 12480 405cbd 12479->12480 12481 403ce0 19 API calls 12480->12481 12482 405ccc 12481->12482 12483 414803 ctype 2 API calls 12482->12483 12487 405cd5 12483->12487 12484 405d1a 12485 414922 ctype 5 API calls 12484->12485 12486 405d28 wsprintfW 12485->12486 12488 414922 ctype 5 API calls 12486->12488 12487->12484 12489 414922 ctype 5 API calls 12487->12489 12492 405d0d 12487->12492 13462 414a08 12487->13462 12491 405d5c 12488->12491 12489->12487 12493 414922 ctype 5 API calls 12491->12493 12492->12484 12495 414922 ctype 5 API calls 12492->12495 12494 405d69 12493->12494 12496 407941 39 API calls 12494->12496 12495->12484 12497 405d7e ??3@YAXPAX 12496->12497 13466 407630 ??3@YAXPAX 12497->13466 12499 405d8f 12499->11955 12501 401fb7 12500->12501 12507 401fd2 12500->12507 12504 401fc8 _wtol 12501->12504 12501->12507 12502 401c59 18 API calls 12503 401ffa 12502->12503 12505 402005 12503->12505 12506 401fff GetLastError 12503->12506 12504->12507 12505->11955 12506->12505 12507->12502 12509 414091 2 API calls 12508->12509 12510 405f3f 12509->12510 12511 405f96 12510->12511 12513 414803 ctype 2 API calls 12510->12513 13467 4143c2 ??2@YAPAXI 12511->13467 12518 405f4c 12513->12518 12514 405f9e 12515 414427 2 API calls 12514->12515 12516 405fab 12515->12516 12517 4144c5 4 API calls 12516->12517 12522 405fb8 12517->12522 12519 405f58 ??3@YAXPAX 12518->12519 12521 40468a 109 API calls 12518->12521 12524 413dda CloseHandle 12519->12524 12523 405f74 12521->12523 12525 4144c5 4 API calls 12522->12525 12523->12519 12529 414091 2 API calls 12523->12529 12526 406005 12524->12526 12527 405fc5 12525->12527 12526->11998 12526->12024 12528 4144c5 4 API calls 12527->12528 12530 405fd2 12528->12530 12531 405f89 12529->12531 12532 4150dd 2 API calls 12530->12532 12531->12519 12533 405f8d ??3@YAXPAX 12531->12533 12534 405fe5 12532->12534 12533->12511 12534->12519 12535 405ff1 ??3@YAXPAX 12534->12535 12536 413dda CloseHandle 12535->12536 12536->12526 12538 40b5f7 12537->12538 12539 40b36c 12537->12539 12538->12056 12540 40b385 memcpy 12539->12540 12541 40b39d memcpy 12539->12541 12540->12056 12542 40b3c0 12541->12542 12542->12538 12543 40b5e5 memcpy 12542->12543 12543->12538 12545 403f43 CheckTokenMembership FreeSid 12544->12545 12546 403f5d 12544->12546 12545->12546 12546->12069 12547 4147df ??2@YAPAXI 12546->12547 12547->12099 12548->12106 12550 4147c5 12549->12550 12551 414728 3 API calls 12550->12551 12552 406773 12551->12552 12553 414787 12552->12553 12554 414795 12553->12554 12554->12554 12555 414728 3 API calls 12554->12555 12556 40677d 12555->12556 12556->12141 13468 4145f1 ??2@YAPAXI 12557->13468 12559 4146fa memcpy 12559->12149 13469 4147df ??2@YAPAXI 12560->13469 12562 401c6e 13470 4147df ??2@YAPAXI 12562->13470 12564 401c76 memset 12565 401ca7 ShowWindow BringWindowToTop 12564->12565 12567 403022 4 API calls 12565->12567 12568 401cf1 12567->12568 12569 414864 ctype 3 API calls 12568->12569 12570 401cfa 12569->12570 12571 401d14 ShellExecuteExW 12570->12571 12572 401cff ??3@YAXPAX ??3@YAXPAX 12570->12572 12574 401d49 ??3@YAXPAX ??3@YAXPAX 12571->12574 12575 401d2e 12571->12575 12573 401d5b 12572->12573 12573->12169 12573->12170 12574->12573 12576 401d32 WaitForSingleObject 12575->12576 12577 401d3d CloseHandle 12575->12577 12576->12577 12577->12574 12578->11998 12579->12262 12593 41432a ??2@YAPAXI 12580->12593 12582 4143ee 12582->12262 12583->12262 12594 4147df ??2@YAPAXI 12584->12594 12586 404351 12587 404384 12586->12587 12588 40420b 7 API calls 12586->12588 12587->12262 12589 404369 MultiByteToWideChar 12588->12589 12589->12587 12591 414637 ctype 4 API calls 12590->12591 12592 414972 memcpy 12591->12592 12592->12273 12593->12582 12594->12586 12595->12276 12596->12278 12598 402895 12597->12598 12599 40288a 12597->12599 12601 41b205 3 API calls 12598->12601 12603 402544 12599->12603 12602 4028a1 12601->12602 12602->12284 12602->12286 12604 414839 2 API calls 12603->12604 12605 402552 12604->12605 12606 414839 2 API calls 12605->12606 12607 40255e 12606->12607 12607->12598 12609 403ef1 12608->12609 12610 403ee5 GetNativeSystemInfo 12608->12610 12609->12294 12610->12294 12612 40379f 12611->12612 12618 4037dc 12611->12618 12613 402f7c CharUpperW 12612->12613 12614 4037ed 12612->12614 12612->12618 12613->12612 12619 402f7c 12614->12619 12617 402f7c CharUpperW 12617->12618 12618->12297 12620 402f84 12619->12620 12621 402f8a 12619->12621 12620->12621 12622 402f94 CharUpperW 12620->12622 12621->12617 12622->12621 12634 41b6da 12623->12634 12633 409e42 12633->12306 12635 41b6e3 12634->12635 12636 409e19 12635->12636 12637 4011f3 ??3@YAXPAX 12635->12637 12638 409931 ??2@YAPAXI 12636->12638 12637->12635 12639 409947 12638->12639 12674 41404f 12639->12674 12641 40995f 12642 409963 12641->12642 12643 409981 FindFirstFileW 12641->12643 12642->12633 12645 409ceb ??2@YAPAXI 12642->12645 12643->12642 12644 409996 FindClose 12643->12644 12644->12642 12646 409cfa 12645->12646 12647 41b205 3 API calls 12646->12647 12648 409d11 12647->12648 12649 409d15 12648->12649 12683 4147df ??2@YAPAXI 12649->12683 12651 409d43 12684 4099c9 12651->12684 12654 409d62 12705 4147df ??2@YAPAXI 12654->12705 12655 409d52 ??3@YAXPAX 12665 409df7 12655->12665 12658 414787 3 API calls 12659 409db8 12658->12659 12660 414864 ctype 3 API calls 12659->12660 12661 409dc2 ??3@YAXPAX 12660->12661 12662 409931 5 API calls 12661->12662 12663 409d7c 12662->12663 12664 409ddd ??3@YAXPAX ??3@YAXPAX 12663->12664 12666 409ceb 4 API calls 12663->12666 12664->12665 12670 409b69 12665->12670 12667 409d88 ??3@YAXPAX 12666->12667 12706 4147df ??2@YAPAXI 12667->12706 12669 409d6e wsprintfW 12669->12658 12671 409bbe 12670->12671 12672 409b80 12670->12672 12671->12633 12672->12671 12673 414f53 3 API calls 12672->12673 12673->12672 12677 41402c 12674->12677 12680 41400f 12677->12680 12681 413fd8 2 API calls 12680->12681 12682 414029 12681->12682 12682->12641 12683->12651 12685 4148c7 3 API calls 12684->12685 12686 4099e0 12685->12686 12687 409a8e 12686->12687 12688 409a96 12686->12688 12689 409a1a 12686->12689 12687->12654 12687->12655 12688->12687 12691 414660 2 API calls 12688->12691 12689->12687 12707 414660 12689->12707 12693 409ac6 12691->12693 12692 409a40 12694 414803 ctype 2 API calls 12692->12694 12695 414803 ctype 2 API calls 12693->12695 12696 409a4b ??3@YAXPAX 12694->12696 12697 409ad1 ??3@YAXPAX 12695->12697 12698 409a61 12696->12698 12699 409ae7 12697->12699 12700 409a85 ??3@YAXPAX 12698->12700 12701 409a65 _wtol 12698->12701 12702 409b17 ??3@YAXPAX 12699->12702 12703 409aeb _wtol 12699->12703 12700->12687 12704 409b06 ??3@YAXPAX 12701->12704 12702->12687 12703->12704 12704->12687 12705->12669 12706->12669 12708 414670 12707->12708 12708->12708 12711 4145f1 ??2@YAPAXI 12708->12711 12710 414688 memcpy 12710->12692 12711->12710 12713 402580 ??3@YAXPAX 12712->12713 12714 402587 12712->12714 12713->12714 12714->12311 12715->12316 12717 403eca 2 API calls 12716->12717 12718 404d92 12717->12718 12778 4143c2 ??2@YAPAXI 12718->12778 12720 404dcb 12779 4143c2 ??2@YAPAXI 12720->12779 12722 404dd3 12780 4143c2 ??2@YAPAXI 12722->12780 12724 404ddb 12781 403f60 12724->12781 12729 41447c 2 API calls 12734 404e11 12729->12734 12730 404e66 12731 403f60 12 API calls 12730->12731 12733 404e72 12731->12733 12732 403f60 12 API calls 12732->12734 12735 4030d6 11 API calls 12733->12735 12734->12730 12734->12732 12736 4030d6 11 API calls 12734->12736 12740 4144fb 4 API calls 12734->12740 12820 4144c5 12734->12820 12737 404e84 12735->12737 12736->12734 12817 4144fb 12737->12817 12740->12734 12741 404eef ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 12741->12318 12742 403f60 12 API calls 12744 404e95 12742->12744 12743 4030d6 11 API calls 12743->12744 12744->12741 12744->12742 12744->12743 12745 4144c5 4 API calls 12744->12745 12746 4144fb 4 API calls 12744->12746 12745->12744 12746->12744 12848 4143c2 ??2@YAPAXI 12747->12848 12749 4052d6 ??3@YAXPAX 12751 405314 12749->12751 12750 4147df ??2@YAPAXI 12763 405044 12750->12763 12751->12321 12753 404346 9 API calls 12753->12763 12754 4148c7 3 API calls 12755 4050ac ??3@YAXPAX ??3@YAXPAX 12754->12755 12756 4052e3 12755->12756 12755->12763 12859 4044e1 12756->12859 12759 4051b4 strncmp 12761 40519f strncmp 12759->12761 12759->12763 12761->12759 12761->12763 12762 4052b2 ??3@YAXPAX ??3@YAXPAX 12762->12763 12763->12749 12763->12750 12763->12753 12763->12754 12763->12756 12763->12759 12763->12762 12764 402f9f ??2@YAPAXI memcpy ??3@YAXPAX _CxxThrowException 12763->12764 12765 4148c7 3 API calls 12763->12765 12766 402f9f 4 API calls 12763->12766 12770 405260 lstrlenW wcsncmp 12763->12770 12772 40287b 6 API calls 12763->12772 12773 414864 ctype 3 API calls 12763->12773 12849 4143c2 ??2@YAPAXI 12763->12849 12850 404fee 12763->12850 12855 404f11 12763->12855 12764->12763 12767 40521c ??3@YAXPAX 12765->12767 12766->12761 12768 40457e 22 API calls 12767->12768 12769 40522d lstrcmpW 12768->12769 12769->12763 12770->12763 12772->12762 12773->12763 12775 414488 12774->12775 12776 4144ac 12774->12776 12775->12776 12777 414491 ??2@YAPAXI ??3@YAXPAX 12775->12777 12776->12326 12777->12776 12778->12720 12779->12722 12780->12724 12824 414427 12781->12824 12784 414427 2 API calls 12785 403f8d 12784->12785 12828 41438b 12785->12828 12787 403f9b 12788 414427 2 API calls 12787->12788 12789 403fa5 ??3@YAXPAX 12788->12789 12790 41438b 2 API calls 12789->12790 12791 403fbc 12790->12791 12792 414427 2 API calls 12791->12792 12793 403fc6 ??3@YAXPAX 12792->12793 12794 404008 12793->12794 12795 403fdb 12793->12795 12797 404035 12794->12797 12798 40400e wsprintfA 12794->12798 12795->12794 12796 403fe3 wsprintfA 12795->12796 12799 4144c5 4 API calls 12796->12799 12801 4144c5 4 API calls 12797->12801 12800 4144c5 4 API calls 12798->12800 12802 403ffd 12799->12802 12803 40402a 12800->12803 12804 404042 12801->12804 12805 4144c5 4 API calls 12802->12805 12806 4144c5 4 API calls 12803->12806 12807 4144c5 4 API calls 12804->12807 12805->12794 12806->12797 12808 40404a 12807->12808 12809 4030d6 12808->12809 12810 4030e3 12809->12810 12811 4030fa lstrlenA lstrlenA 12810->12811 12813 403127 12811->12813 12812 403213 12812->12729 12813->12812 12814 4031de memmove 12813->12814 12816 409bd6 4 API calls 12813->12816 12833 402f9f 12813->12833 12814->12812 12814->12813 12816->12813 12844 414362 12817->12844 12821 4144d4 12820->12821 12821->12821 12822 414362 4 API calls 12821->12822 12823 4144e1 12822->12823 12823->12734 12825 414439 12824->12825 12826 403f7e 12825->12826 12827 414445 ??2@YAPAXI ??3@YAXPAX 12825->12827 12826->12784 12827->12826 12829 41439f 12828->12829 12832 41432a ??2@YAPAXI 12829->12832 12831 4143a7 memcpy 12831->12787 12832->12831 12834 402faa 12833->12834 12835 402faf 12833->12835 12837 41434c 12834->12837 12835->12813 12840 414283 12837->12840 12839 414361 12839->12835 12841 414293 12840->12841 12842 4142c9 _CxxThrowException 12840->12842 12841->12842 12843 41429b ??2@YAPAXI memcpy ??3@YAXPAX 12841->12843 12843->12839 12845 414374 12844->12845 12846 414388 12844->12846 12847 414283 4 API calls 12845->12847 12846->12744 12847->12846 12848->12763 12849->12763 12851 405027 12850->12851 12852 404ffc lstrcmpW 12850->12852 12851->12763 12853 405012 12852->12853 12853->12851 12853->12852 12876 4028a5 12853->12876 12856 404f1c 12855->12856 12857 404f24 lstrcmpW 12856->12857 12858 404f43 12856->12858 12857->12856 12857->12858 12858->12763 12860 404500 12859->12860 12861 4044f6 12859->12861 12884 4143c2 ??2@YAPAXI 12860->12884 12883 40329e GetStdHandle WriteFile 12861->12883 12864 4044fe ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 12864->12751 12865 40452b 12866 404346 9 API calls 12865->12866 12868 40453b 12866->12868 12867 404508 12867->12865 12871 402f9f 4 API calls 12867->12871 12869 404544 12868->12869 12870 404558 12868->12870 12872 409684 74 API calls 12869->12872 12873 409684 74 API calls 12870->12873 12871->12867 12874 404553 ??3@YAXPAX ??3@YAXPAX 12872->12874 12873->12874 12874->12864 12877 4028b6 12876->12877 12878 4028bd 12876->12878 12879 402565 3 API calls 12877->12879 12882 40258d memmove 12878->12882 12879->12878 12881 4028c9 12881->12853 12882->12881 12883->12864 12884->12867 12885->12334 12887 414803 ctype 2 API calls 12886->12887 12888 4016ba 12887->12888 12889 414922 ctype 5 API calls 12888->12889 12890 4016c7 12889->12890 12891 4016e0 12890->12891 12892 401585 ctype 4 API calls 12890->12892 12893 414922 ctype 5 API calls 12891->12893 12892->12890 12894 4016ea 12893->12894 12895 4015b3 129 API calls 12894->12895 12896 4016f2 ??3@YAXPAX 12895->12896 12896->12363 12898 4015f3 12897->12898 12899 4015cc lstrlenW 12897->12899 12898->12363 12900 403786 CharUpperW 12899->12900 12901 4015e0 12900->12901 12901->12898 12901->12899 12902 4015fa 12901->12902 12903 414803 ctype 2 API calls 12902->12903 12906 401603 12903->12906 12920 40438b 12906->12920 12907 40502a 117 API calls 12908 401673 12907->12908 12909 401691 ??3@YAXPAX ??3@YAXPAX 12908->12909 12910 40167a ??3@YAXPAX ??3@YAXPAX 12908->12910 12909->12898 12910->12898 12911->12363 12913 4146ba 12912->12913 12939 4145f1 ??2@YAPAXI 12913->12939 12915 4146c2 memcpy 12915->12344 12917 414aad 12916->12917 12919 414ad6 12917->12919 12940 4141a4 memmove 12917->12940 12919->12337 12926 4143c2 ??2@YAPAXI 12920->12926 12922 404397 12923 401669 12922->12923 12927 4041a6 12922->12927 12923->12907 12925 4043b6 WideCharToMultiByte 12925->12923 12926->12922 12932 414402 12927->12932 12930 4041d0 strncpy ??3@YAXPAX 12930->12925 12938 41432a ??2@YAPAXI 12932->12938 12934 4041ba 12934->12930 12935 4142df 12934->12935 12936 4142f2 _CxxThrowException 12935->12936 12937 414307 ??2@YAPAXI ??3@YAXPAX 12935->12937 12936->12937 12937->12930 12938->12934 12939->12915 12940->12919 12942 40561b 12941->12942 12953 405562 12942->12953 12948 405562 12945->12948 12946 40557f _wtol 12946->12948 12947 4055b7 12947->12399 12948->12946 12948->12947 12952 405562 12949->12952 12950 40557f _wtol 12950->12952 12951 4055b7 12951->12402 12952->12950 12952->12951 12956 405568 12953->12956 12954 40557f _wtol 12954->12956 12955 4055b7 12955->12399 12956->12954 12956->12955 12958 41979a 12957->12958 12960 4197e5 12958->12960 12967 419328 12958->12967 12960->12439 12962 418b30 12961->12962 12963 419788 7 API calls 12962->12963 12964 418b7e 12963->12964 12966 418b84 12964->12966 12983 41b0dd _EH_prolog 12964->12983 12966->12439 12976 41670e 12967->12976 12969 41934e 12969->12960 12970 419341 12970->12969 12971 419369 ??2@YAPAXI 12970->12971 12974 41938c 12971->12974 12973 419433 memmove 12973->12974 12974->12973 12975 41944e ??3@YAXPAX 12974->12975 12975->12969 12979 4166c0 12976->12979 12980 4166d6 12979->12980 12981 416705 12980->12981 12982 409bd6 4 API calls 12980->12982 12981->12970 12982->12980 12989 41ae02 12983->12989 13014 418567 12989->13014 13169 4184eb 13014->13169 13174 418480 7 API calls 13169->13174 13432 4071f1 13425->13432 13428 4071f1 9 API calls 13429 40728f 13428->13429 13429->12450 13431 401264 13430->13431 13431->12453 13433 40721b 13432->13433 13434 407263 13433->13434 13437 414803 ctype 2 API calls 13433->13437 13435 414129 VariantClear 13434->13435 13436 40726b 13435->13436 13436->13428 13436->13429 13438 407231 13437->13438 13445 4147df ??2@YAPAXI 13438->13445 13440 407239 13446 41499a 13440->13446 13445->13440 13447 4149ac 13446->13447 13448 407244 13447->13448 13449 4149b8 ??2@YAPAXI ??3@YAXPAX 13447->13449 13450 414c8a 13448->13450 13449->13448 13451 414c0f 13450->13451 13452 414c1f 13451->13452 13453 40724f ??3@YAXPAX ??3@YAXPAX 13451->13453 13455 402f7c CharUpperW 13451->13455 13456 414c0f 13452->13456 13453->13434 13455->13451 13461 414c19 13456->13461 13457 414c1f 13459 414c0f CharUpperW 13457->13459 13458 414c32 13458->13453 13459->13458 13460 402f7c CharUpperW 13460->13461 13461->13457 13461->13458 13461->13460 13463 414a18 13462->13463 13463->13463 13464 414637 ctype 4 API calls 13463->13464 13465 414a25 13464->13465 13465->12487 13466->12499 13467->12514 13468->12559 13469->12562 13470->12564 11490 41be60 11491 41be72 11490->11491 11492 41be64 VirtualFree 11490->11492 11492->11491 13972 411960 13977 4112d0 13972->13977 13975 411978 13976 41196f ??3@YAXPAX 13976->13975 13978 4112fc 13977->13978 13981 41be30 free 13978->13981 13980 411320 13980->13975 13980->13976 13981->13980 14528 41ca60 14533 4147df ??2@YAPAXI 14528->14533 14530 41ca6a 14534 41c19e 14530->14534 14533->14530 14537 41c172 14534->14537 14536 41c1a7 14538 41c187 __dllonexit 14537->14538 14539 41c17b _onexit 14537->14539 14538->14536 14539->14536 11556 419169 11557 419174 ??2@YAPAXI 11556->11557 11558 4191bd 11556->11558 11559 41919f memcpy 11557->11559 11560 4191ae ??3@YAXPAX 11557->11560 11559->11560 11560->11558 11564 411470 11565 41148b 11564->11565 11566 411497 11565->11566 11570 41be30 free 11565->11570 11568 4114e5 11571 41be10 11568->11571 11570->11568 11572 41be14 11571->11572 11573 41be17 malloc 11571->11573 11572->11566 11573->11566 11574 411870 11575 411884 11574->11575 11576 41187b 11574->11576 11579 4115b0 11575->11579 11582 4115c0 11579->11582 11583 4117eb 11579->11583 11580 410da0 memcpy 11580->11582 11581 416730 132 API calls 11581->11582 11582->11580 11582->11581 11582->11583 11584 415ee7 6 API calls 11582->11584 11584->11582 11868 416779 11875 407095 WaitForSingleObject 11868->11875 11870 416786 11873 4167a9 11870->11873 11876 41b7f3 _EH_prolog 11870->11876 11879 4070ee SetEvent 11870->11879 11880 407095 WaitForSingleObject 11870->11880 11875->11870 11877 41b4d3 2 API calls 11876->11877 11878 41b813 11877->11878 11878->11870 11880->11870 14653 41b607 14654 41b623 14653->14654 14655 41b612 14653->14655 14655->14654 14657 41627a 14655->14657 14664 4070fd ResetEvent 14657->14664 15017 41cb1c 15022 4053a0 15017->15022 15020 41c19e 2 API calls 15021 41cb30 15020->15021 15027 4147df ??2@YAPAXI 15022->15027 15024 4053b1 15028 4147df ??2@YAPAXI 15024->15028 15026 4053b9 15026->15020 15027->15024 15028->15026 13588 40e420 13595 415deb 13588->13595 13593 40e456 ??3@YAXPAX 13594 40e45f 13593->13594 13601 41be60 13595->13601 13598 415f46 13599 41be60 VirtualFree 13598->13599 13600 40e44f 13599->13600 13600->13593 13600->13594 13602 40e438 13601->13602 13603 41be64 VirtualFree 13601->13603 13602->13598 13603->13602 13604 412020 13605 412027 13604->13605 13606 41202f 13604->13606 13607 412053 13606->13607 13608 41be60 VirtualFree 13606->13608 13609 41208b 13608->13609 13611 41be40 13609->13611 13612 41be44 13611->13612 13613 41be47 VirtualAlloc 13611->13613 13612->13607 13613->13607 11549 40cc28 11551 40cc30 11549->11551 11550 416730 132 API calls 11550->11551 11551->11550 11553 40ce67 11551->11553 11554 40ce76 11551->11554 11555 415ee7 6 API calls 11551->11555 11552 416730 132 API calls 11552->11553 11554->11552 11554->11553 11555->11551 11585 417d32 _EH_prolog 11588 417d5a 11585->11588 11587 417e33 ??2@YAPAXI 11589 417e3f 11587->11589 11595 417d84 11588->11595 11611 4023df 11588->11611 11590 417e85 ??2@YAPAXI 11589->11590 11597 417e93 11590->11597 11591 417f03 11682 417cca 11591->11682 11592 417f4b 11594 417cca ??3@YAXPAX 11592->11594 11594->11595 11597->11591 11597->11592 11597->11595 11601 417c9b 128 API calls 11597->11601 11602 418213 ??3@YAXPAX 11597->11602 11603 41819c ??3@YAXPAX 11597->11603 11606 418232 ??3@YAXPAX 11597->11606 11607 418086 11597->11607 11621 417d0d 11597->11621 11624 4147df ??2@YAPAXI 11597->11624 11625 4171f6 11597->11625 11685 417c9b 11597->11685 11599 417cca ??3@YAXPAX 11599->11595 11601->11597 11602->11607 11605 4181ac 11603->11605 11609 417cca ??3@YAXPAX 11605->11609 11606->11597 11607->11599 11609->11595 11612 402443 SendMessageW 11611->11612 11613 4023ed GetDiskFreeSpaceExW 11611->11613 11614 40242b 11612->11614 11613->11612 11615 402405 11613->11615 11614->11587 11614->11595 11615->11612 11616 403ce0 19 API calls 11615->11616 11617 40241f 11616->11617 11689 409617 11617->11689 11620 40243c 11620->11612 11699 417b6e 11621->11699 11624->11597 11703 419c17 11625->11703 11628 417253 11729 4170b3 ??3@YAXPAX ??3@YAXPAX 11628->11729 11629 417269 11708 416f0f 11629->11708 11634 417299 ??3@YAXPAX 11733 4169d1 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 11634->11733 11636 4172aa 11638 4170b3 6 API calls 11636->11638 11637 41732e ??2@YAPAXI 11658 41733d 11637->11658 11639 41725b 11638->11639 11639->11597 11640 417290 11640->11637 11671 417294 11640->11671 11680 417411 11640->11680 11641 4176ad ??2@YAPAXI 11643 4176df 11641->11643 11654 4176e6 11641->11654 11757 416cfd 11643->11757 11645 4173f6 11734 416a00 11645->11734 11646 4178aa 11650 416934 ??2@YAPAXI 11646->11650 11653 4178b8 11650->11653 11651 4177f9 ??2@YAPAXI 11676 41779b 11651->11676 11656 4178e2 11653->11656 11657 41796d ??3@YAXPAX 11653->11657 11668 417732 ??3@YAXPAX ??3@YAXPAX 11654->11668 11654->11676 11760 416dac 11654->11760 11672 417907 11656->11672 11768 41b496 11656->11768 11659 41797b 11657->11659 11658->11645 11658->11671 11725 414d40 11658->11725 11660 416dac 2 API calls 11659->11660 11664 417989 11660->11664 11662 417706 11673 417711 SysFreeString 11662->11673 11663 416dac 2 API calls 11663->11672 11664->11664 11666 417834 ??2@YAPAXI 11666->11676 11667 4178fb ??2@YAPAXI 11667->11672 11668->11654 11669 417964 ??3@YAXPAX 11669->11672 11671->11634 11672->11663 11672->11669 11673->11671 11675 41753c ??2@YAPAXI 11675->11680 11676->11646 11676->11651 11676->11666 11676->11672 11764 417024 ??2@YAPAXI 11676->11764 11678 414864 ctype 3 API calls 11678->11680 11679 41756f ??3@YAXPAX SysFreeString 11679->11654 11679->11680 11680->11641 11680->11662 11680->11668 11680->11671 11680->11673 11680->11675 11680->11678 11680->11679 11681 417686 ??3@YAXPAX ??3@YAXPAX 11680->11681 11751 416909 11680->11751 11754 416934 11680->11754 11681->11641 11681->11680 11683 417cd4 11682->11683 11684 417cda ??3@YAXPAX 11682->11684 11683->11684 11688 417ca0 11685->11688 11686 417cc4 ??3@YAXPAX 11686->11597 11686->11607 11687 417a5f 128 API calls 11687->11688 11688->11686 11688->11687 11690 4075cf 3 API calls 11689->11690 11691 409628 IsWindow 11690->11691 11692 40963f IsBadReadPtr 11691->11692 11693 409651 11691->11693 11692->11693 11694 407941 39 API calls 11693->11694 11695 409675 11694->11695 11698 407630 ??3@YAXPAX 11695->11698 11697 402426 11697->11614 11697->11620 11698->11697 11702 417b73 11699->11702 11700 417ba5 11700->11597 11701 417a5f 128 API calls 11701->11702 11702->11700 11702->11701 11772 419a46 11703->11772 11706 417243 11706->11628 11706->11629 11707 419c4f _CxxThrowException 11707->11706 11709 416f1e 11708->11709 11834 41695f 11709->11834 11711 416f2d 11711->11711 11712 41b226 2 API calls 11711->11712 11713 416f6d 11712->11713 11714 41695f 2 API calls 11713->11714 11715 416f7c 11714->11715 11716 41b226 2 API calls 11715->11716 11717 416fc1 11716->11717 11718 41b39f 11717->11718 11719 41b3bb 11718->11719 11724 41b3bf 11718->11724 11719->11640 11720 41b403 11720->11719 11837 41b34b 11720->11837 11722 41b205 ??2@YAPAXI memcpy ??3@YAXPAX 11722->11724 11723 41b425 ??3@YAXPAX 11723->11719 11724->11719 11724->11720 11724->11722 11726 414d61 11725->11726 11727 414d7e 11726->11727 11728 414d6b ??2@YAPAXI 11726->11728 11727->11658 11728->11727 11730 4170d6 11729->11730 11731 4170cf 11729->11731 11730->11639 11732 416dd5 4 API calls 11731->11732 11732->11730 11733->11636 11845 41683f 11734->11845 11737 4168a4 3 API calls 11738 416a1a 11737->11738 11739 41683f 3 API calls 11738->11739 11740 416a26 11739->11740 11741 41683f 3 API calls 11740->11741 11742 416a38 11741->11742 11743 41683f 3 API calls 11742->11743 11744 416a44 11743->11744 11745 4168a4 11744->11745 11746 4168b0 11745->11746 11747 416901 11745->11747 11748 4168b9 ??3@YAXPAX ??2@YAPAXI 11746->11748 11749 4168e8 11746->11749 11747->11680 11748->11749 11749->11747 11750 4168ef memcpy 11749->11750 11750->11747 11752 416917 ??2@YAPAXI 11751->11752 11753 41692e 11751->11753 11752->11753 11753->11680 11755 416942 ??2@YAPAXI 11754->11755 11756 416959 11754->11756 11755->11756 11756->11680 11851 407120 InitializeCriticalSection 11757->11851 11759 416d16 11759->11654 11761 416db5 11760->11761 11762 416dca ??3@YAXPAX 11761->11762 11852 4011f3 11761->11852 11762->11654 11765 417036 11764->11765 11856 41b205 11765->11856 11769 41b4b2 11768->11769 11770 4178f7 11768->11770 11769->11770 11864 41b436 11769->11864 11770->11667 11770->11672 11786 418fe5 11772->11786 11778 419a59 11778->11778 11779 419bea 11778->11779 11780 419c10 11778->11780 11782 418fe5 _CxxThrowException 11778->11782 11789 4199b1 11778->11789 11795 419071 11778->11795 11800 4190b1 11778->11800 11805 418e04 _CxxThrowException 11778->11805 11806 40bbd0 11778->11806 11812 418e93 11778->11812 11817 40b6c0 11778->11817 11779->11780 11781 418fe5 _CxxThrowException 11779->11781 11780->11706 11780->11707 11781->11779 11782->11778 11820 418fb1 11786->11820 11790 4199be 11789->11790 11792 419a15 11789->11792 11791 4199c5 ??2@YAPAXI 11790->11791 11793 4199ec 11790->11793 11791->11793 11792->11778 11793->11792 11825 416dd5 11793->11825 11796 4190ac 11795->11796 11797 41907e 11795->11797 11796->11778 11798 419085 ??2@YAPAXI 11797->11798 11799 41909e ??3@YAXPAX 11797->11799 11798->11799 11799->11796 11801 4190ec 11800->11801 11802 4190be 11800->11802 11801->11778 11803 4190c5 ??2@YAPAXI 11802->11803 11804 4190de ??3@YAXPAX 11802->11804 11803->11804 11804->11801 11807 40bc0b 11806->11807 11808 40bbdd 11806->11808 11807->11778 11809 40bbf2 11808->11809 11810 40bbe3 ??3@YAXPAX 11808->11810 11809->11807 11811 40bbfd ??2@YAPAXI 11809->11811 11810->11809 11811->11807 11813 418ec5 11812->11813 11814 418e9f 11812->11814 11813->11778 11815 418eb0 memcpy 11814->11815 11833 418de4 _CxxThrowException 11814->11833 11815->11813 11818 40b6d8 11817->11818 11819 40b6c9 ??3@YAXPAX 11817->11819 11818->11778 11819->11818 11821 418fcf 11820->11821 11822 418fdb 11821->11822 11824 418de4 _CxxThrowException 11821->11824 11822->11778 11826 416de2 11825->11826 11827 416e16 ??3@YAXPAX 11825->11827 11828 416e04 11826->11828 11830 416df6 ??3@YAXPAX 11826->11830 11829 416e24 ??3@YAXPAX 11827->11829 11832 416e10 11827->11832 11831 416e09 ??3@YAXPAX 11828->11831 11828->11832 11829->11832 11830->11828 11830->11830 11831->11832 11832->11792 11835 416970 ??3@YAXPAX ??2@YAPAXI 11834->11835 11836 41699b 11834->11836 11835->11836 11836->11711 11842 419202 11837->11842 11840 41b370 11840->11723 11841 41b364 memset 11841->11840 11843 419213 ??3@YAXPAX ??2@YAPAXI 11842->11843 11844 41922e 11842->11844 11843->11844 11844->11840 11844->11841 11846 41684b 11845->11846 11847 41689c 11845->11847 11848 416883 11846->11848 11849 416854 ??3@YAXPAX ??2@YAPAXI 11846->11849 11847->11737 11848->11847 11850 41688a memcpy 11848->11850 11849->11848 11850->11847 11851->11759 11853 4011fc 11852->11853 11854 401210 11853->11854 11855 401209 ??3@YAXPAX 11853->11855 11854->11761 11855->11854 11859 41b15e 11856->11859 11860 417042 11859->11860 11861 41b169 ??2@YAPAXI 11859->11861 11860->11676 11862 41b1a3 ??3@YAXPAX 11861->11862 11863 41b194 memcpy 11861->11863 11862->11860 11863->11862 11866 41b448 11864->11866 11865 41b44c 11865->11769 11866->11865 11867 41b45f _CxxThrowException 11866->11867 11867->11865 15073 41cb32 15078 4014f2 15073->15078 15075 41cb3c 15076 41c19e 2 API calls 15075->15076 15077 41cb46 15076->15077 15092 4147df ??2@YAPAXI 15078->15092 15080 401508 15093 4147df ??2@YAPAXI 15080->15093 15082 401510 15094 4147df ??2@YAPAXI 15082->15094 15084 401518 15095 401062 15084->15095 15087 40152c 15088 40154d ??2@YAPAXI 15087->15088 15089 40155c 15088->15089 15091 401563 15088->15091 15098 418cb5 15089->15098 15091->15075 15092->15080 15093->15082 15094->15084 15096 4075cf 3 API calls 15095->15096 15097 40106a ??2@YAPAXI 15096->15097 15097->15087 15099 418cdc 15098->15099 15102 4147df ??2@YAPAXI 15099->15102 15101 418ce7 15101->15091 15102->15101 11561 4189ce 12 API calls 14194 405de7 14195 414803 ctype 2 API calls 14194->14195 14196 405df9 14195->14196 14197 403526 18 API calls 14196->14197 14198 405e08 14197->14198 14199 4035e0 18 API calls 14198->14199 14200 405e17 14199->14200 14201 40369a 18 API calls 14200->14201 14202 405e26 14201->14202 14203 403754 10 API calls 14202->14203 14212 405e2e 14203->14212 14204 405eac 14230 4047e4 14204->14230 14208 404475 15 API calls 14208->14212 14209 403526 18 API calls 14209->14212 14210 4035e0 18 API calls 14210->14212 14211 40369a 18 API calls 14211->14212 14212->14204 14212->14208 14212->14209 14212->14210 14212->14211 14213 403754 10 API calls 14212->14213 14216 404ce5 GetEnvironmentVariableW 14212->14216 14224 40564a 14212->14224 14213->14212 14288 4147df ??2@YAPAXI 14216->14288 14218 404d0a 14219 40420b 7 API calls 14218->14219 14220 404d15 14219->14220 14221 40420b 7 API calls 14220->14221 14222 404d1f GetEnvironmentVariableW 14221->14222 14223 404d2d 14222->14223 14223->14212 14225 4056b3 ??3@YAXPAX 14224->14225 14227 405661 14224->14227 14225->14204 14225->14212 14226 403786 CharUpperW 14226->14227 14227->14225 14227->14226 14228 414b17 memmove 14227->14228 14229 414b6b 6 API calls 14227->14229 14228->14227 14229->14227 14231 4047ff 14230->14231 14234 40480d 14230->14234 14232 404804 _wtol 14231->14232 14231->14234 14232->14234 14233 404aee ??3@YAXPAX 14234->14233 14235 4048ab SHGetSpecialFolderPathW 14234->14235 14235->14233 14236 4048c3 14235->14236 14237 414803 ctype 2 API calls 14236->14237 14238 4048d2 14237->14238 14289 4147df ??2@YAPAXI 14238->14289 14240 4048da 14290 4147df ??2@YAPAXI 14240->14290 14242 4048e2 14291 4147df ??2@YAPAXI 14242->14291 14244 4048ea 14292 4147df ??2@YAPAXI 14244->14292 14246 4048f2 14293 4147df ??2@YAPAXI 14246->14293 14248 4048fa 14294 4147df ??2@YAPAXI 14248->14294 14250 404902 14295 4147df ??2@YAPAXI 14250->14295 14252 40490a 14296 4147df ??2@YAPAXI 14252->14296 14254 404912 14297 4034a3 14254->14297 14257 404aa3 9 API calls 14257->14233 14258 4034a3 4 API calls 14259 40492f 14258->14259 14260 4034a3 4 API calls 14259->14260 14261 404939 14260->14261 14262 4034a3 4 API calls 14261->14262 14263 404943 14262->14263 14264 4034a3 4 API calls 14263->14264 14265 40494d 14264->14265 14266 4034a3 4 API calls 14265->14266 14267 404957 14266->14267 14268 4034a3 4 API calls 14267->14268 14269 404961 14268->14269 14270 4034a3 4 API calls 14269->14270 14271 40496b _wtol 14270->14271 14272 404978 14271->14272 14278 404990 14271->14278 14275 414864 ctype 3 API calls 14272->14275 14273 401585 ctype 4 API calls 14274 4049b4 14273->14274 14276 4049cf 14274->14276 14279 414962 5 API calls 14274->14279 14275->14278 14277 40468a 109 API calls 14276->14277 14281 4049d7 14277->14281 14278->14273 14280 4049c5 14279->14280 14282 401585 ctype 4 API calls 14280->14282 14281->14257 14283 414962 5 API calls 14281->14283 14282->14276 14284 4049eb 14283->14284 14285 414922 ctype 5 API calls 14284->14285 14286 4049f8 CoCreateInstance 14285->14286 14286->14257 14287 404a1a 14286->14287 14287->14257 14288->14218 14289->14240 14290->14242 14291->14244 14292->14246 14293->14248 14294->14250 14295->14252 14296->14254 14299 4034ba 14297->14299 14298 4034fc 14298->14257 14298->14258 14299->14298 14300 401585 ctype 4 API calls 14299->14300 14300->14299 13885 4024ed 13888 40112c 13885->13888 13889 401146 13888->13889 13890 401138 13888->13890 13890->13889 13892 401080 13890->13892 13904 401041 13892->13904 13895 40109f 13897 407941 39 API calls 13895->13897 13896 403ce0 19 API calls 13896->13895 13898 4010b7 13897->13898 13899 4010c8 ??3@YAXPAX 13898->13899 13900 414864 ctype 3 API calls 13898->13900 13909 407630 ??3@YAXPAX 13899->13909 13900->13899 13903 4010e3 13903->13889 13910 40101c 13904->13910 13908 401057 13908->13895 13908->13896 13909->13903 13911 4075cf 3 API calls 13910->13911 13912 401024 13911->13912 13913 4147df ??2@YAPAXI 13912->13913 13913->13908 11493 41ba80 11502 41b83a 11493->11502 11497 41babc 11521 41b4d3 11497->11521 11498 41baeb 11501 41bb0b 11498->11501 11527 407095 WaitForSingleObject 11498->11527 11499 41ba95 11499->11497 11499->11501 11509 4167b0 11499->11509 11503 41b84f 11502->11503 11508 41b8cb 11502->11508 11506 41b6da ??3@YAXPAX 11503->11506 11507 417024 ??2@YAPAXI ??2@YAPAXI memcpy ??3@YAXPAX 11503->11507 11503->11508 11505 41b9f2 11505->11499 11506->11503 11507->11503 11508->11505 11528 41644e ??2@YAPAXI 11508->11528 11510 4167c2 11509->11510 11511 4167ba 11509->11511 11512 4167d5 11510->11512 11514 407116 2 API calls 11510->11514 11517 4167f5 11510->11517 11533 407116 11511->11533 11512->11517 11532 4070fd ResetEvent 11512->11532 11514->11512 11517->11499 11522 41b4e8 11521->11522 11543 41b226 11522->11543 11525 41b226 2 API calls 11526 41b518 11525->11526 11526->11498 11527->11498 11529 416473 ??2@YAPAXI 11528->11529 11531 4164a1 11529->11531 11531->11508 11536 4070c9 CreateEventW 11533->11536 11539 40705a 11536->11539 11538 4070ea 11538->11510 11540 407061 GetLastError 11539->11540 11541 40705e 11539->11541 11542 40706b 11540->11542 11541->11538 11542->11538 11544 41b262 11543->11544 11545 41b237 ??3@YAXPAX ??2@YAPAXI 11543->11545 11544->11525 11545->11544 11546 41be80 11547 41be84 11546->11547 11548 41be87 malloc 11546->11548 14759 41ca82 14764 4147df ??2@YAPAXI 14759->14764 14761 41ca8c 14762 41c19e 2 API calls 14761->14762 14763 41ca96 14762->14763 14764->14761 14323 41798e 14324 4179ab 14323->14324 14325 41799b 14323->14325 14328 4171da 14325->14328 14333 4170d7 14328->14333 14330 4171e5 14339 41710b 14330->14339 14332 4171ed 14334 417100 ??3@YAXPAX 14333->14334 14335 4170e2 14333->14335 14334->14330 14337 4170ff 14335->14337 14345 416eab 14335->14345 14337->14334 14340 417134 ??3@YAXPAX 14339->14340 14341 417116 14339->14341 14340->14332 14342 417047 2 API calls 14341->14342 14343 417133 14341->14343 14344 417128 ??3@YAXPAX 14342->14344 14343->14340 14344->14341 14354 416814 14345->14354 14348 416dac 2 API calls 14349 416ec1 14348->14349 14350 416dac 2 API calls 14349->14350 14351 416ec9 ??3@YAXPAX ??3@YAXPAX 14350->14351 14360 416e32 14351->14360 14355 416823 14354->14355 14358 416828 14354->14358 14367 4070ee SetEvent 14355->14367 14357 416834 14357->14348 14358->14357 14368 407095 WaitForSingleObject 14358->14368 14361 416814 2 API calls 14360->14361 14362 416e40 14361->14362 14363 40706d 2 API calls 14362->14363 14364 416e48 14363->14364 14365 40706d 2 API calls 14364->14365 14366 416e50 14365->14366 14368->14357 15173 41639e 15176 4162a8 15173->15176 15178 4162b4 15176->15178 15177 41631d 15178->15177 15179 4162cd 15178->15179 15186 407095 WaitForSingleObject 15178->15186 15179->15177 15181 4162e1 memcpy 15179->15181 15182 416303 15181->15182 15182->15177 15187 4070fd ResetEvent 15182->15187 15186->15179 11031 41bea1 free 11032 413ea1 ReadFile 11033 4121a0 11034 4121ae 11033->11034 11039 4121ba 11033->11039 11036 4123a6 11037 416730 132 API calls 11036->11037 11038 4123be 11037->11038 11039->11036 11041 41239c 11039->11041 11043 415ee7 11039->11043 11048 411b90 11039->11048 11053 416730 11039->11053 11044 415f0c 11043->11044 11045 415f25 11044->11045 11059 409bd6 11044->11059 11065 416c5f EnterCriticalSection 11044->11065 11045->11039 11049 411bbd 11048->11049 11052 411bd3 11048->11052 11049->11039 11051 411cdb memcpy 11051->11052 11052->11049 11052->11051 11086 410da0 11052->11086 11055 41673f 11053->11055 11054 416769 11054->11039 11055->11054 11090 413ee4 SetFileTime 11055->11090 11091 417ba9 11055->11091 11097 402616 11055->11097 11060 409be5 11059->11060 11061 409c96 11060->11061 11062 409bec 11060->11062 11070 414f53 11060->11070 11061->11062 11076 414ef1 11061->11076 11062->11045 11066 416c82 11065->11066 11067 416c9c LeaveCriticalSection 11066->11067 11069 409bd6 4 API calls 11066->11069 11067->11045 11068 416cd6 11068->11067 11069->11068 11071 414f63 11070->11071 11072 414f5c 11070->11072 11080 413e3a SetFilePointer 11071->11080 11072->11061 11077 414f0a 11076->11077 11078 414f1e GetLastError 11077->11078 11079 414f1a 11077->11079 11078->11079 11079->11062 11081 413e6d 11080->11081 11082 413e63 GetLastError 11080->11082 11083 414dc9 11081->11083 11082->11081 11084 414dd0 11083->11084 11085 414dd4 GetLastError 11083->11085 11084->11072 11085->11084 11087 410dc4 11086->11087 11087->11052 11088 41102d 11087->11088 11089 41108d memcpy 11087->11089 11088->11052 11089->11052 11090->11055 11092 417bb8 11091->11092 11094 417c5c 11092->11094 11095 417b6e 128 API calls 11092->11095 11103 4150dd 11092->11103 11108 417a5f 11092->11108 11094->11055 11095->11092 11098 40262a 11097->11098 11099 40261e 11097->11099 11100 402644 11098->11100 11483 413f01 11098->11483 11099->11055 11100->11099 11102 40265b SetFileAttributesW 11100->11102 11102->11099 11113 413f4b 11103->11113 11106 414dc9 GetLastError 11107 415115 11106->11107 11107->11092 11109 417a7d 11108->11109 11120 4028f2 11109->11120 11178 41405d 11109->11178 11110 417ad2 11110->11092 11114 413f58 11113->11114 11116 413f82 11114->11116 11117 413f11 11114->11117 11116->11106 11118 413f22 WriteFile 11117->11118 11119 413f1f 11117->11119 11118->11114 11119->11118 11121 40290d 11120->11121 11126 402903 11120->11126 11122 40295c 11121->11122 11121->11126 11181 4147df ??2@YAPAXI 11121->11181 11125 414129 VariantClear 11122->11125 11124 40296b 11143 402a13 ??3@YAXPAX 11124->11143 11182 414864 11124->11182 11125->11126 11126->11110 11129 40298b 11186 41476b 11129->11186 11132 414864 ctype 3 API calls 11133 4029a6 ??3@YAXPAX 11132->11133 11136 4029d0 11133->11136 11134 4029d7 11219 414129 11134->11219 11136->11134 11138 402a39 11136->11138 11139 402a01 11136->11139 11137 4029df ??3@YAXPAX 11137->11122 11141 402a60 11138->11141 11142 402a78 11138->11142 11140 414129 VariantClear 11139->11140 11140->11143 11144 414129 VariantClear 11141->11144 11145 402a80 11142->11145 11146 402a9c GetLocalTime SystemTimeToFileTime 11142->11146 11143->11122 11147 402a68 ??3@YAXPAX 11144->11147 11145->11139 11148 402ae3 11145->11148 11149 402abc 11145->11149 11146->11145 11147->11122 11211 404402 FindFirstFileW 11148->11211 11189 40468a lstrlenW 11149->11189 11154 402af3 11156 402acc 11154->11156 11157 402af8 ??2@YAPAXI 11154->11157 11155 402c0c GetLastError 11155->11143 11158 414129 VariantClear 11156->11158 11160 402b06 11157->11160 11159 402ad4 ??3@YAXPAX 11158->11159 11159->11122 11224 414091 11160->11224 11163 402be1 11166 414129 VariantClear 11163->11166 11164 402b42 GetLastError 11227 414839 11164->11227 11167 402bf7 ??3@YAXPAX 11166->11167 11169 414129 VariantClear 11167->11169 11168 402b54 11170 40468a 109 API calls 11168->11170 11173 402b60 ??3@YAXPAX 11168->11173 11169->11126 11172 402b9d 11170->11172 11172->11173 11174 414091 2 API calls 11172->11174 11173->11139 11175 402bc3 11174->11175 11176 402bc7 GetLastError 11175->11176 11177 402bd8 ??3@YAXPAX 11175->11177 11176->11173 11177->11163 11474 413fd8 11178->11474 11181->11124 11183 414875 11182->11183 11183->11183 11184 414883 ??2@YAPAXI ??3@YAXPAX 11183->11184 11185 4148ac memcpy 11183->11185 11184->11185 11185->11129 11230 414728 11186->11230 11188 40299a 11188->11132 11234 414803 11189->11234 11191 4046ad 11238 40420b 11191->11238 11194 404701 GetSystemTimeAsFileTime GetFileAttributesW 11195 404716 11194->11195 11201 404720 11194->11201 11199 404402 31 API calls 11195->11199 11196 403092 4 API calls 11196->11201 11197 4046b7 11197->11194 11198 404798 11197->11198 11243 403092 CreateDirectoryW 11197->11243 11200 4047c8 11198->11200 11204 404724 ??3@YAXPAX 11198->11204 11199->11201 11203 409684 74 API calls 11200->11203 11201->11196 11202 404736 11201->11202 11201->11204 11208 404745 memcpy 11201->11208 11209 40478a ??3@YAXPAX 11201->11209 11249 409684 11202->11249 11207 4047d2 ??3@YAXPAX 11203->11207 11210 402ac1 11204->11210 11207->11210 11208->11201 11209->11210 11210->11139 11210->11156 11212 404428 FindClose 11211->11212 11218 402aea 11211->11218 11213 404445 11212->11213 11214 404438 SetLastError 11212->11214 11215 40444e 11213->11215 11217 40445c CompareFileTime 11213->11217 11213->11218 11214->11218 11420 4043d5 11215->11420 11217->11215 11217->11218 11218->11154 11218->11155 11220 41412f 11219->11220 11223 4140d5 11219->11223 11220->11137 11221 414111 11221->11137 11222 4140fa VariantClear 11222->11137 11223->11221 11223->11222 11470 41407a 11224->11470 11473 4145f1 ??2@YAPAXI 11227->11473 11229 414849 memcpy 11229->11168 11233 4145f1 ??2@YAPAXI 11230->11233 11232 41473e memcpy memcpy 11232->11188 11233->11232 11235 414813 11234->11235 11235->11235 11260 4145f1 ??2@YAPAXI 11235->11260 11237 414821 memcpy 11237->11191 11239 414839 2 API calls 11238->11239 11240 40421f 11239->11240 11241 404235 wcsncpy ??3@YAXPAX 11240->11241 11261 414596 11240->11261 11241->11197 11244 4030d0 11243->11244 11245 4030a3 GetLastError 11243->11245 11244->11197 11246 4030bd GetFileAttributesW 11245->11246 11248 4030b2 11245->11248 11246->11244 11246->11248 11247 4030b3 SetLastError 11247->11244 11248->11244 11248->11247 11264 403ce0 11249->11264 11252 409767 11256 40959e 44 API calls 11252->11256 11253 4096b8 GetLastError FormatMessageW 11254 4096e6 FormatMessageW 11253->11254 11255 4096fb lstrlenW lstrlenW ??2@YAPAXI lstrcpyW lstrcpyW 11253->11255 11254->11252 11254->11255 11284 40959e 11255->11284 11258 409772 11256->11258 11258->11204 11260->11237 11262 4145a9 _CxxThrowException 11261->11262 11263 4145be ??2@YAPAXI ??3@YAXPAX 11261->11263 11262->11263 11263->11241 11265 403cfa 11264->11265 11266 403d28 GetLastError wsprintfW GetEnvironmentVariableW GetLastError 11265->11266 11267 403d1e wvsprintfW 11265->11267 11268 403d60 ??2@YAPAXI GetEnvironmentVariableW 11266->11268 11269 403dd8 SetLastError 11266->11269 11267->11252 11267->11253 11271 403d8f GetLastError 11268->11271 11282 403dc1 ??3@YAXPAX 11268->11282 11269->11267 11270 403def 11269->11270 11273 403e10 lstrlenA ??2@YAPAXI 11270->11273 11294 403c85 11270->11294 11274 403d95 11271->11274 11271->11282 11277 403e41 GetLocaleInfoW 11273->11277 11278 403e7b MultiByteToWideChar 11273->11278 11275 403dc4 11274->11275 11279 403d9f lstrcmpiW 11274->11279 11275->11269 11277->11278 11281 403e68 _wtol 11277->11281 11278->11267 11279->11282 11283 403dae ??3@YAXPAX 11279->11283 11280 403e02 11280->11273 11281->11278 11282->11275 11283->11275 11285 4095b0 11284->11285 11286 409614 ??3@YAXPAX LocalFree 11284->11286 11301 4075cf 11285->11301 11286->11258 11289 4095e8 11306 407941 11289->11306 11290 4095d6 IsBadReadPtr 11290->11289 11295 403cd8 11294->11295 11296 403c8f GetUserDefaultUILanguage 11294->11296 11295->11280 11297 403cb1 GetSystemDefaultUILanguage 11296->11297 11298 403cad 11296->11298 11297->11295 11299 403cc1 GetSystemDefaultLCID 11297->11299 11298->11280 11299->11295 11300 403cd1 11299->11300 11300->11295 11319 4147df ??2@YAPAXI 11301->11319 11303 4075e0 11304 40762c IsWindow 11303->11304 11305 407608 KiUserCallbackDispatcher GetSystemMetrics 11303->11305 11304->11289 11304->11290 11305->11304 11307 4079b0 11306->11307 11308 407950 11306->11308 11318 407630 ??3@YAXPAX 11307->11318 11308->11307 11309 414803 ctype 2 API calls 11308->11309 11310 407961 11309->11310 11311 414803 ctype 2 API calls 11310->11311 11312 40796c 11311->11312 11320 405546 11312->11320 11318->11286 11319->11303 11321 404475 15 API calls 11320->11321 11322 40554e 11321->11322 11397 403526 11322->11397 11324 405517 11333 404475 11324->11333 11328 40552b 11369 40369a 11328->11369 11330 405537 11392 403754 11330->11392 11332 40553e 11334 4147df ??2@YAPAXI 11333->11334 11335 404487 11334->11335 11336 40420b 7 API calls 11335->11336 11337 404495 ExpandEnvironmentStringsW 11336->11337 11338 4044a3 ??3@YAXPAX 11337->11338 11339 4044ae 11337->11339 11340 4044dd 11338->11340 11341 40420b 7 API calls 11339->11341 11346 4035e0 11340->11346 11342 4044bc ExpandEnvironmentStringsW 11341->11342 11343 4044c8 11342->11343 11344 4148c7 ??2@YAPAXI ??3@YAXPAX memcpy 11343->11344 11345 4044d3 ??3@YAXPAX 11344->11345 11345->11340 11347 4147df ??2@YAPAXI 11346->11347 11348 4035f4 11347->11348 11349 4148c7 ??2@YAPAXI ??3@YAXPAX memcpy 11348->11349 11350 4035fd 11349->11350 11351 414922 ctype 5 API calls 11350->11351 11352 40360a 11351->11352 11353 414803 ctype ??2@YAPAXI memcpy 11352->11353 11354 403617 11353->11354 11355 414ba6 7 API calls 11354->11355 11356 403626 ??3@YAXPAX 11355->11356 11357 4148c7 ??2@YAPAXI ??3@YAXPAX memcpy 11356->11357 11358 403638 11357->11358 11359 414922 ctype 5 API calls 11358->11359 11360 403645 11359->11360 11361 414803 ctype ??2@YAPAXI memcpy 11360->11361 11362 403652 11361->11362 11363 414ba6 7 API calls 11362->11363 11364 403661 ??3@YAXPAX 11363->11364 11365 414803 ctype ??2@YAPAXI memcpy 11364->11365 11366 403678 11365->11366 11367 414ba6 7 API calls 11366->11367 11368 403684 ??3@YAXPAX ??3@YAXPAX 11367->11368 11368->11328 11370 4147df ??2@YAPAXI 11369->11370 11371 4036ae 11370->11371 11372 4148c7 ??2@YAPAXI ??3@YAXPAX memcpy 11371->11372 11373 4036b7 11372->11373 11374 414922 ctype 5 API calls 11373->11374 11375 4036c4 11374->11375 11376 414803 ctype ??2@YAPAXI memcpy 11375->11376 11377 4036d1 11376->11377 11378 414ba6 7 API calls 11377->11378 11379 4036e0 ??3@YAXPAX 11378->11379 11380 4148c7 ??2@YAPAXI ??3@YAXPAX memcpy 11379->11380 11381 4036f2 11380->11381 11382 414922 ctype 5 API calls 11381->11382 11383 4036ff 11382->11383 11384 414803 ctype ??2@YAPAXI memcpy 11383->11384 11385 40370c 11384->11385 11386 414ba6 7 API calls 11385->11386 11387 40371b ??3@YAXPAX 11386->11387 11388 414803 ctype ??2@YAPAXI memcpy 11387->11388 11389 403732 11388->11389 11390 414ba6 7 API calls 11389->11390 11391 40373e ??3@YAXPAX ??3@YAXPAX 11390->11391 11391->11330 11393 414803 ctype ??2@YAPAXI memcpy 11392->11393 11394 40376a 11393->11394 11395 414ba6 7 API calls 11394->11395 11396 40377a ??3@YAXPAX 11395->11396 11396->11332 11398 4147df ??2@YAPAXI 11397->11398 11399 40353a 11398->11399 11400 4148c7 ??2@YAPAXI ??3@YAXPAX memcpy 11399->11400 11401 403543 11400->11401 11402 414922 ctype 5 API calls 11401->11402 11403 403550 11402->11403 11404 414803 ctype ??2@YAPAXI memcpy 11403->11404 11405 40355d 11404->11405 11406 414ba6 7 API calls 11405->11406 11407 40356c ??3@YAXPAX 11406->11407 11408 4148c7 ??2@YAPAXI ??3@YAXPAX memcpy 11407->11408 11409 40357e 11408->11409 11410 414922 ctype 5 API calls 11409->11410 11411 40358b 11410->11411 11412 414803 ctype ??2@YAPAXI memcpy 11411->11412 11413 403598 11412->11413 11414 414ba6 7 API calls 11413->11414 11415 4035a7 ??3@YAXPAX 11414->11415 11416 414803 ctype ??2@YAPAXI memcpy 11415->11416 11417 4035be 11416->11417 11418 414ba6 7 API calls 11417->11418 11419 4035ca ??3@YAXPAX ??3@YAXPAX 11418->11419 11419->11324 11426 403442 11420->11426 11423 4043de GetLastError 11425 4043e9 11423->11425 11424 4043ff 11424->11218 11425->11218 11427 403457 11426->11427 11428 40345c FindFirstFileW 11426->11428 11427->11423 11427->11424 11428->11427 11429 40346f FindClose 11428->11429 11430 403499 11429->11430 11431 40347f SetFileAttributesW 11429->11431 11434 403327 11430->11434 11431->11427 11432 40348c DeleteFileW 11431->11432 11432->11427 11435 414803 ctype 2 API calls 11434->11435 11436 40333e 11435->11436 11455 414922 11436->11455 11438 40334b FindFirstFileW 11439 403405 SetCurrentDirectoryW SetFileAttributesW 11438->11439 11452 40336d 11438->11452 11440 403432 ??3@YAXPAX 11439->11440 11441 40341a RemoveDirectoryW 11439->11441 11442 40343c 11440->11442 11441->11440 11444 403425 ??3@YAXPAX 11441->11444 11442->11427 11443 414864 ctype 3 API calls 11443->11452 11444->11442 11446 414922 ctype 5 API calls 11446->11452 11447 4033cc SetFileAttributesW 11447->11440 11451 4033d7 DeleteFileW 11447->11451 11448 40339e lstrcmpW 11449 4033b0 lstrcmpW 11448->11449 11450 4033e4 FindNextFileW 11448->11450 11449->11450 11449->11452 11450->11452 11453 4033fc FindClose 11450->11453 11451->11452 11452->11440 11452->11443 11452->11446 11452->11447 11452->11448 11452->11450 11454 403327 ctype 10 API calls 11452->11454 11459 401585 11452->11459 11453->11439 11454->11452 11456 414932 11455->11456 11463 414637 11456->11463 11460 401590 11459->11460 11461 401595 11459->11461 11467 414621 11460->11467 11461->11452 11464 414649 11463->11464 11465 41465d memcpy 11463->11465 11466 414529 ctype ??2@YAPAXI memcpy ??3@YAXPAX _CxxThrowException 11464->11466 11465->11438 11466->11465 11468 414529 ctype ??2@YAPAXI memcpy ??3@YAXPAX _CxxThrowException 11467->11468 11469 414636 11468->11469 11469->11461 11471 41405d 2 API calls 11470->11471 11472 402b3a 11471->11472 11472->11163 11472->11164 11473->11229 11479 413dda 11474->11479 11476 413fe3 11477 413fe7 CreateFileW 11476->11477 11478 41400a 11476->11478 11477->11478 11478->11110 11480 413de4 CloseHandle 11479->11480 11481 413df6 11479->11481 11482 413def 11480->11482 11481->11476 11482->11476 11482->11481 11486 413ee4 SetFileTime 11483->11486 11485 413f0e 11485->11100 11486->11485 11562 40d5b0 ??2@YAPAXI 11563 40d5c1 11562->11563 15188 40cbb0 15189 40cf3b 15188->15189 15190 40cbbe 15188->15190 15190->15189 15191 40c720 2 API calls 15190->15191 15192 40cbd9 15191->15192 15193 416730 132 API calls 15192->15193 15194 40ce76 15192->15194 15196 40ce67 15192->15196 15197 415ee7 6 API calls 15192->15197 15193->15192 15195 416730 132 API calls 15194->15195 15194->15196 15195->15196 15197->15192

                                            Executed Functions

                                            Function 00406024 Relevance: 193.6, APIs: 70, Strings: 40, Instructions: 1139windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z.MSVCRT ref: 00406037
                                              • Part of subcall function 00403834: GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 00403840
                                              • Part of subcall function 00403834: CreateWindowExW.USER32(00000080,tooltips_class32,sfx,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040385D
                                              • Part of subcall function 00403834: GetDesktopWindow.USER32 ref: 00403869
                                              • Part of subcall function 00403834: GetWindowRect.USER32(00000000), ref: 00403870
                                              • Part of subcall function 00403834: SetWindowPos.USER32(00000000,00000000,?,00406043,00000000,00000000,00000004), ref: 00403894
                                              • Part of subcall function 00403834: SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 004038A4
                                              • Part of subcall function 00403834: KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 004038B1
                                              • Part of subcall function 00403834: DispatchMessageW.USER32(?), ref: 004038BB
                                              • Part of subcall function 00403834: KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 004038C4
                                            • GetVersionExW.KERNEL32(?,?,00000000), ref: 00406054
                                            • MessageBoxA.USER32(00000000,Sorry, this program requires Microsoft Windows 2000 or later.,7-Zip SFX,00000010), ref: 00407001
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 0040541A: LoadLibraryA.KERNEL32(kernel32,?,?,00000000), ref: 0040542B
                                              • Part of subcall function 0040541A: #17.COMCTL32(?,?,00000000), ref: 00405436
                                              • Part of subcall function 0040541A: SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,00000000), ref: 004054BB
                                              • Part of subcall function 0040541A: wsprintfW.USER32 ref: 004054CF
                                            • GetCommandLineW.KERNEL32(?,00000000), ref: 004060AD
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                              • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 004045F1
                                              • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 0040460D
                                              • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 00404615
                                              • Part of subcall function 0040457E: ??3@YAXPAX@Z.MSVCRT(?,?,771B1D70,00000000,?,?,?,?,?,?,?,?,?,?,004060CA,00000000), ref: 00404680
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,0041DDC8,?,?,?,00000000), ref: 00404FD0
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000), ref: 00404FD9
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000), ref: 00404FE1
                                            • GetCommandLineW.KERNEL32(00000001,00000001,00000001,00000000,?,00000000), ref: 004060F3
                                              • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                              • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT(?,?,771B1D70,00000000,?,?,?,?,?,?,?,?,?,?,004060CA,00000000), ref: 00404244
                                            • wsprintfW.USER32 ref: 00406119
                                              • Part of subcall function 004056BA: lstrlenW.KERNEL32(sfxlang,?,771B1D70,?,00000001,00406144,00000001), ref: 004056FB
                                              • Part of subcall function 004056BA: lstrlenW.KERNEL32(sfxlang), ref: 00405700
                                            • _wtol.MSVCRT ref: 00406152
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040618D
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00406195
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?), ref: 0040619D
                                            • GetModuleFileNameW.KERNEL32(00000000,00000000,00000208,00000208,00000001), ref: 004061F7
                                            • _wtol.MSVCRT ref: 0040630F
                                              • Part of subcall function 004143C2: ??2@YAPAXI@Z.MSVCRT(00000004,00422844,004064BF,00000000,00422844,00422844), ref: 004143CA
                                              • Part of subcall function 00405319: ??3@YAXPAX@Z.MSVCRT(?), ref: 0040535D
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00422844,00422844), ref: 004064E3
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,0000000A,?,00000000,00422844,00422844), ref: 00406554
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$Window$??2@$CommandLineMessageModuleTimer_wtollstrlenwsprintf$?_set_new_handler@@CallbackCreateDesktopDispatchDispatcherFileFolderHandleKillLibraryLoadNamePathRectSpecialUserVersionmemcpywcsncpy
                                            • String ID: " -$123456789ABCDEFGHJKMNPQRSTUVWXYZ$7-Zip SFX$7ZipSfx.%03x$AutoInstall$BeginPrompt$BeginPromptTimeout$D(B$D(B$Delete$ExecuteFile$ExecuteOnLoad$FinishMessage$HelpText$InstallPath$P(B$PreExtract$RunProgram$SelfDelete$SetEnvironment$SfxAuthor$SfxString%d$SfxVarApiPath$SfxVarCmdLine0$SfxVarModulePlatform$SfxVarSystemLanguage$SfxVarSystemPlatform$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$X!B$\(B$h(B$setup.exe$sfxconfig$sfxelevation$sfxlang$sfxtest$sfxversion$sfxwaitall$x86
                                            • API String ID: 713101297-1531357413
                                            • Opcode ID: c2554893e455e2f6a0d69744f4b8002c1d38a2c796da5755feca4b6f2b455bd4
                                            • Instruction ID: a556a6a5a5f07645b6d0a54752984156d57e7a988d3b1907c5a6a98372b60f7b
                                            • Opcode Fuzzy Hash: c2554893e455e2f6a0d69744f4b8002c1d38a2c796da5755feca4b6f2b455bd4
                                            • Instruction Fuzzy Hash: 0C92F470A00215ABDB24BB61DD41BAE3661EF80708F55403FF906B62E2DBBC9C95CB5D
                                            Function 004028F2 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 294COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 733 4028f2-402901 734 402903-402908 733->734 735 40290d-402915 733->735 736 402c3f-402c41 734->736 737 402917-402919 735->737 738 40291e-40292d 735->738 737->736 739 402937-40295a 738->739 740 40292f-402935 738->740 743 402963-40296f call 4147df 739->743 744 40295c-40295e 739->744 740->739 749 402c20-402c28 743->749 750 402975-40297a 743->750 745 402c33-402c3b call 414129 744->745 753 402c3d-402c3e 745->753 756 402c2a-402c2d ??3@YAXPAX@Z 749->756 750->749 752 402980-4029d5 call 414864 call 41476b call 414864 ??3@YAXPAX@Z 750->752 764 4029d7-4029ea call 414129 ??3@YAXPAX@Z 752->764 765 4029ef-4029f3 752->765 753->736 758 402c32 756->758 758->745 764->758 766 4029f5-4029f8 765->766 767 4029fa-4029ff 765->767 769 402a1e-402a37 766->769 770 402a01 767->770 771 402a18-402a1b 767->771 769->764 776 402a39-402a5e 769->776 773 402a03-402a09 770->773 771->769 777 402a0b-402a13 call 414129 773->777 780 402a60-402a73 call 414129 ??3@YAXPAX@Z 776->780 781 402a78-402a7e 776->781 777->756 780->758 784 402a80-402a83 781->784 785 402a9c-402aae GetLocalTime SystemTimeToFileTime 781->785 787 402a85-402a87 784->787 788 402a8c-402a9a 784->788 789 402ab4-402aba 785->789 787->773 788->789 790 402ae3-402ae5 call 404402 789->790 791 402abc call 40468a 789->791 794 402aea-402aed 790->794 795 402ac1-402ac3 791->795 796 402af3-402af6 794->796 797 402c0c-402c1b GetLastError 794->797 798 402ac5-402ac7 795->798 799 402acc-402ade call 414129 ??3@YAXPAX@Z 795->799 796->799 800 402af8-402b04 ??2@YAPAXI@Z 796->800 797->749 798->773 799->758 803 402b15-402b1a 800->803 804 402b06-402b13 800->804 806 402b22-402b3c call 414091 803->806 807 402b1c-402b1e 803->807 804->803 810 402be1-402c0a call 4160a2 call 414129 ??3@YAXPAX@Z call 414129 806->810 811 402b42-402b5e GetLastError call 414839 call 403813 806->811 807->806 810->753 820 402b60-402b67 811->820 821 402b89-402b9f call 40468a 811->821 825 402b6b-402b78 ??3@YAXPAX@Z 820->825 828 402ba1-402ba9 821->828 829 402bab-402bc5 call 414091 821->829 825->777 827 402b7e-402b84 825->827 827->777 828->825 834 402bc7-402bd6 GetLastError 829->834 835 402bd8-402be0 ??3@YAXPAX@Z 829->835 834->825 835->810
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: &@
                                            • API String ID: 0-1362318888
                                            • Opcode ID: 5216165dd6b3832a646988e5fd488ed9bf842a1918acfff858325ff221319d85
                                            • Instruction ID: 0c2c45a1d49559d50b2892bbdf1ddf1765a092562d7aa30539bf8f0f12bc17d3
                                            • Opcode Fuzzy Hash: 5216165dd6b3832a646988e5fd488ed9bf842a1918acfff858325ff221319d85
                                            • Instruction Fuzzy Hash: 42B16171A00205AFCB20EFA4C9889EE77B5FF48314F14452AF502BB2D1DBB89985CF59
                                            Function 004171F6 Relevance: 24.7, APIs: 16, Instructions: 696COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00419C17: _CxxThrowException.MSVCRT(?,0041FBDC), ref: 00419C5F
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000), ref: 0041729C
                                              • Part of subcall function 004170B3: ??3@YAXPAX@Z.MSVCRT(?,00000000,004172B2,?,00000000), ref: 004170B9
                                              • Part of subcall function 004170B3: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,004172B2,?,00000000), ref: 004170C1
                                            • ??2@YAPAXI@Z.MSVCRT(00000084,00000000,?,00000000), ref: 00417333
                                            • ??2@YAPAXI@Z.MSVCRT(?,?,00000000), ref: 00417540
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,?,00000000), ref: 00417572
                                            • SysFreeString.OLEAUT32(?), ref: 0041757B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000), ref: 00417687
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000), ref: 0041768F
                                            • ??2@YAPAXI@Z.MSVCRT(00000030,?,00000000), ref: 004176D5
                                            • SysFreeString.OLEAUT32(?), ref: 00417714
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@$FreeString$ExceptionThrow
                                            • String ID:
                                            • API String ID: 3050852170-0
                                            • Opcode ID: c4f719cad317f362cd16415bf7604576b2c288079181a94183e34930bb1537ad
                                            • Instruction ID: b6a6dfe7ee52a84d4dd267533d837d91f4f6e8651933b75f9a6aac28901cda67
                                            • Opcode Fuzzy Hash: c4f719cad317f362cd16415bf7604576b2c288079181a94183e34930bb1537ad
                                            • Instruction Fuzzy Hash: 47523875A04209DFCB14DF65C884AEE7BB5BF48314F25405AF8169B352DB39EC82CB98
                                            Function 0041A836 Relevance: 11.0, APIs: 7, Instructions: 450COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1563 41a836-41a854 call 418fb1 1566 41a874 1563->1566 1567 41a856-41a85a 1563->1567 1568 41a876-41a882 1566->1568 1567->1568 1569 41a85c-41a872 call 4197f9 call 418fb1 1567->1569 1571 41a8e4-41a902 1568->1571 1572 41a884-41a886 1568->1572 1569->1568 1573 41a904-41a906 1571->1573 1574 41a93e-41a944 1571->1574 1572->1571 1576 41a888-41a8b7 call 41a63e 1572->1576 1573->1574 1578 41a908-41a91e call 41a533 1573->1578 1580 41ad95-41adbf call 419590 ??3@YAXPAX@Z * 3 call 41969c 1574->1580 1581 41a94a-41a94c 1574->1581 1587 41a8c9-41a8e2 call 418fb1 1576->1587 1588 41a8b9-41a8c4 call 41969c 1576->1588 1589 41a923-41a93c call 418fb1 1578->1589 1602 41adc1-41adc8 1580->1602 1581->1580 1586 41a952-41a98b call 418fe5 call 419233 call 419652 * 2 1581->1586 1608 41a9a0-41a9cd call 419725 1586->1608 1609 41a98d-41a990 1586->1609 1587->1571 1588->1602 1589->1574 1614 41ac7d-41ac90 call 418fb1 1608->1614 1609->1608 1610 41a992-41a99b call 419652 1609->1610 1610->1608 1617 41a9d2-41a9eb call 418fb1 1614->1617 1618 41ac96-41aca4 call 418fb1 1614->1618 1623 41a9f1 1617->1623 1624 41adcb-41add0 call 418de4 1617->1624 1625 41aca6 call 418e04 1618->1625 1626 41acab-41acb8 1618->1626 1627 41a9f3-41a9f6 1623->1627 1628 41a9fc-41aa19 call 4192d4 1623->1628 1625->1626 1631 41acc9-41accf 1626->1631 1632 41acba-41acbe 1626->1632 1627->1624 1627->1628 1643 41ac56-41ac63 1628->1643 1644 41aa1f 1628->1644 1637 41acd5-41ace0 1631->1637 1638 41ad7a-41ad92 ??3@YAXPAX@Z * 3 1631->1638 1635 41acc0 1632->1635 1636 41acc3-41acc7 1632->1636 1635->1636 1636->1631 1636->1632 1639 41ace3-41ad00 1637->1639 1638->1580 1641 41ad33-41ad50 1639->1641 1642 41ad02-41ad25 call 4192b9 1639->1642 1648 41ad53-41ad57 1641->1648 1656 41ad30-41ad31 1642->1656 1657 41ad27-41ad2d 1642->1657 1649 41ac66-41ac6f 1643->1649 1646 41aa21-41aa28 1644->1646 1647 41aa2e-41aa37 1644->1647 1646->1643 1646->1647 1647->1643 1652 41aa3d 1647->1652 1653 41ad67-41ad74 1648->1653 1654 41ad59-41ad62 call 41967b 1648->1654 1649->1624 1650 41ac75-41ac78 call 418e1d 1649->1650 1650->1614 1652->1643 1658 41ab20-41ab4e call 419893 call 419747 1652->1658 1659 41abf3 1652->1659 1660 41ac12-41ac15 1652->1660 1661 41aa44-41aa96 call 419747 call 40bbd0 call 418e93 call 41911e 1652->1661 1662 41ac17-41ac1d 1652->1662 1663 41ab99-41abaf call 419845 1652->1663 1664 41abdb 1652->1664 1665 41ac0d-41ac10 1652->1665 1666 41ac1f-41ac25 1652->1666 1667 41abee-41abf1 1652->1667 1653->1638 1653->1639 1654->1653 1656->1648 1657->1656 1698 41ab50 1658->1698 1699 41ab83-41ab94 call 418e1d ??3@YAXPAX@Z 1658->1699 1670 41abf9-41ac08 call 4198de 1659->1670 1660->1670 1718 41aa98-41aaaa 1661->1718 1719 41aaee-41aafc 1661->1719 1662->1670 1687 41abb1-41abb8 1663->1687 1688 41abc3-41abd6 call 419725 * 2 1663->1688 1669 41abde-41abe9 call 419845 1664->1669 1665->1670 1666->1649 1672 41ac27 1666->1672 1667->1669 1689 41ab0a-41ab1b call 419652 1669->1689 1670->1689 1676 41ac29-41ac2c 1672->1676 1677 41ac2e-41ac38 call 418e7c 1672->1677 1676->1649 1676->1677 1700 41ac3a 1677->1700 1701 41ac3e-41ac48 1677->1701 1690 41abba 1687->1690 1691 41abbd-41abc1 1687->1691 1688->1689 1689->1649 1690->1691 1691->1687 1691->1688 1703 41ab53-41ab67 1698->1703 1699->1689 1700->1701 1701->1677 1706 41ac4a 1701->1706 1711 41ab74-41ab81 1703->1711 1712 41ab69-41ab71 call 418ffb 1703->1712 1706->1649 1714 41ac4c-41ac52 1706->1714 1711->1699 1711->1703 1712->1711 1714->1677 1717 41ac54 1714->1717 1717->1649 1721 41aaac-41aab4 1718->1721 1722 41aabe-41aac1 1718->1722 1723 41ab02-41ab05 call 418e1d 1719->1723 1724 41aafe 1719->1724 1721->1722 1725 41aab6-41aabc 1721->1725 1722->1624 1726 41aac7-41aaec 1722->1726 1723->1689 1724->1723 1725->1721 1725->1722 1726->1718 1726->1719
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a6926a2a1545e1076c32de7eff06156fa885bf53ffc5999b522f7fa9f556010
                                            • Instruction ID: 4dad77f0705915c109804cafeeec3e4362490793768c25b28525cfb381627a1a
                                            • Opcode Fuzzy Hash: 2a6926a2a1545e1076c32de7eff06156fa885bf53ffc5999b522f7fa9f556010
                                            • Instruction Fuzzy Hash: 25124771901248DFCB25DF69C980AED7BF6BF44304F14846EF81587262DB38E895CB99
                                            Function 00404402 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNELBASE(00000000,?,00000000,-00000001), ref: 00404419
                                            • FindClose.KERNEL32(00000000), ref: 00404429
                                            • SetLastError.KERNEL32(00000010), ref: 0040443A
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Find$CloseErrorFileFirstLast
                                            • String ID:
                                            • API String ID: 4020440971-0
                                            • Opcode ID: 1dd38c34050e32057a86cfd6f887252e6440109f0c7138c7ef1928e7de9965fb
                                            • Instruction ID: e28eadc660d29d22e42b67850f94827f0221515ef145fc3d082d2b957231e6be
                                            • Opcode Fuzzy Hash: 1dd38c34050e32057a86cfd6f887252e6440109f0c7138c7ef1928e7de9965fb
                                            • Instruction Fuzzy Hash: CEF0A4F5A0012467DB2027349C4CFAA37ACABC1329F204676EA52F25D0D778C942961E
                                            Function 00409931 Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000024), ref: 0040993D
                                            • FindFirstFileW.KERNELBASE(004227B8,?,00000000,00000000,004227B8), ref: 0040998B
                                            • FindClose.KERNELBASE(00000000), ref: 004099A9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Find$??2@CloseFileFirst
                                            • String ID:
                                            • API String ID: 4002974997-0
                                            • Opcode ID: c03e075093b829c168e26fe258a0a4546d83264425a89f2d007aa806e81bd77b
                                            • Instruction ID: 04f35bf0448d31e89553be1a3bfedde72a875c1ede13cb4c157a2b7218669a26
                                            • Opcode Fuzzy Hash: c03e075093b829c168e26fe258a0a4546d83264425a89f2d007aa806e81bd77b
                                            • Instruction Fuzzy Hash: 62112CB1600111ABCB10AF25CC48AAF7BA4AF48714F00443EF846EB3D2C738DC41CB99
                                            Function 004023DF Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000), ref: 004023FB
                                            • SendMessageW.USER32(00008001,00000000,?), ref: 00402454
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: DiskFreeMessageSendSpace
                                            • String ID:
                                            • API String ID: 696007252-0
                                            • Opcode ID: 34fedf2ad7fc010070f55429fd0060592675988d9c8f944df9a105f38321c0a6
                                            • Instruction ID: be724390365365ade20085aba8859a3f911814d7ca7ed58b5616de4d2c55ee22
                                            • Opcode Fuzzy Hash: 34fedf2ad7fc010070f55429fd0060592675988d9c8f944df9a105f38321c0a6
                                            • Instruction Fuzzy Hash: 1F014F70600204BADB249F10DE49B5A3BA9EB01B04F904476E501FA1E0D7FADE418A1D
                                            Function 00402008 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 242COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 516 402008-40203b call 4147df call 404255 call 405546 523 40203d-40204c call 404051 516->523 526 402056-402065 call 404051 523->526 527 40204e-402054 523->527 530 402067-40206d 526->530 531 40206f-40207e call 404051 526->531 527->523 530->523 534 402080-402088 531->534 535 40208c-40209b call 404051 531->535 534->523 536 40208a 534->536 540 4020a8-4020ba call 404051 535->540 541 40209d 535->541 539 40209f-4020a6 536->539 539->523 544 4020dc-4020ec call 404051 540->544 545 4020bc-4020c3 540->545 541->539 550 402100-402102 544->550 551 4020ee-4020fe call 404051 544->551 546 4020d5-4020d7 545->546 547 4020c5-4020d0 _wtol 545->547 546->523 547->546 550->523 551->550 554 402107-402110 call 4040d6 551->554 557 402120-402129 call 40413e 554->557 558 402112-40211b 554->558 561 402139-402144 557->561 562 40212b-402134 557->562 558->523 563 402146-40214a 561->563 564 40218d-402190 call 4148c7 561->564 562->523 565 402166-402167 call 414864 563->565 566 40214c-402164 call 414864 call 414922 * 2 563->566 570 402195-402199 call 414922 564->570 571 40216c-40217c call 404f59 565->571 566->571 576 40219e-4021c8 call 4147df call 403022 call 414803 call 405546 570->576 571->576 580 40217e-40218b call 414922 571->580 592 402292-402295 576->592 593 4021ce-4021d8 call 401c2a 576->593 580->570 594 4022cb-4022f4 ??3@YAXPAX@Z * 2 call 402fc9 ??3@YAXPAX@Z 592->594 593->592 599 4021de-4021e4 593->599 600 4021e6-4021ef call 414922 599->600 601 4021f9-402204 call 405546 599->601 608 4021f4-4021f7 600->608 606 402206-40225f call 4147b1 call 414787 call 41476b call 414803 ??3@YAXPAX@Z * 3 call 401c59 601->606 607 40227b-40228b call 401d63 601->607 632 402264-402269 606->632 614 402297-402298 SetLastError 607->614 615 40228d call 401bce 607->615 608->601 611 4021f1 608->611 611->608 618 40229e-4022a5 614->618 615->592 620 4022b4-4022c0 call 409684 618->620 621 4022a7-4022b2 GetLastError 618->621 623 4022c3-4022ca call 405a7a 620->623 621->620 621->623 623->594 633 402273-402279 ??3@YAXPAX@Z 632->633 634 40226b-402271 ??3@YAXPAX@Z 632->634 633->618 634->615
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 00404255: GetCurrentDirectoryW.KERNEL32(00000000,00000000,0042289C,?,?,00000000,0040202E,00000000,0042289C,?,00000000), ref: 00404273
                                              • Part of subcall function 00404255: GetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,?,00000000,0040202E,00000000,0042289C,?,00000000), ref: 00404286
                                            • _wtol.MSVCRT ref: 004020C9
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                              • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148EF
                                              • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148F8
                                              • Part of subcall function 004148C7: memcpy.MSVCRT(?,771B1D70,?,?,?,?,0040467D,?,771B1D70,00000000), ref: 00414912
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,0041DAE4,?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000,00000000), ref: 0040223E
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,0041DAE4,?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000), ref: 00402246
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,0041DAE4,?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000), ref: 0040224E
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,0042289C,?,00000000), ref: 0040226B
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,0042289C,?,00000000), ref: 00402273
                                              • Part of subcall function 00401D63: GetCommandLineW.KERNEL32(0041D9F0,00000000,00000000), ref: 00401D85
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E31
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A,?," -), ref: 00401E39
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A,?), ref: 00401E41
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A), ref: 00401E49
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000), ref: 00401E51
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?), ref: 00401E59
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?), ref: 00401E61
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020), ref: 00401E69
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?), ref: 00401E71
                                              • Part of subcall function 00401D63: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022), ref: 00401E79
                                              • Part of subcall function 00401D63: GetStartupInfoW.KERNEL32(?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E8C
                                            • SetLastError.KERNEL32(00000000,?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 00402298
                                            • GetLastError.KERNEL32(00000000,0042289C,?,00000000), ref: 004022A7
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 004022CE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 004022D6
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000003,00000003,00000002,00000000,00000000,00000000,00000000,00000000,0042289C,?,00000000), ref: 004022E8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$memcpy$??2@$CurrentDirectoryErrorLast$CommandInfoLineStartup_wtol
                                            • String ID: ExecuteParameters$del$forcenowait$hidcon$nowait$shc$waitall
                                            • API String ID: 3919891259-4019298132
                                            • Opcode ID: e08a7f8d1ce2c9dcdc791632e2afc9288d87f68f1057820af2655defdcd22ece
                                            • Instruction ID: 21408dceba26f159f852cac34e7ef5db61450a97c3c3bcaf1411dbce6cc4b37b
                                            • Opcode Fuzzy Hash: e08a7f8d1ce2c9dcdc791632e2afc9288d87f68f1057820af2655defdcd22ece
                                            • Instruction Fuzzy Hash: 40818E71E00219ABCB14BBA1D985AEF7775AB80304F24407FE612772D1DABC5D86CB4D
                                            Function 0040502A Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 256COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 635 40502a-405044 call 4143c2 638 4052c4-4052d0 call 403251 635->638 641 4052d6-4052e1 ??3@YAXPAX@Z 638->641 642 405049-40506f call 4147df * 2 call 4143c2 638->642 644 405314-405318 641->644 650 405085-405091 call 40322d 642->650 653 405071-405074 650->653 654 405093-4050c0 call 404346 call 4148c7 ??3@YAXPAX@Z * 2 650->654 653->654 656 405076-405082 call 402f9f 653->656 662 4052e3-4052e6 654->662 663 4050c6-4050d5 call 403251 654->663 656->650 665 4052eb-405311 call 4044e1 ??3@YAXPAX@Z * 3 662->665 669 4052e8 663->669 670 4050db-4050e4 663->670 665->644 669->665 670->669 671 4050ea-4050f7 call 403251 670->671 671->669 674 4050fd-405107 671->674 675 405122-405136 674->675 676 405109-40510b 674->676 678 4051b4-4051c7 strncmp 675->678 676->669 677 405111-40511d call 404fee 676->677 687 4052b2-4052c3 ??3@YAXPAX@Z * 2 677->687 680 4051c9 678->680 681 40519f-4051b2 strncmp 678->681 684 4051ee-4051f5 680->684 681->678 683 405138-40513b 681->683 683->669 688 405141-405150 683->688 685 4051f7-4051fd 684->685 686 4051cb-4051ce 684->686 689 405203-405228 call 404346 call 4148c7 ??3@YAXPAX@Z call 40457e 685->689 690 4051ff-405200 685->690 686->685 692 4051d0-4051d3 686->692 687->638 688->689 691 405156-405159 688->691 715 40522d-40523d lstrcmpW 689->715 690->689 694 405194 691->694 695 40515b-405167 691->695 696 4051d5-4051da 692->696 697 4051dd-4051e9 call 402f9f 692->697 698 405197 694->698 700 405190-405192 695->700 701 405169-40516b 695->701 696->697 702 4051dc 696->702 697->684 704 40519a call 402f9f 698->704 700->698 706 40518c-40518e 701->706 707 40516d-40516f 701->707 702->697 704->681 706->698 710 405171-405176 707->710 711 405188-40518a 707->711 713 405184-405186 710->713 714 405178-405182 call 402f9f 710->714 711->698 713->704 714->698 717 405252-40525e 715->717 718 40523f-40524c call 41420c 715->718 721 405260-40527a lstrlenW wcsncmp 717->721 722 405289-405295 call 404f11 717->722 718->669 718->717 725 405284-405287 721->725 726 40527c-405282 721->726 727 4052a4-4052ad call 40287b 722->727 729 405297-4052a2 call 414864 722->729 725->722 725->727 726->721 726->725 727->687 729->687
                                            APIs
                                              • Part of subcall function 004143C2: ??2@YAPAXI@Z.MSVCRT(00000004,00422844,004064BF,00000000,00422844,00422844), ref: 004143CA
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,0000FDE9,?,00A70F28,00000000), ref: 004050AF
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0000FDE9,?,00A70F28,00000000), ref: 004050B7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 004052B5
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?), ref: 004052BD
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 004052D9
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0000FDE9,?,00A70F28,00000000), ref: 004052FA
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,0000FDE9,?,00A70F28,00000000), ref: 00405302
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,0000FDE9,?,00A70F28,00000000), ref: 0040530A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@
                                            • String ID: !B$SetEnvironment${\rtf
                                            • API String ID: 4113381792-3096309559
                                            • Opcode ID: bbac89bcdca60f474bb2327d58a51d834414ed21076654b2162d1bf4053e90ce
                                            • Instruction ID: b708b963da35919fffc77302d43656a91cdc81ec60feee5546b613eda411056e
                                            • Opcode Fuzzy Hash: bbac89bcdca60f474bb2327d58a51d834414ed21076654b2162d1bf4053e90ce
                                            • Instruction Fuzzy Hash: 69917C34900619ABCF15EB91C991BEFB7B1EF55308F2000ABE4427B2D2DA785E45DF49
                                            Function 0041A63E Relevance: 19.9, APIs: 13, Instructions: 398COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1061 41a63e-41a6a5 call 418988 call 41a533 call 416fe1 1068 41a6f7-41a71b call 419a20 1061->1068 1069 41a6a7-41a6f1 call 417cca ??3@YAXPAX@Z * 3 call 4185d1 1061->1069 1074 41a721-41a723 1068->1074 1075 41a7ef call 418e04 1068->1075 1074->1075 1078 41a729-41a73c call 40bbd0 ??2@YAPAXI@Z 1074->1078 1081 41a7f4-41a828 call 417cca ??3@YAXPAX@Z * 3 call 4185d1 1075->1081 1084 41a74b 1078->1084 1085 41a73e-41a749 1078->1085 1097 41a830-41a854 call 418de4 call 418fb1 1081->1097 1087 41a74d-41a74f 1084->1087 1085->1087 1089 41a751-41a753 1087->1089 1090 41a757-41a7a2 call 4171f6 1087->1090 1089->1090 1090->1081 1095 41a7a4-41a7b1 call 4192b9 1090->1095 1100 41a7b3-41a7d0 call 41bce0 1095->1100 1101 41a7d2-41a7e1 1095->1101 1111 41a874 1097->1111 1112 41a856-41a85a 1097->1112 1100->1097 1100->1101 1109 41a6f4 1101->1109 1110 41a7e7 1101->1110 1109->1068 1110->1075 1113 41a876-41a882 1111->1113 1112->1113 1114 41a85c-41a872 call 4197f9 call 418fb1 1112->1114 1116 41a8e4-41a902 1113->1116 1117 41a884-41a886 1113->1117 1114->1113 1118 41a904-41a906 1116->1118 1119 41a93e-41a944 1116->1119 1117->1116 1121 41a888-41a8b7 call 41a63e 1117->1121 1118->1119 1123 41a908-41a91e call 41a533 1118->1123 1125 41ad95-41adbf call 419590 ??3@YAXPAX@Z * 3 call 41969c 1119->1125 1126 41a94a-41a94c 1119->1126 1132 41a8c9-41a8e2 call 418fb1 1121->1132 1133 41a8b9-41a8c4 call 41969c 1121->1133 1134 41a923-41a93c call 418fb1 1123->1134 1147 41adc1-41adc8 1125->1147 1126->1125 1131 41a952-41a98b call 418fe5 call 419233 call 419652 * 2 1126->1131 1153 41a9a0-41a9cd call 419725 1131->1153 1154 41a98d-41a990 1131->1154 1132->1116 1133->1147 1134->1119 1159 41ac7d-41ac90 call 418fb1 1153->1159 1154->1153 1155 41a992-41a99b call 419652 1154->1155 1155->1153 1162 41a9d2-41a9eb call 418fb1 1159->1162 1163 41ac96-41aca4 call 418fb1 1159->1163 1168 41a9f1 1162->1168 1169 41adcb-41add0 call 418de4 1162->1169 1170 41aca6 call 418e04 1163->1170 1171 41acab-41acb8 1163->1171 1172 41a9f3-41a9f6 1168->1172 1173 41a9fc-41aa19 call 4192d4 1168->1173 1170->1171 1176 41acc9-41accf 1171->1176 1177 41acba-41acbe 1171->1177 1172->1169 1172->1173 1188 41ac56-41ac63 1173->1188 1189 41aa1f 1173->1189 1182 41acd5-41ace0 1176->1182 1183 41ad7a-41ad92 ??3@YAXPAX@Z * 3 1176->1183 1180 41acc0 1177->1180 1181 41acc3-41acc7 1177->1181 1180->1181 1181->1176 1181->1177 1184 41ace3-41ad00 1182->1184 1183->1125 1186 41ad33-41ad50 1184->1186 1187 41ad02-41ad25 call 4192b9 1184->1187 1193 41ad53-41ad57 1186->1193 1201 41ad30-41ad31 1187->1201 1202 41ad27-41ad2d 1187->1202 1194 41ac66-41ac6f 1188->1194 1191 41aa21-41aa28 1189->1191 1192 41aa2e-41aa37 1189->1192 1191->1188 1191->1192 1192->1188 1197 41aa3d 1192->1197 1198 41ad67-41ad74 1193->1198 1199 41ad59-41ad62 call 41967b 1193->1199 1194->1169 1195 41ac75-41ac78 call 418e1d 1194->1195 1195->1159 1197->1188 1203 41ab20-41ab4e call 419893 call 419747 1197->1203 1204 41abf3 1197->1204 1205 41ac12-41ac15 1197->1205 1206 41aa44-41aa96 call 419747 call 40bbd0 call 418e93 call 41911e 1197->1206 1207 41ac17-41ac1d 1197->1207 1208 41ab99-41abaf call 419845 1197->1208 1209 41abdb 1197->1209 1210 41ac0d-41ac10 1197->1210 1211 41ac1f-41ac25 1197->1211 1212 41abee-41abf1 1197->1212 1198->1183 1198->1184 1199->1198 1201->1193 1202->1201 1243 41ab50 1203->1243 1244 41ab83-41ab94 call 418e1d ??3@YAXPAX@Z 1203->1244 1215 41abf9-41ac08 call 4198de 1204->1215 1205->1215 1263 41aa98-41aaaa 1206->1263 1264 41aaee-41aafc 1206->1264 1207->1215 1232 41abb1-41abb8 1208->1232 1233 41abc3-41abd6 call 419725 * 2 1208->1233 1214 41abde-41abe9 call 419845 1209->1214 1210->1215 1211->1194 1217 41ac27 1211->1217 1212->1214 1234 41ab0a-41ab1b call 419652 1214->1234 1215->1234 1221 41ac29-41ac2c 1217->1221 1222 41ac2e-41ac38 call 418e7c 1217->1222 1221->1194 1221->1222 1245 41ac3a 1222->1245 1246 41ac3e-41ac48 1222->1246 1235 41abba 1232->1235 1236 41abbd-41abc1 1232->1236 1233->1234 1234->1194 1235->1236 1236->1232 1236->1233 1248 41ab53-41ab67 1243->1248 1244->1234 1245->1246 1246->1222 1251 41ac4a 1246->1251 1256 41ab74-41ab81 1248->1256 1257 41ab69-41ab71 call 418ffb 1248->1257 1251->1194 1259 41ac4c-41ac52 1251->1259 1256->1244 1256->1248 1257->1256 1259->1222 1262 41ac54 1259->1262 1262->1194 1266 41aaac-41aab4 1263->1266 1267 41aabe-41aac1 1263->1267 1268 41ab02-41ab05 call 418e1d 1264->1268 1269 41aafe 1264->1269 1266->1267 1270 41aab6-41aabc 1266->1270 1267->1169 1271 41aac7-41aaec 1267->1271 1268->1234 1269->1268 1270->1266 1270->1267 1271->1263 1271->1264
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?), ref: 0041A6C8
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?), ref: 0041A6D0
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 0041A6D8
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,00000000,0041A828,?,?,?), ref: 004185D7
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0041A828,?,?,?), ref: 004185DF
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(40000000,?,?,00000000,0041A828,?,?,?), ref: 004185E7
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,40000000,?,?,00000000,0041A828,?,?,?), ref: 004185EF
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 004185F7
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 004185FF
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 00418607
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 0041860F
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 00418617
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 0041861F
                                              • Part of subcall function 004185D1: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 00418627
                                            • ??2@YAPAXI@Z.MSVCRT(00000014,?,?,?,?,?), ref: 0041A734
                                              • Part of subcall function 00417CCA: ??3@YAXPAX@Z.MSVCRT(?,00000000,0041A805,?,?), ref: 00417CDD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@
                                            • String ID:
                                            • API String ID: 4113381792-0
                                            • Opcode ID: 408766181f359ab8ad551ad122e7536dbf2b6a85c5132987989524d4ef5a81fa
                                            • Instruction ID: 6abf9db5c8fa00cec55f169cb285ff9e288a09aa66c1a036a375ac4c588c175a
                                            • Opcode Fuzzy Hash: 408766181f359ab8ad551ad122e7536dbf2b6a85c5132987989524d4ef5a81fa
                                            • Instruction Fuzzy Hash: 01F106719002489FCB25DF69C9809EEBBF5BF48304F14442EF81997262DB38E995CF59
                                            Function 00402CB1 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 230COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1273 402cb1-402cd9 call 401303 1276 402d04-402d0b 1273->1276 1277 402cdb-402ce1 1273->1277 1280 402d22-402d2c ??2@YAPAXI@Z 1276->1280 1281 402d0d-402d0f call 40468a 1276->1281 1278 402ce3-402ce9 1277->1278 1279 402cef 1277->1279 1278->1279 1282 402ceb-402ced 1278->1282 1283 402cf1-402cff call 409684 1279->1283 1285 402d3a 1280->1285 1286 402d2e-402d38 call 4025b4 1280->1286 1289 402d14-402d16 1281->1289 1282->1283 1296 402f6c 1283->1296 1287 402d3d-402d62 call 402c44 * 2 1285->1287 1286->1287 1300 402d64-402d67 1287->1300 1301 402d6a-402d76 call 404f59 1287->1301 1289->1280 1294 402d18-402d1d 1289->1294 1297 402f6d-402f71 1294->1297 1296->1297 1300->1301 1304 402dc0-402de9 call 40115f ??2@YAPAXI@Z 1301->1304 1305 402d78-402dbf call 4147df * 2 call 414864 * 2 call 40287b ??3@YAXPAX@Z * 2 1301->1305 1310 402f44-402f52 1304->1310 1311 402def-402e10 1304->1311 1305->1304 1313 402f61-402f69 ??3@YAXPAX@Z 1310->1313 1314 402f54-402f59 call 402766 1310->1314 1321 402f32-402f3e call 414129 1311->1321 1322 402e16-402e1b 1311->1322 1313->1296 1320 402f5e 1314->1320 1320->1313 1321->1310 1321->1311 1322->1321 1325 402e21-402e30 call 414803 1322->1325 1331 402e34-402e41 call 404f59 1325->1331 1335 402e91-402e99 1331->1335 1336 402e43-402e6d call 414803 call 414c8a ??3@YAXPAX@Z 1331->1336 1338 402f29-402f31 ??3@YAXPAX@Z 1335->1338 1339 402e9f-402eac call 404f59 1335->1339 1348 402e8b-402e8f 1336->1348 1349 402e6f-402e7b call 402510 1336->1349 1338->1321 1344 402efe-402f02 1339->1344 1345 402eae-402ed5 call 414803 call 414c8a ??3@YAXPAX@Z 1339->1345 1344->1338 1350 402f04-402f10 call 41422f 1344->1350 1362 402ef3-402efc 1345->1362 1363 402ed7-402ee3 call 402510 1345->1363 1348->1331 1348->1335 1359 402e84 1349->1359 1360 402e7d-402e83 1349->1360 1350->1338 1357 402f12-402f20 call 402510 1350->1357 1357->1338 1366 402f22-402f28 1357->1366 1359->1348 1360->1359 1362->1339 1362->1344 1368 402ee5-402eeb 1363->1368 1369 402eec 1363->1369 1366->1338 1368->1369 1369->1362
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000048,PreExtract,0041DA3C,00422868), ref: 00402D24
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,0041DBB8,00000000,PreExtract,0041DA3C,00422868), ref: 00402DB1
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,0041DBB8,00000000,PreExtract,0041DA3C,00422868), ref: 00402DB9
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,PreExtract,0041DA3C,00422868), ref: 00402DD9
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?), ref: 00402E63
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?), ref: 00402ECD
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00402F2C
                                            • ??3@YAXPAX@Z.MSVCRT(00406D3B,PreExtract,0041DA3C,00422868), ref: 00402F64
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@
                                            • String ID: ExtractMaskExclude$ExtractMaskInclude$PreExtract
                                            • API String ID: 4113381792-1386291556
                                            • Opcode ID: 6bab8b8bb1537dc1375b0e0185efc7b0f1750a0fb5d06a831e2a7e9e7f5bebde
                                            • Instruction ID: d17b0469287da104a56fb6e9b72567ba4b72c6d001a8acf4ea1ba453b7e2a31c
                                            • Opcode Fuzzy Hash: 6bab8b8bb1537dc1375b0e0185efc7b0f1750a0fb5d06a831e2a7e9e7f5bebde
                                            • Instruction Fuzzy Hash: D4815E70E0021AABDF14EBA5DA556EEB7B1AF84314F10403FE405B72D1DBB88D86DB58
                                            Function 00403834 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 69timewindowCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 00403840
                                            • CreateWindowExW.USER32(00000080,tooltips_class32,sfx,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040385D
                                            • GetDesktopWindow.USER32 ref: 00403869
                                            • GetWindowRect.USER32(00000000), ref: 00403870
                                            • SetWindowPos.USER32(00000000,00000000,?,00406043,00000000,00000000,00000004), ref: 00403894
                                            • SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 004038A4
                                            • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 004038B1
                                            • DispatchMessageW.USER32(?), ref: 004038BB
                                            • KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,?,?,?,?,00406043,?,00000000), ref: 004038C4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Window$Timer$CallbackCreateDesktopDispatchDispatcherHandleKillMessageModuleRectUser
                                            • String ID: sfx$tooltips_class32
                                            • API String ID: 109375553-2224206080
                                            • Opcode ID: 3563f08bb3cb8092991ced233f77f7c04de6a27a174827c095c902f2545c8bd1
                                            • Instruction ID: 0e7f13be778ebd409a4db15796a4025058a8725858d3a305ba7ca36a6b4cbd87
                                            • Opcode Fuzzy Hash: 3563f08bb3cb8092991ced233f77f7c04de6a27a174827c095c902f2545c8bd1
                                            • Instruction Fuzzy Hash: 95115EB2A01224BBCB109BB99D4DEEF7F7DEF49751F008160F615E2094CAB49100CBA8
                                            Function 004189CE Relevance: 18.0, APIs: 12, Instructions: 32COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1373 4189ce-418a50 ??3@YAXPAX@Z * 12
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 004189D8
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 004189E3
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?), ref: 004189EE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 004189F9
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?), ref: 00418A04
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?), ref: 00418A0F
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 00418A1A
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 00418A25
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 00418A2D
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?), ref: 00418A35
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?), ref: 00418A3D
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00418A45
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 1f319bad1af196991e7fe3229c0439d54c27219e77e082c4970497211d54019c
                                            • Instruction ID: 0e0f50dce1b9974b6fb96937f2ede7be7b7889254afb23eb482ec8a91eb4f058
                                            • Opcode Fuzzy Hash: 1f319bad1af196991e7fe3229c0439d54c27219e77e082c4970497211d54019c
                                            • Instruction Fuzzy Hash: A3F068382D0B24BAD6223732DC42BDBB6B6AF40B08F00442FB19A604338DA57C919F5D
                                            Function 0041C35F Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1374 41c35f-41c3d4 __set_app_type __p__fmode __p__commode call 41c4eb 1377 41c3e2-41c439 call 41c4d6 _initterm __getmainargs _initterm 1374->1377 1378 41c3d6-41c3e1 __setusermatherr 1374->1378 1381 41c475-41c478 1377->1381 1382 41c43b-41c443 1377->1382 1378->1377 1383 41c452-41c456 1381->1383 1384 41c47a-41c47e 1381->1384 1385 41c445-41c447 1382->1385 1386 41c449-41c44c 1382->1386 1388 41c458-41c45a 1383->1388 1389 41c45c-41c46d GetStartupInfoA 1383->1389 1384->1381 1385->1382 1385->1386 1386->1383 1387 41c44e-41c44f 1386->1387 1387->1383 1388->1387 1388->1389 1390 41c480-41c482 1389->1390 1391 41c46f-41c473 1389->1391 1392 41c483-41c4b0 GetModuleHandleA call 407014 exit _XcptFilter 1390->1392 1391->1392
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                            • String ID:
                                            • API String ID: 801014965-0
                                            • Opcode ID: 6ba2aeb5cbc5bc23aab9a516162c53aab4a9e006d365dc7ef0cafc49e58abbcf
                                            • Instruction ID: 67ce4814ce78279d72a23206d993da328827abf4023638930e906dbcac5dfea8
                                            • Opcode Fuzzy Hash: 6ba2aeb5cbc5bc23aab9a516162c53aab4a9e006d365dc7ef0cafc49e58abbcf
                                            • Instruction Fuzzy Hash: 0E418EB1D84354AFDB209FA5DC95AFA7BB8FB09714F20422BF491972A1C7784881CB58
                                            Function 00401C59 Relevance: 15.1, APIs: 10, Instructions: 84synchronizationCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1395 401c59-401ca5 call 4147df * 2 memset 1400 401cb1-401cb4 1395->1400 1401 401ca7-401caa 1395->1401 1402 401cb6 1400->1402 1403 401cbd-401cc3 1400->1403 1401->1400 1402->1403 1404 401cc5 1403->1404 1405 401ccc-401cfd ShowWindow BringWindowToTop call 403022 call 414864 1403->1405 1404->1405 1410 401d14-401d2c ShellExecuteExW 1405->1410 1411 401cff-401d12 ??3@YAXPAX@Z * 2 1405->1411 1413 401d49-401d59 ??3@YAXPAX@Z * 2 1410->1413 1414 401d2e-401d30 1410->1414 1412 401d5b-401d60 1411->1412 1413->1412 1415 401d32-401d37 WaitForSingleObject 1414->1415 1416 401d3d-401d48 CloseHandle 1414->1416 1415->1416 1416->1413
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                            • memset.MSVCRT ref: 00401C7F
                                            • ShowWindow.USER32(0002043E,00000005,?,0041D9F0,00000000), ref: 00401CD7
                                            • BringWindowToTop.USER32(?), ref: 00401CE0
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,0041D9F0,00000000), ref: 00401D02
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,0041D9F0,00000000), ref: 00401D0A
                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00401D24
                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,0041D9F0,00000000), ref: 00401D37
                                            • CloseHandle.KERNEL32(?,?,0041D9F0,00000000), ref: 00401D40
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,0041D9F0,00000000), ref: 00401D4C
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,0041D9F0,00000000), ref: 00401D54
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$Window$??2@BringCloseExecuteHandleObjectShellShowSingleWaitmemset
                                            • String ID:
                                            • API String ID: 1117119541-0
                                            • Opcode ID: dff4abdc5303b9fd1c782baafb5de2873828b693f90045e820f85eb0d88bb0bc
                                            • Instruction ID: 6f8207a67a2572a909a3f2a1a43fdbbd5cf9fef0efaf3e720be5f44350d0943e
                                            • Opcode Fuzzy Hash: dff4abdc5303b9fd1c782baafb5de2873828b693f90045e820f85eb0d88bb0bc
                                            • Instruction Fuzzy Hash: 96318BB1D40208ABDF11EFE5DC89ADEBBB5FF84304F10802AE121B62A5DB785945CF08
                                            Function 00417D32 Relevance: 11.0, APIs: 7, Instructions: 497COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1417 417d32-417d58 _EH_prolog 1418 417d60-417d75 1417->1418 1419 417d5a-417d5c 1417->1419 1420 417d77-417d7a 1418->1420 1421 417d7d-417d82 1418->1421 1419->1418 1420->1421 1422 417d95-417d9c 1421->1422 1423 417d84-417d86 1421->1423 1424 417d9e-417da4 1422->1424 1425 417d88-417d8a 1423->1425 1426 417d8e-417d90 1423->1426 1428 417e14-417e24 call 4023df 1424->1428 1429 417da6-417daa 1424->1429 1425->1426 1427 41834a-41835b 1426->1427 1434 417e33-417e3d ??2@YAPAXI@Z 1428->1434 1435 417e26-417e28 1428->1435 1430 417db0-417db3 1429->1430 1431 417dac-417dae 1429->1431 1433 417db6-417dc5 1430->1433 1431->1433 1436 417e11-417e12 1433->1436 1437 417dc7-417dca 1433->1437 1438 417e4a 1434->1438 1439 417e3f-417e48 call 4161a3 1434->1439 1442 417e2c-417e2e 1435->1442 1436->1424 1440 417dd0-417dd9 1437->1440 1441 417dcc-417dce 1437->1441 1445 417e4c-417e54 1438->1445 1439->1445 1444 417ddc 1440->1444 1441->1440 1441->1444 1442->1427 1447 417ddf-417de2 1444->1447 1448 417e56-417e58 1445->1448 1449 417e5c-417e91 call 4160c9 call 416fe1 ??2@YAPAXI@Z 1445->1449 1450 417e05-417e0e 1447->1450 1451 417de4-417e03 1447->1451 1448->1449 1457 417eb0 1449->1457 1458 417e93-417eae 1449->1458 1450->1436 1451->1447 1459 417eb2-417ebc 1457->1459 1458->1459 1460 417ec4-417ef0 call 4160a2 1459->1460 1461 417ebe-417ec0 1459->1461 1464 417ef3-417f01 call 416097 1460->1464 1461->1460 1467 417f43-417f49 1464->1467 1468 417f03-417f05 1464->1468 1471 417f4b-417f4d 1467->1471 1472 417f8d-417f9e 1467->1472 1469 417f07-417f09 1468->1469 1470 417f0d-417f12 1468->1470 1469->1470 1475 417f14-417f16 1470->1475 1476 417f1a-417f27 call 417cca 1470->1476 1473 417f55-417f5a 1471->1473 1474 417f4f-417f51 1471->1474 1477 417fa0-417fa2 1472->1477 1478 417fa4-417fa7 1472->1478 1480 417f62-417f6f call 417cca 1473->1480 1481 417f5c-417f5e 1473->1481 1474->1473 1475->1476 1489 417f29-417f2b 1476->1489 1490 417f2f-417f34 1476->1490 1479 417faa-417fc0 1477->1479 1478->1479 1483 417fc6-417ff7 1479->1483 1484 418058-418084 call 417d0d 1479->1484 1494 417f71-417f73 1480->1494 1495 417f77-417f7c 1480->1495 1481->1480 1487 417ffa-418001 1483->1487 1499 418086-41808b 1484->1499 1500 4180cb-4180d2 1484->1500 1492 418003-418007 1487->1492 1493 418029-41802f 1487->1493 1489->1490 1496 417f36-417f38 1490->1496 1497 417f3c-417f3e 1490->1497 1501 418009-41800b 1492->1501 1502 41800d-418010 1492->1502 1503 418032-418038 1493->1503 1494->1495 1495->1426 1504 417f82-417f88 1495->1504 1496->1497 1497->1427 1507 418093-418098 1499->1507 1508 41808d-41808e 1499->1508 1505 4180d8-4180e1 1500->1505 1506 41824c-418269 1500->1506 1509 418013-41801c 1501->1509 1502->1509 1503->1484 1510 41803a-418056 1503->1510 1504->1426 1511 4180f1-418138 call 4147df call 4171f6 1505->1511 1512 4180e3-4180ee 1505->1512 1506->1427 1506->1464 1513 4180a0-4180ad call 417cca 1507->1513 1514 41809a-41809b 1507->1514 1508->1507 1509->1493 1515 41801e-418021 1509->1515 1510->1503 1525 41813d-418142 1511->1525 1512->1511 1523 4180b5-4180ba 1513->1523 1524 4180af-4180b1 1513->1524 1514->1513 1515->1493 1519 418023-418027 1515->1519 1519->1487 1523->1442 1526 4180c0-4180c6 1523->1526 1524->1523 1527 418144-41814a 1525->1527 1528 418179-41819a call 417c9b 1525->1528 1526->1442 1527->1528 1529 41814c-41814e 1527->1529 1535 4181f6-4181fa 1528->1535 1536 41819c-4181aa ??3@YAXPAX@Z 1528->1536 1533 418213-41821e ??3@YAXPAX@Z 1529->1533 1534 418154-41816e call 417c9b ??3@YAXPAX@Z 1529->1534 1537 41821f-418221 1533->1537 1548 418174 1534->1548 1549 41823e-418240 1534->1549 1541 418232-41823b ??3@YAXPAX@Z 1535->1541 1542 4181fc-418201 1535->1542 1539 4181b2-4181b7 1536->1539 1540 4181ac-4181ae 1536->1540 1537->1499 1543 418227-41822d 1537->1543 1545 4181b9-4181bb 1539->1545 1546 4181bf-4181c4 1539->1546 1540->1539 1541->1549 1542->1541 1547 418203-418211 1542->1547 1543->1499 1545->1546 1550 4181c6-4181c8 1546->1550 1551 4181cc-4181d9 call 417cca 1546->1551 1547->1533 1547->1541 1548->1537 1553 418242-418243 1549->1553 1554 418248 1549->1554 1550->1551 1558 4181e1-4181e6 1551->1558 1559 4181db-4181dd 1551->1559 1553->1554 1554->1506 1560 4181e8-4181ea 1558->1560 1561 4181ee-4181f1 1558->1561 1559->1558 1560->1561 1561->1427
                                            APIs
                                            • _EH_prolog.MSVCRT ref: 00417D3B
                                            • ??2@YAPAXI@Z.MSVCRT(00000038), ref: 00417E35
                                            • ??2@YAPAXI@Z.MSVCRT(00000038), ref: 00417E87
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,?,?,?,00000000,00000000,00000000,00000000,?,?), ref: 00418163
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,?,?,?,00000000,00000000,00000000,00000000,?,?), ref: 0041819F
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?), ref: 00418216
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,?,?,?,00000000,00000000,00000000,00000000,?,?), ref: 00418235
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@$H_prolog
                                            • String ID:
                                            • API String ID: 417953191-0
                                            • Opcode ID: d9f94478ed17cc2fbb088137a44e0473a855b5a829eb17f9ad1fe0b426c34cf2
                                            • Instruction ID: c1e2ab7089ad07afef8f572a599b18a794d17bcacd5927a223e3947e5adf6a37
                                            • Opcode Fuzzy Hash: d9f94478ed17cc2fbb088137a44e0473a855b5a829eb17f9ad1fe0b426c34cf2
                                            • Instruction Fuzzy Hash: 6A124A70604249DFCB14CF68C894AEA7BB5BF49304F25456EF81A8B351DB39EC86CB58
                                            Function 0040468A Relevance: 10.6, APIs: 7, Instructions: 133stringtimeCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1728 40468a-4046c1 lstrlenW call 414803 call 40420b 1733 4046c3-4046c6 1728->1733 1734 4046c8-4046d3 1728->1734 1733->1734 1735 4046f6-4046ff call 403092 1733->1735 1734->1735 1738 404701-404714 GetSystemTimeAsFileTime GetFileAttributesW 1735->1738 1739 4046e4-4046e6 1735->1739 1742 404716-404722 call 404402 1738->1742 1743 40472b-404734 call 403092 1738->1743 1740 4046d5-4046dc 1739->1740 1741 4046e8-4046ea 1739->1741 1740->1741 1745 4046de-4046e1 1740->1745 1746 4046f0-4046f2 1741->1746 1747 404798-40479c 1741->1747 1742->1743 1758 404724-404726 1742->1758 1755 404785-404788 1743->1755 1756 404736-404743 call 409684 1743->1756 1745->1741 1752 4046e3 1745->1752 1746->1735 1749 4047c8-4047dd call 409684 ??3@YAXPAX@Z 1747->1749 1750 40479e-4047a9 1747->1750 1766 4047df-4047e3 1749->1766 1750->1749 1754 4047ab-4047af 1750->1754 1752->1739 1754->1749 1760 4047b1-4047b6 1754->1760 1763 404745-404764 memcpy 1755->1763 1764 40478a-404796 ??3@YAXPAX@Z 1755->1764 1756->1758 1759 4047bb-4047c6 ??3@YAXPAX@Z 1758->1759 1759->1766 1760->1749 1765 4047b8-4047ba 1760->1765 1768 404766 1763->1768 1769 404777-40477b 1763->1769 1764->1766 1765->1759 1770 404776 1768->1770 1771 404768-40476f 1769->1771 1772 40477d-404783 1769->1772 1770->1769 1771->1772 1773 404771-404774 1771->1773 1772->1743 1773->1770 1773->1772
                                            APIs
                                            • lstrlenW.KERNEL32(?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404699
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                              • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                              • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT(?,?,771B1D70,00000000,?,?,?,?,?,?,?,?,?,?,004060CA,00000000), ref: 00404244
                                            • GetSystemTimeAsFileTime.KERNEL32(00402D14,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404705
                                            • GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 0040470C
                                            • memcpy.MSVCRT(?,0041DA3C,00422869,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404757
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 0040478D
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C), ref: 004047BE
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000001,0000000C,?,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C), ref: 004047D5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$FileTimememcpy$AttributesSystemlstrlenwcsncpy
                                            • String ID:
                                            • API String ID: 1217483450-0
                                            • Opcode ID: c1aab1735b3e41f9eced0e66e94fae73de9fd31691e0de986af2a9a7b4a091e8
                                            • Instruction ID: be3e48701bef0db7d10aa87f87c9b6a307b0c6ea187aa39f9109aeae5b1a0e1c
                                            • Opcode Fuzzy Hash: c1aab1735b3e41f9eced0e66e94fae73de9fd31691e0de986af2a9a7b4a091e8
                                            • Instruction Fuzzy Hash: 5B412BB5900215A6CB20BBA58885ABF73B4EF86704F504537EA02F32C1E73C9D4287DD
                                            Function 0040541A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 80libraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1774 40541a-4054af LoadLibraryA #17 call 41bd00 call 403c85 call 403ce0 * 7 1793 4054b1-4054c3 SHGetSpecialFolderPathW 1774->1793 1794 4054c5-4054e3 wsprintfW call 404f69 1793->1794 1795 40550c-405510 1793->1795 1798 4054e8 1794->1798 1795->1793 1796 405512-405516 1795->1796 1799 4054ea-4054f0 1798->1799 1800 4054f2-4054ff call 404f69 1799->1800 1801 405504-40550a 1799->1801 1800->1801 1801->1795 1801->1799
                                            APIs
                                            • LoadLibraryA.KERNEL32(kernel32,?,?,00000000), ref: 0040542B
                                            • #17.COMCTL32(?,?,00000000), ref: 00405436
                                              • Part of subcall function 00403C85: GetUserDefaultUILanguage.KERNEL32(00405446,?,?,00000000), ref: 00403C8F
                                              • Part of subcall function 00403CE0: GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                              • Part of subcall function 00403CE0: wsprintfW.USER32 ref: 00403D40
                                              • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                              • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D5A
                                              • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00403D75
                                              • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                              • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D8F
                                              • Part of subcall function 00403CE0: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00403DA4
                                              • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00403DB4
                                              • Part of subcall function 00403CE0: SetLastError.KERNEL32(?), ref: 00403DDB
                                              • Part of subcall function 00403CE0: lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                              • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00403E2C
                                              • Part of subcall function 00403CE0: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                              • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00403DD2
                                              • Part of subcall function 00403CE0: _wtol.MSVCRT ref: 00403E6F
                                              • Part of subcall function 00403CE0: MultiByteToWideChar.KERNEL32(00000000,0041E930,00000001,00000000,00000002), ref: 00403E8F
                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000,?,?,00000000), ref: 004054BB
                                            • wsprintfW.USER32 ref: 004054CF
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,0041DDC8,?,?,?,00000000), ref: 00404FD0
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000), ref: 00404FD9
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000), ref: 00404FE1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$ErrorLast$??2@EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLibraryLoadLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
                                            • String ID: SfxFolder%02d$kernel32
                                            • API String ID: 2610933736-229743753
                                            • Opcode ID: 0181fec70e96fd72487d26f3b29db00bc0b48edb727197ac2f6b1c44a9f0e4d8
                                            • Instruction ID: e45f6d1b6f058e368b4ee535d696ebea441a5b3f064171d76d7118da654f54dd
                                            • Opcode Fuzzy Hash: 0181fec70e96fd72487d26f3b29db00bc0b48edb727197ac2f6b1c44a9f0e4d8
                                            • Instruction Fuzzy Hash: 8B21D3B2A0831467D730AF76AD4AB8A7BA8FB84345F40453FF405F61D0DAF84582CA4C
                                            Function 00402766 Relevance: 6.1, APIs: 4, Instructions: 99threadsynchronizationCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1803 402766-40279e call 4023c3 CreateThread 1806 4027a0-4027a7 1803->1806 1807 4027c1-4027cf 1803->1807 1808 4027b3-4027bc WaitForSingleObject 1806->1808 1809 4027a9-4027ae call 408c2e 1806->1809 1810 4027d1-4027d4 1807->1810 1811 402807-402810 1807->1811 1808->1807 1809->1808 1815 4027d6-4027d9 1810->1815 1816 4027fb 1810->1816 1813 402870 1811->1813 1814 402812-402814 1811->1814 1818 402875-402878 1813->1818 1820 402816-402823 GetExitCodeThread 1814->1820 1821 40282e-40283a 1814->1821 1822 4027f7-4027f9 1815->1822 1823 4027db-4027de 1815->1823 1817 4027fd-402805 call 409684 1816->1817 1817->1813 1820->1821 1825 402825-402828 1820->1825 1826 402844-40284f 1821->1826 1827 40283c-40283f 1821->1827 1822->1817 1828 4027e0-4027e3 1823->1828 1829 4027f3-4027f5 1823->1829 1825->1821 1833 40282a-40282c 1825->1833 1830 402851-402858 1826->1830 1831 40285a-402866 SetLastError 1826->1831 1834 402841-402842 1827->1834 1835 4027e5-4027e8 1828->1835 1836 4027ee-4027f1 1828->1836 1829->1817 1830->1813 1830->1831 1837 402868-40286d call 409684 1831->1837 1833->1818 1834->1837 1835->1813 1835->1836 1836->1834 1837->1813
                                            APIs
                                            • CreateThread.KERNELBASE(00000000,00000000,0040266D,?,00000000,00422868), ref: 00402791
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,00402F5E,?,PreExtract,0041DA3C,00422868), ref: 004027B6
                                            • GetExitCodeThread.KERNELBASE(00000000,0041DA3C,?,00402F5E,?,PreExtract,0041DA3C,00422868), ref: 0040281B
                                            • SetLastError.KERNEL32(0041DA3C,?,00402F5E,?,PreExtract,0041DA3C,00422868), ref: 0040285B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Thread$CodeCreateErrorExitLastObjectSingleWait
                                            • String ID:
                                            • API String ID: 2732711357-0
                                            • Opcode ID: 1b51eaa3d26ec7de34c3eda44a3e7a89e55e6884e40329cd3d07ffc2fed94f50
                                            • Instruction ID: 52b85191acae3594b2b3cce7403cca4ac0ffd9d7b5e3f01322180d9e18f1f29e
                                            • Opcode Fuzzy Hash: 1b51eaa3d26ec7de34c3eda44a3e7a89e55e6884e40329cd3d07ffc2fed94f50
                                            • Instruction Fuzzy Hash: 36310976604200BACF396B11DE4DE7B36A4FB85750B20833BF501B62E0DAF8C881D66D
                                            Function 00414529 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1840 414529-414537 1841 414580-414595 _CxxThrowException 1840->1841 1842 414539-41453f 1840->1842 1842->1841 1843 414541-41457d ??2@YAPAXI@Z memcpy ??3@YAXPAX@Z 1842->1843
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,00000000,?,0041465D,?,00414940,00000000,?,?,00000000,00404FC1,?,0041DDC8,?), ref: 00414553
                                            • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?,00000000,?,0041465D,?,00414940,00000000,?,?,00000000,00404FC1), ref: 00414565
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,00000000,00000000,?,00000000,?,0041465D,?,00414940,00000000,?,?,00000000), ref: 0041456C
                                            • _CxxThrowException.MSVCRT(00000000,0041FBDC), ref: 00414590
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@ExceptionThrowmemcpy
                                            • String ID:
                                            • API String ID: 3462485524-0
                                            • Opcode ID: 9f32e8ffe27516e4d59731ea58209775a6af7287ba145dd584578e1f1d8b29e3
                                            • Instruction ID: bad1208c822c5cb59acc694e3c3e07b52318d6ca9f25ae31226294b0ebccef01
                                            • Opcode Fuzzy Hash: 9f32e8ffe27516e4d59731ea58209775a6af7287ba145dd584578e1f1d8b29e3
                                            • Instruction Fuzzy Hash: 14F0F9B22402047FC7149F29DC82D9BF7EDEF40758B11842FF54987102D675A8808B58
                                            Function 00403092 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateDirectoryW.KERNELBASE(00000000,00000000,00000000,-00000001,004046FD,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract), ref: 00403099
                                            • GetLastError.KERNEL32(?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030A3
                                            • SetLastError.KERNEL32(000000B7,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030B3
                                            • GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 004030BE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ErrorLast$AttributesCreateDirectoryFile
                                            • String ID:
                                            • API String ID: 635176117-0
                                            • Opcode ID: c5cc671423ab482ec682e2615689a590c7d79424ef60dffe5937396f84b5532a
                                            • Instruction ID: a770e4f8708b8688440dc55708b068f6f30b91d097a371ede7b7596a26aef620
                                            • Opcode Fuzzy Hash: c5cc671423ab482ec682e2615689a590c7d79424ef60dffe5937396f84b5532a
                                            • Instruction Fuzzy Hash: 65E0DF70B421106BE6201F34AC0CBBB3EAC9F86723F200572F406F02E8D738A902416E
                                            Function 004022F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,00000000,00000000,?,PreExtract,0041DA3C,?,?,00406E9B,?,?,00000000,PreExtract), ref: 00402391
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,00000000,00000000,00000000,?,PreExtract,0041DA3C,?,?,00406E9B,?,?), ref: 004023B4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$memcpy
                                            • String ID: PreExtract
                                            • API String ID: 750647942-1883995278
                                            • Opcode ID: 52f83685f1c84083f7c54d8613a1132cb1ca08bc402b8db5cc9e7b91f9475ac2
                                            • Instruction ID: a2b2535204d0bd1d40afa8a24637eeedcdabe34f3f30c0d4779eef0099d19ea4
                                            • Opcode Fuzzy Hash: 52f83685f1c84083f7c54d8613a1132cb1ca08bc402b8db5cc9e7b91f9475ac2
                                            • Instruction Fuzzy Hash: A7216071810109EBCF18EFA1C986AEEB775EF55714F20446BE901B21D0EB789A85CA98
                                            Function 00405D92 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414839: memcpy.MSVCRT(00000000,00000000,?,?,?,00000000,00402552,?,?,00422788,00402895,00000000,?,00404FA5,?,?), ref: 00414855
                                            • SetEnvironmentVariableW.KERNELBASE(00A7BC80,00000000,00A7BC74,SetEnvironment,00000000,?,00000000), ref: 00405DCC
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00405DD5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@EnvironmentVariablememcpy
                                            • String ID: SetEnvironment
                                            • API String ID: 357128876-360490078
                                            • Opcode ID: 1ac5f1f97e4f3c32b998e43d765b040d78eecc16947c32a8e13cdb82ca0686e7
                                            • Instruction ID: 2e0a3868ca799af050514896d9321bb707874ea1176aa78625a46d01673c73f0
                                            • Opcode Fuzzy Hash: 1ac5f1f97e4f3c32b998e43d765b040d78eecc16947c32a8e13cdb82ca0686e7
                                            • Instruction Fuzzy Hash: F0F05831A04028BFCB10AB98ED4188EB7B4EF44304B80807AE411A7162DB70E942DF8A
                                            Function 00403ECA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetProcAddress.KERNEL32(GetNativeSystemInfo), ref: 00403EDB
                                            • GetNativeSystemInfo.KERNELBASE(?,?,?,00403EFA,004060E6,00000001,00000001,00000000,?,00000000), ref: 00403EE9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: AddressInfoNativeProcSystem
                                            • String ID: GetNativeSystemInfo
                                            • API String ID: 2220751540-3949249589
                                            • Opcode ID: e22f0686ebb65b25f7cdc175e6ec18776ede25488796abf719b58fa9f8d677af
                                            • Instruction ID: 1a34752c2e7cb131041ffb1cf8b4a571675c73488951d52ca8f01a361a8aad4f
                                            • Opcode Fuzzy Hash: e22f0686ebb65b25f7cdc175e6ec18776ede25488796abf719b58fa9f8d677af
                                            • Instruction Fuzzy Hash: D4D0A7607042096ACB14DF71BD029DA77F896486487100174F802F00D0EAB9DD41D3A4
                                            Function 0041AE02 Relevance: 4.7, APIs: 3, Instructions: 220COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00418567: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,0041AE17), ref: 00418597
                                              • Part of subcall function 00418567: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,0041AE17), ref: 004185A8
                                            • ??2@YAPAXI@Z.MSVCRT(?), ref: 0041AF6B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,40000000,?,?,?), ref: 0041AF89
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,40000000,?,?,?,40000000), ref: 0041B0D0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@
                                            • String ID:
                                            • API String ID: 4113381792-0
                                            • Opcode ID: ee76b408b006e47b5ff78c96c0c3630888d13d3fcefff122e8e254344b731e43
                                            • Instruction ID: 7441eaed24261cedb068acf738b6ac121ac43d6cfe962bcb2839a80aef5be465
                                            • Opcode Fuzzy Hash: ee76b408b006e47b5ff78c96c0c3630888d13d3fcefff122e8e254344b731e43
                                            • Instruction Fuzzy Hash: 4C918C70A01606AFCF25DFA4C590AEEFBB1BF08304F10452EE45593311D779AAA1CB9A
                                            Function 00419328 Relevance: 4.6, APIs: 3, Instructions: 150COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00008000), ref: 0041936F
                                            • memmove.MSVCRT(?,00000000,00000020), ref: 00419440
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00419454
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@memmove
                                            • String ID:
                                            • API String ID: 3828600508-0
                                            • Opcode ID: b271e67baa8bee9b0f4cd7ad9dec2ae75600884fc5240f88bc26d7e75292ac7e
                                            • Instruction ID: e12da01f2eb493b1a38a8d6fc4e21457148e6801041be196bfadcbe32c4ccdd3
                                            • Opcode Fuzzy Hash: b271e67baa8bee9b0f4cd7ad9dec2ae75600884fc5240f88bc26d7e75292ac7e
                                            • Instruction Fuzzy Hash: A051D471E04115ABEF28CA54C864AEF77B5AF49304F14806EDC1AA7381D779ED82C798
                                            Function 00404D7F Relevance: 4.6, APIs: 3, Instructions: 139COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00403ECA: GetProcAddress.KERNEL32(GetNativeSystemInfo), ref: 00403EDB
                                              • Part of subcall function 00403ECA: GetNativeSystemInfo.KERNELBASE(?,?,?,00403EFA,004060E6,00000001,00000001,00000000,?,00000000), ref: 00403EE9
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404EF2
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404EFA
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404F02
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$AddressInfoNativeProcSystem
                                            • String ID:
                                            • API String ID: 3731959171-0
                                            • Opcode ID: ab354cc5e28bab190b208fe8dee5894adaf34b6abae77628a8cceaf9d6bd5a61
                                            • Instruction ID: 22c72f549c8d9d607ce2050e0226bf1ce9e8af4da17dc6dbc20fb89fd3f62798
                                            • Opcode Fuzzy Hash: ab354cc5e28bab190b208fe8dee5894adaf34b6abae77628a8cceaf9d6bd5a61
                                            • Instruction Fuzzy Hash: 164132B1E0110EAACF04EF95C8819EFB77ABF84308F14412BE51577295DB3C5A46CB98
                                            Function 00404F69 Relevance: 4.5, APIs: 3, Instructions: 46COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                              • Part of subcall function 0040287B: ??2@YAPAXI@Z.MSVCRT(00000018,?,00404FA5,?,?,?,00000000,?,?,?,?,?,?,?,?,004054E8), ref: 00402880
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000), ref: 00404FD9
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000), ref: 00404FE1
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,0041DDC8,?,?,?,00000000), ref: 00404FD0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@memcpy
                                            • String ID:
                                            • API String ID: 2235277842-0
                                            • Opcode ID: c8b9ab7f51d7d8cae6bd544598e1e0b839a7c7da725c81bb16a064b31e4d03e7
                                            • Instruction ID: fc08fd5c24866c8ebc5dfe11f5edadf40fe53fe3582eff0921cdab556b5fa8e0
                                            • Opcode Fuzzy Hash: c8b9ab7f51d7d8cae6bd544598e1e0b839a7c7da725c81bb16a064b31e4d03e7
                                            • Instruction Fuzzy Hash: EC014C769001186ACB04F6A6E8529DE77B59FC4708F10406FF501720D1AE795E84CA5C
                                            Function 00414864 Relevance: 4.5, APIs: 3, Instructions: 44COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                            • memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@memcpy
                                            • String ID:
                                            • API String ID: 1695611338-0
                                            • Opcode ID: 8a342bb5f170cdc3b6cb2cea3742918612eb5f6ed7485568abdc1c6d97709e4e
                                            • Instruction ID: 41b234041f6f91087d42b0e57e97fd4fa0d4009db4bb1be59154aa6f59a166d2
                                            • Opcode Fuzzy Hash: 8a342bb5f170cdc3b6cb2cea3742918612eb5f6ed7485568abdc1c6d97709e4e
                                            • Instruction Fuzzy Hash: A4F028776402157BC714AF66DC4189BF7B8FB84750B10C53FF11983241E774E8908B98
                                            Function 00419169 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,?,004196DA,?,?,004199A8,?,?,?), ref: 00419190
                                            • memcpy.MSVCRT(00000000,?,?,?,00000000,?,004196DA,?,?,004199A8,?,?,?), ref: 004191A6
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,004196DA,?,?,004199A8,?,?,?), ref: 004191B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@memcpy
                                            • String ID:
                                            • API String ID: 1695611338-0
                                            • Opcode ID: 0de9572642006534a387d85bc7777eadac5586fde19759b55b647a827d44bac9
                                            • Instruction ID: eb2dd3b03b094aa86f580063ad8c4d0bc27e60eebe5b17c5070338e7d839dc1f
                                            • Opcode Fuzzy Hash: 0de9572642006534a387d85bc7777eadac5586fde19759b55b647a827d44bac9
                                            • Instruction Fuzzy Hash: 51F0E9723402016BE7289B2DEC55867F3E9EF88714314452FF48AC6291EB759CC08A18
                                            Function 00402565 Relevance: 4.5, APIs: 3, Instructions: 16COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(04642B70,00000003,00405F05,00000001,?,00422844,004064C9,00000000,00422844,00422844), ref: 0040256B
                                            • ??3@YAXPAX@Z.MSVCRT(004227A0,04642B70,00000003,00405F05,00000001,?,00422844,004064C9,00000000,00422844,00422844), ref: 00402572
                                            • ??3@YAXPAX@Z.MSVCRT(004227A0,00000003,00405F05,00000001,?,00422844), ref: 00402581
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 7dbb93740365e90a040355f991de0436f65578732d95a5632698f13562009b00
                                            • Instruction ID: 334385da2bad53f91c1efd3fd60114aff8a744570c2a42595eac9cdc1e1cb50b
                                            • Opcode Fuzzy Hash: 7dbb93740365e90a040355f991de0436f65578732d95a5632698f13562009b00
                                            • Instruction Fuzzy Hash: 0FD022362882743AD2253614FC42ACBA7E08F00B28F20092FF880600D38FEA2CC04A8C
                                            Function 004030D6 Relevance: 3.9, APIs: 3, Instructions: 125stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenA.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00A70F28,00000000,?,00404E00,?,?,?,?,?), ref: 0040310D
                                            • lstrlenA.KERNEL32(00A70F28,?,00000000,00000000,00000000,00000000,?,00A70F28,00000000,?,00404E00,?,?,?,?,?), ref: 00403115
                                            • memmove.MSVCRT(?,?,00A70F28,?,?,00001000,00A70F28,?,00000000,00000000,00000000,00000000,?,00A70F28,00000000), ref: 004031F8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: lstrlen$memmove
                                            • String ID:
                                            • API String ID: 1832346882-0
                                            • Opcode ID: 5822003b85987e6036de6aec5d2bc904ab5e1e21d5ee4ecd78f4138bcaa71753
                                            • Instruction ID: 93814ce0f0a0d2477efb8002a8279e42b82102d5932b68c1d783b4d7f2fd7925
                                            • Opcode Fuzzy Hash: 5822003b85987e6036de6aec5d2bc904ab5e1e21d5ee4ecd78f4138bcaa71753
                                            • Instruction Fuzzy Hash: D5412871D04258AFCB14CFA9D8808EEBBB9FF48351F1480AAE815B7341D7789E46CB64
                                            Function 004075CF Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                            • KiUserCallbackDispatcher.NTDLL(00000010), ref: 00407611
                                            • GetSystemMetrics.USER32(00000011), ref: 0040761F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@CallbackDispatcherMetricsSystemUser
                                            • String ID:
                                            • API String ID: 145748454-0
                                            • Opcode ID: 80a77b5a3344e25ea2b7d0931445c3057c7d5eaafae3869ce9cddb487c245e27
                                            • Instruction ID: 6ce0d3d2a294cc817c3ed94d35c4e8eadf3e8454e0af582e39282335f7eac732
                                            • Opcode Fuzzy Hash: 80a77b5a3344e25ea2b7d0931445c3057c7d5eaafae3869ce9cddb487c245e27
                                            • Instruction Fuzzy Hash: 14F01DB0A00B019FD3B0EF7D9D00686BBE5BB48310B458A3FD596C3690E7B4E4468F59
                                            Function 00413E3A Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFilePointer.KERNELBASE(?,?,?,?), ref: 00413E56
                                            • GetLastError.KERNEL32(?,?,?,?), ref: 00413E63
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ErrorFileLastPointer
                                            • String ID:
                                            • API String ID: 2976181284-0
                                            • Opcode ID: 007787c2f3829a3ae304c77fe7b9cc5777807232d41288a06886aba40bf6d8ab
                                            • Instruction ID: e393e3b0b581c03f2e1373165af33d27313eb1f81299ccbe74c3423d21431cf3
                                            • Opcode Fuzzy Hash: 007787c2f3829a3ae304c77fe7b9cc5777807232d41288a06886aba40bf6d8ab
                                            • Instruction Fuzzy Hash: 27F03AB5A00318AF8F00CF68DC049DB7BE9AF49320B148169E816D73A1E635DE51EBA4
                                            Function 0041B226 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00416F6D,00000000,?), ref: 0041B239
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?,?,?,00416F6D,00000000,?), ref: 0041B256
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@
                                            • String ID:
                                            • API String ID: 1936579350-0
                                            • Opcode ID: 2cfa660fe6f7fac823f1ae4d979cc7aa9200c99f3a767b1a972de15e44704aa0
                                            • Instruction ID: e22e843e071802c45c300825b39fb764c5af2a204e74e013a6ab517e38204655
                                            • Opcode Fuzzy Hash: 2cfa660fe6f7fac823f1ae4d979cc7aa9200c99f3a767b1a972de15e44704aa0
                                            • Instruction Fuzzy Hash: A2E065736446015FD3245B19D80676BF3E4DF90731F20C82FE196821A1DBB4A8808A58
                                            Function 0040BBD0 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,?,?,00419B33,00000000,00000000,00000000,00000000), ref: 0040BBE4
                                            • ??2@YAPAXI@Z.MSVCRT(?,?,?,00419B33,00000000,00000000,00000000,00000000), ref: 0040BBFE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@
                                            • String ID:
                                            • API String ID: 1936579350-0
                                            • Opcode ID: c2d4a62f8ba585bdcf8b177ff429e4b90b918fbb647320e0ee48b58ed27f5a8b
                                            • Instruction ID: 5ed06a90d08b52c28a38b6780b7d7ac036870b3c5f0c537b2999110f7677fe24
                                            • Opcode Fuzzy Hash: c2d4a62f8ba585bdcf8b177ff429e4b90b918fbb647320e0ee48b58ed27f5a8b
                                            • Instruction Fuzzy Hash: 7BE012B65006119BD3309F159941757F7E4DF90B10F15883EE89993341E778FC45CBA9
                                            Function 00416C5F Relevance: 2.6, APIs: 2, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnterCriticalSection.KERNEL32(?), ref: 00416C6E
                                            • LeaveCriticalSection.KERNEL32(?), ref: 00416C9F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeave
                                            • String ID:
                                            • API String ID: 3168844106-0
                                            • Opcode ID: 80b0caaff10c416497a586019b2a9d69b27888ac1aed855ea2cae2a1bb9cdcd0
                                            • Instruction ID: 4f6a01db9a79f93195a0f3714a2cbc373184e23470928e7da344a92c66c74959
                                            • Opcode Fuzzy Hash: 80b0caaff10c416497a586019b2a9d69b27888ac1aed855ea2cae2a1bb9cdcd0
                                            • Instruction Fuzzy Hash: AD2116752007009FCB28CF55D884EA7B7B9FF88314B158A5DE89A8B761D371F841CBA4
                                            Function 00418B0C Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                            Download Yara Rule
                                            APIs
                                            • _EH_prolog.MSVCRT ref: 00418B11
                                              • Part of subcall function 0041B0DD: _EH_prolog.MSVCRT ref: 0041B0E2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: b48e2961efca33cdc268dc06a9db708dae6e35986a8212076dca9429ba69aabe
                                            • Instruction ID: 224d0b28c9c96a8b720adceb05dc78df915ef04c78251989e0adf3722648e023
                                            • Opcode Fuzzy Hash: b48e2961efca33cdc268dc06a9db708dae6e35986a8212076dca9429ba69aabe
                                            • Instruction Fuzzy Hash: CC418871600609AFCB21CF64C884BDBB7B9AF44304F0444AEF84ADB251DB39ED81CB64
                                            Function 00405319 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004143C2: ??2@YAPAXI@Z.MSVCRT(00000004,00422844,004064BF,00000000,00422844,00422844), ref: 004143CA
                                              • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404EF2
                                              • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404EFA
                                              • Part of subcall function 00404D7F: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404F02
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 0040535D
                                              • Part of subcall function 00409684: wvsprintfW.USER32(?,00000000,?), ref: 004096A7
                                              • Part of subcall function 00409684: GetLastError.KERNEL32 ref: 004096B8
                                              • Part of subcall function 00409684: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,00A70F28), ref: 004096E0
                                              • Part of subcall function 00409684: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,00A70F28), ref: 004096F5
                                              • Part of subcall function 00409684: lstrlenW.KERNEL32(?), ref: 00409708
                                              • Part of subcall function 00409684: lstrlenW.KERNEL32(?), ref: 0040970F
                                              • Part of subcall function 00409684: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00409724
                                              • Part of subcall function 00409684: lstrcpyW.KERNEL32(00000000,?), ref: 0040973A
                                              • Part of subcall function 00409684: lstrcpyW.KERNEL32(-00000002,?), ref: 0040974C
                                              • Part of subcall function 00409684: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00409756
                                              • Part of subcall function 00409684: LocalFree.KERNEL32(?), ref: 0040975F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@FormatMessagelstrcpylstrlen$ErrorFreeLastLocalwvsprintf
                                            • String ID:
                                            • API String ID: 3247304187-0
                                            • Opcode ID: 93f40d67aa109313e1a451737b83f3a12af517dae8df780da4187817142a4ad6
                                            • Instruction ID: d99cd7d07d450def43454dd97523081ea0e1bff39705ecaa915bff4ace688a24
                                            • Opcode Fuzzy Hash: 93f40d67aa109313e1a451737b83f3a12af517dae8df780da4187817142a4ad6
                                            • Instruction Fuzzy Hash: FA01D271604608AEEF14AAA49CC19BF7368EB10388F04447FF911371C2DAB95E048A9C
                                            Function 0041B0DD Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: 667eae066e17802bf22880d5056c4320b86ac6ca1fb471da5ead366e8fa87735
                                            • Instruction ID: 7f33fe341473cbd1ce67957057ba73322e56dc0cdd0527969264fce869e679db
                                            • Opcode Fuzzy Hash: 667eae066e17802bf22880d5056c4320b86ac6ca1fb471da5ead366e8fa87735
                                            • Instruction Fuzzy Hash: 25F0FF32540248BFDB21CF58C986BDEBBB1EB00368F08855EF80592261C3799990CBA5
                                            Function 00402616 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFileAttributesW.KERNELBASE(?,?), ref: 00402661
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: a28be809fa9ab79a0897c62f78f4a26379a6b73b8bf55d8bc806f67d25aeb99a
                                            • Instruction ID: 6cf0ddfa01fcbce09b7e389e4c5c56029533664a16282a392a40bbe03859dc31
                                            • Opcode Fuzzy Hash: a28be809fa9ab79a0897c62f78f4a26379a6b73b8bf55d8bc806f67d25aeb99a
                                            • Instruction Fuzzy Hash: 23F017316046019BD721DF64C948B53B7F5FF48305F04492EE08BA66E0D7BAE886CB18
                                            Function 00413F11 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteFile.KERNELBASE(00000008,00000000,?,00000000,00000000,00000008,?,00413F6D,00000000,?,00000000,00000000,00000000,?,004150F6,?), ref: 00413F34
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: FileWrite
                                            • String ID:
                                            • API String ID: 3934441357-0
                                            • Opcode ID: 3a43fcd7a99af802a65fe0958aaff3322480c322af35340799bb3ec2915328cf
                                            • Instruction ID: fd1ae6b77783b795d97a4e81ca98d7cd0469b694618befc36694788b860b91b1
                                            • Opcode Fuzzy Hash: 3a43fcd7a99af802a65fe0958aaff3322480c322af35340799bb3ec2915328cf
                                            • Instruction Fuzzy Hash: 2FE03275A00208FBCB00CF90C800BCE7BB9AB08314F10C028F8048A260C3799A50DF14
                                            Function 00413FD8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00413DDA: CloseHandle.KERNEL32(004227B8,00000014,00413FE3,00000000,?,00414029,004227B8,80000000,00000000,00000000,00000000,0041404C,00000000,004227B8,00000003,00000080), ref: 00413DE5
                                            • CreateFileW.KERNELBASE(004227B8,0040995F,00000000,00000000,004227B8,0041405A,00000000,00000000,?,00414029,004227B8,80000000,00000000,00000000,00000000,0041404C), ref: 00413FFA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: CloseCreateFileHandle
                                            • String ID:
                                            • API String ID: 3498533004-0
                                            • Opcode ID: 5ea8ab8a2c0165d1c32804d1041ac21f8da3c3234316c2d1c2c91c72e9c780df
                                            • Instruction ID: 25576dffacfddd49299a2c5938d5f916c6c0a3737d2a1d54cb842f78843bf2a4
                                            • Opcode Fuzzy Hash: 5ea8ab8a2c0165d1c32804d1041ac21f8da3c3234316c2d1c2c91c72e9c780df
                                            • Instruction Fuzzy Hash: 47E08632100219BBCF211FA49C02BCA3F56AF18360F108116FB11561E0C772D4B0AB94
                                            Function 0040709F Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: _beginthreadex
                                            • String ID:
                                            • API String ID: 3014514943-0
                                            • Opcode ID: 0001c2751ec5b38c2fdd8770f8b250f083c030f0baebac9fc5d5da33beea9271
                                            • Instruction ID: f66fee764f537c73dd3179b80b905b367c327d96f84bf69b71a8138a202bd0f1
                                            • Opcode Fuzzy Hash: 0001c2751ec5b38c2fdd8770f8b250f083c030f0baebac9fc5d5da33beea9271
                                            • Instruction Fuzzy Hash: B3D05EF29002087FDB00AFA4DC05CBB7A9CDA45250700853AFD48C7201E5759D5087E5
                                            Function 0041B7F3 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: H_prolog
                                            • String ID:
                                            • API String ID: 3519838083-0
                                            • Opcode ID: d1727efda0c4b3b7849c279a65210e5fbc1f0a71b716a477c678de3a4255fa1b
                                            • Instruction ID: 20a8a3e65162e8bcb76f9d772fe387cab7fb7559672222b94c1ca754f3465e33
                                            • Opcode Fuzzy Hash: d1727efda0c4b3b7849c279a65210e5fbc1f0a71b716a477c678de3a4255fa1b
                                            • Instruction Fuzzy Hash: 46E08671A40204BAD714DB89CC477DEB778EB40765F10422FB01161180D3781A008665
                                            Function 00413EA1 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 00413EB7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: FileRead
                                            • String ID:
                                            • API String ID: 2738559852-0
                                            • Opcode ID: aaa7fc0bee448c6a2f67fcdb91d4647745e8fe0572ea30e5d88b75afb862a541
                                            • Instruction ID: 9b454950ea75836eca7fe91a31d8659671653d16dcec92d246dd104a82401603
                                            • Opcode Fuzzy Hash: aaa7fc0bee448c6a2f67fcdb91d4647745e8fe0572ea30e5d88b75afb862a541
                                            • Instruction Fuzzy Hash: E2E0EC75600208FFDB01CF90CD01FDE7BBEEB49758F208058E90496160C775DA10EB54
                                            Function 00413EE4 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetFileTime.KERNELBASE(?,?,?,?,00413F0E,00000000,00000000,?,00402644,?), ref: 00413EF2
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: FileTime
                                            • String ID:
                                            • API String ID: 1425588814-0
                                            • Opcode ID: 3c5d57e2c48a45a692d10b1dc98720b6952046f07c608b6af34a0fcbf2fb381c
                                            • Instruction ID: e0d35bd63a854c57eee69d76631bc9c38302ce33a3f2f21c2b12c5388e97b13e
                                            • Opcode Fuzzy Hash: 3c5d57e2c48a45a692d10b1dc98720b6952046f07c608b6af34a0fcbf2fb381c
                                            • Instruction Fuzzy Hash: FBC04C36158105FFCF020FB0CC04C1ABFA2AB99315F10C918B159C4070C7368024EB02
                                            Function 00414D40 Relevance: 1.3, APIs: 1, Instructions: 45COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000080), ref: 00414D74
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@
                                            • String ID:
                                            • API String ID: 1033339047-0
                                            • Opcode ID: c9ec1e7d60dbc41de4b4dc85d0bf502aa17264cf1567dda96ede060e56c390ac
                                            • Instruction ID: 5edf3f1fb672799f49ba0526fdd6b9ccaa23ad6701a352af434fa93b9d380a19
                                            • Opcode Fuzzy Hash: c9ec1e7d60dbc41de4b4dc85d0bf502aa17264cf1567dda96ede060e56c390ac
                                            • Instruction Fuzzy Hash: 0201DB71600214BFCF01AFA6C885CDFBBA9EF84754B10801AF4055B351E6749D408BD4
                                            Function 00401303 Relevance: 1.3, APIs: 1, Instructions: 44COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(0000000C,?,00000000,004066DB,?,00000000), ref: 00401316
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@
                                            • String ID:
                                            • API String ID: 1033339047-0
                                            • Opcode ID: d568ab9f4ebca7e87c9ba0dfb6d9234b1075e8d8316e2dbfc2761b391acf0918
                                            • Instruction ID: a51787965d0bc3bdbe74b998de211b2743835052462f3d0f1d26fd9b701dad35
                                            • Opcode Fuzzy Hash: d568ab9f4ebca7e87c9ba0dfb6d9234b1075e8d8316e2dbfc2761b391acf0918
                                            • Instruction Fuzzy Hash: 45F0C8B1500221AFD7189F65D80AD977B99EF85710315C46FF406CB3A1D7B4EC82C668
                                            Function 00414EF1 Relevance: 1.3, APIs: 1, Instructions: 38COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?), ref: 00414F1E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID:
                                            • API String ID: 1452528299-0
                                            • Opcode ID: bef10e7e2a07b9f5c5ee5c354b4214a9f3a8dc7b1ff6031b8d50112c379913c8
                                            • Instruction ID: b1376db512650cee24e8a0985b829a0f1c4315c93205b2e563ae2ffb9e13b3f5
                                            • Opcode Fuzzy Hash: bef10e7e2a07b9f5c5ee5c354b4214a9f3a8dc7b1ff6031b8d50112c379913c8
                                            • Instruction Fuzzy Hash: 68F0697120021AABCB20CF10CC00AE777A9BF80324F14456AB806CB360D739E897DB58
                                            Function 004145F1 Relevance: 1.3, APIs: 1, Instructions: 22COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00000000,00000000,00414849,?,?,00000000,00402552,?,?,00422788,00402895,00000000,?,00404FA5,?), ref: 0041460E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@
                                            • String ID:
                                            • API String ID: 1033339047-0
                                            • Opcode ID: 1592077469f59dc2a982e2a25b3f2183c7f87ab65bdc189c32b015546c477fe9
                                            • Instruction ID: d4bf1e77843ac4ffc9d6de96a583b5b6222411ff98e089cd5882ee9a91c2c0ea
                                            • Opcode Fuzzy Hash: 1592077469f59dc2a982e2a25b3f2183c7f87ab65bdc189c32b015546c477fe9
                                            • Instruction Fuzzy Hash: A8E012735452116FD3288F2ED507A97F7E8EFD0720F14C92FE59AC72A0DAB4A8818A54
                                            Function 0041BE40 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,004152E1), ref: 0041BE51
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 22032155c9183e28adb1f52440ec07b95b4e3d2f57ec60f8ae89b3c08762bae8
                                            • Instruction ID: acb135da47796bf22734778030a0ffbf7a4206f64c6a4a795cd6af5e279b245b
                                            • Opcode Fuzzy Hash: 22032155c9183e28adb1f52440ec07b95b4e3d2f57ec60f8ae89b3c08762bae8
                                            • Instruction Fuzzy Hash: EBB012F07D134035FF684320CC0BFE72410A344B4BF104068B301E90C4E7D05440505C
                                            Function 0040D5B0 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000300), ref: 0040D5B5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@
                                            • String ID:
                                            • API String ID: 1033339047-0
                                            • Opcode ID: d5664211f45c2e084bbf6d1184a72e804f8995e1e521b5348d367dd2286d1944
                                            • Instruction ID: cfc40fa49238076e08df3960416fe639b5448c7fd2f3331922510665e82efbaf
                                            • Opcode Fuzzy Hash: d5664211f45c2e084bbf6d1184a72e804f8995e1e521b5348d367dd2286d1944
                                            • Instruction Fuzzy Hash: 64B01290FB9101F6EA0410B11E2332B10C40741B45F04187B9C03E46C2FD68DD0C512B
                                            Function 0041BE10 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: 66cf8d5545a740dad15543452bf8420ea65b41da3c9faaad57c398a04622ebbf
                                            • Instruction ID: a99900dced4b3d94408e193d7e854b8781f3078c90807f01ec2a5ee1b4dfafb1
                                            • Opcode Fuzzy Hash: 66cf8d5545a740dad15543452bf8420ea65b41da3c9faaad57c398a04622ebbf
                                            • Instruction Fuzzy Hash: B2B012F051110102DE1C07347C040D732506650607BC048B8B402C0210F729C425504D
                                            Function 0041BE80 Relevance: 1.3, APIs: 1, Instructions: 8COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: malloc
                                            • String ID:
                                            • API String ID: 2803490479-0
                                            • Opcode ID: ca24d3bf4cc2db8d3e160cb20dd14b889eabe10d449740db5881849cc31842ca
                                            • Instruction ID: 9d0265dfb37a9864b687b7e6398dff5a3f2c0bb0c41e27f4d46130ed5ce6b560
                                            • Opcode Fuzzy Hash: ca24d3bf4cc2db8d3e160cb20dd14b889eabe10d449740db5881849cc31842ca
                                            • Instruction Fuzzy Hash: A2B012E8D4010102DA0407347C040D33272B7E06067C4C8B4B40180114FB38C024A04D
                                            Function 0041BE60 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,004152DA), ref: 0041BE6C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: e232632fe293ff23287d9c76e63ac30f1885b462abd3b624660c24e6dc4983ca
                                            • Instruction ID: 5a0e45df0b9e3ce07833d2d307a6ca80aa43b70fd88c11b2272045b6d040e14e
                                            • Opcode Fuzzy Hash: e232632fe293ff23287d9c76e63ac30f1885b462abd3b624660c24e6dc4983ca
                                            • Instruction Fuzzy Hash: CDB012B074130062ED3803210D05BD727005701701F1080183B01640C08798E404854C
                                            Function 0041BE30 Relevance: 1.3, APIs: 1, Instructions: 4COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: 5bb76444f12f6ac46b839af03aa649dedf6af210799dfe73033db5ebb4548707
                                            • Instruction ID: 87b19333b2ef4116d6254c4bc8fef081bf6be047992dbd34729973d037981491
                                            • Opcode Fuzzy Hash: 5bb76444f12f6ac46b839af03aa649dedf6af210799dfe73033db5ebb4548707
                                            • Instruction Fuzzy Hash:
                                            Function 0041BEA1 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: free
                                            • String ID:
                                            • API String ID: 1294909896-0
                                            • Opcode ID: fe7d6081d7d7cee6f39f354d3d23d24cdc014e2121fbf16be8563e7553237ba4
                                            • Instruction ID: 4f63a7a6c6c64434434c40c10d9112b548cdf13d56a46577236c02296c3fb01f
                                            • Opcode Fuzzy Hash: fe7d6081d7d7cee6f39f354d3d23d24cdc014e2121fbf16be8563e7553237ba4
                                            • Instruction Fuzzy Hash:

                                            Non-executed Functions

                                            Function 00405729 Relevance: 40.4, APIs: 3, Strings: 20, Instructions: 185stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrcmpiW.KERNEL32(00000000,0041EAFC,?,00422148,?,?,004065DA,?,00000000), ref: 004057EA
                                            • _wtol.MSVCRT ref: 004058BA
                                            • _wtol.MSVCRT ref: 004058D3
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                              • Part of subcall function 00403CE0: GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                              • Part of subcall function 00403CE0: wsprintfW.USER32 ref: 00403D40
                                              • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                              • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D5A
                                              • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00403D75
                                              • Part of subcall function 00403CE0: GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                              • Part of subcall function 00403CE0: GetLastError.KERNEL32 ref: 00403D8F
                                              • Part of subcall function 00403CE0: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00403DA4
                                              • Part of subcall function 00403CE0: ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00403DB4
                                              • Part of subcall function 00403CE0: SetLastError.KERNEL32(?), ref: 00403DDB
                                              • Part of subcall function 00403CE0: lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                              • Part of subcall function 00403CE0: ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00403E2C
                                              • Part of subcall function 00403CE0: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                              • Part of subcall function 004055E3: _wtol.MSVCRT ref: 00405580
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ErrorLast$??2@_wtol$??3@EnvironmentVariablelstrcmpimemcpy$InfoLocalelstrlenwsprintf
                                            • String ID: CancelPrompt$ErrorTitle$ExtractCancelText$ExtractDialogText$ExtractDialogWidth$ExtractPathText$ExtractPathTitle$ExtractPathWidth$ExtractTitle$GUIFlags$GUIMode$MiscFlags$OverwriteMode$PasswordText$PasswordTitle$Progress$Title$VolumeNameStyle$WarningTitle$\(B
                                            • API String ID: 730802180-3274096255
                                            • Opcode ID: 4913305cdd4d8d816ceef7353569ed64abbb5de1f3083bffcd8f5a9aa583c26b
                                            • Instruction ID: 01810da2686b2e6648b7138d9e83176c772a0bf1dd2896189787ed4a5fe29933
                                            • Opcode Fuzzy Hash: 4913305cdd4d8d816ceef7353569ed64abbb5de1f3083bffcd8f5a9aa583c26b
                                            • Instruction Fuzzy Hash: 4B5192F1F00612AAD728FB775A1166B66D6DBC4344B44C03F9A09E72D5EFBCC8428A1C
                                            Function 00403CE0 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 148stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,00000000), ref: 00403D2F
                                            • wsprintfW.USER32 ref: 00403D40
                                            • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00403D55
                                            • GetLastError.KERNEL32 ref: 00403D5A
                                            • ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00403D75
                                            • GetEnvironmentVariableW.KERNEL32(?,00000000,?), ref: 00403D88
                                            • GetLastError.KERNEL32 ref: 00403D8F
                                            • lstrcmpiW.KERNEL32(00000000,00000000), ref: 00403DA4
                                            • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00403DB4
                                            • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00403DD2
                                            • SetLastError.KERNEL32(?), ref: 00403DDB
                                            • lstrlenA.KERNEL32(0041E930), ref: 00403E11
                                            • ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00403E2C
                                            • GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 00403E5E
                                            • _wtol.MSVCRT ref: 00403E6F
                                            • MultiByteToWideChar.KERNEL32(00000000,0041E930,00000001,00000000,00000002), ref: 00403E8F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ErrorLast$??2@??3@EnvironmentVariable$ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
                                            • String ID: SfxString%d$X!B
                                            • API String ID: 2117570002-850189017
                                            • Opcode ID: 4bb4d071360a20605854eea4eab349b201c8f1be64c32579c03597904eb92ed7
                                            • Instruction ID: 68e66196db71daaa07867c957ec585132196606c956435e67b7422de32b8828f
                                            • Opcode Fuzzy Hash: 4bb4d071360a20605854eea4eab349b201c8f1be64c32579c03597904eb92ed7
                                            • Instruction Fuzzy Hash: 71519171A00205BFDB20DF64DE45DAB7BBCEF44741F50453AE206E6290EBB4AE61CB58
                                            Function 00409332 Relevance: 28.6, APIs: 19, Instructions: 149windowcomtimeCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004079B7: GetDlgItem.USER32(?,?), ref: 004079C4
                                              • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                            • GetDlgItem.USER32(?,000004B8), ref: 0040935F
                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040936E
                                            • GetDlgItem.USER32(?,000004B4), ref: 00409395
                                              • Part of subcall function 0040790B: SetWindowTextW.USER32(00000000,00000000), ref: 00407913
                                              • Part of subcall function 0040885E: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00408896
                                              • Part of subcall function 0040885E: GetDlgItem.USER32(?,000004B8), ref: 004088BA
                                              • Part of subcall function 0040885E: SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 004088C7
                                              • Part of subcall function 0040885E: wsprintfW.USER32 ref: 004088E7
                                              • Part of subcall function 0040885E: GetDlgItem.USER32(?,000004B5), ref: 00408905
                                              • Part of subcall function 0040885E: ??3@YAXPAX@Z.MSVCRT(?), ref: 00408993
                                              • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                              • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                              • Part of subcall function 00408E57: GetSystemMetrics.USER32(00000032), ref: 00408E98
                                              • Part of subcall function 00408E57: GetSystemMetrics.USER32(00000031), ref: 00408E9D
                                              • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                              • Part of subcall function 00408E57: LoadImageW.USER32(00000000), ref: 00408EA9
                                              • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                              • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408EEF
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408EF9
                                              • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                              • Part of subcall function 00408E57: SetWindowLongW.USER32(000000F0,000000F0,00000000), ref: 00408F14
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B5), ref: 00408F22
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B5), ref: 00408F30
                                              • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                              • Part of subcall function 00408E57: SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00408F4B
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408F58
                                            • GetDlgItem.USER32(?,000004B5), ref: 004093BB
                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 004093C0
                                            • GetDlgItem.USER32(?,000004B5), ref: 004093D0
                                            • SetWindowLongW.USER32(00000000), ref: 004093D3
                                            • GetSystemMenu.USER32(?,00000000,000004B4,00000000), ref: 004093F9
                                            • EnableMenuItem.USER32(00000000,0000F060,00000001), ref: 0040940B
                                            • GetDlgItem.USER32(?,000004B4), ref: 00409415
                                            • SetFocus.USER32(00000000), ref: 00409418
                                            • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00409447
                                            • CoCreateInstance.OLE32(0041FA54,00000000,00000001,0041EFE4,?), ref: 0040946C
                                            • GetDlgItem.USER32(?,00000002), ref: 0040948D
                                            • IsWindow.USER32(00000000), ref: 00409490
                                            • GetDlgItem.USER32(?,00000002), ref: 004094A0
                                            • EnableWindow.USER32(00000000), ref: 004094A3
                                            • GetDlgItem.USER32(?,000004B5), ref: 004094B7
                                            • ShowWindow.USER32(00000000), ref: 004094BA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Item$Window$Long$MessageSend$System$EnableHandleLoadMenuMetricsModuleShow$??3@CreateFocusIconImageInstanceTextTimerUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
                                            • String ID:
                                            • API String ID: 957878288-0
                                            • Opcode ID: e2f02459deb40e79b423d59a5e6600ce65444f24f98bf66ec9fc20f3b27b8bdb
                                            • Instruction ID: 82f3168065e5e37885ea10ad8f323bea47048e436c2f5ba3df634f29c1837039
                                            • Opcode Fuzzy Hash: e2f02459deb40e79b423d59a5e6600ce65444f24f98bf66ec9fc20f3b27b8bdb
                                            • Instruction Fuzzy Hash: E14155B0604709BBDA206B21DD49F5B7B9DEB84B04F40453EF555A62E1CB79AC01CB2D
                                            Function 00403908 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 82libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00403919
                                            • FindResourceExA.KERNEL32(00000000,?,?), ref: 00403937
                                            • FindResourceExA.KERNEL32(?,?,?,00000409), ref: 0040394E
                                            • SizeofResource.KERNEL32(?,00000000), ref: 00403961
                                            • LoadResource.KERNEL32(?,00000000), ref: 0040396D
                                            • LockResource.KERNEL32(00000000), ref: 00403978
                                            • GetProcAddress.KERNEL32(SetProcessPreferredUILanguages), ref: 004039A4
                                            • wsprintfW.USER32 ref: 004039BE
                                            • GetProcAddress.KERNEL32(SetThreadPreferredUILanguages), ref: 004039D6
                                            Strings
                                            • SetThreadPreferredUILanguages, xrefs: 004039CB
                                            • SetProcessPreferredUILanguages, xrefs: 0040398F
                                            • %04X%c%04X%c, xrefs: 004039B8
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Resource$AddressFindProc$HandleLoadLockModuleSizeofwsprintf
                                            • String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages
                                            • API String ID: 2090077119-3413765421
                                            • Opcode ID: 9ff9c65ee6ad474d1f94e696075432f17a425964b421737aef398b4ac16ad6db
                                            • Instruction ID: fb6bf53818f6b5e578f497660123dac7438a07a30edb6be36b630e0bf9700e61
                                            • Opcode Fuzzy Hash: 9ff9c65ee6ad474d1f94e696075432f17a425964b421737aef398b4ac16ad6db
                                            • Instruction Fuzzy Hash: 68212FB1E00215BBDB105FA59D45B9FBFBCEB48701F104076EA00B22A0D7F59D51DB98
                                            Function 00403327 Relevance: 18.1, APIs: 12, Instructions: 91filestringCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                            • FindFirstFileW.KERNEL32(?,?,0041DBCC,?,00000000,?,00000000), ref: 00403355
                                            • lstrcmpW.KERNEL32(?,0041DBC8,?,0000005C,?), ref: 004033AA
                                            • lstrcmpW.KERNEL32(?,0041DBC0), ref: 004033BC
                                            • SetFileAttributesW.KERNEL32(?,00000000,?,0000005C,?), ref: 004033D1
                                            • DeleteFileW.KERNEL32(?), ref: 004033DA
                                            • FindNextFileW.KERNEL32(?,00000010), ref: 004033EE
                                            • FindClose.KERNEL32(?), ref: 004033FF
                                            • SetCurrentDirectoryW.KERNEL32 ref: 0040340B
                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00403414
                                            • RemoveDirectoryW.KERNEL32(?), ref: 0040341B
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00403428
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00403435
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: File$??3@Findmemcpy$AttributesDirectorylstrcmp$??2@CloseCurrentDeleteFirstNextRemove
                                            • String ID:
                                            • API String ID: 1254520193-0
                                            • Opcode ID: 4612c2d3c06a1c6854ea9d6cb16b41d3cebbf2c56a804a26a7d40885b9bf0cb1
                                            • Instruction ID: 3c0acd77c11c6bfbf9789e5db0a8688aa55c6e9eafbf1e7d600da6e85a924ae8
                                            • Opcode Fuzzy Hash: 4612c2d3c06a1c6854ea9d6cb16b41d3cebbf2c56a804a26a7d40885b9bf0cb1
                                            • Instruction Fuzzy Hash: 0531A271D00119BADB10AFA1ED85EEF7B7CAF00701F1045B6A412B20E1EB799E00CA18
                                            Function 00409684 Relevance: 16.6, APIs: 11, Instructions: 94stringwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • wvsprintfW.USER32(?,00000000,?), ref: 004096A7
                                            • GetLastError.KERNEL32 ref: 004096B8
                                            • FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,00A70F28), ref: 004096E0
                                            • FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,00A70F28), ref: 004096F5
                                            • lstrlenW.KERNEL32(?), ref: 00409708
                                            • lstrlenW.KERNEL32(?), ref: 0040970F
                                            • ??2@YAPAXI@Z.MSVCRT(00000000), ref: 00409724
                                            • lstrcpyW.KERNEL32(00000000,?), ref: 0040973A
                                            • lstrcpyW.KERNEL32(-00000002,?), ref: 0040974C
                                            • ??3@YAXPAX@Z.MSVCRT(00000000), ref: 00409756
                                            • LocalFree.KERNEL32(?), ref: 0040975F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: FormatMessagelstrcpylstrlen$??2@??3@ErrorFreeLastLocalwvsprintf
                                            • String ID:
                                            • API String ID: 829399097-0
                                            • Opcode ID: 3c6faca3d8ef38b946b233ced9a2c39962708c2f328edc3cdb78371a3de62800
                                            • Instruction ID: f2b022f15dd7bd7e525fcf8277322542a79ac5a2d24a0c8bc30a78414b9bc94a
                                            • Opcode Fuzzy Hash: 3c6faca3d8ef38b946b233ced9a2c39962708c2f328edc3cdb78371a3de62800
                                            • Instruction Fuzzy Hash: 95216FB6900218FFDB14DFA1DC85DEA7BBCEB08344F00807AF50697191EA749E858BA4
                                            Function 00407E2D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryA.KERNEL32(uxtheme,?,0040911C,000004B1,00000000,?,?,?,?,?,00409247), ref: 00407E35
                                            • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00407E46
                                            • GetWindow.USER32(?,00000005), ref: 00407E5F
                                            • GetWindow.USER32(00000000,00000002), ref: 00407E75
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Window$AddressLibraryLoadProc
                                            • String ID: SetWindowTheme$uxtheme
                                            • API String ID: 324724604-1369271589
                                            • Opcode ID: d1c83f497be9f3305c1235a4c67dcd356e2801ac202c84af436c6d730c55ae95
                                            • Instruction ID: 5403b67bd050cf209916d056b79971b0f3c2a1a79c5b52a930c6f53153313152
                                            • Opcode Fuzzy Hash: d1c83f497be9f3305c1235a4c67dcd356e2801ac202c84af436c6d730c55ae95
                                            • Instruction Fuzzy Hash: B2F0A776E4672533C6316366AC48F877B5C9B45B60B0605B6FD04F7380DA6CEC4181ED
                                            Function 00408D9C Relevance: 7.5, APIs: 5, Instructions: 47threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 00408DBB
                                            • SetWindowsHookExW.USER32(00000007,Function_00008CE2,00000000,00000000), ref: 00408DC6
                                            • GetCurrentThreadId.KERNEL32 ref: 00408DD5
                                            • SetWindowsHookExW.USER32(00000002,Function_00008D6E,00000000,00000000), ref: 00408DE0
                                            • EndDialog.USER32(?,00000000), ref: 00408E06
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: CurrentHookThreadWindows$Dialog
                                            • String ID:
                                            • API String ID: 1967849563-0
                                            • Opcode ID: 555e22be0927065058935bc2a06d0ed766fc6dfd7081a73748e4d77ef7fe2c80
                                            • Instruction ID: 0a2569f36482c6f38668c5daa31400cb5052fc60ef6564e58e43505ef2e78625
                                            • Opcode Fuzzy Hash: 555e22be0927065058935bc2a06d0ed766fc6dfd7081a73748e4d77ef7fe2c80
                                            • Instruction Fuzzy Hash: AB0186B1700218AFD3207B66EE44A76F7ECEB54355B51413FE245D11E0CBB698419B68
                                            Function 00403442 Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?), ref: 00403464
                                            • FindClose.KERNEL32(00000000), ref: 00403470
                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00403482
                                            • DeleteFileW.KERNEL32(?), ref: 0040348D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: File$Find$AttributesCloseDeleteFirst
                                            • String ID:
                                            • API String ID: 3319113142-0
                                            • Opcode ID: 4bf8c35936a22843f0fe7391aab8452746d3470be5817f0cd1b69b00b5c16dfa
                                            • Instruction ID: 6b212ce663ba0d1f229e145bf37a5fa1ef80438995da8d320f9543b1e0401fa5
                                            • Opcode Fuzzy Hash: 4bf8c35936a22843f0fe7391aab8452746d3470be5817f0cd1b69b00b5c16dfa
                                            • Instruction Fuzzy Hash: ADF05E70A10A14B6CB226F305D4C7AB3EACAB4132BF544576E852F91D0D77C8A4646AE
                                            Function 00403F0A Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • AllocateAndInitializeSid.ADVAPI32(00406727,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,00000000,004227B8,00406727), ref: 00403F39
                                            • CheckTokenMembership.ADVAPI32(00000000,00000000,?), ref: 00403F4B
                                            • FreeSid.ADVAPI32(00000000), ref: 00403F54
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                            • String ID:
                                            • API String ID: 3429775523-0
                                            • Opcode ID: 9af3efcf16d1d355448efefa57cf4683c3fc5815afa2ad2ad1a3db22a18f9f3b
                                            • Instruction ID: 3f24cb71bbfe7ca770cd4889a07e58a9e46d275895eb10eec906826fdd799b13
                                            • Opcode Fuzzy Hash: 9af3efcf16d1d355448efefa57cf4683c3fc5815afa2ad2ad1a3db22a18f9f3b
                                            • Instruction Fuzzy Hash: 82F0DAB5D00208FBDB00DFD5DD89ADEBBBCFB08345F504465A605E2191D3709B049B19
                                            Function 0040B350 Relevance: 4.0, APIs: 3, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            • memcpy.MSVCRT(?,00000000,?,00000000,?,004227B8), ref: 0040B38C
                                            • memcpy.MSVCRT(?,00000000,00000040,?,00000000,?,004227B8), ref: 0040B3AE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID:
                                            • API String ID: 3510742995-0
                                            • Opcode ID: d6942c357802de02a4ab3024b27633177e67036e1672e6741ee266c6f5ccec93
                                            • Instruction ID: 82061447c1ab4fd48cb6848a21138f0f9f11a7250b43c753729ffff071a4e147
                                            • Opcode Fuzzy Hash: d6942c357802de02a4ab3024b27633177e67036e1672e6741ee266c6f5ccec93
                                            • Instruction Fuzzy Hash: 1F916CB29043008FC318DF59D88458BB7E1FFC8314F1A8A6EE9489B356E375E955CB86
                                            Function 00410740 Relevance: .5, Instructions: 481COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                            • Instruction ID: 2f030d97706acd2a4b66e98ea93a2683bba69e144151ce704609e65e887af247
                                            • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                            • Instruction Fuzzy Hash: 87023A72A082118BD71CDE18C5902B9BBE2FBC4354F114A3FE49697684D7B8E8C5CB99
                                            Function 0040A5B0 Relevance: .3, Instructions: 298COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 97b391a562e1d1338ef2f5a9f5a657563415795129f5d19e61177920b9a9aeed
                                            • Instruction ID: 3308c72b612e3556f9116b0c3e3b240a433305513fb5231a3b8d3be9e2c4c759
                                            • Opcode Fuzzy Hash: 97b391a562e1d1338ef2f5a9f5a657563415795129f5d19e61177920b9a9aeed
                                            • Instruction Fuzzy Hash: 32D1047195436A4FE364EF49EC816357762EBD8301F8A4234DB500B3A3D6787A13DBA4
                                            Function 0040AAA0 Relevance: .3, Instructions: 297COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a85e35f8b1430fc139a2b8e5247415db543979c70db20e675df9f9bfbc78e7ee
                                            • Instruction ID: d5efa4f82cdfc10ea38146100abc622bf75b07b2238715b8514c19fb5fb81ffd
                                            • Opcode Fuzzy Hash: a85e35f8b1430fc139a2b8e5247415db543979c70db20e675df9f9bfbc78e7ee
                                            • Instruction Fuzzy Hash: 9ED1D033A546665FD3A0DF5CDC8023677A2EF88300FCE4279CA5417262C679FA52DB94
                                            Function 0040FFD8 Relevance: .2, Instructions: 239COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1ef3a85183e3002fe42a0a148796e2a0343b3df6179ef6736291ebe652a2f59b
                                            • Instruction ID: 4f867ab90f088a9af697bc7cf12cfca4ed7976626d654fbc93e23e2aca2bb9ea
                                            • Opcode Fuzzy Hash: 1ef3a85183e3002fe42a0a148796e2a0343b3df6179ef6736291ebe652a2f59b
                                            • Instruction Fuzzy Hash: 2081ED73A0832547D719CA19CD80279B7E3BBD5380F17463FE4A94B384D6B989C6C789
                                            Function 0041543A Relevance: .2, Instructions: 191COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0036c7820ed5d80f0fbec3f376ec42a7cf53a13af93f92c41b8b49f45150694f
                                            • Instruction ID: 000af8a460d0e8ccba611f15a5d678c26a7e8f153bca01725fd9578c1a8a893c
                                            • Opcode Fuzzy Hash: 0036c7820ed5d80f0fbec3f376ec42a7cf53a13af93f92c41b8b49f45150694f
                                            • Instruction Fuzzy Hash: B6517572A00E18DB8F24CE5580806F773A6ABD476575A857AE9099F314E338FCC687D8
                                            Function 0040B140 Relevance: .2, Instructions: 174COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d643203623827cc3dd9bc180772c4d8d42c63260ab95474af5bc8ff8b9922eeb
                                            • Instruction ID: 749bac251c258015cdfebf4cc6f26e78be683f0d8071b42edb2baa51e01ff8a1
                                            • Opcode Fuzzy Hash: d643203623827cc3dd9bc180772c4d8d42c63260ab95474af5bc8ff8b9922eeb
                                            • Instruction Fuzzy Hash: 59714AB2A083058FC348DF49D88855AF3E1FFC8318F198A6DE9889B351D771E955CB86
                                            Function 0040C4E0 Relevance: .1, Instructions: 143COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b31d452cf4fc038398579975b7917bb1ff375609163340ad82824380036c8528
                                            • Instruction ID: 534104339707200b0004c37b1c219f10fcca4fd63b950d94a72ff7c1e58e427a
                                            • Opcode Fuzzy Hash: b31d452cf4fc038398579975b7917bb1ff375609163340ad82824380036c8528
                                            • Instruction Fuzzy Hash: 84414477A04236CBC7248F2C8CD417AFBD1ABD1214B09477FD996A72C2D234A949C3D9
                                            Function 0040B9A0 Relevance: .1, Instructions: 139COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5e08dce1e33cc5f86f16ecfbab957d1cff0030e5d78b4456782bb428f84a33f8
                                            • Instruction ID: 59e5c70fe42e6b1f4ddd49455f7118adc14e0079fb50294e649b1b48679ab632
                                            • Opcode Fuzzy Hash: 5e08dce1e33cc5f86f16ecfbab957d1cff0030e5d78b4456782bb428f84a33f8
                                            • Instruction Fuzzy Hash: 134102B1B50A200AF318CF269CC51A63FD3D7CA386785C23DD1A5C66D9DABDC057C6A8
                                            Function 0040A3F0 Relevance: .1, Instructions: 95COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61a4e6835ea66065a58807285dd8d3bf8f1d33947e5620f9c011233d18a342ab
                                            • Instruction ID: 37c9f3cb46fdd2cae02fb0d68740046e90e510bd0fdb6e5c14b2eb6d5d0f43c7
                                            • Opcode Fuzzy Hash: 61a4e6835ea66065a58807285dd8d3bf8f1d33947e5620f9c011233d18a342ab
                                            • Instruction Fuzzy Hash: 44316C72A047B607E310DE1ECC44266BBD3FFC5201F18C27AD4A85B78BD539E42792A5
                                            Function 0041C873 Relevance: .1, Instructions: 92COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
                                            • Instruction ID: 6f0a90cd4d6720301e94d82afdd767b4907ae0e9f662279143caf60b860de9c2
                                            • Opcode Fuzzy Hash: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
                                            • Instruction Fuzzy Hash: A141A361814B9653EB124F7CC882272B320BFAB244F00D75AFDD179963FB3265446656
                                            Function 0041BD00 Relevance: .1, Instructions: 83COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9a32636a548532b7de8ce4b79508cbe9c035e87a0946c30098c2ad3729b2a7b4
                                            • Instruction ID: af2b310e37f4b5d695d4860581e82e915877aced1862bd819593bfce85ec748a
                                            • Opcode Fuzzy Hash: 9a32636a548532b7de8ce4b79508cbe9c035e87a0946c30098c2ad3729b2a7b4
                                            • Instruction Fuzzy Hash: D4210E7E370D0607A75C8B6EAD736B921C2E3853047C9A13DE28BC52C1EF6C9495864C
                                            Function 0041C501 Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                            • Instruction ID: 759865858c23b70f9584cfeb04b4f6d15fd4d4d477315ce6d3d2fca3379a5d8e
                                            • Opcode Fuzzy Hash: a91e830b051fd3563903b3b4c558af91fd9d6843125d3e1887e1db665648e344
                                            • Instruction Fuzzy Hash: 3B21C53290463597CB02CE6EE8C45A7F7A2FBC436AF534627ED8467290C628F85486E1
                                            Function 0041C5DB Relevance: .1, Instructions: 70COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                            • Instruction ID: 281d6fa32594de1599974611354f34a6acb2619e619e0896bb3b02e7aee58214
                                            • Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                            • Instruction Fuzzy Hash: BF2107725144258BC701DF2DE8C87B7B3E1FFD4319F638A37D9818B280C628E885D6A5
                                            Function 00401D63 Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 196threadprocesssynchronizationCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                            • GetCommandLineW.KERNEL32(0041D9F0,00000000,00000000), ref: 00401D85
                                              • Part of subcall function 004146E1: memcpy.MSVCRT(?,?,00000000,00000001,?,?,00000000,?,?,00401DCF,00000000,0000003A,?," -,sfxwaitall), ref: 00414706
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E31
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A,?," -), ref: 00401E39
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A,?), ref: 00401E41
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000,0000003A), ref: 00401E49
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?,00000000), ref: 00401E51
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?,?), ref: 00401E59
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020,?), ref: 00401E61
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?,00000020), ref: 00401E69
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022,?), ref: 00401E71
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00000000,?,0041DAE4,?,?,00000022), ref: 00401E79
                                            • GetStartupInfoW.KERNEL32(?,00000022,?,00000020,?,?,00000000,0000003A,?," -,sfxwaitall), ref: 00401E8C
                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000001,01000004,00000000,00000044,?), ref: 00401EB2
                                            • GetLastError.KERNEL32 ref: 00401EBC
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00401EC7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00401ECF
                                            • CreateJobObjectW.KERNEL32(00000000,00000000), ref: 00401EE6
                                            • AssignProcessToJobObject.KERNEL32(00000000,?), ref: 00401EF7
                                            • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000001,00000000), ref: 00401F06
                                            • SetInformationJobObject.KERNEL32(?,00000007,?,00000008), ref: 00401F23
                                            • ResumeThread.KERNEL32(?), ref: 00401F2C
                                            • GetQueuedCompletionStatus.KERNEL32(00000000,?,?,?,000000FF), ref: 00401F4F
                                            • ResumeThread.KERNEL32(?), ref: 00401F58
                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00401F63
                                            • CloseHandle.KERNEL32(?), ref: 00401F72
                                            • GetExitCodeProcess.KERNEL32(?,?), ref: 00401F7B
                                            • GetLastError.KERNEL32 ref: 00401F85
                                            • CloseHandle.KERNEL32(?), ref: 00401F91
                                            • CloseHandle.KERNEL32(00000000), ref: 00401F98
                                            • CloseHandle.KERNEL32(?), ref: 00401FA2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$CloseHandleObject$CreateProcess$??2@CompletionErrorLastResumeThreadmemcpy$AssignCodeCommandExitInfoInformationLinePortQueuedSingleStartupStatusWait
                                            • String ID: " -$sfxwaitall
                                            • API String ID: 1989023053-3991362806
                                            • Opcode ID: 03f2516181052f227ff0f804cd5943db3b31b4a938699f5d65c9949540d152f7
                                            • Instruction ID: b35bb808f7c11860acb9b83f91dbbd997240e1bc6af43985ebd9c44236cdfafe
                                            • Opcode Fuzzy Hash: 03f2516181052f227ff0f804cd5943db3b31b4a938699f5d65c9949540d152f7
                                            • Instruction Fuzzy Hash: 03619972540108BFCF15AF61DC85DEE3BB9AF04308B10813AF926A21B1DB389D51CB5C
                                            Function 00405AA6 Relevance: 38.6, APIs: 14, Strings: 8, Instructions: 145fileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDriveTypeW.KERNEL32(?,PreExtract,00000000,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract), ref: 00405AED
                                              • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                              • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                              • Part of subcall function 004042B5: wsprintfW.USER32 ref: 00404318
                                              • Part of subcall function 004042B5: GetFileAttributesW.KERNEL32(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00405B21
                                            • WriteFile.KERNEL32(00000000,?,?,00422844,00000000,00000001,",?,del "," goto Repeat,00406FBC,if exist ",",00406FBC,del ",:Repeat), ref: 00405BD0
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405BDB
                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405BE2
                                            • SetFileAttributesW.KERNEL32(00406FBC,00000000,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405BF9
                                            • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 00405C0B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405C14
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405C1D
                                            • ??3@YAXPAX@Z.MSVCRT(00406FBC,?,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C), ref: 00405C25
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                              • Part of subcall function 00414962: memcpy.MSVCRT(?,?,?,00000000,?,?,00404603,?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 00414985
                                              • Part of subcall function 0040438B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00000000,00422090,00A70E60,00401669,0000FDE9,00A70E60), ref: 004043BE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405C38
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C,00000000), ref: 00405C40
                                            • ??3@YAXPAX@Z.MSVCRT(00406FBC,?,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract,0042289C), ref: 00405C48
                                            • ??3@YAXPAX@Z.MSVCRT(00406FBC,PreExtract,00000000,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844,PreExtract), ref: 00405C53
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$File$memcpy$??2@AttributesPathTemp$ByteCharCloseCreateDriveExecuteHandleMultiShellTypeWideWritewsprintf
                                            • String ID: "$" goto Repeat$7ZSfx%03x.cmd$:Repeat$PreExtract$del "$if exist "$open
                                            • API String ID: 1368565367-2062918900
                                            • Opcode ID: a3a5a78e48c25ef76e73a86ca9da4df3a41bbc0be4550f653e29cf75e9ba9585
                                            • Instruction ID: 3d7160049abe49b234d8e21697658e41e6c45daee110ef6cf63ccbde248cf787
                                            • Opcode Fuzzy Hash: a3a5a78e48c25ef76e73a86ca9da4df3a41bbc0be4550f653e29cf75e9ba9585
                                            • Instruction Fuzzy Hash: B8416075940108BADB05EBA1DC86DEF7B78EF85704F10406AF602B60E1DB786E85CB5C
                                            Function 00408E57 Relevance: 36.3, APIs: 24, Instructions: 265windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                            • LoadIconW.USER32(00000000), ref: 00408E84
                                            • GetSystemMetrics.USER32(00000032), ref: 00408E98
                                            • GetSystemMetrics.USER32(00000031), ref: 00408E9D
                                            • GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                            • LoadImageW.USER32(00000000), ref: 00408EA9
                                            • SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                              • Part of subcall function 00408530: GetDlgItem.USER32(?,?), ref: 00408541
                                              • Part of subcall function 00408530: GetWindowTextLengthW.USER32(00000000), ref: 00408544
                                              • Part of subcall function 00408530: GetDlgItem.USER32(?,?), ref: 00408559
                                              • Part of subcall function 004079B7: GetDlgItem.USER32(?,?), ref: 004079C4
                                              • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                            • GetDlgItem.USER32(?,000004B2), ref: 00408EEF
                                            • GetDlgItem.USER32(?,000004B2), ref: 00408EF9
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                            • SetWindowLongW.USER32(000000F0,000000F0,00000000), ref: 00408F14
                                            • GetDlgItem.USER32(?,000004B5), ref: 00408F22
                                            • GetDlgItem.USER32(?,000004B5), ref: 00408F30
                                            • GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00408F4B
                                            • GetDlgItem.USER32(?,000004B2), ref: 00408F58
                                            • GetWindow.USER32(?,00000005), ref: 00409037
                                            • GetWindow.USER32(?,00000005), ref: 00409053
                                            • GetWindow.USER32(?,00000005), ref: 0040906B
                                            • GetModuleHandleW.KERNEL32(00000000,00000065,000004B4,00000000,000004B3,00000000,00000000,?,?,?,?,?,00409247), ref: 004090CB
                                            • LoadIconW.USER32(00000000), ref: 004090D2
                                            • GetDlgItem.USER32(?,000004B1), ref: 004090F1
                                            • SendMessageW.USER32(00000000), ref: 004090F4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ItemWindow$Long$HandleLoadMessageModuleSend$IconMetricsSystem$ImageLengthShowText
                                            • String ID:
                                            • API String ID: 4137352925-0
                                            • Opcode ID: 8ff0e453a25b7ed1698ed8cf16fcb10b98d2a5bb9c502bc786f19c9e8b0db9be
                                            • Instruction ID: 74a6605ae4d4b0bf7a0e7ecc706b23d5cc7c3d9f5b8aaf708246ebd2ef89c431
                                            • Opcode Fuzzy Hash: 8ff0e453a25b7ed1698ed8cf16fcb10b98d2a5bb9c502bc786f19c9e8b0db9be
                                            • Instruction Fuzzy Hash: 6871C7B07447057BEA216B219D46F2B3A99EB84744F10443EF651B62D3CFBDEC018A5E
                                            Function 00404BA4 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 115windowlibrarystringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassNameA.USER32(?,?,00000040), ref: 00404BB6
                                            • lstrcmpiA.KERNEL32(?,STATIC), ref: 00404BC9
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404BD6
                                              • Part of subcall function 00404AF5: GetWindowTextLengthW.USER32(?), ref: 00404B02
                                              • Part of subcall function 00404AF5: GetWindowTextW.USER32(?,00000000,00000001), ref: 00404B1C
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000005,?,000000F0,?,?,00000040), ref: 00404C00
                                            • GetParent.USER32 ref: 00404C0E
                                            • LoadLibraryA.KERNEL32(riched20,?,00000005,?,000000F0,?,?,00000040), ref: 00404C22
                                            • GetMenu.USER32 ref: 00404C33
                                            • SetThreadLocale.KERNEL32(00000419,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404C40
                                            • CreateWindowExW.USER32(00000000,RichEdit20W,0041DA3C,50000804,?,?,?,?,?,00000000,00000000,00000000), ref: 00404C70
                                            • DestroyWindow.USER32(?,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404C7D
                                            • SendMessageW.USER32(00000000,00000459,00000022,00000000), ref: 00404C92
                                            • GetSysColor.USER32(0000000F), ref: 00404C96
                                            • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00404CA4
                                            • SendMessageW.USER32(00000000,00000461,?,?), ref: 00404CCA
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404CCF
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000005,?,000000F0,?,?,00000040), ref: 00404CD7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Window$??3@MessageSend$Text$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
                                            • String ID: RichEdit20W$STATIC$riched20${\rtf
                                            • API String ID: 3514532227-2281146334
                                            • Opcode ID: f61e8651b8c318852fd26f465c4723bf904f748a098d933736194205125b4bad
                                            • Instruction ID: 653fa6765fec41a2c767cdcafb0f0c5f7003fb3de14a91a34d01aabbe2365a95
                                            • Opcode Fuzzy Hash: f61e8651b8c318852fd26f465c4723bf904f748a098d933736194205125b4bad
                                            • Instruction Fuzzy Hash: BF3183F1E40119BBDB10ABA5DD49EEFBB7DEF44704F10807AF601B2191DA789A418B6C
                                            Function 004039F1 Relevance: 31.6, APIs: 21, Instructions: 119windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetWindowDC.USER32(00000000), ref: 00403A00
                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00403A0C
                                            • MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00403A25
                                            • GetObjectW.GDI32(?,00000018,?), ref: 00403A5C
                                            • MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A69
                                            • MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A75
                                            • CreateCompatibleDC.GDI32(?), ref: 00403A83
                                            • CreateCompatibleDC.GDI32(?), ref: 00403A8B
                                            • SelectObject.GDI32(00000002,?), ref: 00403A9B
                                            • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00403AA9
                                            • SelectObject.GDI32(00000000,00000000), ref: 00403AB1
                                            • SetStretchBltMode.GDI32(00000000,00000004), ref: 00403AB9
                                            • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000002,00000000,00000000,?,?,00CC0020), ref: 00403AD8
                                            • GetCurrentObject.GDI32(00000000,00000007), ref: 00403AE1
                                            • SelectObject.GDI32(00000002,?), ref: 00403AF0
                                            • SelectObject.GDI32(00000000,?), ref: 00403AF6
                                            • DeleteDC.GDI32(00000002), ref: 00403B01
                                            • DeleteDC.GDI32(00000000), ref: 00403B04
                                            • ReleaseDC.USER32(00000000,?), ref: 00403B0A
                                            • ReleaseDC.USER32(00000000,?), ref: 00403B19
                                            • CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 00403B26
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
                                            • String ID:
                                            • API String ID: 3462224810-0
                                            • Opcode ID: 612ab1c299c70adb56458b05f96c4172f6b033e0d16868d111d26e83d45414ef
                                            • Instruction ID: 64add8f3f0553c82617c9ad687e152a2c61f87497f12b8b4a2d195a12937468c
                                            • Opcode Fuzzy Hash: 612ab1c299c70adb56458b05f96c4172f6b033e0d16868d111d26e83d45414ef
                                            • Instruction Fuzzy Hash: 3941E0B6D00218BFDF119FE1DC48EAEBF79EB08765F108066F601B21A0C7758A51AF64
                                            Function 004016FE Relevance: 30.0, APIs: 8, Strings: 9, Instructions: 273stringCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                            • lstrlenW.KERNEL32(00A70E60,?,00422148,?,?,?,?,?,?,?,?,?,?,?,004065BE,?), ref: 00401718
                                              • Part of subcall function 00402FEC: lstrlenW.KERNEL32(0041DA80,?,00A70E5E,?,004227B8,00401785), ref: 00402FFB
                                              • Part of subcall function 00402FEC: lstrlenW.KERNEL32(00A70E60,?,004227B8,00401785,?,?,?,?,?,?,?,?,?,?,?,004065BE), ref: 00403000
                                              • Part of subcall function 00402FEC: _wcsnicmp.MSVCRT ref: 00403009
                                            • _wtol.MSVCRT ref: 004018F3
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,004065BE,?,00000000), ref: 004019BD
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00401A03
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000001,?,?,?,00A70E5A,00000001), ref: 00401A2C
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?,00000000), ref: 00401A0B
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,0041DDC8,?,?,?,00000000), ref: 00404FD0
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000), ref: 00404FD9
                                              • Part of subcall function 00404F69: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000), ref: 00404FE1
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                              • Part of subcall function 004146A6: memcpy.MSVCRT(?,?,?,?,00A70E5E,00A70E5A,004227B8,00401A66,?,?,00A70E5A,00000001), ref: 004146C9
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00A70E5A,00000001), ref: 00401A74
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00A70E5A,00000001), ref: 00401A7C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$lstrlenmemcpy$??2@$_wcsnicmp_wtol
                                            • String ID: BeginPromptTimeout$GUIFlags$GUIMode$MiscFlags$OverwriteMode$SelfDelete$SfxVarCmdLine1$SfxVarCmdLine2$bpt
                                            • API String ID: 2996597252-1537130225
                                            • Opcode ID: 0da873dad8938bba93232c96e7aadc230580d9fd744acd8daba8ed8baafc76a2
                                            • Instruction ID: bfac2216f2955e65c70ae6ed62231eefb15951875b99b08c111cbab744d5d809
                                            • Opcode Fuzzy Hash: 0da873dad8938bba93232c96e7aadc230580d9fd744acd8daba8ed8baafc76a2
                                            • Instruction Fuzzy Hash: F9A1E2719042019ACB28EB65C9915EFB3B5AF40344B20843FE446B36F1EB7C9E85C75D
                                            Function 00403B31 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121windowcommemoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetClassNameA.USER32(?,?,00000040), ref: 00403B46
                                            • lstrcmpiA.KERNEL32(?,STATIC), ref: 00403B5D
                                            • GetWindowLongW.USER32(?,000000F0), ref: 00403B6E
                                            • GetMenu.USER32 ref: 00403B81
                                              • Part of subcall function 00403908: GetModuleHandleW.KERNEL32(00000000), ref: 00403919
                                              • Part of subcall function 00403908: FindResourceExA.KERNEL32(00000000,?,?), ref: 00403937
                                              • Part of subcall function 00403908: FindResourceExA.KERNEL32(?,?,?,00000409), ref: 0040394E
                                              • Part of subcall function 00403908: SizeofResource.KERNEL32(?,00000000), ref: 00403961
                                              • Part of subcall function 00403908: LoadResource.KERNEL32(?,00000000), ref: 0040396D
                                              • Part of subcall function 00403908: LockResource.KERNEL32(00000000), ref: 00403978
                                            • GlobalAlloc.KERNEL32(00000040,00000010,?,?,000000F0,?,?,00000040), ref: 00403BAE
                                            • memcpy.MSVCRT(00000000,00000000,00000010,?,000000F0,?,?,00000040), ref: 00403BC3
                                            • CoInitialize.OLE32(00000000), ref: 00403BCC
                                            • CreateStreamOnHGlobal.OLE32(00000000,00000000,?), ref: 00403BD8
                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,0041FA34,?), ref: 00403BFD
                                            • GlobalFree.KERNEL32(00000000), ref: 00403C0D
                                              • Part of subcall function 004039F1: GetWindowDC.USER32(00000000), ref: 00403A00
                                              • Part of subcall function 004039F1: GetDeviceCaps.GDI32(00000000,00000058), ref: 00403A0C
                                              • Part of subcall function 004039F1: MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00403A25
                                              • Part of subcall function 004039F1: GetObjectW.GDI32(?,00000018,?), ref: 00403A5C
                                              • Part of subcall function 004039F1: MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A69
                                              • Part of subcall function 004039F1: MulDiv.KERNEL32(?,00000003,00000002), ref: 00403A75
                                              • Part of subcall function 004039F1: CreateCompatibleDC.GDI32(?), ref: 00403A83
                                              • Part of subcall function 004039F1: CreateCompatibleDC.GDI32(?), ref: 00403A8B
                                              • Part of subcall function 004039F1: SelectObject.GDI32(00000002,?), ref: 00403A9B
                                              • Part of subcall function 004039F1: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00403AA9
                                              • Part of subcall function 004039F1: SelectObject.GDI32(00000000,00000000), ref: 00403AB1
                                              • Part of subcall function 004039F1: SetStretchBltMode.GDI32(00000000,00000004), ref: 00403AB9
                                              • Part of subcall function 004039F1: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000002,00000000,00000000,?,?,00CC0020), ref: 00403AD8
                                              • Part of subcall function 004039F1: GetCurrentObject.GDI32(00000000,00000007), ref: 00403AE1
                                              • Part of subcall function 004039F1: SelectObject.GDI32(00000002,?), ref: 00403AF0
                                              • Part of subcall function 004039F1: SelectObject.GDI32(00000000,?), ref: 00403AF6
                                              • Part of subcall function 004039F1: DeleteDC.GDI32(00000002), ref: 00403B01
                                              • Part of subcall function 004039F1: DeleteDC.GDI32(00000000), ref: 00403B04
                                              • Part of subcall function 004039F1: ReleaseDC.USER32(00000000,?), ref: 00403B0A
                                            • GetObjectW.GDI32(00000000,00000018,?), ref: 00403C3D
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 00403C51
                                            • SendMessageW.USER32(?,00000172,00000000,?), ref: 00403C63
                                            • GlobalFree.KERNEL32(00000000), ref: 00403C78
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
                                            • String ID: IMAGES$STATIC
                                            • API String ID: 4202116410-1168396491
                                            • Opcode ID: 0927fdd96c8a672e4edb8bf6fba54bde9fa129fa8547b2b49592ff7c41df4a32
                                            • Instruction ID: b651b05a898d6b36c18c6da2e71faa2375cac1702eff8c2c698f256589fd88ae
                                            • Opcode Fuzzy Hash: 0927fdd96c8a672e4edb8bf6fba54bde9fa129fa8547b2b49592ff7c41df4a32
                                            • Instruction Fuzzy Hash: 5A412CB2A00218BBDB119FA1CD48DEFBF7DEF4A701B104466F915F2190D7788A41CB69
                                            Function 00407ACF Relevance: 27.3, APIs: 18, Instructions: 297COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000004B3), ref: 00407AF7
                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00407AFC
                                            • GetDlgItem.USER32(?,000004B4), ref: 00407B33
                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00407B38
                                            • GetSystemMetrics.USER32(00000010), ref: 00407BBA
                                            • GetSystemMetrics.USER32(00000011), ref: 00407BC0
                                            • GetSystemMetrics.USER32(00000008), ref: 00407BC7
                                            • GetSystemMetrics.USER32(00000007), ref: 00407BCE
                                            • GetParent.USER32(?), ref: 00407BF0
                                            • GetClientRect.USER32(00000000,?), ref: 00407C02
                                            • ClientToScreen.USER32(?,?), ref: 00407C15
                                            • SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000004), ref: 00407C7B
                                            • GetDlgItem.USER32(?,000004B1), ref: 00407C9A
                                            • SetWindowPos.USER32(00000000), ref: 00407CA1
                                            • GetClientRect.USER32(?,?), ref: 00407D21
                                              • Part of subcall function 00407AA0: GetDlgItem.USER32(?,?), ref: 00407ABE
                                              • Part of subcall function 00407AA0: SetWindowPos.USER32(00000000), ref: 00407AC5
                                            • ClientToScreen.USER32(?,?), ref: 00407C1E
                                              • Part of subcall function 00407925: GetDlgItem.USER32(?,?), ref: 0040792D
                                            • GetSystemMetrics.USER32(00000008), ref: 00407DA6
                                            • GetSystemMetrics.USER32(00000007), ref: 00407DAD
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: MetricsSystem$ItemWindow$Client$LongRectScreen$Parent
                                            • String ID:
                                            • API String ID: 2671006076-0
                                            • Opcode ID: ee3a9b64024e76f4bf430920567e8bf6af21306f3b050522a7c71071a4c730ea
                                            • Instruction ID: 79bfce518a1b3777c3be141dac1d4c923f3e13946b8f7072fb596655451fe251
                                            • Opcode Fuzzy Hash: ee3a9b64024e76f4bf430920567e8bf6af21306f3b050522a7c71071a4c730ea
                                            • Instruction Fuzzy Hash: 1FA13BB1E04209AFDB10DFB9CD85AEEBBF9EF48304F144529E615F2291D778E9008B65
                                            Function 004047E4 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 263comCOMMON
                                            Download Yara Rule
                                            APIs
                                            • _wtol.MSVCRT ref: 00404805
                                            • SHGetSpecialFolderPathW.SHELL32(00000000,?,-0000001A,00000000), ref: 004048B5
                                            • _wtol.MSVCRT ref: 0040496E
                                            • CoCreateInstance.OLE32(0041FA64,00000000,00000001,0041FA14,?,.lnk,?,0000005C), ref: 00404A0C
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 00404AA6
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?), ref: 00404AAE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?), ref: 00404AB6
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?), ref: 00404ABE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?), ref: 00404AC6
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?), ref: 00404ACE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?), ref: 00404AD6
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 00404ADE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?), ref: 00404AE6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$_wtol$CreateFolderInstancePathSpecial
                                            • String ID: .lnk
                                            • API String ID: 408529070-24824748
                                            • Opcode ID: a1559db01a8a14cd96194dd3756685dc5267fe64f73dc3728496bbdade39b947
                                            • Instruction ID: b36f4cba368feadbd9ca12eb67112cd6990ff22843eba92fdb7d435451052127
                                            • Opcode Fuzzy Hash: a1559db01a8a14cd96194dd3756685dc5267fe64f73dc3728496bbdade39b947
                                            • Instruction Fuzzy Hash: 8F919079900208ABCF14EFA5CC859EEB7B5AF84704B20453EF512BB1D1EB799E45CB18
                                            Function 0040808C Relevance: 16.6, APIs: 11, Instructions: 88windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32(?), ref: 0040809A
                                            • GetWindowLongW.USER32(00000000), ref: 004080A1
                                            • DefWindowProcW.USER32(?,?,?,?), ref: 004080B7
                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 004080D8
                                            • GetSystemMetrics.USER32(00000031), ref: 004080EA
                                            • GetSystemMetrics.USER32(00000032), ref: 004080F1
                                            • GetWindowDC.USER32(?), ref: 00408103
                                            • GetWindowRect.USER32(?,?), ref: 00408110
                                            • DrawIconEx.USER32(00000000,?,?,?,?,?,00000000,00000000,00000003), ref: 00408144
                                            • ReleaseDC.USER32(?,00000000), ref: 0040814C
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
                                            • String ID:
                                            • API String ID: 2586545124-0
                                            • Opcode ID: 58eddb4fd1200f8cdab970e24eaff4f37387fe116eb04ae65f16346c54bda7fc
                                            • Instruction ID: 5863647e7012f7e332d139e9621e2b3ca0e85c148ed14a4dd9622dae80b8943e
                                            • Opcode Fuzzy Hash: 58eddb4fd1200f8cdab970e24eaff4f37387fe116eb04ae65f16346c54bda7fc
                                            • Instruction Fuzzy Hash: A6310CB690060ABFDB019FB8DE48EDF3B69FB08351F008525FA51E6190CB74D920CB69
                                            Function 004185D1 Relevance: 16.5, APIs: 11, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,0041A828,?,?,?), ref: 004185D7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,0041A828,?,?,?), ref: 004185DF
                                            • ??3@YAXPAX@Z.MSVCRT(40000000,?,?,00000000,0041A828,?,?,?), ref: 004185E7
                                            • ??3@YAXPAX@Z.MSVCRT(?,40000000,?,?,00000000,0041A828,?,?,?), ref: 004185EF
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 004185F7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 004185FF
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 00418607
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 0041860F
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 00418617
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 0041861F
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,40000000,?,?,00000000,0041A828,?,?,?), ref: 00418627
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 3dccb71c9ef2e60c5503e6c0d19253dcb49cd942d4fb101ec1a1f6589c8e82c3
                                            • Instruction ID: 86688c80c3d54f4c5222143b6f6a850776599fc5e0b6a98af45a6b574340ef54
                                            • Opcode Fuzzy Hash: 3dccb71c9ef2e60c5503e6c0d19253dcb49cd942d4fb101ec1a1f6589c8e82c3
                                            • Instruction Fuzzy Hash: 84F0D9355D1524BECB623B23DD829877AB2BF04B18350552EB04610833DA967CE19E4C
                                            Function 004094E2 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 73windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00409190: memset.MSVCRT ref: 004091E2
                                              • Part of subcall function 00409190: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091F6
                                              • Part of subcall function 00409190: SHGetFileInfoW.SHELL32(?,00000000,00000000,000002B4,00000103), ref: 00409216
                                              • Part of subcall function 00409190: GetDlgItem.USER32(?,000004B7), ref: 00409229
                                              • Part of subcall function 00409190: SetWindowLongW.USER32(00000000,000000FC,Function_0000808C), ref: 00409237
                                              • Part of subcall function 004079B7: GetDlgItem.USER32(?,?), ref: 004079C4
                                              • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                              • Part of subcall function 00407925: GetDlgItem.USER32(?,?), ref: 0040792D
                                            • GetDlgItem.USER32(?,000004B6), ref: 00409524
                                            • DestroyWindow.USER32(00000000), ref: 00409527
                                            • CreateWindowExA.USER32(00000200,Edit,0041DE2A,500100A0,?,?,?,?,?,000004B6,00000000,00000000), ref: 0040955D
                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0040956D
                                            • GetDlgItem.USER32(?,000004B6), ref: 0040957A
                                            • SendMessageW.USER32(00000000,00000030,?,00000001), ref: 00409584
                                            • GetDlgItem.USER32(?,000004B6), ref: 0040958E
                                            • SetFocus.USER32(00000000), ref: 00409591
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Item$Window$MessageSend$CreateDestroyDirectoryFileFocusInfoLongShowSystemmemset
                                            • String ID: Edit
                                            • API String ID: 1904772019-554135844
                                            • Opcode ID: fa5d6b11f3bfb7040f8905d8716a38a91aa73369538ddbddf177dea4798fc51b
                                            • Instruction ID: 0e6a47c8423b62f02d93f4ef7a6912530f49f9b8c415eb71875aef5ea39149c2
                                            • Opcode Fuzzy Hash: fa5d6b11f3bfb7040f8905d8716a38a91aa73369538ddbddf177dea4798fc51b
                                            • Instruction Fuzzy Hash: 17112475E00318BBEB11ABE5CD49FAFBBBDEF89B04F104419B611B6190C675ED008729
                                            Function 00409777 Relevance: 15.1, APIs: 10, Instructions: 97COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                              • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                              • Part of subcall function 00408E57: GetSystemMetrics.USER32(00000032), ref: 00408E98
                                              • Part of subcall function 00408E57: GetSystemMetrics.USER32(00000031), ref: 00408E9D
                                              • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                              • Part of subcall function 00408E57: LoadImageW.USER32(00000000), ref: 00408EA9
                                              • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                              • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408EEF
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408EF9
                                              • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                              • Part of subcall function 00408E57: SetWindowLongW.USER32(000000F0,000000F0,00000000), ref: 00408F14
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B5), ref: 00408F22
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B5), ref: 00408F30
                                              • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                              • Part of subcall function 00408E57: SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00408F4B
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408F58
                                              • Part of subcall function 004079B7: GetDlgItem.USER32(?,?), ref: 004079C4
                                              • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                              • Part of subcall function 00407925: GetDlgItem.USER32(?,?), ref: 0040792D
                                            • ClientToScreen.USER32(?,?), ref: 004097C6
                                            • GetWindowRect.USER32(?,?), ref: 004097D9
                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 004097F1
                                            • SetWindowLongW.USER32(?,000000F0,00800000), ref: 00409807
                                            • SetWindowLongW.USER32(?,000000EC,00000008), ref: 00409810
                                            • GetWindowRect.USER32(?,?), ref: 00409819
                                              • Part of subcall function 00407AA0: GetDlgItem.USER32(?,?), ref: 00407ABE
                                              • Part of subcall function 00407AA0: SetWindowPos.USER32(00000000), ref: 00407AC5
                                            • GetDlgItem.USER32(?,000004B2), ref: 00409840
                                            • GetDlgItem.USER32(?,000004B2), ref: 0040984D
                                            • GetWindowLongW.USER32(?,000000F0), ref: 0040985A
                                            • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00409869
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Window$Item$Long$HandleLoadMessageMetricsModuleRectSendSystem$ClientIconImageScreenShow
                                            • String ID:
                                            • API String ID: 1121484998-0
                                            • Opcode ID: b58d5cfabe8e3f54eea926d8a5a69caf2518092f248e1b15b4c7d120cae08dd2
                                            • Instruction ID: eb4d2fabcb322e020ba9bdcc7ca5b571507892158c3f3be7d1bbc3ef01ce0d5d
                                            • Opcode Fuzzy Hash: b58d5cfabe8e3f54eea926d8a5a69caf2518092f248e1b15b4c7d120cae08dd2
                                            • Instruction Fuzzy Hash: F231E3B1900619BFDF10DBA9CD45EAFBBBDFB48710F104529F525F2291CB74A9008B69
                                            Function 004099C9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148EF
                                              • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148F8
                                              • Part of subcall function 004148C7: memcpy.MSVCRT(?,771B1D70,?,?,?,?,0040467D,?,771B1D70,00000000), ref: 00414912
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409A4E
                                            • _wtol.MSVCRT ref: 00409A77
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409A88
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409AD4
                                            • _wtol.MSVCRT ref: 00409AFD
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00409D4B,?,004227B8), ref: 00409B08
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409B1A
                                              • Part of subcall function 00414660: memcpy.MSVCRT(?,00000000,D(B,D(B,.\/,?,00000000,00409AC6,00000002,-00000002,?,?,00422844,00000000), ref: 0041468E
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$memcpy$_wtol$??2@
                                            • String ID: .\/
                                            • API String ID: 211236615-1884134905
                                            • Opcode ID: e4dd5e0f757c21e4c2822975ddfe278b441f20d1ef89bd084ebe2692a3c13073
                                            • Instruction ID: 2f426bf7fcc050e2f2ccbb6fef500bcc126e9f0fd43eeb082ec496173bf80244
                                            • Opcode Fuzzy Hash: e4dd5e0f757c21e4c2822975ddfe278b441f20d1ef89bd084ebe2692a3c13073
                                            • Instruction Fuzzy Hash: 2D41A332A00215ABCB25EF65EC419AAB7B5FF44318710443FE452A7292EB78AC41CB5C
                                            Function 00403F60 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 88COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414427: ??2@YAPAXI@Z.MSVCRT(?,?,00A70F28,00000000,?,00403F7E,;!@Install@!UTF-8!,?,00A70F28,00000000), ref: 00414449
                                              • Part of subcall function 00414427: ??3@YAXPAX@Z.MSVCRT(00A70F28,?,?,00A70F28,00000000,?,00403F7E,;!@Install@!UTF-8!,?,00A70F28,00000000), ref: 00414453
                                              • Part of subcall function 0041438B: memcpy.MSVCRT(?,?,?,?,?,00A70F28,00000000,00403F9B,?,00A70F28,;!@InstallEnd@!,;!@Install@!UTF-8!,?,00A70F28,00000000), ref: 004143AC
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00A70F28,;!@InstallEnd@!,;!@Install@!UTF-8!,?,00A70F28,00000000), ref: 00403FA8
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,-00000001,?,?,?,00A70F28,;!@InstallEnd@!,;!@Install@!UTF-8!,?,00A70F28,00000000), ref: 00403FC9
                                            • wsprintfA.USER32 ref: 00403FED
                                            • wsprintfA.USER32 ref: 0040401A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$wsprintf$??2@memcpy
                                            • String ID: :%hs$:Language:%u$;!@Install@!UTF-8!$;!@InstallEnd@!
                                            • API String ID: 1376779256-695273242
                                            • Opcode ID: ffccc149b743fa680d0eb0769d88808ab5d885dbcf21d5ceae07064466338ad7
                                            • Instruction ID: 55619282d89a0695e4f6350effc0af897ba8d8e27976df9351510ece20a97bca
                                            • Opcode Fuzzy Hash: ffccc149b743fa680d0eb0769d88808ab5d885dbcf21d5ceae07064466338ad7
                                            • Instruction Fuzzy Hash: 2A218571A00118ABCB05EBA5D882EEEB77DDF84305F24411FF505B3182CB7C5E848BA9
                                            Function 00407790 Relevance: 13.5, APIs: 9, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000004B3), ref: 004077A4
                                            • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004077B7
                                            • GetDlgItem.USER32(?,000004B4), ref: 004077C1
                                            • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 004077C9
                                            • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004077D9
                                            • GetDlgItem.USER32(?,?), ref: 004077E2
                                            • SendMessageW.USER32(00000000,000000F4,00000001,00000001), ref: 004077EA
                                            • GetDlgItem.USER32(?,?), ref: 004077F3
                                            • SetFocus.USER32(00000000,?,?,00000000,00408432,000004B3,00000000,?,000004B3), ref: 004077F6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ItemMessageSend$Focus
                                            • String ID:
                                            • API String ID: 3946207451-0
                                            • Opcode ID: f19a9a918d10da5fb3fb5757492b0ffe053d75d493c3690a8f8b9be1a476dd90
                                            • Instruction ID: bb603a94b1fb933569e9f7d8bab768da8117728db550847b64ef16fbddfb16f4
                                            • Opcode Fuzzy Hash: f19a9a918d10da5fb3fb5757492b0ffe053d75d493c3690a8f8b9be1a476dd90
                                            • Instruction Fuzzy Hash: 40F04F716403087BEA212B61DD86F5BBB5EEF85B44F018425F750650F0CBB7EC109A28
                                            Function 0040885E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111windowCOMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00408896
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                            • GetDlgItem.USER32(?,000004B8), ref: 004088BA
                                            • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 004088C7
                                            • wsprintfW.USER32 ref: 004088E7
                                            • GetDlgItem.USER32(?,000004B5), ref: 00408905
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00408993
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@Item$MessageSendUnothrow_t@std@@@__ehfuncinfo$??2@memcpywsprintf
                                            • String ID: %d%%
                                            • API String ID: 3036602612-1518462796
                                            • Opcode ID: 2f025100284f857c739fb0d10ddfcf10120c0a6e4a94bd107c0a039dcf2897a2
                                            • Instruction ID: 432b5be96da59719ee59c1cdf104f12e765a410818bb6324a0b4774a71f17581
                                            • Opcode Fuzzy Hash: 2f025100284f857c739fb0d10ddfcf10120c0a6e4a94bd107c0a039dcf2897a2
                                            • Instruction Fuzzy Hash: 7C41C3B1900708BFDB11ABA0CD45EDAB7B5FF48704F10842EF682662E1DB79E951CB58
                                            Function 00409D15 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 004099C9: ??3@YAXPAX@Z.MSVCRT(?,?,00000002,-00000002,?,?,00422844,00000000), ref: 00409A4E
                                              • Part of subcall function 004099C9: _wtol.MSVCRT ref: 00409A77
                                              • Part of subcall function 004099C9: ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,00409D4B,?,004227B8), ref: 00409B08
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,004227B8), ref: 00409D55
                                            • wsprintfW.USER32 ref: 00409DA4
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?), ref: 00409DC5
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,?), ref: 00409DE0
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,?), ref: 00409DE8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@_wtolwsprintf
                                            • String ID: .%03u
                                            • API String ID: 2619731350-3746577511
                                            • Opcode ID: d9da517446e7d22e7b0168033926e92862007eaf4458fa90e29128767b03b01d
                                            • Instruction ID: 0034a0038c25d7715fb85f134ff920e9ad4cb3cd18a2976f835199771390e190
                                            • Opcode Fuzzy Hash: d9da517446e7d22e7b0168033926e92862007eaf4458fa90e29128767b03b01d
                                            • Instruction Fuzzy Hash: 8F313671540218AFCF04EF65DC818EE3BA9EF04314B10403BFC25922A2EB39DD86CB88
                                            Function 004079E9 Relevance: 12.1, APIs: 8, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDC.USER32(?), ref: 004079F9
                                            • GetSystemMetrics.USER32(0000000B), ref: 00407A15
                                            • GetSystemMetrics.USER32(0000003D), ref: 00407A1E
                                            • GetSystemMetrics.USER32(0000003E), ref: 00407A25
                                            • SelectObject.GDI32(?,?), ref: 00407A40
                                            • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00407A5B
                                            • SelectObject.GDI32(?,?), ref: 00407A81
                                            • ReleaseDC.USER32(?,?), ref: 00407A90
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: MetricsSystem$ObjectSelect$DrawReleaseText
                                            • String ID:
                                            • API String ID: 2466489532-0
                                            • Opcode ID: 32584a4472645db3aff27f6520096e7dc3bbedd979ffd5018345eaf338595b88
                                            • Instruction ID: d7a645f58c53ce30d97dd646464eddd9bcb9b2579cd2f157b80914e8c8c63eec
                                            • Opcode Fuzzy Hash: 32584a4472645db3aff27f6520096e7dc3bbedd979ffd5018345eaf338595b88
                                            • Instruction Fuzzy Hash: 642138B1D00209EFCB11DFA5DD84A8EBFF4EF08364F10C46AE429A62A0C735AA51DF50
                                            Function 00409F61 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 166sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(00000064,0042289C,00000000,00000000), ref: 0040A159
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: BeginPrompt$ErrorTitle$FinishMessage$HelpText$WarningTitle$hA
                                            • API String ID: 3472027048-521349007
                                            • Opcode ID: 9c1cac134e722dcd1e5fd9c3bbf26f4cbc7f9728f35d472b3f288e2e11dd9c58
                                            • Instruction ID: 4f1981a800d2a26433a0518d47595aec0fb4d88ed4768baaab3659b3bb23ff90
                                            • Opcode Fuzzy Hash: 9c1cac134e722dcd1e5fd9c3bbf26f4cbc7f9728f35d472b3f288e2e11dd9c58
                                            • Instruction Fuzzy Hash: D051E670E043069ADB24EB5289117AE73B1AB90314F50803FE9467B2D5DBBC5E96C68F
                                            Function 0040B810 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 121COMMON
                                            Download Yara Rule
                                            APIs
                                            • memset.MSVCRT ref: 0040B869
                                            • ??2@YAPAXI@Z.MSVCRT(?,?,?,00000000,?), ref: 0040B890
                                            • memcpy.MSVCRT(00000000,?,?,?,?,00000000,?), ref: 0040B8A3
                                            • memcpy.MSVCRT(?,?,?,00000000,?,?,?,?,00000000,?), ref: 0040B8B6
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,?), ref: 0040B96E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: memcpy$??2@??3@memset
                                            • String ID: gj
                                            • API String ID: 1510051167-4203073231
                                            • Opcode ID: 982258c9eb68fed6b8587fd6be484b8c8765853708b82f1a6f463a3f96eb6ae9
                                            • Instruction ID: 5ab1223f956dad006c461569b39dc5db1a7a3ac289c35279b9943f5a0f586916
                                            • Opcode Fuzzy Hash: 982258c9eb68fed6b8587fd6be484b8c8765853708b82f1a6f463a3f96eb6ae9
                                            • Instruction Fuzzy Hash: DB419BB25043009FC324EF25C88095BB7E5FF99718F148E2EE4DA97652E734E9498B89
                                            Function 00405F0F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 96COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(00406540,?,00406540,?,00422844,;!@InstallEnd@!,00422844,;!@Install@!UTF-8!,00422494,00000000,00000001,?,00000000,004227B8), ref: 00405FF4
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000001,00000000,00000000,00000001,?,00000000,004227B8), ref: 00405F90
                                            • ??3@YAXPAX@Z.MSVCRT(00406540,?,00406540,?,00422844,;!@InstallEnd@!,00422844,;!@Install@!UTF-8!,00422494,00000000,00000001,?,00000000,004227B8), ref: 0040600C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$memcpy
                                            • String ID: ;!@Install@!UTF-8!$;!@InstallEnd@!$&@
                                            • API String ID: 750647942-3840191401
                                            • Opcode ID: bb13985beaa53bcc6efe9f2370200bb0b00f1dee3feda260d793c780da637148
                                            • Instruction ID: c3f501718d29e0609bacf028bb7e0f5575d8248d997bf9953d440c615c71183d
                                            • Opcode Fuzzy Hash: bb13985beaa53bcc6efe9f2370200bb0b00f1dee3feda260d793c780da637148
                                            • Instruction Fuzzy Hash: C7314F71D00119AADF05EFD6DD829EEBB74EF94318F20002BF502B21E1DB791A85CB69
                                            Function 00401AA4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringwindowCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: wsprintf$ExitMessageProcesslstrcat
                                            • String ID: 0x%p
                                            • API String ID: 1920160435-1745605757
                                            • Opcode ID: 93d18b53ccba8d9edddcd42a3ab1868249107ae761a398cbacb0d1e9d6d65855
                                            • Instruction ID: bdd98ded1a4888b9718e7119b40d0133e4242b4b1d5a6e7b56f428a96039426d
                                            • Opcode Fuzzy Hash: 93d18b53ccba8d9edddcd42a3ab1868249107ae761a398cbacb0d1e9d6d65855
                                            • Instruction Fuzzy Hash: FA2157B1A04218BFDB20EFB4DD85A9A77BCEF44344F50047AA501F3191DB78AA448B69
                                            Function 00407E82 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            • SystemParametersInfoW.USER32(00000029,00000000,?,00000000), ref: 00407EB7
                                            • GetDC.USER32(00000000), ref: 00407EC2
                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00407ECE
                                            • MulDiv.KERNEL32(?,00000048,00000000), ref: 00407EDD
                                            • ReleaseDC.USER32(00000000,?), ref: 00407EEB
                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00407F13
                                            • DialogBoxIndirectParamW.USER32(00000000,?,?,Function_00007640), ref: 00407F45
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: CapsDeviceDialogHandleIndirectInfoModuleParamParametersReleaseSystem
                                            • String ID:
                                            • API String ID: 3212456201-0
                                            • Opcode ID: 6c6e9f6cbb186afbd910bba0e3b424dc6f845c5392de7f31c0f4edd618176398
                                            • Instruction ID: e5cbe167788b7df0f190fda5ad4873b435a8e75dd499519e5841f70fb4c46128
                                            • Opcode Fuzzy Hash: 6c6e9f6cbb186afbd910bba0e3b424dc6f845c5392de7f31c0f4edd618176398
                                            • Instruction Fuzzy Hash: AC219371D40668BFDB215F619C48EEB7BBCEB89711F4040AAF909A6190D7344E80CB69
                                            Function 00408A8A Relevance: 10.6, APIs: 7, Instructions: 63timethreadinjectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • EndDialog.USER32(?,00000000), ref: 00408AA4
                                            • KillTimer.USER32(?,00000001), ref: 00408AB5
                                            • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408AE0
                                            • SuspendThread.KERNEL32(00000374), ref: 00408AF9
                                            • ResumeThread.KERNEL32(00000374), ref: 00408B17
                                            • EndDialog.USER32(?,00000000), ref: 00408B39
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: DialogThreadTimer$KillResumeSuspend
                                            • String ID:
                                            • API String ID: 4151135813-0
                                            • Opcode ID: 885b3203f5fafc8ea029e998e3dfa88956fb95a6329574f64dc11b18cd69f5ab
                                            • Instruction ID: e0febfc1c518c38718134784bfd0cfd8211ff2635dc020f4aeb641ff724bccfa
                                            • Opcode Fuzzy Hash: 885b3203f5fafc8ea029e998e3dfa88956fb95a6329574f64dc11b18cd69f5ab
                                            • Instruction Fuzzy Hash: 98116DB0700204AFD7256F21EF85A6737ADEB60785B40403EF696A15A0CFB8AC02DF1C
                                            Function 00403526 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148EF
                                              • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148F8
                                              • Part of subcall function 004148C7: memcpy.MSVCRT(?,771B1D70,?,?,?,?,0040467D,?,771B1D70,00000000), ref: 00414912
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • ??3@YAXPAX@Z.MSVCRT(0040555A,0040555A,00000000,%%T\,0041DBF8,0042289C,00000000,?,0040555A,0041EFB4,00407974,00000000,00000000,?), ref: 0040356F
                                            • ??3@YAXPAX@Z.MSVCRT(0040555A,0040555A,00000000,%%T/,0041DBE8,0042289C,0040555A,00000000,%%T\,0041DBF8,0042289C,00000000,?,0040555A,0041EFB4,00407974), ref: 004035AA
                                            • ??3@YAXPAX@Z.MSVCRT(0040555A,0040555A,0042289C,0040555A,0040555A,00000000,%%T/,0041DBE8,0042289C,0040555A,00000000,%%T\,0041DBF8,0042289C,00000000,?), ref: 004035CD
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,0040555A,0040555A,0042289C,0040555A,0040555A,00000000,%%T/,0041DBE8,0042289C,0040555A,00000000,%%T\,0041DBF8,0042289C,00000000), ref: 004035D5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$memcpy$??2@
                                            • String ID: %%T/$%%T\
                                            • API String ID: 3447362686-2679640699
                                            • Opcode ID: 2bd3869f0c11202dcf2497b639ef63ba0f5185e1f633ba9c7ad340e17c03d490
                                            • Instruction ID: 166c9580e81c2123b542eeb7ffed12b91935a7def8928b4aa084c00800812ce8
                                            • Opcode Fuzzy Hash: 2bd3869f0c11202dcf2497b639ef63ba0f5185e1f633ba9c7ad340e17c03d490
                                            • Instruction Fuzzy Hash: B0113DB5D441096A8B04FBA1DC93DEFB77C9E84704F10416FB112B2092DF686AC5CA98
                                            Function 004035E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148EF
                                              • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148F8
                                              • Part of subcall function 004148C7: memcpy.MSVCRT(?,771B1D70,?,?,?,?,0040467D,?,771B1D70,00000000), ref: 00414912
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • ??3@YAXPAX@Z.MSVCRT(0040552B,0040552B,00000000,%%S\,0041DBF8,00422794,00000000,?,0040552B,0041EFB4,00407974,00000000,00000000,?), ref: 00403629
                                            • ??3@YAXPAX@Z.MSVCRT(0040552B,0040552B,00000000,%%S/,0041DBE8,00422794,0040552B,00000000,%%S\,0041DBF8,00422794,00000000,?,0040552B,0041EFB4,00407974), ref: 00403664
                                            • ??3@YAXPAX@Z.MSVCRT(0040552B,0040552B,00422794,0040552B,0040552B,00000000,%%S/,0041DBE8,00422794,0040552B,00000000,%%S\,0041DBF8,00422794,00000000,?), ref: 00403687
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,0040552B,0040552B,00422794,0040552B,0040552B,00000000,%%S/,0041DBE8,00422794,0040552B,00000000,%%S\,0041DBF8,00422794,00000000), ref: 0040368F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$memcpy$??2@
                                            • String ID: %%S/$%%S\
                                            • API String ID: 3447362686-358529586
                                            • Opcode ID: c5102c029cdb3d12ac855eb080264e10659566beaa8db6ce68d0d1493529207a
                                            • Instruction ID: 6751733f6835679305e27ae318cc34a62e234db39242876c41385dbdc84acb9b
                                            • Opcode Fuzzy Hash: c5102c029cdb3d12ac855eb080264e10659566beaa8db6ce68d0d1493529207a
                                            • Instruction Fuzzy Hash: 46113DB5D440186ACB04FBA1DC93DEFB77C9E84704F10416FB112B2092EF786AC5CAA8
                                            Function 0040369A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148EF
                                              • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148F8
                                              • Part of subcall function 004148C7: memcpy.MSVCRT(?,771B1D70,?,?,?,?,0040467D,?,771B1D70,00000000), ref: 00414912
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • ??3@YAXPAX@Z.MSVCRT(00405537,00405537,00000000,%%M\,0041DBF8,004227AC,00000000,?,00405537,0041EFB4,00407974,00000000,00000000,?), ref: 004036E3
                                            • ??3@YAXPAX@Z.MSVCRT(00405537,00405537,00000000,%%M/,0041DBE8,004227AC,00405537,00000000,%%M\,0041DBF8,004227AC,00000000,?,00405537,0041EFB4,00407974), ref: 0040371E
                                            • ??3@YAXPAX@Z.MSVCRT(00405537,00405537,004227AC,00405537,00405537,00000000,%%M/,0041DBE8,004227AC,00405537,00000000,%%M\,0041DBF8,004227AC,00000000,?), ref: 00403741
                                            • ??3@YAXPAX@Z.MSVCRT(00000000,00405537,00405537,004227AC,00405537,00405537,00000000,%%M/,0041DBE8,004227AC,00405537,00000000,%%M\,0041DBF8,004227AC,00000000), ref: 00403749
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$memcpy$??2@
                                            • String ID: %%M/$%%M\
                                            • API String ID: 3447362686-4143866494
                                            • Opcode ID: e762984c76011ef12ca27b7a1e2371d27fc4346b0628bafdf22f5638e4ca445c
                                            • Instruction ID: 917775b58852407d444846b0aa1479805c178b4686cdde28d42bb90dc1711a01
                                            • Opcode Fuzzy Hash: e762984c76011ef12ca27b7a1e2371d27fc4346b0628bafdf22f5638e4ca445c
                                            • Instruction Fuzzy Hash: AF1130B5D440187ACB04FB91DC93DEFB77C9E84704F10406FB116B2092EF686AC5CA98
                                            Function 00418480 Relevance: 10.5, APIs: 7, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,004184F4,?,?,00418586,?,?,?,0041AE17), ref: 0041848B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,004184F4,?,?,00418586,?,?,?,0041AE17), ref: 0041849F
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,004184F4,?,?,00418586,?,?,?,0041AE17), ref: 004184AA
                                            • ??3@YAXPAX@Z.MSVCRT(0041AE17,?,?,?,?,?,004184F4,?,?,00418586,?,?,?,0041AE17), ref: 004184B5
                                            • ??3@YAXPAX@Z.MSVCRT(?,0041AE17,?,?,?,?,?,004184F4,?,?,00418586,?,?,?,0041AE17), ref: 004184C0
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,0041AE17,?,?,?,?,?,004184F4,?,?,00418586,?,?,?,0041AE17), ref: 004184CB
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,0041AE17,?,?,?,?,?,004184F4,?,?,00418586,?), ref: 004184D6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: f70be27807797ce7c26ea69ed98ffc78a6c2594a131c428ecde169c1c0b094d5
                                            • Instruction ID: f1de91cbc462ee97d673e7db93c01427bec84cd42ac756398f0c521e5fe4e4e7
                                            • Opcode Fuzzy Hash: f70be27807797ce7c26ea69ed98ffc78a6c2594a131c428ecde169c1c0b094d5
                                            • Instruction Fuzzy Hash: DE01C471480B54ABC2316F17CD85847FEF1FF94B04340591FA08602932C7B5B891DF48
                                            Function 00419DAA Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 354COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 0041911E: ??3@YAXPAX@Z.MSVCRT(?,?,004195A7,?), ref: 00419123
                                              • Part of subcall function 0041911E: ??2@YAPAXI@Z.MSVCRT(00000000,?,?,004195A7,?), ref: 0041913E
                                              • Part of subcall function 0041914B: ??3@YAXPAX@Z.MSVCRT(?,?,00419E0A,00000000,00000001,?,?,0000000B,00000000), ref: 00419150
                                              • Part of subcall function 0041914B: ??2@YAPAXI@Z.MSVCRT(?,?,?,00419E0A,00000000,00000001,?,?,0000000B,00000000), ref: 0041915C
                                              • Part of subcall function 0040BF30: ??3@YAXPAX@Z.MSVCRT(?,?,?,0040C089,?,?,?,?,?,?,?,0041CA10,000000FF), ref: 0040BF44
                                              • Part of subcall function 0040BF30: ??2@YAPAXI@Z.MSVCRT(00000000,?,?,0040C089,?,?,?,?,?,?,?,0041CA10,000000FF), ref: 0040BF5E
                                              • Part of subcall function 0040BF30: memcpy.MSVCRT(?,?,00000000,?,?,0040C089,?,?,?,?,?,?,?,0041CA10,000000FF), ref: 0040BF78
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,00000000,00000001,?,?,0000000B,00000000), ref: 00419E8C
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,00000000,00000001,?,?,0000000B,00000000), ref: 00419E94
                                              • Part of subcall function 004190F1: ??3@YAXPAX@Z.MSVCRT(?,00000000,00419CEC,00000001,00000009,00000000), ref: 004190F6
                                              • Part of subcall function 004190F1: ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,00419CEC,00000001,00000009,00000000), ref: 00419111
                                              • Part of subcall function 00419725: memset.MSVCRT ref: 0041973D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@$memcpymemset
                                            • String ID: $!$@
                                            • API String ID: 1807930983-2517134481
                                            • Opcode ID: f179f206ab315a89253d4d1cae131543762475f9238fa3fe184e8bee0db2a210
                                            • Instruction ID: 3ffa3ad4b5ccc8a9926622aa3f55e201b9f90fd758da49e30c43fec7e53f582a
                                            • Opcode Fuzzy Hash: f179f206ab315a89253d4d1cae131543762475f9238fa3fe184e8bee0db2a210
                                            • Instruction Fuzzy Hash: 48E15C74901209EFCF14DF95C590AEDBBB2BF49314F24805EE806AB352DB39A9D1CB49
                                            Function 00401368 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,?,00000000,004227B8,004227B8,004227B8,?,00406701,00000000,?,00000000), ref: 004013B1
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,004227B8,004227B8,004227B8,?,00406701,00000000,?,00000000), ref: 004013E9
                                            • ??2@YAPAXI@Z.MSVCRT(00000014,?,00000000,004227B8,004227B8,004227B8,?,00406701,00000000,?,00000000), ref: 004013F3
                                            • GetTickCount.KERNEL32 ref: 00401414
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00401440
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 00401453
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@$CountTick
                                            • String ID:
                                            • API String ID: 590505967-0
                                            • Opcode ID: cc5584228829aa091fb57565e76da412ae3316159dd86bad775da0cb815725cf
                                            • Instruction ID: 003ae7c08c8171e42d60e6727e1d5df914aaf81fbeeeab4e494b2dbabceb1a0e
                                            • Opcode Fuzzy Hash: cc5584228829aa091fb57565e76da412ae3316159dd86bad775da0cb815725cf
                                            • Instruction Fuzzy Hash: 5831D331A00210AFCB24AFA5C8859AEB7E4EF05754B10407FF905B72B2CB788D828B58
                                            Function 00405CA1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004075CF: KiUserCallbackDispatcher.NTDLL(00000010), ref: 00407611
                                              • Part of subcall function 004075CF: GetSystemMetrics.USER32(00000011), ref: 0040761F
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • wsprintfW.USER32 ref: 00405D44
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000011,?,00000000,0041EBE4,?), ref: 00405D81
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: memcpy$??3@CallbackDispatcherMetricsSystemUserwsprintf
                                            • String ID: %X - %03X - %03X - %03X - %03X$<A$Volumes
                                            • API String ID: 2991351368-3399665096
                                            • Opcode ID: cca3d016d0d10c9324117511857327f5cbdbfd0e0816387f27fc84f9d0f4fe5d
                                            • Instruction ID: ad8d23a7da3522afc9b8f86878820b42e07b12c4948eacb7cadc135188fea655
                                            • Opcode Fuzzy Hash: cca3d016d0d10c9324117511857327f5cbdbfd0e0816387f27fc84f9d0f4fe5d
                                            • Instruction Fuzzy Hash: 0A21A171D442186ACB14FB96EC46EDEB334FF80704F50417AB502760D1DB782A45CB8C
                                            Function 004042B5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                              • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT(?,?,771B1D70,00000000,?,?,?,?,?,?,?,?,?,?,004060CA,00000000), ref: 00404244
                                            • GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                            • GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                            • wsprintfW.USER32 ref: 00404318
                                            • GetFileAttributesW.KERNEL32(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: PathTemp$??2@??3@AttributesFilewcsncpywsprintf
                                            • String ID: PreExtract
                                            • API String ID: 342973707-1883995278
                                            • Opcode ID: a6599ca690dd662ebfa5923f67b0ec3bebfb6a87c19678d5d5b6f9956c1d313b
                                            • Instruction ID: 23435fb80e171e00c8212a570b1b2e158bd2c4d8a66f38a82b80c7934b06bc9c
                                            • Opcode Fuzzy Hash: a6599ca690dd662ebfa5923f67b0ec3bebfb6a87c19678d5d5b6f9956c1d313b
                                            • Instruction Fuzzy Hash: 6E0126B03006185BC224AB6A9C49D2EF79DFFC4748B01447EF116D72E2CF7968068668
                                            Function 00407489 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(00000000,00422868,0041DA3C,00422868,00422868,00422868,?,004073E8,00000000,00000000,0041DA3C,PreExtract,PreExtract,0042289C,00000000), ref: 004074CF
                                            • ??3@YAXPAX@Z.MSVCRT(?,00422868,0041DA3C,00422868,00422868,00422868,?,004073E8,00000000,00000000,0041DA3C,PreExtract,PreExtract,0042289C,00000000), ref: 004074FC
                                            • ??2@YAPAXI@Z.MSVCRT(00000048,00422868,0041DA3C,00422868,00422868,00422868,?,004073E8,00000000,00000000,0041DA3C,PreExtract,PreExtract,0042289C,00000000), ref: 0040750B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,004073E8,00000000,00000000,0041DA3C,PreExtract,PreExtract,0042289C,00000000), ref: 00407559
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,004073E8,00000000,00000000,0041DA3C,PreExtract,PreExtract,0042289C,00000000), ref: 0040756B
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@
                                            • String ID:
                                            • API String ID: 4113381792-0
                                            • Opcode ID: 5822dc373370c7675d9c9ba179d4dc73c5104909e8b5aa0a8ff9cf6a061ff8a3
                                            • Instruction ID: 58b793ad712c308d4ddd91de517e6b93f9a326b0b37e95d3d2077ce1cdaad68c
                                            • Opcode Fuzzy Hash: 5822dc373370c7675d9c9ba179d4dc73c5104909e8b5aa0a8ff9cf6a061ff8a3
                                            • Instruction Fuzzy Hash: 51312871E095217BCB256F648C459AFB7649F41B14B10007FF9427B7D2CB78AC02869E
                                            Function 004015B3 Relevance: 7.6, APIs: 5, Instructions: 88stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            • lstrlenW.KERNEL32(00422090,?,00A70E5E,004227B8,?,?,?,?,?,?,0040197C), ref: 004015CE
                                            • ??3@YAXPAX@Z.MSVCRT(?,0000FDE9,00A70E60,00000000,?,?,?,?,?,?,0040197C), ref: 0040167A
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,0000FDE9,00A70E60,00000000,?,?,?,?,?,?,0040197C), ref: 00401682
                                            • ??3@YAXPAX@Z.MSVCRT(?,0000FDE9,00A70E60,00000000,?,?,?,?,?,?,0040197C), ref: 00401691
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,0000FDE9,00A70E60,00000000,?,?,?,?,?,?,0040197C), ref: 00401699
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$lstrlen
                                            • String ID:
                                            • API String ID: 2031685711-0
                                            • Opcode ID: 6e300843ff67a2a88a322c4735bf088cad46bbe0d2c8f862c11a2a388a4ba63a
                                            • Instruction ID: 15beb7f568587da81f6b74c4144e5d976d5c6ef319186cdd4b388d545bbf5f64
                                            • Opcode Fuzzy Hash: 6e300843ff67a2a88a322c4735bf088cad46bbe0d2c8f862c11a2a388a4ba63a
                                            • Instruction Fuzzy Hash: 4921D432E04215ABDB34AB64DC817EFB3B5AB51304F14483FE542B72E1E6B94D45CA4D
                                            Function 00409190 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00407925: GetDlgItem.USER32(?,?), ref: 0040792D
                                              • Part of subcall function 004079B7: GetDlgItem.USER32(?,?), ref: 004079C4
                                              • Part of subcall function 004079B7: ShowWindow.USER32(00000000,?), ref: 004079DB
                                            • memset.MSVCRT ref: 004091E2
                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004091F6
                                            • SHGetFileInfoW.SHELL32(?,00000000,00000000,000002B4,00000103), ref: 00409216
                                            • GetDlgItem.USER32(?,000004B7), ref: 00409229
                                            • SetWindowLongW.USER32(00000000,000000FC,Function_0000808C), ref: 00409237
                                              • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00409247), ref: 00408E81
                                              • Part of subcall function 00408E57: LoadIconW.USER32(00000000), ref: 00408E84
                                              • Part of subcall function 00408E57: GetSystemMetrics.USER32(00000032), ref: 00408E98
                                              • Part of subcall function 00408E57: GetSystemMetrics.USER32(00000031), ref: 00408E9D
                                              • Part of subcall function 00408E57: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00409247), ref: 00408EA6
                                              • Part of subcall function 00408E57: LoadImageW.USER32(00000000), ref: 00408EA9
                                              • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000001,?), ref: 00408EC9
                                              • Part of subcall function 00408E57: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408ED2
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408EEF
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408EF9
                                              • Part of subcall function 00408E57: GetWindowLongW.USER32(?,000000F0), ref: 00408F05
                                              • Part of subcall function 00408E57: SetWindowLongW.USER32(000000F0,000000F0,00000000), ref: 00408F14
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B5), ref: 00408F22
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B5), ref: 00408F30
                                              • Part of subcall function 00408E57: GetWindowLongW.USER32(000000F0,000000F0), ref: 00408F3C
                                              • Part of subcall function 00408E57: SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00408F4B
                                              • Part of subcall function 00408E57: GetDlgItem.USER32(?,000004B2), ref: 00408F58
                                              • Part of subcall function 004085BD: GetDlgItem.USER32(?,000004B6), ref: 004085D3
                                              • Part of subcall function 004085BD: SetFocus.USER32(00000000,?,?,?,?,00408678,?), ref: 004085D6
                                              • Part of subcall function 004085BD: GetDlgItem.USER32(?,000004B6), ref: 004085E6
                                              • Part of subcall function 004085BD: GetDlgItem.USER32(?,000004B6), ref: 004085FB
                                              • Part of subcall function 004085BD: SendMessageW.USER32(00000000,000000B1,0000002A,0000002A), ref: 00408605
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Item$Window$Long$MessageSendSystem$HandleLoadMetricsModule$DirectoryFileFocusIconImageInfoShowmemset
                                            • String ID:
                                            • API String ID: 358862773-0
                                            • Opcode ID: 81ec041cacca2d59917e046878064d1098f3cedd17596b8ea65ee1b3a9ebd4b2
                                            • Instruction ID: 2561db17b14fe2180de4adf028dc837e5a6c8d79ccad7adf452e374fc0286804
                                            • Opcode Fuzzy Hash: 81ec041cacca2d59917e046878064d1098f3cedd17596b8ea65ee1b3a9ebd4b2
                                            • Instruction Fuzzy Hash: 941186B1E40314A7DB20ABA5DD49F9E77BCAB84B04F00456FB651E32C1DBB8D9448B68
                                            Function 004085BD Relevance: 7.5, APIs: 5, Instructions: 36windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetDlgItem.USER32(?,000004B6), ref: 004085D3
                                            • SetFocus.USER32(00000000,?,?,?,?,00408678,?), ref: 004085D6
                                            • GetDlgItem.USER32(?,000004B6), ref: 004085E6
                                              • Part of subcall function 0040790B: SetWindowTextW.USER32(00000000,00000000), ref: 00407913
                                            • GetDlgItem.USER32(?,000004B6), ref: 004085FB
                                            • SendMessageW.USER32(00000000,000000B1,0000002A,0000002A), ref: 00408605
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Item$FocusMessageSendTextWindow
                                            • String ID:
                                            • API String ID: 3590784419-0
                                            • Opcode ID: e6a2ec5d3cd3bb36a0cbfbe33b996c03fcc3e893fcc4284e1da6b571b5e81bd3
                                            • Instruction ID: dfb0d4cc9c3e97a0b9eaad954ec70788f15d407bef407a446d7597729d91de54
                                            • Opcode Fuzzy Hash: e6a2ec5d3cd3bb36a0cbfbe33b996c03fcc3e893fcc4284e1da6b571b5e81bd3
                                            • Instruction Fuzzy Hash: 9AF0E5F260021CBFEB203762ED48C6BBF9DEB893543014039F61182220CB76AC008B74
                                            Function 004169D1 Relevance: 7.5, APIs: 5, Instructions: 15COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,004172AA,?,00000000), ref: 004169D7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,004172AA,?,00000000), ref: 004169DF
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,004172AA,?,00000000), ref: 004169E7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,00000000,004172AA,?,00000000), ref: 004169EF
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,00000000,004172AA,?,00000000), ref: 004169F6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 8a5a2e405d1432d98089c8393cabaddf830d6e4b9731c333b05916df35becb7d
                                            • Instruction ID: f2f6c36ad054111763b42ac461140cf9b87e5ea67fb04b9142b7eb6dfeeb418c
                                            • Opcode Fuzzy Hash: 8a5a2e405d1432d98089c8393cabaddf830d6e4b9731c333b05916df35becb7d
                                            • Instruction Fuzzy Hash: 15D0C7395C0534BACA223B16EC439C77AB1AF00B18305056FB08611433DAD67CE19E4C
                                            Function 00408765 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00408491: GetSystemMetrics.USER32(0000000B), ref: 004084B9
                                              • Part of subcall function 00408491: GetSystemMetrics.USER32(0000000C), ref: 004084C0
                                            • GetSystemMetrics.USER32(00000007), ref: 0040877C
                                            • GetSystemMetrics.USER32(00000007), ref: 0040878D
                                            • ??3@YAXPAX@Z.MSVCRT(?,000004B8,?,?), ref: 00408854
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: MetricsSystem$??3@
                                            • String ID: 100%%
                                            • API String ID: 2562992111-568723177
                                            • Opcode ID: 215862bf18c0b19acf3a5a04a03fef2e0f3c712f031a6f0c4fe28fba1ed1db42
                                            • Instruction ID: 10e9ef11b9d6995cf4d40546f1a555f884e94b1a38fc22ac62b53fc30b8b1b4d
                                            • Opcode Fuzzy Hash: 215862bf18c0b19acf3a5a04a03fef2e0f3c712f031a6f0c4fe28fba1ed1db42
                                            • Instruction Fuzzy Hash: 1231B471A007059FCB20EFA9DA419AFB7F4EF50304B10052ED582A25D1DB78FE45CBA9
                                            Function 00408611 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON
                                            Download Yara Rule
                                            APIs
                                            • SHBrowseForFolderW.SHELL32(?), ref: 00408639
                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00408656
                                            • SHGetMalloc.SHELL32(00000000), ref: 00408680
                                              • Part of subcall function 00414864: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 00414896
                                              • Part of subcall function 00414864: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,00404F8E,?,00000000), ref: 0041489F
                                              • Part of subcall function 00414864: memcpy.MSVCRT(?,00000000,?,?,?,?,00404F8E,?,00000000), ref: 004148B7
                                              • Part of subcall function 004085BD: GetDlgItem.USER32(?,000004B6), ref: 004085D3
                                              • Part of subcall function 004085BD: SetFocus.USER32(00000000,?,?,?,?,00408678,?), ref: 004085D6
                                              • Part of subcall function 004085BD: GetDlgItem.USER32(?,000004B6), ref: 004085E6
                                              • Part of subcall function 004085BD: GetDlgItem.USER32(?,000004B6), ref: 004085FB
                                              • Part of subcall function 004085BD: SendMessageW.USER32(00000000,000000B1,0000002A,0000002A), ref: 00408605
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Item$??2@??3@BrowseFocusFolderFromListMallocMessagePathSendmemcpy
                                            • String ID: A
                                            • API String ID: 593732027-3554254475
                                            • Opcode ID: abef69c3a689c6693ae1daabc196967bfb947067b108d8514785a3976a152fcc
                                            • Instruction ID: 334bb033f33a0169e89b3c4095cf3bc58b16b71e79b7d68a569bb45045dcd683
                                            • Opcode Fuzzy Hash: abef69c3a689c6693ae1daabc196967bfb947067b108d8514785a3976a152fcc
                                            • Instruction Fuzzy Hash: 1A117375A10114ABDB10DBA5CA48AEE77FDAF88701F1044BEE405E3280DF79DE05CB64
                                            Function 00407370 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000002,PreExtract,0041DA3C,?,00000000,?,00405B0D), ref: 004042D7
                                              • Part of subcall function 004042B5: GetTempPathW.KERNEL32(00000001,00000000,00000001,?,00000000,?,00405B0D), ref: 004042F6
                                              • Part of subcall function 004042B5: wsprintfW.USER32 ref: 00404318
                                              • Part of subcall function 004042B5: GetFileAttributesW.KERNEL32(?,?,?,00405B0D,?,?,?,?,?,?,?,?,?,?,00406FBC,00422844), ref: 0040432A
                                              • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148EF
                                              • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148F8
                                              • Part of subcall function 004148C7: memcpy.MSVCRT(?,771B1D70,?,?,?,?,0040467D,?,771B1D70,00000000), ref: 00414912
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,0041DA3C,PreExtract,PreExtract,0042289C,00000000), ref: 004073B5
                                              • Part of subcall function 0040468A: lstrlenW.KERNEL32(?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404699
                                              • Part of subcall function 0040468A: GetSystemTimeAsFileTime.KERNEL32(00402D14,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 00404705
                                              • Part of subcall function 0040468A: GetFileAttributesW.KERNELBASE(00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C,00422868), ref: 0040470C
                                              • Part of subcall function 0040468A: ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,0042289C,004227B8,00000000,?,?,?,00402D14,PreExtract,0041DA3C), ref: 004047BE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@File$AttributesPathTempTime$??2@Systemlstrlenmemcpywsprintf
                                            • String ID: 7ZipSfx.%03x$PreExtract$SfxVarApiPath
                                            • API String ID: 1986220984-914423340
                                            • Opcode ID: 39d6ec226a1a407aa982beba8d8233830cec0ac521fe9d1f75455c0481e90214
                                            • Instruction ID: 4fe307b9cc81ca859ba38963731d71e1e657172fdbf814944284d27904e1fcdc
                                            • Opcode Fuzzy Hash: 39d6ec226a1a407aa982beba8d8233830cec0ac521fe9d1f75455c0481e90214
                                            • Instruction Fuzzy Hash: 30F08671A0C60266D6047726D952AFEB3556BC1704F10423FED11761D1DB7CB846E68F
                                            Function 00408345 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00414839: memcpy.MSVCRT(00000000,00000000,?,?,?,00000000,00402552,?,?,00422788,00402895,00000000,?,00404FA5,?,?), ref: 00414855
                                            • wsprintfW.USER32 ref: 0040837B
                                              • Part of subcall function 00414922: memcpy.MSVCRT(?,00000000,00000002,00000000,?,?,00000000,00404FC1,?,0041DDC8,?,?,?,00000000), ref: 0041494F
                                            • GetDlgItem.USER32(?,?), ref: 0040839D
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000), ref: 004083AE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: memcpy$??3@Itemwsprintf
                                            • String ID: (%d%s)
                                            • API String ID: 1424909225-2087557067
                                            • Opcode ID: 4c2e4abf8fb0949f687d944acbe7981161a7f97eff8663cb11372a1bea16929d
                                            • Instruction ID: 1095c0e5d4e8a60263cd01f69a665fc3e98801ae7abcb9bbd600e73924aed479
                                            • Opcode Fuzzy Hash: 4c2e4abf8fb0949f687d944acbe7981161a7f97eff8663cb11372a1bea16929d
                                            • Instruction Fuzzy Hash: BAF0A9B18002187FDB21BB55DC06EDE77BCEF04704F10456BB552A1492DB75AA448B98
                                            Function 0040457E Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,771B1D70,00000000,?,?,?,?,?,?,?,?,?,?,004060CA,00000000), ref: 00404680
                                              • Part of subcall function 00404346: MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,00000000,004045E5,00000000,00000000,?,771B1D70,00000000), ref: 00404372
                                              • Part of subcall function 004148C7: ??2@YAPAXI@Z.MSVCRT(00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148EF
                                              • Part of subcall function 004148C7: ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,?,?,?,0040467D,?,771B1D70,00000000), ref: 004148F8
                                              • Part of subcall function 004148C7: memcpy.MSVCRT(?,771B1D70,?,?,?,?,0040467D,?,771B1D70,00000000), ref: 00414912
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 004045F1
                                              • Part of subcall function 00414962: memcpy.MSVCRT(?,?,?,00000000,?,?,00404603,?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 00414985
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 0040460D
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00000000,00000000,00000000,?,771B1D70,00000000), ref: 00404615
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@memcpy$ByteCharMultiWide
                                            • String ID:
                                            • API String ID: 1626065140-0
                                            • Opcode ID: 92b2269dcbb5469a7374e5d0293862210f50a6874d1cdadc034233de0de85a53
                                            • Instruction ID: b0a0a81bb6a2256ad0cd8ca21ba2997bb0ff50e184d4d55abff6c389da77fbe6
                                            • Opcode Fuzzy Hash: 92b2269dcbb5469a7374e5d0293862210f50a6874d1cdadc034233de0de85a53
                                            • Instruction Fuzzy Hash: DB3172B2D001199BCB10FBA5CC928EEB7B4AEA1719B10047FE911731D1EF3D5E44DA28
                                            Function 00407803 Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 0040782A
                                            • GetSystemMetrics.USER32(00000031), ref: 00407851
                                            • CreateFontIndirectW.GDI32(?), ref: 00407860
                                            • DeleteObject.GDI32(00000000), ref: 0040788F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
                                            • String ID:
                                            • API String ID: 1900162674-0
                                            • Opcode ID: 6b0baed25e051eef8abb3c10058c87645c9df880ae66aa92677688f43f21874f
                                            • Instruction ID: 6ed76f481bb13851b2ba6c7269299cba647cb843460d982c1d226789c05f16d1
                                            • Opcode Fuzzy Hash: 6b0baed25e051eef8abb3c10058c87645c9df880ae66aa92677688f43f21874f
                                            • Instruction Fuzzy Hash: 6E1133B6E00219EFDB109F54DD88FEAB7B8EB08304F04806AED15A7291DB74AE44CF55
                                            Function 0040BFD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,00000000,0040C106,?,?,?,?,00000000,0040C18F,?,?,?,?,0040C1CF), ref: 0040BFEC
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,00000000,00000000,0040C106,?,?,?,?,00000000,0040C18F,?,?,?,?,0040C1CF), ref: 0040BFF2
                                            • ??2@YAPAXI@Z.MSVCRT(00000040,00000000,00000000,0040C106,?,?,?,?,00000000,0040C18F,?,?,?,?,0040C1CF), ref: 0040BFFF
                                            • memmove.MSVCRT(-00000004,00000000,00000000), ref: 0040C035
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$??2@memmove
                                            • String ID:
                                            • API String ID: 1826340609-0
                                            • Opcode ID: 2e9aabbd6763e62352dd91b8cd2822e6dbe6a821b0ab7706498553181b88fd5f
                                            • Instruction ID: 28c01599a8efab726e8a96f9add3700168d0e8d0987dbb03bf4d91f07539ccee
                                            • Opcode Fuzzy Hash: 2e9aabbd6763e62352dd91b8cd2822e6dbe6a821b0ab7706498553181b88fd5f
                                            • Instruction Fuzzy Hash: E3015276600601ABC2209B59DC8199773F5EFC4714705853DF85A93745DB38EC528BAC
                                            Function 00404475 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                              • Part of subcall function 0040420B: wcsncpy.MSVCRT ref: 00404239
                                              • Part of subcall function 0040420B: ??3@YAXPAX@Z.MSVCRT(?,?,771B1D70,00000000,?,?,?,?,?,?,?,?,?,?,004060CA,00000000), ref: 00404244
                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,00000001,00000000,?,00000000,00000000,?), ref: 0040449D
                                            • ??3@YAXPAX@Z.MSVCRT(?), ref: 004044A6
                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000001,00000001,00000000), ref: 004044BE
                                            • ??3@YAXPAX@Z.MSVCRT(?,?), ref: 004044D6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@$EnvironmentExpandStrings$??2@wcsncpy
                                            • String ID:
                                            • API String ID: 3034541985-0
                                            • Opcode ID: c886345f42a89e38147d86890f6206be9fc0e1e3ef2aa4462b3c4a99f6da78c6
                                            • Instruction ID: 6aaab2933dda83b848260475bd0ce4bd17d474790b6213925c89a090bfd6a3a1
                                            • Opcode Fuzzy Hash: c886345f42a89e38147d86890f6206be9fc0e1e3ef2aa4462b3c4a99f6da78c6
                                            • Instruction Fuzzy Hash: 69F086B19001087ED714B755EC52DEE73BCDF80714B20417FF511B2092DB746D458A68
                                            Function 00408CE2 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                            Download Yara Rule
                                            APIs
                                            • ScreenToClient.USER32(?,?), ref: 00408D1C
                                            • GetClientRect.USER32(?,?), ref: 00408D2E
                                            • PtInRect.USER32(?,?,?), ref: 00408D3D
                                              • Part of subcall function 0040846F: KillTimer.USER32(?,00000001,?,00408D52), ref: 0040847D
                                            • CallNextHookEx.USER32(?,?,?), ref: 00408D5F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ClientRect$CallHookKillNextScreenTimer
                                            • String ID:
                                            • API String ID: 3015594791-0
                                            • Opcode ID: 993c2614d7880d53dfabe33bba4063a44cb0ef45497057784dd9015b7f499a48
                                            • Instruction ID: 3a3e0b2ee197b87f3047a46ed79295dbf0db4e011d250cd12eb6af0489ec551e
                                            • Opcode Fuzzy Hash: 993c2614d7880d53dfabe33bba4063a44cb0ef45497057784dd9015b7f499a48
                                            • Instruction Fuzzy Hash: 8001AD31200109EFDF24EF64DE45EAA7BA5FF14300704863EE895A22B0DB78E811DB19
                                            Function 00416DD5 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??3@YAXPAX@Z.MSVCRT(-00000010,00000000,?,?,?,00419A15,00000003,?,00000000,00000000,00419A72,00000000), ref: 00416DFB
                                            • ??3@YAXPAX@Z.MSVCRT(?,00000000,?,?,?,00419A15,00000003,?,00000000,00000000,00419A72,00000000), ref: 00416E0A
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00419A15,00000003,?,00000000,00000000,00419A72,00000000), ref: 00416E19
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,00419A15,00000003,?,00000000,00000000,00419A72,00000000), ref: 00416E25
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@
                                            • String ID:
                                            • API String ID: 613200358-0
                                            • Opcode ID: 20e58f5bd86f29084542dd9f6670e3fddfa2948c34d58c53b4fd5e4fcf8c5b10
                                            • Instruction ID: 5ed55d8bb8277f8b889ebe8e5b5cab0204d9acc34e3e71aa26cf118e3204e308
                                            • Opcode Fuzzy Hash: 20e58f5bd86f29084542dd9f6670e3fddfa2948c34d58c53b4fd5e4fcf8c5b10
                                            • Instruction Fuzzy Hash: C7F0243B3C16256AC225261DDC017DBBBA99F45760F16055FF84096263CA5AECD0899C
                                            Function 00404B33 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00404AF5: GetWindowTextLengthW.USER32(?), ref: 00404B02
                                              • Part of subcall function 00404AF5: GetWindowTextW.USER32(?,00000000,00000001), ref: 00404B1C
                                              • Part of subcall function 00414803: memcpy.MSVCRT(?,?,00000002,00000000,?,?,00000000,00404FB8,0041DDC8,?,?,?,00000000), ref: 00414829
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,0041DD70,0041DD78,004227F0,?,?,?,?,?,?,?,?,00407922), ref: 00404B7B
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,0041DD70,0041DD78,004227F0,?,?,?,?,?,?,?,?,00407922), ref: 00404B83
                                            • SetWindowTextW.USER32(?,?), ref: 00404B8E
                                            • ??3@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00407922), ref: 00404B99
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??3@TextWindow$Lengthmemcpy
                                            • String ID:
                                            • API String ID: 396479319-0
                                            • Opcode ID: f229cd919cc25b1b92206c6ce626db26ee042fc82295a65d0685826aff1d7155
                                            • Instruction ID: 19ea8e6cb93d9cd3ba04d51c560a34885da5182b26a5070d63b94fab34289d6b
                                            • Opcode Fuzzy Hash: f229cd919cc25b1b92206c6ce626db26ee042fc82295a65d0685826aff1d7155
                                            • Instruction Fuzzy Hash: AFF0E176D440187ACB05FBD5EC438DEB7B99E44708B2041ABF501B2095DE756E85CA9C
                                            Function 00414283 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • ??2@YAPAXI@Z.MSVCRT(?,?,00A70F28,00000000,?,00414388,?,004144E1,00000000,?,00A70F28,0041DD18,00404042,0041DD18,?,-00000001), ref: 0041429F
                                            • memcpy.MSVCRT(00000000,00A70F28,?,?,?,00A70F28,00000000,?,00414388,?,004144E1,00000000,?,00A70F28,0041DD18,00404042), ref: 004142AE
                                            • ??3@YAXPAX@Z.MSVCRT(00A70F28,00000000,00A70F28,?,?,?,00A70F28,00000000,?,00414388,?,004144E1,00000000,?,00A70F28,0041DD18), ref: 004142B5
                                            • _CxxThrowException.MSVCRT(00A70F28,0041FBDC), ref: 004142D9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@ExceptionThrowmemcpy
                                            • String ID:
                                            • API String ID: 3462485524-0
                                            • Opcode ID: 4a3b98e4c66a3f88e3597b8f47fd9310a98a9719c13361052a83b726800faf8f
                                            • Instruction ID: 5b66cd78a0db593bdef5d09f9cd12a00abbc121f78fce6118f4eaf4c7a2e81d2
                                            • Opcode Fuzzy Hash: 4a3b98e4c66a3f88e3597b8f47fd9310a98a9719c13361052a83b726800faf8f
                                            • Instruction Fuzzy Hash: 6DF0BB75140208BFC710DF55DCC198BF7EDEF54798711492FF94583102D275A8C48BA8
                                            Function 0040C140 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                            Download Yara Rule
                                            APIs
                                            • EnterCriticalSection.KERNEL32(004249F8,?,?,0040C1CF,?,?,?,?,?,0041CA20,000000FF), ref: 0040C149
                                            • LeaveCriticalSection.KERNEL32(004249F8,?,?,?,?,0040C1CF,?,?,?,?,?,0041CA20,000000FF), ref: 0040C194
                                              • Part of subcall function 0040BEA0: memmove.MSVCRT(?,?,?,?,?,?,?,00000000,?,0040C15A,?,?,?,0040C1CF), ref: 0040BF0B
                                              • Part of subcall function 0040B810: memset.MSVCRT ref: 0040B869
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: CriticalSection$EnterLeavememmovememset
                                            • String ID: (&B$(&B
                                            • API String ID: 2443406628-3506096430
                                            • Opcode ID: f016356fa7e24247763b21a98c0f9a686db0cf529d991d74a4701e524a56e4fd
                                            • Instruction ID: 853edd7aaeb107b7cb5601c09f28b255d6913e1c7a09ba2968700e737119d554
                                            • Opcode Fuzzy Hash: f016356fa7e24247763b21a98c0f9a686db0cf529d991d74a4701e524a56e4fd
                                            • Instruction Fuzzy Hash: B6E08C71382121628A1533393C55AFA261EDEC6348B45023BB6417B2C2CFAD184786FD
                                            Function 00408183 Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetObjectW.GDI32(?,0000005C,?), ref: 0040819E
                                            • CreateFontIndirectW.GDI32(?), ref: 004081B4
                                            • GetDlgItem.USER32(?,000004B5), ref: 004081C8
                                            • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 004081D4
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: CreateFontIndirectItemMessageObjectSend
                                            • String ID:
                                            • API String ID: 2001801573-0
                                            • Opcode ID: afbff07d09dddf9371f97f906327bbbd58aa03dbd1351fda712479fe90e32f0f
                                            • Instruction ID: d5b718cc934acb00f13f44d7e909b03c4c551f7785cdaa53379e29aff312fd17
                                            • Opcode Fuzzy Hash: afbff07d09dddf9371f97f906327bbbd58aa03dbd1351fda712479fe90e32f0f
                                            • Instruction Fuzzy Hash: 70F054B5900714ABD7205B94DD09F8B7BACAF48B15F048039AD52E51D5DBB4D4068B28
                                            Function 004038D4 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetParent.USER32 ref: 004038DC
                                            • GetWindowRect.USER32(?,?), ref: 004038EA
                                            • ScreenToClient.USER32(00000000,?), ref: 004038F8
                                            • ScreenToClient.USER32(00000000,?), ref: 004038FF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ClientScreen$ParentRectWindow
                                            • String ID:
                                            • API String ID: 2099118873-0
                                            • Opcode ID: 4c92e9c479757e8e066bde25e06fea40a487b1c64e9eb2093d4279233fbb5f16
                                            • Instruction ID: 3d7e383402d4b386d472006189a1f244a9290001d11243c4274d9f08879646a2
                                            • Opcode Fuzzy Hash: 4c92e9c479757e8e066bde25e06fea40a487b1c64e9eb2093d4279233fbb5f16
                                            • Instruction Fuzzy Hash: F5E012B7A012256B931427B76C88CEB9F5CDDD65763064476F919D2210C9B8DC0185B4
                                            Function 004059A3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004147DF: ??2@YAPAXI@Z.MSVCRT(00000008,?,00406092,?,00000000), ref: 004147E7
                                            • ??3@YAXPAX@Z.MSVCRT(?,PreExtract,0041DA3C,00000000,?,00000000,PreExtract,0042289C,00000000), ref: 00405A6D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: ??2@??3@
                                            • String ID: PreExtract$Shortcut
                                            • API String ID: 1936579350-2482910946
                                            • Opcode ID: 0dd0ae17a6ba5bb441082944613ab5cd9e2653c4192df2d782b3ba17c106ff77
                                            • Instruction ID: f0f3e7433b1fc6c74c74fcfde131b98a5d6d07456df403abe6898ee91eb4b0a3
                                            • Opcode Fuzzy Hash: 0dd0ae17a6ba5bb441082944613ab5cd9e2653c4192df2d782b3ba17c106ff77
                                            • Instruction Fuzzy Hash: 632185B4A00605DACF24EA55C5856BF7775DF41728F20463BE861B62C1DA7C8E80CE69
                                            Function 00409617 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 004075CF: KiUserCallbackDispatcher.NTDLL(00000010), ref: 00407611
                                              • Part of subcall function 004075CF: GetSystemMetrics.USER32(00000011), ref: 0040761F
                                            • IsWindow.USER32(004227F0), ref: 00409635
                                            • IsBadReadPtr.KERNEL32(00000078), ref: 00409647
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: CallbackDispatcherMetricsReadSystemUserWindow
                                            • String ID: hA
                                            • API String ID: 388239213-2144240161
                                            • Opcode ID: 803d6675f1e9c557cdb4753af97064b13971d40bfe3ea479c8e0607b0e8b4fdd
                                            • Instruction ID: 53677f3ef0150f60e2e917f8fddf25ce213b8b63ff0de2c48ed14ab9013a4a30
                                            • Opcode Fuzzy Hash: 803d6675f1e9c557cdb4753af97064b13971d40bfe3ea479c8e0607b0e8b4fdd
                                            • Instruction Fuzzy Hash: 26F0F031B44214BBCB257BE19D05AD93BB5EF14704F40013AE901B61E0DFB5980ACBA9
                                            Function 004055E3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: _wtol
                                            • String ID: MiscFlags$t'B
                                            • API String ID: 2131799477-2400136614
                                            • Opcode ID: b0616bf743ce42b5889569d14b64b5fb774e87ef02abb3a457d94b56771745ef
                                            • Instruction ID: 8d513a133ae9621e771551aaefc0b9698f2617da03fa0e1a1750c1a50823643d
                                            • Opcode Fuzzy Hash: b0616bf743ce42b5889569d14b64b5fb774e87ef02abb3a457d94b56771745ef
                                            • Instruction Fuzzy Hash: C8F0A0A1C24820B1CB3846096CC843F62A3DE6E350B38053BE442F12E8C33C8CC29D5E
                                            Function 00405A8F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • MessageBoxA.USER32(00000000,Could not allocate memory,7-Zip SFX,00000010), ref: 00405A9D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.1572518642.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000000.00000002.1572472731.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572589310.000000000041D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572620745.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                            • Associated: 00000000.00000002.1572657784.0000000000427000.00000002.00000001.01000000.00000003.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_400000_8n3W4yKYeB.jbxd
                                            Similarity
                                            • API ID: Message
                                            • String ID: 7-Zip SFX$Could not allocate memory
                                            • API String ID: 2030045667-3806377612
                                            • Opcode ID: a489221f4986250d18ead154f7d6b7669e8a2de19b10e5f35446c668475b1b6f
                                            • Instruction ID: a049ee2480a7b50d5fda29a44b7701a856f8a6ed2be67fd4fe0477549e7dcf93
                                            • Opcode Fuzzy Hash: a489221f4986250d18ead154f7d6b7669e8a2de19b10e5f35446c668475b1b6f
                                            • Instruction Fuzzy Hash: DFB012743C830421D10083210C0FFC411509B0CF06F1048117902A80C2C5C87080910E

                                            Execution Graph

                                            Execution Coverage:4.4%
                                            Dynamic/Decrypted Code Coverage:19.6%
                                            Signature Coverage:2.3%
                                            Total number of Nodes:342
                                            Total number of Limit Nodes:21
                                            execution_graph 15925 7ff7c1101124 15926 7ff7c110113d 15925->15926 15927 7ff7c1101145 __scrt_acquire_startup_lock 15926->15927 15928 7ff7c110127b 15926->15928 15930 7ff7c1101285 15927->15930 15936 7ff7c1101163 __scrt_release_startup_lock 15927->15936 15944 7ff7c11017a8 IsProcessorFeaturePresent 15928->15944 15931 7ff7c11017a8 9 API calls 15930->15931 15932 7ff7c1101290 15931->15932 15934 7ff7c1101298 _exit 15932->15934 15933 7ff7c1101188 15935 7ff7c110120e _get_initial_wide_environment __p___wargv __p___argc Py_Main 15942 7ff7c11018fc GetModuleHandleW 15935->15942 15936->15933 15936->15935 15939 7ff7c1101206 _register_thread_local_exe_atexit_callback 15936->15939 15939->15935 15940 7ff7c110123b 15940->15933 15941 7ff7c1101240 _cexit 15940->15941 15941->15933 15943 7ff7c1101237 15942->15943 15943->15932 15943->15940 15945 7ff7c11017ce 15944->15945 15946 7ff7c11017dc memset RtlCaptureContext RtlLookupFunctionEntry 15945->15946 15947 7ff7c1101816 RtlVirtualUnwind 15946->15947 15948 7ff7c1101852 memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15946->15948 15947->15948 15949 7ff7c11018d2 15948->15949 15949->15930 15950 23faec1b923 15951 23faec1b94a 15950->15951 15952 23faec1b985 VirtualAlloc 15951->15952 15960 23faec1b9a2 15951->15960 15953 23faec1b9ce 15952->15953 15952->15960 15954 23faec1ba87 LoadLibraryA 15953->15954 15955 23faec1baa2 15953->15955 15953->15960 15954->15953 15955->15960 15963 23faec1bb56 15955->15963 15978 23faec1aacb 15955->15978 15957 23faec1bb2c 15958 23faec1bb30 15957->15958 15964 23faec1abe3 LoadLibraryA 15957->15964 15958->15957 15958->15960 15963->15960 15974 23faec1c17b 15963->15974 15965 23faec1ac08 15964->15965 15966 23faec1ac12 15964->15966 15965->15960 15965->15963 15966->15965 15967 23faec1ac42 VirtualProtect 15966->15967 15967->15965 15968 23faec1ac60 15967->15968 15969 23faec1ac6e VirtualProtect 15968->15969 15970 23faec1ac8e 15969->15970 15970->15965 15971 23faec1aca9 VirtualProtect 15970->15971 15971->15965 15972 23faec1acc2 15971->15972 15973 23faec1acd0 VirtualProtect 15972->15973 15973->15965 15975 23faec1c1c4 15974->15975 15976 23faec1c1e1 VirtualAlloc 15975->15976 15977 23faec1c207 15975->15977 15976->15977 15977->15960 15979 23faec1aad8 LoadLibraryA 15978->15979 15980 23faec1aaf0 15979->15980 15981 23faec1aafa 15979->15981 15980->15957 15981->15980 15982 23faec1ab2a VirtualProtect 15981->15982 15982->15980 15983 23faec1ab48 15982->15983 15984 23faec1ab56 VirtualProtect 15983->15984 15985 23faec1ab76 15984->15985 15985->15980 15986 23faec1ab91 VirtualProtect 15985->15986 15986->15980 15987 23faec1abaa 15986->15987 15988 23faec1abb8 VirtualProtect 15987->15988 15988->15980 15993 23fb08648f0 15994 23fb0864952 wprintf 15993->15994 15995 23fb0864912 15993->15995 15996 23fb0864a4d 15994->15996 15995->15994 15997 23fb0865350 15998 23fb08653ac 15997->15998 15999 23fb08656f3 wprintf 15998->15999 16001 23fb08657f5 wprintf 15999->16001 16002 23fb0865baf 16001->16002 16003 7ffb23ae42b0 16006 7ffb23ae42e0 16003->16006 16007 7ffb23ae4334 16006->16007 16010 7ffb23ae4395 16006->16010 16008 7ffb23ae436b memcpy 16007->16008 16007->16010 16008->16007 16014 7ffb23ae4730 VirtualProtect 16010->16014 16011 7ffb23ae4493 16016 7ffb23ae49a0 16011->16016 16015 7ffb23ae478c 16014->16015 16015->16011 16019 7ffb23ae49a9 16016->16019 16017 7ffb23ae4d54 IsProcessorFeaturePresent 16020 7ffb23ae4d6c 16017->16020 16018 7ffb23ae42c2 16019->16017 16019->16018 16025 7ffb23ae4e28 RtlCaptureContext 16020->16025 16026 7ffb23ae4e42 RtlLookupFunctionEntry 16025->16026 16027 7ffb23ae4e58 RtlVirtualUnwind 16026->16027 16028 7ffb23ae4d7f 16026->16028 16027->16026 16027->16028 16029 7ffb23ae4d20 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16028->16029 16030 23faec1aad8 LoadLibraryA 16031 23faec1aaf0 16030->16031 16032 23faec1aafa 16030->16032 16032->16031 16033 23faec1ab2a VirtualProtect 16032->16033 16033->16031 16034 23faec1ab48 16033->16034 16035 23faec1ab56 VirtualProtect 16034->16035 16036 23faec1ab76 16035->16036 16036->16031 16037 23faec1ab91 VirtualProtect 16036->16037 16037->16031 16038 23faec1abaa 16037->16038 16039 23faec1abb8 VirtualProtect 16038->16039 16039->16031 16040 7ffb23af2800 16041 7ffb23af2824 16040->16041 16042 7ffb23af288a 16041->16042 16043 7ffb23af7756 PyTuple_GetItem 16041->16043 16046 7ffb23af2971 16041->16046 16109 7ffb23af2a24 16042->16109 16044 7ffb23af77db 16043->16044 16068 7ffb23af776e PyErr_SetString 16043->16068 16142 7ffb23af3e98 16044->16142 16049 7ffb23af28f6 16046->16049 16050 7ffb23af299e 16046->16050 16075 7ffb23af2ac0 16049->16075 16056 7ffb23af77a0 PyErr_Format 16050->16056 16059 7ffb23af7880 _Py_Dealloc 16050->16059 16052 7ffb23af77d4 16055 7ffb23af2928 16058 7ffb23af2939 16055->16058 16063 7ffb23af789c PyObject_CallFunctionObjArgs 16055->16063 16056->16052 16057 7ffb23af77ee PyErr_SetString 16057->16068 16125 7ffb23af29c8 16058->16125 16059->16056 16061 7ffb23af28ed 16061->16049 16062 7ffb23af785b 16061->16062 16062->16056 16072 7ffb23af7790 _Py_Dealloc 16062->16072 16066 7ffb23af78e6 16063->16066 16067 7ffb23af78bf 16063->16067 16065 7ffb23af2959 16070 7ffb23af78fa 16066->16070 16071 7ffb23af78f1 _Py_Dealloc 16066->16071 16067->16066 16069 7ffb23af78c4 16067->16069 16068->16052 16069->16058 16074 7ffb23af78d7 _Py_Dealloc 16069->16074 16070->16065 16073 7ffb23af7906 _Py_Dealloc 16070->16073 16071->16070 16072->16056 16073->16065 16074->16058 16076 7ffb23af2b22 16075->16076 16077 7ffb23af7cde 16075->16077 16078 7ffb23af7ce6 PyErr_Format 16076->16078 16079 7ffb23af2b2f 16076->16079 16077->16078 16087 7ffb23af2b7c 16078->16087 16080 7ffb23af2b56 memset 16079->16080 16080->16087 16081 7ffb23af7d2d _Py_Dealloc 16081->16087 16082 7ffb23af2d33 16091 7ffb23af2d49 16082->16091 16092 7ffb23af7d7a 16082->16092 16104 7ffb23af2d64 16082->16104 16083 7ffb23af2dc6 16086 7ffb23af2de0 13 API calls 16083->16086 16084 7ffb23af7d3b 16216 7ffb23afdf5c PyUnicode_FromFormatV 16084->16216 16085 7ffb23af2bbb PyObject_CallOneArg 16085->16084 16085->16087 16086->16104 16087->16081 16087->16083 16087->16084 16087->16085 16102 7ffb23af2c1c 16087->16102 16169 7ffb23af2de0 16087->16169 16090 7ffb23af7d57 16090->16055 16095 7ffb23af2d52 16091->16095 16096 7ffb23af7d8e 16091->16096 16093 7ffb23af7da3 PyLong_FromLong 16092->16093 16094 7ffb23af7d81 16092->16094 16093->16104 16230 7ffb23afdab4 PyEval_SaveThread 16094->16230 16190 7ffb23af2740 16095->16190 16096->16093 16098 7ffb23af7d95 PyErr_SetFromWindowsErr 16096->16098 16098->16104 16100 7ffb23af2d94 16207 7ffb23af5c20 16100->16207 16102->16082 16106 7ffb23af7db1 PyErr_NoMemory 16102->16106 16107 7ffb23af2ccd 16102->16107 16104->16100 16105 7ffb23af2d84 _Py_Dealloc 16104->16105 16105->16104 16106->16090 16107->16082 16145 7ffb23af3cf0 16107->16145 16110 7ffb23af2a88 16109->16110 16111 7ffb23af2a7f 16109->16111 16112 7ffb23af7cc6 PyTuple_GetSlice 16110->16112 16114 7ffb23af28c1 16110->16114 16111->16110 16113 7ffb23af7a4e PyTuple_New 16111->16113 16113->16114 16123 7ffb23af7a5f 16113->16123 16114->16046 16114->16049 16114->16052 16114->16061 16115 7ffb23af7c64 16115->16114 16117 7ffb23af7c90 PyErr_Format 16115->16117 16116 7ffb23af7aa5 PyLong_AsUnsignedLongMask 16116->16123 16117->16114 16119 7ffb23af7c12 PyErr_Format 16119->16114 16120 7ffb23af7c4b PyErr_Format 16120->16114 16121 7ffb23af7c2e PyErr_Format 16121->16114 16122 7ffb23af3e98 PyType_IsSubtype 16122->16123 16123->16114 16123->16115 16123->16116 16123->16119 16123->16120 16123->16121 16123->16122 16293 7ffb23afc1dc 16123->16293 16301 7ffb23af23d0 _PyThreadState_GetCurrent 16123->16301 16126 7ffb23af2a11 16125->16126 16127 7ffb23af29f1 16125->16127 16126->16065 16128 7ffb23af2a03 16127->16128 16129 7ffb23af7918 16127->16129 16128->16126 16130 7ffb23af7a2d _Py_Dealloc 16128->16130 16131 7ffb23af7928 16129->16131 16132 7ffb23af7922 _Py_Dealloc 16129->16132 16130->16126 16133 7ffb23af7932 PyTuple_New 16131->16133 16135 7ffb23af7961 16131->16135 16132->16131 16134 7ffb23af7947 16133->16134 16133->16135 16134->16126 16137 7ffb23af7951 _Py_Dealloc 16134->16137 16136 7ffb23af798b PyObject_VectorcallMethod 16135->16136 16138 7ffb23af7a11 16135->16138 16139 7ffb23af79f5 16135->16139 16136->16135 16136->16138 16137->16126 16138->16126 16141 7ffb23af7a1c _Py_Dealloc 16138->16141 16139->16126 16140 7ffb23af7a00 _Py_Dealloc 16139->16140 16140->16126 16141->16126 16143 7ffb23af3ea5 16142->16143 16144 7ffb23af3eb1 PyType_IsSubtype 16142->16144 16143->16057 16143->16068 16144->16143 16146 7ffb23af3d3f ffi_prep_cif 16145->16146 16168 7ffb23af3e03 16145->16168 16147 7ffb23af3d62 16146->16147 16146->16168 16149 7ffb23af3d7a 16147->16149 16150 7ffb23af3e41 PyEval_SaveThread 16147->16150 16147->16168 16148 7ffb23af8a6d PyErr_SetString 16148->16168 16152 7ffb23af8aa7 _errno _errno 16149->16152 16153 7ffb23af3da4 ffi_call 16149->16153 16154 7ffb23af8ad2 GetLastError SetLastError 16149->16154 16150->16149 16152->16154 16155 7ffb23af3de9 16153->16155 16156 7ffb23af8afd GetLastError SetLastError 16154->16156 16155->16156 16157 7ffb23af8b17 _errno _errno 16155->16157 16158 7ffb23af3e4f PyEval_RestoreThread 16155->16158 16155->16168 16156->16157 16157->16168 16158->16168 16159 7ffb23af3e15 16161 7ffb23af3e19 PyErr_Occurred 16159->16161 16162 7ffb23af3e24 16159->16162 16160 7ffb23af8b55 PySys_Audit 16160->16168 16161->16162 16162->16082 16163 7ffb23af8b46 _Py_Dealloc 16163->16168 16164 7ffb23af8a78 PyErr_SetFromWindowsErr 16164->16168 16165 7ffb23af8c0d 16166 7ffb23af8be9 PyErr_Format 16166->16168 16167 7ffb23af8bd7 PyErr_Format 16167->16168 16168->16148 16168->16152 16168->16159 16168->16160 16168->16163 16168->16164 16168->16165 16168->16166 16168->16167 16249 7ffb23afe064 PyThreadState_GetDict 16168->16249 16171 7ffb23af2e0f 16169->16171 16170 7ffb23af2e25 16170->16087 16171->16170 16172 7ffb23af7dc0 16171->16172 16173 7ffb23af2ea7 16171->16173 16174 7ffb23af7dd5 PyLong_AsUnsignedLong 16171->16174 16172->16174 16176 7ffb23af7e46 16173->16176 16177 7ffb23af2eb1 PyBytes_AsString 16173->16177 16174->16170 16175 7ffb23af7df1 PyErr_Occurred 16174->16175 16175->16170 16178 7ffb23af7e00 PyErr_Clear PyLong_AsLong 16175->16178 16179 7ffb23af7e9b _PyObject_LookupAttr 16176->16179 16180 7ffb23af7e4c PyUnicode_AsWideCharString 16176->16180 16181 7ffb23af2ecc 16177->16181 16178->16170 16182 7ffb23af7e1b PyErr_Occurred 16178->16182 16179->16170 16187 7ffb23af7eb8 16179->16187 16180->16170 16183 7ffb23af7e6b PyCapsule_New 16180->16183 16181->16087 16182->16170 16184 7ffb23af7e2a PyErr_SetString 16182->16184 16183->16170 16185 7ffb23af7e8f PyMem_Free 16183->16185 16184->16170 16185->16170 16186 7ffb23af7eec PyErr_Format 16186->16170 16187->16186 16188 7ffb23af7ee5 16187->16188 16189 7ffb23af7edf _Py_Dealloc 16187->16189 16188->16186 16189->16188 16191 7ffb23af76b4 PyLong_FromLong 16190->16191 16193 7ffb23af2766 16190->16193 16192 7ffb23af76c2 PyObject_CallFunction 16191->16192 16202 7ffb23af27d9 16192->16202 16193->16192 16194 7ffb23af2783 16193->16194 16193->16202 16195 7ffb23af76ea 16194->16195 16266 7ffb23af3e60 16194->16266 16269 7ffb23afb07c 16195->16269 16199 7ffb23af770b PyObject_CallOneArg 16200 7ffb23af7739 16199->16200 16201 7ffb23af771f _PyTraceback_Add 16199->16201 16200->16202 16204 7ffb23af7744 _Py_Dealloc 16200->16204 16201->16200 16202->16104 16203 7ffb23af27d0 16203->16199 16203->16202 16204->16202 16205 7ffb23af279e 16205->16203 16206 7ffb23af76db _Py_Dealloc 16205->16206 16206->16203 16208 7ffb23af5c29 16207->16208 16209 7ffb23af2da3 16208->16209 16210 7ffb23af5fd0 IsProcessorFeaturePresent 16208->16210 16209->16055 16211 7ffb23af5fe8 16210->16211 16284 7ffb23af60a4 RtlCaptureContext 16211->16284 16217 7ffb23afe05a 16216->16217 16218 7ffb23afdf95 PyErr_GetRaisedException PyType_GetName 16216->16218 16217->16090 16219 7ffb23afdfdf PyErr_Clear 16218->16219 16220 7ffb23afdfad PyUnicode_AppendAndDel PyUnicode_FromString PyUnicode_AppendAndDel 16218->16220 16222 7ffb23afdfe5 PyObject_Str 16219->16222 16221 7ffb23afdfdd 16220->16221 16226 7ffb23afe02c 16220->16226 16221->16222 16223 7ffb23afe006 PyUnicode_AppendAndDel 16222->16223 16224 7ffb23afdff3 PyErr_Clear PyUnicode_FromString 16222->16224 16223->16226 16227 7ffb23afe01c PyErr_SetObject 16223->16227 16224->16223 16225 7ffb23afe040 16225->16217 16229 7ffb23afe054 _Py_Dealloc 16225->16229 16226->16225 16228 7ffb23afe037 _Py_Dealloc 16226->16228 16227->16226 16228->16225 16229->16217 16236 7ffb23afdb17 16230->16236 16231 7ffb23afdb99 PyEval_RestoreThread ProgIDFromCLSID 16289 7ffb23afda30 FormatMessageW 16231->16289 16234 7ffb23afdc23 LocalFree 16238 7ffb23afdc35 SysFreeString 16234->16238 16239 7ffb23afdc3b 16234->16239 16235 7ffb23afdbff PyErr_SetObject 16235->16234 16237 7ffb23afdc14 16235->16237 16236->16231 16242 7ffb23afdb39 GetErrorInfo 16236->16242 16237->16234 16243 7ffb23afdc1a _Py_Dealloc 16237->16243 16238->16239 16240 7ffb23afdc4a 16239->16240 16241 7ffb23afdc44 SysFreeString 16239->16241 16244 7ffb23afdc59 16240->16244 16245 7ffb23afdc53 SysFreeString 16240->16245 16241->16240 16242->16231 16248 7ffb23afdb49 16242->16248 16243->16234 16246 7ffb23af5c20 8 API calls 16244->16246 16245->16244 16247 7ffb23afdc67 16246->16247 16247->16104 16248->16231 16250 7ffb23afe0b9 16249->16250 16257 7ffb23afe08a PyErr_SetString 16249->16257 16251 7ffb23afe0c5 PyUnicode_InternFromString 16250->16251 16252 7ffb23afe0de PyDict_GetItemWithError 16250->16252 16251->16252 16254 7ffb23afe0a1 16251->16254 16255 7ffb23afe133 PyErr_Occurred 16252->16255 16256 7ffb23afe0f2 PyCapsule_IsValid 16252->16256 16254->16168 16255->16254 16259 7ffb23afe142 PyMem_Calloc 16255->16259 16256->16257 16258 7ffb23afe10f 16256->16258 16257->16254 16260 7ffb23afe118 PyCapsule_GetPointer 16258->16260 16259->16254 16261 7ffb23afe15a PyCapsule_New 16259->16261 16260->16254 16262 7ffb23afe179 PyMem_Free 16261->16262 16263 7ffb23afe187 PyDict_SetItem 16261->16263 16262->16254 16263->16260 16264 7ffb23afe1a3 16263->16264 16264->16254 16265 7ffb23afe1b6 _Py_Dealloc 16264->16265 16265->16254 16267 7ffb23af3e98 PyType_IsSubtype 16266->16267 16268 7ffb23af2796 16267->16268 16268->16195 16268->16205 16270 7ffb23afb0a6 16269->16270 16271 7ffb23afb0ae PyErr_SetString 16270->16271 16272 7ffb23afb0e2 16270->16272 16273 7ffb23afb0c5 16271->16273 16272->16273 16279 7ffb23af3c84 16272->16279 16273->16203 16276 7ffb23afb13a 16276->16273 16278 7ffb23afb145 _Py_Dealloc 16276->16278 16277 7ffb23afb153 memcpy 16277->16273 16278->16273 16280 7ffb23af3cc2 PyMem_Malloc 16279->16280 16283 7ffb23af3c9e 16279->16283 16281 7ffb23af8a38 PyErr_NoMemory 16280->16281 16282 7ffb23af3cd5 memset 16280->16282 16282->16283 16283->16276 16283->16277 16285 7ffb23af60be RtlLookupFunctionEntry 16284->16285 16286 7ffb23af60d4 RtlVirtualUnwind 16285->16286 16287 7ffb23af5ffb 16285->16287 16286->16285 16286->16287 16288 7ffb23af5f9c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16287->16288 16290 7ffb23afda6a iswctype 16289->16290 16291 7ffb23afda97 Py_BuildValue 16289->16291 16290->16291 16291->16234 16291->16235 16294 7ffb23afc211 16293->16294 16300 7ffb23afc1fd 16293->16300 16295 7ffb23afc23d 16294->16295 16296 7ffb23afc220 PyDict_GetItemWithError 16294->16296 16298 7ffb23afc271 PyErr_Format 16295->16298 16299 7ffb23afc25f PyErr_Format 16295->16299 16295->16300 16297 7ffb23afc232 PyErr_Occurred 16296->16297 16296->16300 16297->16295 16297->16300 16298->16300 16299->16300 16300->16123 16302 7ffb23af2407 _PyObject_MakeTpCall 16301->16302 16303 7ffb23af23f6 16301->16303 16305 7ffb23af2422 16302->16305 16303->16302 16304 7ffb23af75f2 _Py_CheckFunctionResult 16303->16304 16304->16305 16305->16123 16307 23fb0865e0c 16308 23fb0865e5c wprintf 16307->16308 16309 23fb0865e1c 16307->16309 16311 23fb0865f59 wprintf 16308->16311 16309->16308 16312 23fb08662b6 16311->16312 16313 23fb0864e09 16314 23fb0864e59 CreateProcessW 16313->16314 16315 23fb0864e19 16313->16315 16316 23fb0864fd4 16314->16316 16315->16314 16317 23fb0863888 16318 23fb08638ea StrCmpW 16317->16318 16319 23fb08638aa 16317->16319 16320 23fb0863989 16318->16320 16319->16318

                                            Executed Functions

                                            Function 0000023FAEC1B923 Relevance: 3.4, APIs: 2, Instructions: 406memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 375 23faec1b923-23faec1b979 call 23faec1cba3 * 3 382 23faec1b9b0 375->382 383 23faec1b97b-23faec1b97e 375->383 385 23faec1b9b3-23faec1b9cd 382->385 383->382 384 23faec1b980-23faec1b983 383->384 384->382 386 23faec1b985-23faec1b9a0 VirtualAlloc 384->386 387 23faec1b9a2-23faec1b9a9 386->387 388 23faec1b9ce-23faec1b9f9 call 23faec1d0f7 call 23faec1d117 386->388 387->382 390 23faec1b9ab-23faec1b9ad 387->390 394 23faec1ba36-23faec1ba4d call 23faec1cba3 388->394 395 23faec1b9fb-23faec1ba30 call 23faec1cd5f call 23faec1cc17 388->395 390->382 394->382 401 23faec1ba53-23faec1ba54 394->401 395->394 404 23faec1bccd-23faec1bcd9 395->404 403 23faec1ba5a-23faec1ba60 401->403 405 23faec1baa2-23faec1baac 403->405 406 23faec1ba62 403->406 407 23faec1bd0f-23faec1bd33 call 23faec1d117 404->407 408 23faec1bcdb-23faec1bce5 404->408 409 23faec1bada-23faec1bae3 405->409 410 23faec1baae-23faec1bac9 call 23faec1cba3 405->410 411 23faec1ba64-23faec1ba66 406->411 439 23faec1bd35-23faec1bd37 407->439 440 23faec1bd3a-23faec1bd3c 407->440 408->407 414 23faec1bce7-23faec1bd08 call 23faec1d117 408->414 417 23faec1bae5-23faec1baef call 23faec1acfb 409->417 418 23faec1bafe-23faec1bb01 409->418 410->404 429 23faec1bacf-23faec1bad8 410->429 412 23faec1ba83-23faec1ba85 411->412 413 23faec1ba68-23faec1ba6e 411->413 412->405 420 23faec1ba87-23faec1baa0 LoadLibraryA 412->420 413->412 419 23faec1ba70-23faec1ba81 413->419 414->407 417->404 434 23faec1baf5-23faec1bafc 417->434 418->404 425 23faec1bb07-23faec1bb11 418->425 419->411 419->412 420->403 426 23faec1bb13-23faec1bb14 425->426 427 23faec1bb1b-23faec1bb22 425->427 426->427 431 23faec1bb56-23faec1bb5a 427->431 432 23faec1bb24-23faec1bb25 427->432 429->409 429->410 437 23faec1bb60-23faec1bb82 431->437 438 23faec1bc68-23faec1bc70 431->438 435 23faec1bb27 call 23faec1aacb 432->435 434->427 443 23faec1bb2c-23faec1bb2e 435->443 437->404 453 23faec1bb88-23faec1bb9f call 23faec1d0f7 437->453 441 23faec1bcc2-23faec1bcc8 call 23faec1c17b 438->441 442 23faec1bc72-23faec1bc78 438->442 439->440 440->385 441->404 444 23faec1bc8f-23faec1bca1 call 23faec1b6db 442->444 445 23faec1bc7a-23faec1bc80 442->445 446 23faec1bb30-23faec1bb37 443->446 447 23faec1bb3d-23faec1bb40 call 23faec1abe3 443->447 460 23faec1bcb3-23faec1bcc0 call 23faec1b17b 444->460 461 23faec1bca3-23faec1bcae call 23faec1bd43 444->461 445->404 450 23faec1bc82-23faec1bc8d call 23faec1c603 445->450 446->404 446->447 456 23faec1bb45-23faec1bb47 447->456 450->404 463 23faec1bba1-23faec1bba4 453->463 464 23faec1bbc2-23faec1bbe9 453->464 456->431 462 23faec1bb49-23faec1bb50 456->462 460->404 461->460 462->404 462->431 463->438 467 23faec1bbaa-23faec1bbbd call 23faec1ce7b 463->467 464->404 472 23faec1bbef-23faec1bc63 464->472 473 23faec1bc65-23faec1bc66 467->473 472->404 472->473 473->438
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000023FAEBCC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23faebcc000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocLibraryLoadVirtual
                                            • String ID:
                                            • API String ID: 3550616410-0
                                            • Opcode ID: fe28ec89fccc7c30a97a41b99cb39f37780980cf65fc522e14c47b80859a8ba4
                                            • Instruction ID: fd1e5072f43a80dde2ce81d7dff90b04722943996324d251b07b913b8df4a2ae
                                            • Opcode Fuzzy Hash: fe28ec89fccc7c30a97a41b99cb39f37780980cf65fc522e14c47b80859a8ba4
                                            • Instruction Fuzzy Hash: F6D17C30614A048BEBE8EA28D5997AA73D1FF69701F14053DD4CFC7287EE34E946CA41
                                            Function 0000023FAEC1C17B Relevance: 1.8, APIs: 1, Instructions: 500memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 513 23faec1c17b-23faec1c1db 515 23faec1c1e1-23faec1c201 VirtualAlloc 513->515 516 23faec1c5ec-23faec1c5ff 513->516 515->516 517 23faec1c207-23faec1c225 call 23faec1d0f7 515->517 520 23faec1c254-23faec1c25c 517->520 521 23faec1c227-23faec1c252 call 23faec1d0f7 517->521 523 23faec1c2d4-23faec1c2dc 520->523 524 23faec1c25e-23faec1c26c 520->524 521->520 525 23faec1c2e2-23faec1c2eb 523->525 526 23faec1c37a-23faec1c382 523->526 524->523 528 23faec1c26e 524->528 525->526 529 23faec1c2f1-23faec1c30a 525->529 530 23faec1c3f6-23faec1c3fe 526->530 531 23faec1c384-23faec1c390 526->531 532 23faec1c273-23faec1c277 528->532 545 23faec1c358-23faec1c35e 529->545 533 23faec1c400-23faec1c408 530->533 534 23faec1c424-23faec1c42e 530->534 531->530 535 23faec1c392-23faec1c3a0 531->535 536 23faec1c2c0-23faec1c2ca 532->536 533->534 542 23faec1c40a 533->542 537 23faec1c434-23faec1c457 534->537 538 23faec1c54a-23faec1c554 534->538 557 23faec1c3a2-23faec1c3b0 535->557 558 23faec1c3e0-23faec1c3ec 535->558 539 23faec1c279-23faec1c291 536->539 540 23faec1c2cc-23faec1c2d2 536->540 552 23faec1c5de-23faec1c5e7 537->552 561 23faec1c45d-23faec1c465 537->561 548 23faec1c580-23faec1c5a0 call 23faec1d117 * 2 538->548 549 23faec1c556-23faec1c57b call 23faec1c8ff 538->549 543 23faec1c2b2-23faec1c2b6 539->543 544 23faec1c293-23faec1c2b0 539->544 540->523 540->532 546 23faec1c41c-23faec1c422 542->546 551 23faec1c2bc-23faec1c2bd 543->551 543->552 544->551 555 23faec1c360-23faec1c369 545->555 556 23faec1c30c 545->556 546->534 550 23faec1c40c-23faec1c419 546->550 584 23faec1c5a2-23faec1c5bf 548->584 585 23faec1c5cf-23faec1c5d9 548->585 549->548 550->546 551->536 552->516 555->529 564 23faec1c36b-23faec1c374 555->564 565 23faec1c319-23faec1c322 556->565 566 23faec1c30e-23faec1c317 556->566 559 23faec1c3d8-23faec1c3de 557->559 558->535 563 23faec1c3ee-23faec1c3ef 558->563 559->558 570 23faec1c3b2-23faec1c3b9 559->570 561->552 568 23faec1c46b-23faec1c473 561->568 563->530 564->526 572 23faec1c324-23faec1c333 call 23faec1b5fb 565->572 573 23faec1c33e-23faec1c344 565->573 586 23faec1c34c-23faec1c355 566->586 568->552 577 23faec1c479-23faec1c48c 568->577 575 23faec1c3c0-23faec1c3c5 570->575 576 23faec1c3bb-23faec1c3be 570->576 572->573 587 23faec1c335-23faec1c33c 572->587 582 23faec1c349-23faec1c34a 573->582 581 23faec1c3c7-23faec1c3d5 575->581 576->581 583 23faec1c48e-23faec1c49e call 23faec1d133 577->583 581->559 582->586 592 23faec1c4a0-23faec1c4a2 583->592 593 23faec1c4ae-23faec1c4ba 583->593 584->552 594 23faec1c5c1-23faec1c5cd 584->594 585->552 586->545 587->582 595 23faec1c4a4-23faec1c4ac 592->595 596 23faec1c4bc-23faec1c4bd 592->596 597 23faec1c4c4-23faec1c4e5 call 23faec1d117 * 2 593->597 594->552 595->583 596->597 597->552 603 23faec1c4eb-23faec1c4fd 597->603 604 23faec1c542-23faec1c545 603->604 605 23faec1c4ff-23faec1c507 603->605 604->552 606 23faec1c52f-23faec1c53d 605->606 607 23faec1c509-23faec1c529 605->607 606->552 607->606
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000023FAEBCC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23faebcc000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: f79c8a23afe56d11b94332f0aa4a683b06ab6a29ecf11af3662490c09a5fc48f
                                            • Instruction ID: 42eff6b29f2c42389eebd3412b4017905eae3277520f295cd8d9afe524c6f206
                                            • Opcode Fuzzy Hash: f79c8a23afe56d11b94332f0aa4a683b06ab6a29ecf11af3662490c09a5fc48f
                                            • Instruction Fuzzy Hash: A5F19630618B098BDBACDF289949BB5B3D1FF64711F54453DE88EC3291EB38E942C681
                                            Function 00007FFB23AF3CF0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 183threadCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 7ffb23af3cf0-7ffb23af3d39 1 7ffb23af8a46-7ffb23af8a4d 0->1 2 7ffb23af3d3f-7ffb23af3d5c ffi_prep_cif 0->2 5 7ffb23af8a56-7ffb23af8a5d 1->5 3 7ffb23af3d62-7ffb23af3d65 2->3 4 7ffb23af8a4f 2->4 6 7ffb23af3d6b-7ffb23af3d74 3->6 7 7ffb23af8a8b-7ffb23af8aa0 call 7ffb23afe064 3->7 4->5 8 7ffb23af8a6d-7ffb23af8a76 PyErr_SetString 5->8 9 7ffb23af3d7a-7ffb23af3d8e 6->9 10 7ffb23af3e41-7ffb23af3e4a PyEval_SaveThread 6->10 11 7ffb23af8a81 7->11 18 7ffb23af8aa2 7->18 8->11 13 7ffb23af8aa7-7ffb23af8ac5 _errno * 2 9->13 14 7ffb23af3d94-7ffb23af3d9e 9->14 10->9 11->7 17 7ffb23af8ad2-7ffb23af8af0 GetLastError SetLastError 13->17 16 7ffb23af3da4-7ffb23af3dc5 ffi_call 14->16 14->17 19 7ffb23af3de9-7ffb23af3df0 16->19 21 7ffb23af8afd-7ffb23af8b11 GetLastError SetLastError 17->21 18->13 20 7ffb23af3df6-7ffb23af3df9 19->20 19->21 22 7ffb23af8b17-7ffb23af8b29 _errno * 2 20->22 23 7ffb23af3dff-7ffb23af3e01 20->23 21->22 26 7ffb23af8b30-7ffb23af8b35 22->26 24 7ffb23af3e03-7ffb23af3e06 23->24 25 7ffb23af3e4f-7ffb23af3e58 PyEval_RestoreThread 23->25 24->26 27 7ffb23af3e0c-7ffb23af3e0f 24->27 25->24 26->27 30 7ffb23af8b3b-7ffb23af8b40 26->30 28 7ffb23af3e15-7ffb23af3e17 27->28 29 7ffb23af8b55-7ffb23af8b6e PySys_Audit 27->29 31 7ffb23af3e19-7ffb23af3e22 PyErr_Occurred 28->31 32 7ffb23af3e5a-7ffb23af3e5c 28->32 29->11 34 7ffb23af8b74-7ffb23af8b7b 29->34 30->27 33 7ffb23af8b46-7ffb23af8b50 _Py_Dealloc 30->33 35 7ffb23af3e24-7ffb23af3e40 31->35 32->35 33->27 36 7ffb23af8b7d 34->36 37 7ffb23af8bfb-7ffb23af8c07 34->37 40 7ffb23af8bba-7ffb23af8bd5 36->40 41 7ffb23af8b7f-7ffb23af8b86 36->41 38 7ffb23af8a78-7ffb23af8a7b PyErr_SetFromWindowsErr 37->38 39 7ffb23af8c0d-7ffb23af8c23 37->39 38->11 42 7ffb23af8be9-7ffb23af8bf6 PyErr_Format 40->42 43 7ffb23af8bd7-7ffb23af8be4 PyErr_Format 40->43 44 7ffb23af8b88-7ffb23af8b8f 41->44 45 7ffb23af8bae 41->45 42->11 43->11 46 7ffb23af8b95-7ffb23af8b9c 44->46 47 7ffb23af8a5f 44->47 45->40 46->38 48 7ffb23af8ba2-7ffb23af8ba9 46->48 49 7ffb23af8a66 47->49 48->49 49->8
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$_errno$Eval_FromOccurredSaveStringThreadWindowsffi_callffi_prep_cif
                                            • String ID: No ffi_type for result$ctypes.set_exception$exception: access violation reading %p$exception: access violation writing %p$exception: breakpoint encountered$exception: datatype misalignment$exception: single step$ffi_prep_cif failed
                                            • API String ID: 1937973484-3190153140
                                            • Opcode ID: e492bd20202601e49d286db61853720ea809dc8ed6064f66128d26af4f20ebf1
                                            • Instruction ID: 1bd064ceba69f81547a4f5dd4539a6b5c4c986ab2ae205b3b24785e9047d0918
                                            • Opcode Fuzzy Hash: e492bd20202601e49d286db61853720ea809dc8ed6064f66128d26af4f20ebf1
                                            • Instruction Fuzzy Hash: E1916EB9A0CAC286E7669F21DC8827D37A5FF45B84F1841B5D94E232A4DF3EE845C700
                                            Function 00007FFB23AF2800 Relevance: 28.2, APIs: 10, Strings: 6, Instructions: 201COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 50 7ffb23af2800-7ffb23af2837 call 7ffb23af29a4 53 7ffb23af2971 50->53 54 7ffb23af283d-7ffb23af2844 50->54 56 7ffb23af297d 53->56 55 7ffb23af284a-7ffb23af2854 54->55 54->56 57 7ffb23af2856 55->57 58 7ffb23af285d-7ffb23af2864 55->58 59 7ffb23af2989 56->59 57->58 58->59 60 7ffb23af286a-7ffb23af2884 58->60 66 7ffb23af2995-7ffb23af2998 59->66 61 7ffb23af288a-7ffb23af28c7 call 7ffb23af2a24 60->61 62 7ffb23af7756-7ffb23af776c PyTuple_GetItem 60->62 73 7ffb23af77d4-7ffb23af77d6 61->73 75 7ffb23af28cd-7ffb23af28d0 61->75 63 7ffb23af776e-7ffb23af7775 62->63 64 7ffb23af77db-7ffb23af77ec call 7ffb23af3e98 62->64 67 7ffb23af777e-7ffb23af778e PyErr_SetString 63->67 80 7ffb23af77ee-7ffb23af7805 PyErr_SetString 64->80 81 7ffb23af780c-7ffb23af781b 64->81 70 7ffb23af28f6-7ffb23af2923 call 7ffb23af2ac0 66->70 71 7ffb23af299e-7ffb23af7878 66->71 67->73 77 7ffb23af2928-7ffb23af292e 70->77 78 7ffb23af787a-7ffb23af787e 71->78 79 7ffb23af7890-7ffb23af7897 71->79 75->70 82 7ffb23af28d2-7ffb23af28e7 75->82 83 7ffb23af2939-7ffb23af2954 call 7ffb23af29c8 77->83 84 7ffb23af2930-7ffb23af2933 77->84 78->79 85 7ffb23af7880-7ffb23af7889 _Py_Dealloc 78->85 86 7ffb23af77a7-7ffb23af77ce PyErr_Format 79->86 80->81 87 7ffb23af784f-7ffb23af7856 81->87 88 7ffb23af781d-7ffb23af7828 81->88 82->66 89 7ffb23af28ed-7ffb23af28f0 82->89 96 7ffb23af2959-7ffb23af2970 83->96 84->83 91 7ffb23af789c-7ffb23af78bd PyObject_CallFunctionObjArgs 84->91 85->79 86->73 87->67 88->87 93 7ffb23af782a-7ffb23af7830 88->93 89->70 90 7ffb23af785b-7ffb23af785f 89->90 94 7ffb23af7865-7ffb23af7869 90->94 95 7ffb23af77a0 90->95 97 7ffb23af78e6-7ffb23af78e9 91->97 98 7ffb23af78bf-7ffb23af78c2 91->98 99 7ffb23af7777 93->99 100 7ffb23af7836-7ffb23af7845 93->100 94->95 101 7ffb23af786f _Py_Dealloc 94->101 95->86 103 7ffb23af78fa-7ffb23af78fe 97->103 104 7ffb23af78eb-7ffb23af78ef 97->104 98->97 102 7ffb23af78c4-7ffb23af78c7 98->102 99->67 100->87 101->95 102->83 109 7ffb23af78cd-7ffb23af78d1 102->109 106 7ffb23af790f-7ffb23af7912 103->106 107 7ffb23af7900-7ffb23af7904 103->107 104->103 105 7ffb23af78f1-7ffb23af78f4 _Py_Dealloc 104->105 105->103 106->96 107->106 110 7ffb23af7906-7ffb23af7909 _Py_Dealloc 107->110 109->83 111 7ffb23af78d7-7ffb23af78e1 _Py_Dealloc 109->111 110->106 111->83
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: COM method call without VTable$Expected a COM this pointer as first argument$NULL COM pointer access$native com method call without 'this' parameter$this function takes %d argument%s (%d given)$this function takes at least %d argument%s (%d given)
                                            • API String ID: 0-1981512665
                                            • Opcode ID: ea162d0ad3c20afa1cd615546f52771c3d36c90b22310fd78db98dd8fbaba4d0
                                            • Instruction ID: b71709509a55a5bce6717ee919dbfbce8aa6b7aafaea578b9b2f62bef3c8dd63
                                            • Opcode Fuzzy Hash: ea162d0ad3c20afa1cd615546f52771c3d36c90b22310fd78db98dd8fbaba4d0
                                            • Instruction Fuzzy Hash: 0F9149AAA18B8281EA668F31E88437D67A0FB46BD4F4840B1DE8D67754DF3FE445C740
                                            Function 00007FFB23AF2AC0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 253COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 112 7ffb23af2ac0-7ffb23af2b1c 113 7ffb23af2b22-7ffb23af2b29 112->113 114 7ffb23af7cde 112->114 115 7ffb23af7ce6-7ffb23af7d03 PyErr_Format 113->115 116 7ffb23af2b2f-7ffb23af2b48 113->116 114->115 119 7ffb23af7d0a 115->119 117 7ffb23af2b4a 116->117 118 7ffb23af2b4d-7ffb23af2b76 call 7ffb23af69d0 memset 116->118 117->118 118->119 122 7ffb23af2b7c-7ffb23af2b87 118->122 123 7ffb23af7d12-7ffb23af7d24 119->123 122->123 124 7ffb23af2b8d-7ffb23af2b96 122->124 127 7ffb23af7d2d-7ffb23af7d36 _Py_Dealloc 123->127 125 7ffb23af2c1c-7ffb23af2c2a 124->125 126 7ffb23af2b9c-7ffb23af2ba6 124->126 130 7ffb23af7d59 125->130 131 7ffb23af2c30-7ffb23af2c42 call 7ffb23af2ee4 125->131 128 7ffb23af2ba9-7ffb23af2bac 126->128 129 7ffb23af2bf9-7ffb23af2bfc 127->129 132 7ffb23af2dc6-7ffb23af2dd5 call 7ffb23af2de0 128->132 133 7ffb23af2bb2-7ffb23af2bb5 128->133 134 7ffb23af2c02-7ffb23af2c14 129->134 135 7ffb23af7d3b-7ffb23af7d3f 129->135 142 7ffb23af7d65 130->142 143 7ffb23af2c49-7ffb23af2c5a 131->143 144 7ffb23af2c44 131->144 157 7ffb23af2dda-7ffb23af2ddc 132->157 133->132 138 7ffb23af2bbb-7ffb23af2bcf PyObject_CallOneArg 133->138 134->125 141 7ffb23af2c16-7ffb23af2c1a 134->141 139 7ffb23af7d44-7ffb23af7d57 call 7ffb23afdf5c 135->139 145 7ffb23af2bd5-7ffb23af2bed call 7ffb23af2de0 138->145 146 7ffb23af7d41 138->146 156 7ffb23af7db7-7ffb23af7dbb 139->156 141->128 153 7ffb23af7d6d-7ffb23af7d74 142->153 149 7ffb23af2c5f-7ffb23af2c7f call 7ffb23af69d0 143->149 150 7ffb23af2c5c 143->150 144->143 145->129 163 7ffb23af2bef-7ffb23af2bf3 145->163 146->139 169 7ffb23af2c84-7ffb23af2c9c call 7ffb23af69d0 149->169 170 7ffb23af2c81 149->170 150->149 158 7ffb23af2d49-7ffb23af2d4c 153->158 159 7ffb23af7d7a-7ffb23af7d7f 153->159 166 7ffb23af2d67-7ffb23af2d6a 157->166 164 7ffb23af2d52-7ffb23af2d64 call 7ffb23af2740 158->164 165 7ffb23af7d8e-7ffb23af7d93 158->165 160 7ffb23af7da3-7ffb23af7dac PyLong_FromLong 159->160 161 7ffb23af7d81-7ffb23af7d89 call 7ffb23afdab4 159->161 160->166 161->166 163->127 163->129 164->166 165->160 168 7ffb23af7d95-7ffb23af7d9e PyErr_SetFromWindowsErr 165->168 172 7ffb23af2d94-7ffb23af2dc5 call 7ffb23af5c20 166->172 173 7ffb23af2d6c 166->173 168->166 184 7ffb23af2ca1-7ffb23af2cb5 call 7ffb23af69d0 169->184 185 7ffb23af2c9e 169->185 170->169 178 7ffb23af2d71-7ffb23af2d77 173->178 179 7ffb23af2d79-7ffb23af2d7c 178->179 180 7ffb23af2d8a-7ffb23af2d92 178->180 179->180 183 7ffb23af2d7e-7ffb23af2d82 179->183 180->172 180->178 183->180 186 7ffb23af2d84 _Py_Dealloc 183->186 189 7ffb23af7db1 PyErr_NoMemory 184->189 190 7ffb23af2cbb-7ffb23af2cbe 184->190 185->184 186->180 189->156 190->189 191 7ffb23af2cc4-7ffb23af2cc7 190->191 191->189 192 7ffb23af2ccd-7ffb23af2cd4 191->192 193 7ffb23af2cd6-7ffb23af2ce4 192->193 194 7ffb23af2d0e-7ffb23af2d2e call 7ffb23af3cf0 192->194 195 7ffb23af2ce7-7ffb23af2cf4 193->195 198 7ffb23af2d33-7ffb23af2d36 194->198 195->142 197 7ffb23af2cfa-7ffb23af2d0c 195->197 197->194 197->195 198->157 199 7ffb23af2d3c-7ffb23af2d43 198->199 199->153 199->158
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CallDeallocErr_FormatObject_memset
                                            • String ID: argument %zd: $too many arguments (%zi), maximum is %i
                                            • API String ID: 1791410686-4072972272
                                            • Opcode ID: 5fbf10960c53948bdcdcc7a11dccd6978f07eae793f0cce98b3689225640bb5a
                                            • Instruction ID: 5a092d43653943ec6f7cb258c16be12f5aead94d96afc420d11604908c9769c2
                                            • Opcode Fuzzy Hash: 5fbf10960c53948bdcdcc7a11dccd6978f07eae793f0cce98b3689225640bb5a
                                            • Instruction Fuzzy Hash: C7B1A0A6A18AC285EA268F35DC442BC2260FF06BE8F584271DE5D677D5DF3FE5428340
                                            Function 00007FF7C1101124 Relevance: 13.6, APIs: 9, Instructions: 94COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559580449.00007FF7C1101000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7C1100000, based on PE: true
                                            • Associated: 0000000E.00000002.2559542937.00007FF7C1100000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559620208.00007FF7C1102000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559657142.00007FF7C1104000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ff7c1100000_python.jbxd
                                            Similarity
                                            • API ID: Main__p___argc__p___wargv__scrt_acquire_startup_lock__scrt_release_startup_lock_cexit_exit_get_initial_wide_environment_register_thread_local_exe_atexit_callback
                                            • String ID:
                                            • API String ID: 1155962336-0
                                            • Opcode ID: 6c0c81a52de7622059688b660cd4719b071618d0ddf0fd81b6db47d97a0bad79
                                            • Instruction ID: 12ac9f144a1920ba2150d2bd2dd0aec8b8f13ef99e144c60faa165a2c637bc8a
                                            • Opcode Fuzzy Hash: 6c0c81a52de7622059688b660cd4719b071618d0ddf0fd81b6db47d97a0bad79
                                            • Instruction Fuzzy Hash: 60313821E0C64283EB14BF60B5513B99391AF87FB4FE44434EA4F472E7DEADE4448261
                                            Function 0000023FB0865350 Relevance: 7.8, APIs: 2, Strings: 2, Instructions: 761COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 249 23fb0865350-23fb0865444 call 23fb0863320 call 23fb0863a90 254 23fb0865446-23fb08654f0 249->254 255 23fb08654f6-23fb0865515 254->255 256 23fb08656bd-23fb08656ee 254->256 257 23fb086551c-23fb0865532 255->257 256->254 258 23fb08656b8 257->258 259 23fb0865538-23fb08655b4 257->259 258->256 260 23fb08655bb-23fb08655e3 259->260 261 23fb0865680-23fb08656ad 260->261 262 23fb08655e9-23fb086561e 260->262 263 23fb08656f3-23fb08657f3 wprintf 261->263 264 23fb08656b3 261->264 265 23fb0865624-23fb086562f 262->265 266 23fb086564c-23fb0865654 262->266 269 23fb08657f5-23fb086589f 263->269 264->257 265->266 267 23fb0865635-23fb0865647 265->267 268 23fb086565b-23fb086567b 266->268 267->268 268->260 270 23fb08658a5-23fb08658c4 269->270 271 23fb0865a6c-23fb0865a9d 269->271 272 23fb08658cb-23fb08658e1 270->272 271->269 273 23fb0865a67 272->273 274 23fb08658e7-23fb0865963 272->274 273->271 275 23fb086596a-23fb0865992 274->275 276 23fb0865a2f-23fb0865a5c 275->276 277 23fb0865998-23fb08659cd 275->277 278 23fb0865aa2-23fb0865bad wprintf 276->278 279 23fb0865a62 276->279 280 23fb08659d3-23fb08659de 277->280 281 23fb08659fb-23fb0865a03 277->281 283 23fb0865baf-23fb0865c59 278->283 279->272 280->281 284 23fb08659e4-23fb08659f6 280->284 282 23fb0865a0a-23fb0865a2a 281->282 282->275 285 23fb0865e26-23fb0865e57 283->285 286 23fb0865c5f-23fb0865c9b 283->286 284->282 285->283 287 23fb0865e21 286->287 288 23fb0865ca1-23fb0865d1d 286->288 287->285 290 23fb0865d24-23fb0865d4c 288->290 291 23fb0865d52-23fb0865d87 290->291 292 23fb0865de9-23fb0865e01 290->292 293 23fb0865db5-23fb0865dbd 291->293 294 23fb0865d8d-23fb0865d98 291->294 292->287 295 23fb0865dc4-23fb0865de4 293->295 294->293 296 23fb0865d9e-23fb0865db0 294->296 295->290 296->295
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559233441.0000023FB0861000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023FB0861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23fb0861000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID: ^UH$^UH
                                            • API String ID: 3614878089-4288322697
                                            • Opcode ID: cd0467bb25058187754955881b57e189ea0ee1d03ff72920c450540b919a839a
                                            • Instruction ID: 2695593c81b8c4abb5c16edc3985e12d333089f86d380e638c2207ea64acb823
                                            • Opcode Fuzzy Hash: cd0467bb25058187754955881b57e189ea0ee1d03ff72920c450540b919a839a
                                            • Instruction Fuzzy Hash: D762EC7060CB898FD7B5DF18C498BAAB7E5FBA8301F14496ED48DC7261DB349A41CB42
                                            Function 0000023FAEC1ABE3 Relevance: 7.6, APIs: 5, Instructions: 125memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000023FAEBCC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23faebcc000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ProtectVirtual$LibraryLoad
                                            • String ID:
                                            • API String ID: 895956442-0
                                            • Opcode ID: 1e619bdf4bf7d8a1f72fe11a15149652bafd81afc1c25810297ea3c6b5571fd2
                                            • Instruction ID: b216f480617ce7a992e2a52af7e17cb6fcd96663ca3232c0dc960a26de599230
                                            • Opcode Fuzzy Hash: 1e619bdf4bf7d8a1f72fe11a15149652bafd81afc1c25810297ea3c6b5571fd2
                                            • Instruction Fuzzy Hash: 7031B43170CA094FEB88AA18F86936A77D5FBD4B10F140169EC8FC3285ED69DE4287C1
                                            Function 0000023FAEC1AAD8 Relevance: 7.6, APIs: 5, Instructions: 115memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000023FAEBCC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23faebcc000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ProtectVirtual$LibraryLoad
                                            • String ID:
                                            • API String ID: 895956442-0
                                            • Opcode ID: cb0b48a04ba6d100bcb83f194f8859affeb3638fd54d705697e528f09cea4154
                                            • Instruction ID: 14f2e9c3123ffd57c3fc48b11a304b06f51e86a1ca82aa0cac7724d765076ff5
                                            • Opcode Fuzzy Hash: cb0b48a04ba6d100bcb83f194f8859affeb3638fd54d705697e528f09cea4154
                                            • Instruction Fuzzy Hash: 1631C931708A044FDB98AA6CA95935973D2FBD8B20F040269DC4FC32C9FD68DD4287C2
                                            Function 0000023FB0863888 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 331 23fb0863888-23fb08638a4 332 23fb08638ea-23fb0863983 StrCmpW 331->332 333 23fb08638aa 331->333 334 23fb086398e-23fb0863a49 call 23fb0863320 call 23fb0863c40 332->334 335 23fb0863989 332->335 333->332 343 23fb0863a54 334->343 344 23fb0863a4f 334->344 336 23fb0863a59 335->336 340 23fb0863a5e-23fb0863a88 call 23fb088cd90 336->340 343->336 344->340
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559233441.0000023FB0861000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023FB0861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23fb0861000_python.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 7f5b429a7d83c9a93937d9167fb75ff8c49188c4724035ef35a6a62853badde2
                                            • Instruction ID: 08aa185e8b5eff86de809c6fc07ddd5cb0a922d9897ce44a9c88c929ef1b000f
                                            • Opcode Fuzzy Hash: 7f5b429a7d83c9a93937d9167fb75ff8c49188c4724035ef35a6a62853badde2
                                            • Instruction Fuzzy Hash: 8A412C70508B898FD7B5EF08C598BEAB7E1FBA8304F11496D908DC7690CB79D984CB42
                                            Function 0000023FB0865E0C Relevance: 3.5, APIs: 2, Instructions: 457COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559233441.0000023FB0861000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023FB0861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23fb0861000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID:
                                            • API String ID: 3614878089-0
                                            • Opcode ID: 2b2b92e1177cbbd6d7921cb2798bcffe5b8430698eb64afc839c572e73592dbb
                                            • Instruction ID: 331515e4bda0fa1578ad4e50a98f1e47d6cda1c2d3c27877267cbf0d60918952
                                            • Opcode Fuzzy Hash: 2b2b92e1177cbbd6d7921cb2798bcffe5b8430698eb64afc839c572e73592dbb
                                            • Instruction Fuzzy Hash: E9021CB060CA898FD7B4EF18C494BAAB7E1FBA9301F10496E958DC7351DB34D981CB46
                                            Function 0000023FB08648F0 Relevance: 1.8, APIs: 1, Instructions: 344COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 477 23fb08648f0-23fb086490c 478 23fb0864952-23fb0864a3f wprintf 477->478 479 23fb0864912 477->479 480 23fb0864a4d-23fb0864a5f 478->480 479->478 481 23fb0864a75 480->481 482 23fb0864a65-23fb0864a70 480->482 483 23fb0864a80-23fb0864bb9 481->483 482->483 484 23fb0864bbb-23fb0864c65 483->484 485 23fb0864e23-23fb0864e54 484->485 486 23fb0864c6b-23fb0864ca7 484->486 485->484 487 23fb0864cad-23fb0864d29 486->487 488 23fb0864e1e 486->488 490 23fb0864d30-23fb0864d58 487->490 488->485 491 23fb0864de6-23fb0864dfe 490->491 492 23fb0864d5e-23fb0864d90 490->492 491->488 493 23fb0864d96-23fb0864da1 492->493 494 23fb0864dbb-23fb0864dc3 492->494 493->494 495 23fb0864da7-23fb0864db6 493->495 496 23fb0864dc7-23fb0864de1 494->496 495->496 496->490
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559233441.0000023FB0861000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023FB0861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23fb0861000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID:
                                            • API String ID: 3614878089-0
                                            • Opcode ID: 9b62ba27d57b37bb9246174b15b6a9ac0dc30f0c88906bbf78c74f26e4fbc882
                                            • Instruction ID: 33e6cec344770c876ed1bf7d9b7b22476699f7e5ea7ab307feab51e7f257f9dd
                                            • Opcode Fuzzy Hash: 9b62ba27d57b37bb9246174b15b6a9ac0dc30f0c88906bbf78c74f26e4fbc882
                                            • Instruction Fuzzy Hash: 34E1F87050DB888FD7B5EF18C498BAAB7E5FBA9305F14096ED48DC7261DB349680CB42
                                            Function 0000023FB0864E09 Relevance: 1.8, APIs: 1, Instructions: 306processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 497 23fb0864e09-23fb0864e13 498 23fb0864e59-23fb0864fd2 CreateProcessW 497->498 499 23fb0864e19 497->499 500 23fb0864fd4-23fb086507e 498->500 499->498 501 23fb0865084-23fb08650c0 500->501 502 23fb086523c-23fb086526d 500->502 503 23fb08650c6-23fb0865142 501->503 504 23fb0865237 501->504 502->500 506 23fb0865149-23fb0865171 503->506 504->502 507 23fb08651ff-23fb0865217 506->507 508 23fb0865177-23fb08651a9 506->508 507->504 509 23fb08651d4-23fb08651dc 508->509 510 23fb08651af-23fb08651ba 508->510 512 23fb08651e0-23fb08651fa 509->512 510->509 511 23fb08651c0-23fb08651cf 510->511 511->512 512->506
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559233441.0000023FB0861000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023FB0861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23fb0861000_python.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 5cae9e121b49277173e6a3d6ca3402613bcde6e39c0516c9c4cfefa2e157f941
                                            • Instruction ID: 7630495cec90b195fd519aaad346788d0e88a5afcee7a90b251274c61ce96d57
                                            • Opcode Fuzzy Hash: 5cae9e121b49277173e6a3d6ca3402613bcde6e39c0516c9c4cfefa2e157f941
                                            • Instruction Fuzzy Hash: B5C10AB050CB888FDBB4DF18C494BAAB7E1FBA9304F14495ED18DC7261DB34A981CB46
                                            Function 0000023FB0865222 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 611 23fb0865222-23fb086522c 612 23fb0865272-23fb0865320 wprintf call 23fb0863430 611->612 613 23fb0865232 611->613 615 23fb0865325-23fb0865346 call 23fb088cd90 612->615 613->612
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559233441.0000023FB0861000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023FB0861000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23fb0861000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID:
                                            • API String ID: 3614878089-0
                                            • Opcode ID: ae017e59c25e42a9652eda579c30f58d9e0cbfec3ba82ae9614462158969d6a2
                                            • Instruction ID: 05ff97c3dd37e358f9ebeac016a4d5b79bd326e9711c201fab64879ada4c7f02
                                            • Opcode Fuzzy Hash: ae017e59c25e42a9652eda579c30f58d9e0cbfec3ba82ae9614462158969d6a2
                                            • Instruction Fuzzy Hash: D321EE70608A498FDBF4EB08D494BAAB3E2FBD8305F14455D918DC7254CB35E981CB46
                                            Function 0000023FAEC1AACB Relevance: 1.5, APIs: 1, Instructions: 35memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2558943518.0000023FAEBCC000.00000040.00000020.00020000.00000000.sdmp, Offset: 0000023FAEBCC000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_23faebcc000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ProtectVirtual$LibraryLoad
                                            • String ID:
                                            • API String ID: 895956442-0
                                            • Opcode ID: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                            • Instruction ID: a4b2eb8ce18c4b52b47526c753371c20afb44d16b772e151420e7fce1e04081e
                                            • Opcode Fuzzy Hash: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                            • Instruction Fuzzy Hash: 8EE0203160CB0D0FF7AC969DE88E7B666D8DB996B5F00007EF54EC2101F045D8D243A1
                                            Function 00007FFB23AE4730 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561128704.00007FFB23AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AE0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561025089.00007FFB23AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561259365.00007FFB23AE6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561347578.00007FFB23AE9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23ae0000_python.jbxd
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: d0030d7d39ed1f1285109f3f3c4a92fc536e9fee5458ecd4838dc556b7ba0fb5
                                            • Instruction ID: 802c67977d5c2699d0c5ca5e011f183ca186ec19daba16457f7ca375b532f23f
                                            • Opcode Fuzzy Hash: d0030d7d39ed1f1285109f3f3c4a92fc536e9fee5458ecd4838dc556b7ba0fb5
                                            • Instruction Fuzzy Hash: 5CF01DB2608F85C9C702CF25E85009DB724F75ABC4F458A22EE8D63B29CF38C052CB40
                                            Function 00007FFB23AE42E0 Relevance: 1.4, APIs: 1, Instructions: 138COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561128704.00007FFB23AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AE0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561025089.00007FFB23AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561259365.00007FFB23AE6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561347578.00007FFB23AE9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23ae0000_python.jbxd
                                            Similarity
                                            • API ID: memcpy
                                            • String ID:
                                            • API String ID: 3510742995-0
                                            • Opcode ID: b007cc5a7efe170316438a21b032e88e071ebebb1f436b5cacc6e359ddb69198
                                            • Instruction ID: 9d12e46f911f7a123f6b7588eb555b7a92573e5501716af0ab3f40302aa2c7c6
                                            • Opcode Fuzzy Hash: b007cc5a7efe170316438a21b032e88e071ebebb1f436b5cacc6e359ddb69198
                                            • Instruction Fuzzy Hash: E65190B2B04FC585DB11CF25D8445AC3368FB5ABA4B598272DE2C27795DF38D852C340

                                            Non-executed Functions

                                            Function 00007FFB23AF530C Relevance: 30.2, APIs: 20, Instructions: 167COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF533A
                                            • PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF535F
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF537F
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF53A2
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF53C8
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF53EE
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5414
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF543A
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5460
                                            • PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5486
                                            • PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF54AC
                                            • PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF54D2
                                            • PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF54F8
                                            • PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF551E
                                            • PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5544
                                            • PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF556A
                                            • PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5587
                                            • PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF55AC
                                            • PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF55CD
                                            • PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF55F5
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Type_$Ready$FromMetaclassModule_Type
                                            • String ID:
                                            • API String ID: 1256463225-0
                                            • Opcode ID: c809035a3f06b96d87fdfc0d7b27bea188c5b5881680951c9fb1540fb792cb96
                                            • Instruction ID: 8d162ce62684deb51550d2a16d760789f126817eedebf7efff00b5f20d5ec9b0
                                            • Opcode Fuzzy Hash: c809035a3f06b96d87fdfc0d7b27bea188c5b5881680951c9fb1540fb792cb96
                                            • Instruction Fuzzy Hash: A28172A8E09B8391EB568F71FCC867D63A4BF45B84F4C41B9C99DA2664DF3DE1468300
                                            Function 00007FFB23AE52F0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561128704.00007FFB23AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AE0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561025089.00007FFB23AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561259365.00007FFB23AE6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561347578.00007FFB23AE9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23ae0000_python.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                            • String ID:
                                            • API String ID: 313767242-0
                                            • Opcode ID: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                            • Instruction ID: a95c5c31de78d930d61dbe4d35de8db434a8cff5c2969004332d6a169aaf9d32
                                            • Opcode Fuzzy Hash: 40d573c0dd21a065d9b81eb5e40468c529eab132bf55f054c2ad9a992b3fa41a
                                            • Instruction Fuzzy Hash: CF316AB2609EC18AEB618F75E8503ED3360FB85745F48843ADA4E57A99EF3CD649C700
                                            Function 00007FFB23AF6530 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                            • String ID:
                                            • API String ID: 313767242-0
                                            • Opcode ID: 51c35f35c85ed8dbc807afe6a3c42d7ea6e6d53d55cb54043628433764dc69aa
                                            • Instruction ID: f9bee5145d5b4482d08c11151dda639eead8ef587349e994d08f48f2bcdda513
                                            • Opcode Fuzzy Hash: 51c35f35c85ed8dbc807afe6a3c42d7ea6e6d53d55cb54043628433764dc69aa
                                            • Instruction Fuzzy Hash: B1316DB6608BC186EB658F65E8843ED3360FB85744F48403ADA8D67B98EF3DC548C700
                                            Function 00007FF7C11017A8 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559580449.00007FF7C1101000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7C1100000, based on PE: true
                                            • Associated: 0000000E.00000002.2559542937.00007FF7C1100000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559620208.00007FF7C1102000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559657142.00007FF7C1104000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ff7c1100000_python.jbxd
                                            Similarity
                                            • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                            • String ID:
                                            • API String ID: 313767242-0
                                            • Opcode ID: 1bc1d7f10936497f6c2da7948b9a86dde6abc924ad56319c0f9215857a921d84
                                            • Instruction ID: db390526119f49a9560f3d881b406d7848dd89553bf790a31a4ac1e544c871cc
                                            • Opcode Fuzzy Hash: 1bc1d7f10936497f6c2da7948b9a86dde6abc924ad56319c0f9215857a921d84
                                            • Instruction Fuzzy Hash: C7315072A04B8186EB60EF60F8403E97361F785B54F94443ADA4E47B98DF7CC648C710
                                            Function 00007FFB23AE2E00 Relevance: 4.5, APIs: 3, Instructions: 42sleepCOMMON
                                            Download Yara Rule
                                            APIs
                                            • Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFB23AE368D,?,00000001,00000000,00007FFB23AE2B10), ref: 00007FFB23AE2E4A
                                            • GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FFB23AE368D,?,00000001,00000000,00007FFB23AE2B10), ref: 00007FFB23AE2E94
                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,00007FFB23AE368D,?,00000001,00000000,00007FFB23AE2B10), ref: 00007FFB23AE2EC2
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561128704.00007FFB23AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AE0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561025089.00007FFB23AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561259365.00007FFB23AE6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561347578.00007FFB23AE9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23ae0000_python.jbxd
                                            Similarity
                                            • API ID: InfoSleepSystemabort
                                            • String ID:
                                            • API String ID: 3812989525-0
                                            • Opcode ID: 356e883e78af41a95903e3fe84684237f5ddaaae80b9a3ed4a034d8e13ef1f18
                                            • Instruction ID: da6ce8391613ed2ef71fb2a7a66047418ef1a3542f3a4cecb419f07ab923b2a4
                                            • Opcode Fuzzy Hash: 356e883e78af41a95903e3fe84684237f5ddaaae80b9a3ed4a034d8e13ef1f18
                                            • Instruction Fuzzy Hash: 98214DB0A19FD286EB63DB30EC5433D32A4BF4AB16F0806B9C15D626A0DF3CA5468700
                                            Function 00007FF7C1101950 Relevance: .0, Instructions: 2COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559580449.00007FF7C1101000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7C1100000, based on PE: true
                                            • Associated: 0000000E.00000002.2559542937.00007FF7C1100000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559620208.00007FF7C1102000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559657142.00007FF7C1104000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ff7c1100000_python.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 82ba1786bcdd612b7483a182c3e69f01749d4b8e22591703317c4a3fffe424f5
                                            • Instruction ID: 1d8e7c61fa405880a027c8acfbe693c0e1c846d8040b3cdd2b02d8767bb7117e
                                            • Opcode Fuzzy Hash: 82ba1786bcdd612b7483a182c3e69f01749d4b8e22591703317c4a3fffe424f5
                                            • Instruction Fuzzy Hash: 43A00221D1EE02D2E704EF40F950171A336FB95B74BE14431C00E52064AFBCE500C330
                                            Function 00007FFB23AF562C Relevance: 115.9, APIs: 46, Strings: 20, Instructions: 356COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF565D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Module_Object
                                            • String ID: 1.1.0$ArgumentError$COMError$CTYPES_MAX_ARGCOUNT$FUNCFLAG_CDECL$FUNCFLAG_HRESULT$FUNCFLAG_PYTHONAPI$FUNCFLAG_STDCALL$FUNCFLAG_USE_ERRNO$FUNCFLAG_USE_LASTERROR$RTLD_GLOBAL$RTLD_LOCAL$SIZEOF_TIME_T$__version__$_cast_addr$_memmove_addr$_memset_addr$_pointer_type_cache$_string_at_addr$_wstring_at_addr
                                            • API String ID: 3061622016-2216286708
                                            • Opcode ID: 22c78ac659fccb833373f779d7cfa88372031711fcbcea86ecb404ed6590b11c
                                            • Instruction ID: 759051ea8c4530583b13eda9cf2a1b9f643282a26082df62cc58ffd5b2f6a44f
                                            • Opcode Fuzzy Hash: 22c78ac659fccb833373f779d7cfa88372031711fcbcea86ecb404ed6590b11c
                                            • Instruction Fuzzy Hash: 3EE10FE8E0E78386FB275F71DC9827C22A4AF06F85F0C55B9C94E75295EE2FA0418351
                                            Function 00007FFB23B194B8 Relevance: 58.1, APIs: 4, Strings: 29, Instructions: 382COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
                                            • API String ID: 2943138195-1482988683
                                            • Opcode ID: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                            • Instruction ID: de810cf9b05d0d63c300f46a08c9ae2f04140af372bd9f0d98c8a2cd1e3da5ad
                                            • Opcode Fuzzy Hash: 9af3000e46094686c92b09a1ab6ba282d3ea35f814097fcec630d6e6c72122d6
                                            • Instruction Fuzzy Hash: 1B0252BAF186D288FB168F75DC982BC36B0BB09384F584175CACD76A98DF2C9545C380
                                            Function 00007FFB23AF1CA0 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 266COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Dealloc$Arg_ParseSizeStringTuple_$Format$AttrAuditLong_Object_OccurredSequence_Sys_TupleVoid
                                            • String ID: O&O;illegal func_spec argument$O|O$_handle$abstract class$could not convert the _handle attribute to a pointer$ctypes.dlsym$function '%s' not found$function ordinal %d not found$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes$the _handle attribute of the second argument must be an integer
                                            • API String ID: 2812885975-1557499450
                                            • Opcode ID: cb67d1f608cb4e7c05f91af2f56ddb449884a594cb3d66a49fb61017942d27eb
                                            • Instruction ID: 1478609e54f5369e06342ec30043bc0df7e243bfacb3ade6f6a7e40ecb0968f0
                                            • Opcode Fuzzy Hash: cb67d1f608cb4e7c05f91af2f56ddb449884a594cb3d66a49fb61017942d27eb
                                            • Instruction Fuzzy Hash: 6FC13DB9E08A8295EB1A8F35DC942BD23A0BF45B88F5C40B5D94D676A4DF3FE546C300
                                            Function 00007FFB23AFD3E4 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 241COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Err_ErrorLast_errno$State_$UnraisableWrite$CheckCurrentEnsureFunctionObject_ReleaseResultStringSubtypeThreadType_VectorcallWarnmemcpy
                                            • String ID: Parsing argument %zd$cannot build parameter$create argument %zd:$memory leak in callback function.$on calling ctypes callback function$on converting result of ctypes callback function$unexpected result of create argument %zd:
                                            • API String ID: 354188352-1876801404
                                            • Opcode ID: 3353cf4db8e4d53892da9a1680dbfdb20d7e1eb82ac740a2dca17980821e60b7
                                            • Instruction ID: 16cc3b014e782ba284eb90b3fc32b04d2ad99cdce8242f00c1a72c2283a9120d
                                            • Opcode Fuzzy Hash: 3353cf4db8e4d53892da9a1680dbfdb20d7e1eb82ac740a2dca17980821e60b7
                                            • Instruction Fuzzy Hash: F0B11DA9A09AC285EB579F31DC9827D33A0FB46B98F484172D94D677A8DF3EE445C300
                                            Function 00007FFB23AF56B1 Relevance: 49.1, APIs: 20, Strings: 8, Instructions: 138COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF56BD
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF56DC
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF56F1
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5710
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5728
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5747
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF575F
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF577E
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5796
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF57B5
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF57CD
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF57EC
                                            • PyUnicode_FromString.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5806
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5825
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9866
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9886
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF98A6
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF98C6
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF98E6
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9906
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9A2A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocFromModule_Object$LongLong_$StringUnicode_
                                            • String ID: 1.1.0$FUNCFLAG_CDECL$FUNCFLAG_HRESULT$FUNCFLAG_PYTHONAPI$FUNCFLAG_STDCALL$FUNCFLAG_USE_ERRNO$FUNCFLAG_USE_LASTERROR$__version__
                                            • API String ID: 1177918438-3954669750
                                            • Opcode ID: 9a22af3020cc1a622dfb4476250a464506155eee5edae4c5558544e6c1b78a0e
                                            • Instruction ID: ef59f45c03d059f69e20bf46d9efcd1d8401a313ebd0ab53531ed875dd392ba2
                                            • Opcode Fuzzy Hash: 9a22af3020cc1a622dfb4476250a464506155eee5edae4c5558544e6c1b78a0e
                                            • Instruction Fuzzy Hash: CA51F0E8E0E7C386FA275F71DC9837C22A4AF07F85F0C45B9C94E65291EE2EA0458351
                                            Function 00007FFB23AF1760 Relevance: 45.7, APIs: 18, Strings: 8, Instructions: 233stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$AttrDeallocString$Err_$Format$CallCurrentDict_LookupMakeMallocMem_OccurredSizeState_ThreadUnicode_Updatestrchr
                                            • String ID: __ctype_be__$__ctype_le__$_type_ '%s' not supported$cbBhHiIlLdfuzZqQPXOv?g$class must define a '_type_' attribute$class must define a '_type_' attribute which must bea single character string containing one of '%s'.$class must define a '_type_' attribute which must be a string of length 1$class must define a '_type_' string attribute
                                            • API String ID: 1144576454-917751260
                                            • Opcode ID: f697b81d1f7929694cfcf9fbce005f7dc37917d259ca99574aa30cf45214b892
                                            • Instruction ID: cbff20d0d7b4de874d1228493c50d3ea1280c688665aa93f2eabca111b7d0281
                                            • Opcode Fuzzy Hash: f697b81d1f7929694cfcf9fbce005f7dc37917d259ca99574aa30cf45214b892
                                            • Instruction Fuzzy Hash: 71B121B6909BC285EB568F35DC8837D23A0EF46B94F4C4571D98E62664DF3EE485C340
                                            Function 00007FFB23AF4568 Relevance: 44.0, APIs: 18, Strings: 7, Instructions: 220COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Err_$AttrLong_LookupObject_String$Dict_ExceptionMallocMatchesMem_MemoryOccurredSignSsize_tUpdate
                                            • String ID: The '_length_' attribute is too large$The '_length_' attribute must be an integer$The '_length_' attribute must not be negative$_type_ must have storage info$array too large$class must define a '_length_' attribute$class must define a '_type_' attribute
                                            • API String ID: 1851186263-504660705
                                            • Opcode ID: cb165b15510b282bb8f78bbef933e6e6e1be9318dda9df85a66a861dbeb01329
                                            • Instruction ID: afea518a057ea02950fad2b4e3ac7bb9d5b826257fea4b90317d58a75c92716c
                                            • Opcode Fuzzy Hash: cb165b15510b282bb8f78bbef933e6e6e1be9318dda9df85a66a861dbeb01329
                                            • Instruction Fuzzy Hash: 70B132B5A09A8281EB5A8F35DC9837C23A0FF46B94F4C42B9D55E666E4DF3EE445C300
                                            Function 00007FFB23AFAC60 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 215COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Number_OccurredSsize_t$FromString$Bytes_Mem_SizeUnicode_$CharCheckFreeIndex_List_MallocMemoryWide
                                            • String ID: Pointer indices must be integer$slice start is required for step < 0$slice step cannot be zero$slice stop is required
                                            • API String ID: 3053630023-3059441807
                                            • Opcode ID: faca26dfae9f86c5ef9e4855d8864107ded3a27a0e1818afff6c49d20ff11bbf
                                            • Instruction ID: a1b6890969f9abbd571b0d1a304161b2fee9eafc789c7063272e9d95561db6d8
                                            • Opcode Fuzzy Hash: faca26dfae9f86c5ef9e4855d8864107ded3a27a0e1818afff6c49d20ff11bbf
                                            • Instruction Fuzzy Hash: 3F9173E9E09A9281EA169F35DD881BC2361AF45FE0B4C46B1D96F277E0DF3EE4458700
                                            Function 00007FFB23AFD074 Relevance: 38.6, APIs: 19, Strings: 3, Instructions: 136COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$FromLong_$Err_Void$StringUnraisableWrite$ArgsAttrCallFunctionImport_InternLongModuleObject_OccurredUnicode_
                                            • String ID: DllGetClassObject$_ctypes.DllGetClassObject$ctypes
                                            • API String ID: 198946335-177550262
                                            • Opcode ID: 65e9fa2d7f6abdd369792f1215d283cf3ae8a2a5d5939b0a596ab0fc279ee388
                                            • Instruction ID: d2538e22fc4183cbc09fa9b43be94f5994751c5d93845e7b2a94c2fdad95dc5b
                                            • Opcode Fuzzy Hash: 65e9fa2d7f6abdd369792f1215d283cf3ae8a2a5d5939b0a596ab0fc279ee388
                                            • Instruction Fuzzy Hash: F65122B9E08A8386EB1B9F31DD5813C33A4AF46B94F0C44B2C94E62664DF3FE5958704
                                            Function 00007FFB23AF9EF4 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 178COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: From$Bytes_Err_Mem_SizeSlice_StringUnicode_$AdjustCharCheckFreeIndex_IndicesList_MallocMemoryNumber_OccurredSsize_tUnpackWide
                                            • String ID: indices must be integers
                                            • API String ID: 4188490530-2024404580
                                            • Opcode ID: 6526a4648f94ed9d17d777f7624b47fd1bc02f5525ba566fef3a33eac90e2dc6
                                            • Instruction ID: 34b9cddcf97fb7042b76089c401f013bce4564fab6770f1276f141a35ff7ea15
                                            • Opcode Fuzzy Hash: 6526a4648f94ed9d17d777f7624b47fd1bc02f5525ba566fef3a33eac90e2dc6
                                            • Instruction Fuzzy Hash: F27153A9A09AC282EB1A9F35DD481BC1361FF45BD4B0841B1DD5F67BA4DF3EE4468700
                                            Function 00007FFB23AF4A70 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: From$CallDict_Err_FormatFunctionItemObject_Unicode_$DeallocErrorLong_OccurredStringVoidWith
                                            • String ID: LP_%U$LP_%s$N(O){sO}$N(O){}$_type_$must be a ctypes type
                                            • API String ID: 3146948445-1214187729
                                            • Opcode ID: b2d73554346d96f05ba5c718ea02eff8dc1090226ef4b640fb946f1f5a64de90
                                            • Instruction ID: 95b392535bcee60e8e759fb56d67f29dcdc84d436056d4585ffac97b59e00d4f
                                            • Opcode Fuzzy Hash: b2d73554346d96f05ba5c718ea02eff8dc1090226ef4b640fb946f1f5a64de90
                                            • Instruction Fuzzy Hash: 1F410BA9A09A8381EB1A8F31DC9837C63A0BF4AB95F0C40B1C55E67665DF3EE5458700
                                            Function 00007FFB23AFA5E0 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 82threadlibraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$String$DeallocEval_Thread$AddressArg_AttrAuditFormatLong_Object_OccurredParseProcRestoreSaveSizeSys_Tuple_Void
                                            • String ID: Os:in_dll$_handle$could not convert the _handle attribute to a pointer$ctypes.dlsym$symbol '%s' not found$the _handle attribute of the second argument must be an integer
                                            • API String ID: 1915345233-3856192562
                                            • Opcode ID: 77c0c3bb1c0740a5c2f97445e3c45156dfcf7c656d886c92a59b2bc9c521f4bf
                                            • Instruction ID: 2598407b841812438bac11d4d598b6e3f59f15957a972fc2d1cdc5956b3e6249
                                            • Opcode Fuzzy Hash: 77c0c3bb1c0740a5c2f97445e3c45156dfcf7c656d886c92a59b2bc9c521f4bf
                                            • Instruction Fuzzy Hash: F041D0A9A08A8281EB4A9F35EC982BC63A4BF45BC5F0C40B5D94E67664DF3EE5458700
                                            Function 00007FFB23B0018C Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 178COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyObject_GetAttrString.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B001BC
                                            • PySequence_Fast.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B001D8
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B001EF
                                            • PyArg_ParseTuple.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B0025B
                                            • PyObject_GetAttr.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B00275
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B002CA
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B00352
                                            • PyObject_SetAttr.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B0036B
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B00384
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B003A8
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B003CC
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B003E0
                                            • PyErr_SetString.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B0040B
                                            • _Py_Dealloc.PYTHON312(?,00000018,0000023FAE895C90,00000018,00000000,?,?,00000000,00007FFB23AF8FA8), ref: 00007FFB23B00421
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$AttrObject_$String$Arg_Err_FastParseSequence_Tuple
                                            • String ID: OO|O$_fields_$_fields_ must be a sequence$unexpected type
                                            • API String ID: 1182381414-2418103425
                                            • Opcode ID: 6604ade725ed50e35030337eae9951f01cd0474dbbf59230ef89c97940456b55
                                            • Instruction ID: cfd8a7e8ee1aab2d5c75c598bb2225593753ae34c4693f6b3e814992e326d862
                                            • Opcode Fuzzy Hash: 6604ade725ed50e35030337eae9951f01cd0474dbbf59230ef89c97940456b55
                                            • Instruction Fuzzy Hash: 8B81F0BAA09A8682EB568F35DDC827D33A0FB59B94F084171CA8D637A4DF3CD595C700
                                            Function 00007FFB23AF222C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 136threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$Dealloc$Err_$AttrCallCheckCurrentExceptionInstanceLookupRaisedRecursiveState_StringThreadTrackUnicode_
                                            • String ID: abstract class$while processing _as_parameter_$wrong type
                                            • API String ID: 1221418975-1173273510
                                            • Opcode ID: fff4ed27f0c2a9d9f0bf85d357270f3fd5bd9b262d65636cc5386c01edb0f6cb
                                            • Instruction ID: c1724ab03495e8a39344b07c2000b39d3d97301cc5b4dc96b078aeca0c0660a8
                                            • Opcode Fuzzy Hash: fff4ed27f0c2a9d9f0bf85d357270f3fd5bd9b262d65636cc5386c01edb0f6cb
                                            • Instruction Fuzzy Hash: 855130B9A09A8381EB1A8F31EC5837D67A4BF46B91F0C40B0DE4D66694DF3FE4458740
                                            Function 00007FFB23B1CDBC Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 290COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+$Replicator::operator[]
                                            • String ID: `anonymous namespace'
                                            • API String ID: 3863519203-3062148218
                                            • Opcode ID: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                            • Instruction ID: 99a61da93c76a735490139e40062b4ac4f65d1e2d49c8104b32f79e41694c036
                                            • Opcode Fuzzy Hash: c2c563be3abc2cd025459880134dd91d33137c93c5547e13454a58e5101b2a40
                                            • Instruction Fuzzy Hash: BFE16CBAA08BC299EB128F34DC882ED77A0FB45784F484176EACD67A59DF38D515C700
                                            Function 00007FFB23AF8295 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 187COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Mem_$Err_$FreeMallocString$AttrDeallocFormatObject_Unicode_memcpy
                                            • String ID: %s:%s:$UO|i$bit fields not allowed for type %s$number of bits invalid for bit field
                                            • API String ID: 1432342614-1978056028
                                            • Opcode ID: 5844e7e0d6cbfa9c63a3c2456c304e39a52f6b0c02ebf00914ccbb7cf5c1e462
                                            • Instruction ID: 9f6da7cc514de23dcf18a26cdd424abab86dd7767fd22f3db526515dc40b789f
                                            • Opcode Fuzzy Hash: 5844e7e0d6cbfa9c63a3c2456c304e39a52f6b0c02ebf00914ccbb7cf5c1e462
                                            • Instruction Fuzzy Hash: 7591B0B6A08B8285EB46CF35EC882AD37A4FB46B94F580175DA5D637A4DF3EE445C300
                                            Function 00007FFB23AF2DE0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 146COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$String$LongLong_Occurred$Bytes_Capsule_CharClearFreeMem_Unicode_UnsignedWide
                                            • String ID: Don't know how to convert parameter %d$_ctypes pymem$int too long to convert
                                            • API String ID: 3969321993-4137960972
                                            • Opcode ID: fca66ba9cf3fa2a06071df7056dddb7f1b08af4a9647f62694b70dc7ec72234c
                                            • Instruction ID: cdffa9632b3744bdff680059256a4b1d315ac926952ff17e64c1fb32bbe2af87
                                            • Opcode Fuzzy Hash: fca66ba9cf3fa2a06071df7056dddb7f1b08af4a9647f62694b70dc7ec72234c
                                            • Instruction Fuzzy Hash: 4D612FB9A19B8282EB568F35EC8423C33A0FB49B94B1C4575DA9D63764DF3EE451C340
                                            Function 00007FFB23AF4878 Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 129COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$CallDict_Err_FromFunction_Long_Object_OccurredPackSizeSsize_tTuple_
                                            • String ID: %.200s_Array_%Id$Array length must be >= 0, not %zd$Expected a type object$_length_$_type_$s(O){s:n,s:O}
                                            • API String ID: 3561862774-1488966637
                                            • Opcode ID: abb175054c3abe405e6485b6903381b1582440a8c924ea2a973881a5179bb90c
                                            • Instruction ID: 6920f3b2293e11d28dd1d25fb50ef1003ec2c0e67f043b1d6be7b8c9e4e8d52f
                                            • Opcode Fuzzy Hash: abb175054c3abe405e6485b6903381b1582440a8c924ea2a973881a5179bb90c
                                            • Instruction Fuzzy Hash: CE514EB9A0DA8381EB169F31EC9837D23A0BF46795F0C41B5CA8D66790EF2EE5458700
                                            Function 00007FFB23AFA1E8 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 105COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$String$Arg_AuditBuffer_ContiguousDeallocFormatFromMemoryObjectParseSizeSys_Tuple_View_
                                            • String ID: Buffer size too small (%zd instead of at least %zd bytes)$O|n:from_buffer$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$underlying buffer is not C contiguous$underlying buffer is not writable
                                            • API String ID: 3947696715-3790261066
                                            • Opcode ID: 201a9c59bc915145b3692cbc51d3498441200ce75c5c509dd669170fa7d7d1ad
                                            • Instruction ID: 42e4fd8f7560e0c4fbe407482c1b2e202999b01d6c58e8c2521caaa7804936fb
                                            • Opcode Fuzzy Hash: 201a9c59bc915145b3692cbc51d3498441200ce75c5c509dd669170fa7d7d1ad
                                            • Instruction Fuzzy Hash: 4F416CE9B08A8281EA1A8F75EC842BC23A0BF45BD0F0841B1D94E676B4DF3FE515C700
                                            Function 00007FFB23AFE064 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 84threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Capsule_$Dict_Err_ItemMem_String$CallocDeallocDictErrorFreeFromInternOccurredPointerState_ThreadUnicode_ValidWith
                                            • String ID: _ctypes pymem$cannot get thread state$ctypes.error_object$ctypes.error_object is an invalid capsule
                                            • API String ID: 2323834031-3474121714
                                            • Opcode ID: 110e2bd413c66ffabf933b21a3b2c06489e705b18dddaf206def4a3d825f1561
                                            • Instruction ID: a4505814318cba39e004c776d6390364f471b7609a83e67d50d578b4ba7074ff
                                            • Opcode Fuzzy Hash: 110e2bd413c66ffabf933b21a3b2c06489e705b18dddaf206def4a3d825f1561
                                            • Instruction Fuzzy Hash: 354130E8A09B8282FA1A8F35EC9867C23A0AF45F84F0C44B5D94D63764EF3EE5458300
                                            Function 00007FFB23AF4244 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Err_$Format$AttrLookupObject_OccurredSequence_StringTupleTuple_
                                            • String ID: _argtypes_ has too many arguments (%zi), maximum is %i$_argtypes_ must be a sequence of types$item %zd in _argtypes_ has no from_param method
                                            • API String ID: 4102822968-1150265712
                                            • Opcode ID: bfe38531abc71b90bf1ef4874b0142a867b1dd731aa8477ea8dd271d4c6bf836
                                            • Instruction ID: 22a26fa2b51cc88616134c714fb28b5b9f520ca01d9a25e4d495c5a6d8269a95
                                            • Opcode Fuzzy Hash: bfe38531abc71b90bf1ef4874b0142a867b1dd731aa8477ea8dd271d4c6bf836
                                            • Instruction Fuzzy Hash: B341FFA5E08A9292FB1A9F31DC4827C6374FF46B95F0C40B5C94DA6764DF3EE5458301
                                            Function 00007FFB23AFDF5C Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 71COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyUnicode_FromFormatV.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDF82
                                            • PyErr_GetRaisedException.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDF95
                                            • PyType_GetName.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDFA2
                                            • PyUnicode_AppendAndDel.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDFB4
                                            • PyUnicode_FromString.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDFC1
                                            • PyUnicode_AppendAndDel.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDFCE
                                            • PyErr_Clear.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDFDF
                                            • PyObject_Str.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDFE8
                                            • PyErr_Clear.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFDFF3
                                            • PyUnicode_FromString.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFE000
                                            • PyUnicode_AppendAndDel.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFE00D
                                            • PyErr_SetObject.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFE022
                                            • _Py_Dealloc.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFE03A
                                            • _Py_Dealloc.PYTHON312(?,?,00000001,00000000,?,00007FFB23AF7D57), ref: 00007FFB23AFE054
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Unicode_$Err_$AppendFrom$ClearDeallocString$ExceptionFormatNameObjectObject_RaisedType_
                                            • String ID: ???
                                            • API String ID: 4178471810-1053719742
                                            • Opcode ID: dec409e442527d645c18c6f1c2d719257f37b23953c585076d9689aa7f924dae
                                            • Instruction ID: a2cbf9be2d5c0249deb863da458249251652d364a8f8a8be3147648c7a2057ff
                                            • Opcode Fuzzy Hash: dec409e442527d645c18c6f1c2d719257f37b23953c585076d9689aa7f924dae
                                            • Instruction Fuzzy Hash: D5313AA9A09A8285FF0A8F71EC9867C23B0BF85F88B0C4475D94E62664DF3DA4058300
                                            Function 00007FFB23AFDD4C Relevance: 24.6, APIs: 5, Strings: 9, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: From$FormatUnicode_$DeallocDoubleFloat_
                                            • String ID: <cparam '%c' (%R)>$<cparam '%c' (%d)>$<cparam '%c' (%ld)>$<cparam '%c' (%lld)>$<cparam '%c' (%p)>$<cparam '%c' ('%c')>$<cparam '%c' ('\x%02x')>$<cparam '%c' at %p>$<cparam 0x%02x at %p>
                                            • API String ID: 1798191970-1075073485
                                            • Opcode ID: f4802ce21c98897a8a84c04d4340e10b0187efe24c9805ae5997c41ffba9c2fb
                                            • Instruction ID: 108028469092411490bd83d7091fcd6e9384d56ab682ce881ca65c5a606b441f
                                            • Opcode Fuzzy Hash: f4802ce21c98897a8a84c04d4340e10b0187efe24c9805ae5997c41ffba9c2fb
                                            • Instruction Fuzzy Hash: 30413CE6E0C0C381E66B4B35ED9817C3A61AF67B48F1C42B6C54E265ACDE2FA945C740
                                            Function 00007FFB23AFCB5C Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 82COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AttrObject_String$Arg_Dealloc$KeywordsParseSequence_SizeSliceTuple_
                                            • String ID: OOO:COMError$args$details$hresult$text
                                            • API String ID: 4238450639-2065934886
                                            • Opcode ID: e1eb60f67de60fd9f2b720c44b6b62719b09efa35703bec34c37e0b57ae02bb7
                                            • Instruction ID: fad4ab6ce6d1ba3a10fceb6a99a2607189aa116d24b0369fa6da8bcb8ed49e8f
                                            • Opcode Fuzzy Hash: e1eb60f67de60fd9f2b720c44b6b62719b09efa35703bec34c37e0b57ae02bb7
                                            • Instruction Fuzzy Hash: C73110B9A087D281EB06CF76EC8826D23A4EF46FD4F0C4171DA8D67664DE2EE546C740
                                            Function 00007FFB23AFA37C Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 79COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Buffer_ReleaseString$Arg_AuditFormatParseSizeSys_Tuple_memcpy
                                            • String ID: Buffer size too small (%zd instead of at least %zd bytes)$abstract class$ctypes.cdata/buffer$nnn$offset cannot be negative$y*|n:from_buffer_copy
                                            • API String ID: 2374319793-1742308441
                                            • Opcode ID: f9127f372fbb5483ee5257f3fa9900107b2d8cf4182ae7cb85f8e570cb4a888d
                                            • Instruction ID: ef423cd006bb561da2b1dc9c468eb2a64dba31b027fec77ecfc17d2b5e1722b5
                                            • Opcode Fuzzy Hash: f9127f372fbb5483ee5257f3fa9900107b2d8cf4182ae7cb85f8e570cb4a888d
                                            • Instruction Fuzzy Hash: 633131A9A28AC281EA16CF25EC842AD6360FB85BC0F485072D98E67764DE3DE505C740
                                            Function 00007FFB23AFCF58 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Dealloc$StringUnraisableWrite$AttrClearFromImportImport_InternLongLong_ModuleObject_OccurredUnicode_
                                            • String ID: DllCanUnloadNow$_ctypes.DllCanUnloadNow$ctypes
                                            • API String ID: 3419117993-4136862661
                                            • Opcode ID: cbcaf97fde0d8d27ad1794faea866db3b8311106588fa39c62f878c0ccde93fe
                                            • Instruction ID: d9de88f50443e6e6038bdb34c9eecae70520f482e810e09533f28053bc2f04f1
                                            • Opcode Fuzzy Hash: cbcaf97fde0d8d27ad1794faea866db3b8311106588fa39c62f878c0ccde93fe
                                            • Instruction Fuzzy Hash: F4319DA9E0978382EA1B9F31ED9833C63A0AF45B91F0C40B5D98E66765DF3EE4458701
                                            Function 00007FFB23AF430C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 68threadlibraryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_Eval_FromThread$Arg_AuditCharErrorFormatFreeLastLibraryLoadLong_Mem_ParseRestoreSaveStringSys_TupleUnicode_VoidWideWindows
                                            • String ID: Could not find module '%.500S' (or one of its dependencies). Try using the full path with constructor syntax.$U|i:LoadLibrary$ctypes.dlopen
                                            • API String ID: 3805577924-808210370
                                            • Opcode ID: 4989f78db13d8ccae8f47d1c6d1c48e65b5555a209307455c99b8303ed314052
                                            • Instruction ID: de0a728aea15a9e440fb42c3a43a19c11d2c0662f12ae77679d5bb4286b83626
                                            • Opcode Fuzzy Hash: 4989f78db13d8ccae8f47d1c6d1c48e65b5555a209307455c99b8303ed314052
                                            • Instruction Fuzzy Hash: 11212198B08A8681E70A9F72EC8827D23A5BF49BD5F4C4175D94E62360DE7DE44A8300
                                            Function 00007FFB23B1DC24 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 359COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: NameName::$Name::operator+atolswprintf_s
                                            • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr
                                            • API String ID: 2331677841-2441609178
                                            • Opcode ID: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                            • Instruction ID: d504346764550fd07e8b9d61d58205377c1b7316a62a3f4e5d56508b5f7572ee
                                            • Opcode Fuzzy Hash: 04052d8e5626c1f24672c52f4d573e3506f88365006a7f318b5907256fbad706
                                            • Instruction Fuzzy Hash: 59F1B0AAE086D284FB279F74DD9D2BC27A0AF45744F4C01BAC9CE76A95DF7CA5058300
                                            Function 00007FFB23AFC290 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 134COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyDict_GetItemWithError.PYTHON312 ref: 00007FFB23AFC313
                                            • PyErr_Occurred.PYTHON312 ref: 00007FFB23AFC326
                                              • Part of subcall function 00007FFB23AFC290: PySequence_GetItem.PYTHON312 ref: 00007FFB23AFC367
                                              • Part of subcall function 00007FFB23AFC290: PySequence_GetItem.PYTHON312 ref: 00007FFB23AFC37E
                                              • Part of subcall function 00007FFB23AFC290: PyDict_Contains.PYTHON312 ref: 00007FFB23AFC3A6
                                              • Part of subcall function 00007FFB23AFC290: PyObject_SetAttr.PYTHON312 ref: 00007FFB23AFC3BB
                                              • Part of subcall function 00007FFB23AFC290: _Py_Dealloc.PYTHON312 ref: 00007FFB23AFC3D2
                                              • Part of subcall function 00007FFB23AFC290: _Py_Dealloc.PYTHON312 ref: 00007FFB23AFC3E6
                                              • Part of subcall function 00007FFB23AFC290: PyErr_Format.PYTHON312 ref: 00007FFB23AFC422
                                              • Part of subcall function 00007FFB23AFC290: _Py_Dealloc.PYTHON312 ref: 00007FFB23AFC436
                                              • Part of subcall function 00007FFB23AFC290: _Py_Dealloc.PYTHON312 ref: 00007FFB23AFC45A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Item$Dict_Err_Sequence_$AttrContainsErrorFormatObject_OccurredWith
                                            • String ID: duplicate values for field %R
                                            • API String ID: 1919794741-1910533534
                                            • Opcode ID: 8ce8fffa5a1ea4aa91b1f7b8fca818e4f2828fd310c07b797a35924a0523ba6c
                                            • Instruction ID: ac8392e46c4b4afbc50937e983c060392135a51c45453ec3df8190d2088dda95
                                            • Opcode Fuzzy Hash: 8ce8fffa5a1ea4aa91b1f7b8fca818e4f2828fd310c07b797a35924a0523ba6c
                                            • Instruction Fuzzy Hash: 965180A5A09A8681EE1A9F36DC4C33DA390AF56FE5F0C4270DD5E62795DF3EE0458300
                                            Function 00007FFB23AFDAB4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 125threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Free$String$Eval_Thread$BuildDeallocErr_ErrorFromInfoLocalObjectProgRestoreSaveValue
                                            • String ID: iu(uuuiu)
                                            • API String ID: 2817777535-1877708109
                                            • Opcode ID: 1713533a941051d733200da4fbd64bf1f872de325826b55461541c5bc867d83f
                                            • Instruction ID: 09f833929ec6ae75d4625a34c4a34022d4eda44c7195d1cba8370b5d7a57d746
                                            • Opcode Fuzzy Hash: 1713533a941051d733200da4fbd64bf1f872de325826b55461541c5bc867d83f
                                            • Instruction Fuzzy Hash: 9851FCAAB04A859AEB059F76D8983AC3370FB88F89F044576DE4D57B58DF39D509C300
                                            Function 00007FFB23AF41D4 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 123COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$AttrObject_$FastLookupSequence_
                                            • String ID: '%U' is specified in _anonymous_ but not in _fields_$_anonymous_ must be a sequence
                                            • API String ID: 1391743325-2678605723
                                            • Opcode ID: 41ad63cd2cf16bf324fa13aff97afee050d2a9c388b26c9d6421d8fb975869c9
                                            • Instruction ID: e3e386f0b636572c43be98ec1a8cb1413d83eec6e87c42203fad19018ec501e8
                                            • Opcode Fuzzy Hash: 41ad63cd2cf16bf324fa13aff97afee050d2a9c388b26c9d6421d8fb975869c9
                                            • Instruction Fuzzy Hash: FF513DB6E08A8285EB1A9F76DC4837D37A5FB46B94F1C41B1CA4D63294DF3EE4818700
                                            Function 00007FFB23AF9BF8 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 119COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$CheckIndex_Number_OccurredSsize_tString
                                            • String ID: Array does not support item deletion$Can only assign sequence of same size$indices must be integer
                                            • API String ID: 428023279-3643249925
                                            • Opcode ID: befac889ae9f985af314503f2b386f8710a94474de721e1bd481e1da1248b0f6
                                            • Instruction ID: 9788f8154baee1e0c44a1824583d8ac7eed6a5dc1a446aa4eaf61ce5ac54173e
                                            • Opcode Fuzzy Hash: befac889ae9f985af314503f2b386f8710a94474de721e1bd481e1da1248b0f6
                                            • Instruction Fuzzy Hash: B341A5A5A08AC285EF1A8F35DC881BC23A1FF06BD4B1C42B5DD1D67694DF3EE4468300
                                            Function 00007FFB23AF2430 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 103COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dict_Err_ErrorItemWith$AttrLookupObject_Occurred$LongLong_MaskSequence_StringTupleTuple_Unsigned
                                            • String ID: _restype_ must be a type, a callable, or None$class must define _flags_ which must be an integer
                                            • API String ID: 1011425329-2538317290
                                            • Opcode ID: c7a38dfad404fe05acc423bff762358c2fd30130961df09e89603cf4957ad20e
                                            • Instruction ID: 2ad0934754edd1458a6be0b1754384c9f4dc8411662309c397380f7c13473b81
                                            • Opcode Fuzzy Hash: c7a38dfad404fe05acc423bff762358c2fd30130961df09e89603cf4957ad20e
                                            • Instruction Fuzzy Hash: 3E4143A9A09B8296EB4A8F35DD9937C23A0FF45B84F0C4075DA5D57790DF3EE0558300
                                            Function 00007FFB23AFE970 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$FormatMem_$Arg_CallocMemoryParseReallocStringTuplememmove
                                            • String ID: Memory cannot be resized because this object doesn't own it$On:resize$expected ctypes instance$minimum size is %zd
                                            • API String ID: 840110532-3291562774
                                            • Opcode ID: 8ea18bafe459fcda19e4d42741f576bc6e45a0b7910792aae1d1f1b79aa67c89
                                            • Instruction ID: 1a22b9e4ac07073b25f98435735f5328e8004dcdb0d79f96e26651346913d4ea
                                            • Opcode Fuzzy Hash: 8ea18bafe459fcda19e4d42741f576bc6e45a0b7910792aae1d1f1b79aa67c89
                                            • Instruction Fuzzy Hash: AD313FE9A08B8281EA1A9F35EC8417D6370FB86F81F1851B1DA8D27764DE3ED985C740
                                            Function 00007FFB23B1B280 Relevance: 19.9, APIs: 13, Instructions: 361COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID:
                                            • API String ID: 2943138195-0
                                            • Opcode ID: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                            • Instruction ID: 76b7d7097fdc14a912b9bedc66192a1cbe5c2859e5dc2e27dcc54674b37c0556
                                            • Opcode Fuzzy Hash: 9a3856515ab70ac0cbef49cb78169d28014df4ca819d0bec0dbbb0bc7461e156
                                            • Instruction Fuzzy Hash: 24F15CBAB086829DEB12DF74D8942FC37B0AB0474CB484176EACD67A99DF38D519C340
                                            Function 00007FFB23AF2A24 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 205COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: LongLong_MaskTuple_Unsigned
                                            • String ID: %s 'out' parameter must be passed as default value$NULL stgdict unexpected$call takes exactly %d arguments (%zd given)$paramflag %u not yet implemented
                                            • API String ID: 1136903700-2588965191
                                            • Opcode ID: 12de6936b6da798f9685051818a6a68f44358d164f848f99eb717ea46ddafaf9
                                            • Instruction ID: 088686e20f072b7ccfe725f4d1314cc7e34e959f19b70dc1c3dbbf347fa4a382
                                            • Opcode Fuzzy Hash: 12de6936b6da798f9685051818a6a68f44358d164f848f99eb717ea46ddafaf9
                                            • Instruction Fuzzy Hash: 53913CB6A08AC286EA66DF25D84467D33A0FB86BC4F094175DA4EA3754DF3FD445C700
                                            Function 00007FFB23AFB23C Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 169COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_String
                                            • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance$not a ctype instance
                                            • API String ID: 1450464846-2159251832
                                            • Opcode ID: 1e3ec70a3d535f421dd154d74d0d04682ac4f422f5c2eb11f003a1bd059443c7
                                            • Instruction ID: f37c8bc8e7b6bb01c80a22ebe5f94722fae9f6c2d95c47760b6525958bb155ec
                                            • Opcode Fuzzy Hash: 1e3ec70a3d535f421dd154d74d0d04682ac4f422f5c2eb11f003a1bd059443c7
                                            • Instruction Fuzzy Hash: 6B7130E9A09B8281EA169F32DD8427D6360BF96FC0F4C40B1DE4D67BA5DF2EE4418340
                                            Function 00007FFB23AFB680 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 147COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_Err_ParseSizeTuple_$FormatString
                                            • String ID: abstract class$is|Oz#$i|OO$paramflag value %d not supported$paramflags must be a sequence of (int [,string [,value]]) tuples$paramflags must be a tuple or None$paramflags must have the same length as argtypes
                                            • API String ID: 2189051491-1121734848
                                            • Opcode ID: 2d164daae5ff9e2a4dc6842d2771ebbdca3356aa6a90cb35579e0364dc1c7957
                                            • Instruction ID: c29121525b7c29e7f9de518a1bf9397d5645341c7f0541c6ca3d22031624c766
                                            • Opcode Fuzzy Hash: 2d164daae5ff9e2a4dc6842d2771ebbdca3356aa6a90cb35579e0364dc1c7957
                                            • Instruction Fuzzy Hash: CD6139AAA1AA8284EB5ACF75DC843BC23B0FB46B84F584075DE4D27754DF3AE445C340
                                            Function 00007FFB23AF5984 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 58COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF598D
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59AC
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59C1
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59E0
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59F8
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5A17
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF99CE
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF99EE
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9A2A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocFromLongLong_Module_Object
                                            • String ID: CTYPES_MAX_ARGCOUNT$RTLD_GLOBAL$RTLD_LOCAL
                                            • API String ID: 3159170848-4138203729
                                            • Opcode ID: d91dbed5d4e4eba01c817b5702ce006a1f3e12a569020ffa2e3b4cd0eb555796
                                            • Instruction ID: be051e6d088a7df8f01a2fc407573e48f4b7f468459290355e3173edf810a62f
                                            • Opcode Fuzzy Hash: d91dbed5d4e4eba01c817b5702ce006a1f3e12a569020ffa2e3b4cd0eb555796
                                            • Instruction Fuzzy Hash: C72121E8E0E7C382FA2B5F71CCD827D26A06F06F85B0C45B9C94E65291EE2FA0418311
                                            Function 00007FFB23B13334 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 309COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: BlockFrameHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                            • String ID: csm$csm$csm
                                            • API String ID: 4223619315-393685449
                                            • Opcode ID: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                            • Instruction ID: 62beb3d48a02d6a47e34a71a5495ac24914179cfc123df4b3275dc581e47780f
                                            • Opcode Fuzzy Hash: dcb3548c504605ccad87c1df068e82445ce8bfed626f824eb2c4e809fdb80efd
                                            • Instruction Fuzzy Hash: 7BD18FB6A0878186EB628F75D8883AD77A0FB45788F180275DECD67B59DF38E191C700
                                            Function 00007FFB23B1ED94 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 192COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Replicator::operator[]
                                            • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                            • API String ID: 3676697650-3207858774
                                            • Opcode ID: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                            • Instruction ID: b7a7023939fd963ec10f38828f0454c1ae0ae107663405e20c1519e49d7db078
                                            • Opcode Fuzzy Hash: 73310b6c18e80224c33410df5d9c8b136be81ee7f088e8962b8740eac16092a6
                                            • Instruction Fuzzy Hash: 8D9185AAB086C699FB128F34D8986BC3761AB44B44F4C42B1EACD67795DF7CD505C340
                                            Function 00007FFB23AFB4E4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Arg_AttrDict_Err_FormatObject_ParseSizeStringTuple_Updatememmove
                                            • String ID: %.200s.__dict__ must be a dictionary, not %.200s$O!s#$__dict__
                                            • API String ID: 847698918-4068157617
                                            • Opcode ID: 134f7169d797a84cf993eff05ade26e47b6c672e17f92bce95a303e6d6ba2f09
                                            • Instruction ID: e8a74f371b7945c4c903f770e40c123004eb8dccbd7cd086cce8dbffecaf706f
                                            • Opcode Fuzzy Hash: 134f7169d797a84cf993eff05ade26e47b6c672e17f92bce95a303e6d6ba2f09
                                            • Instruction Fuzzy Hash: 2F312EBAA08A8281EB068F75EC8827C33B4FB46BD0F584172DA5E63750CF3ED4558740
                                            Function 00007FFB23AE49C0 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561128704.00007FFB23AE1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFB23AE0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561025089.00007FFB23AE0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561259365.00007FFB23AE6000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561347578.00007FFB23AE9000.00000002.00000001.01000000.0000000B.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23ae0000_python.jbxd
                                            Similarity
                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                            • String ID:
                                            • API String ID: 349153199-0
                                            • Opcode ID: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                            • Instruction ID: dcc579057efff1f2c5bad23a4f039c0c7aee0a70ff058c3461674a7bcd5e2cec
                                            • Opcode Fuzzy Hash: 41c1564c9b53542f78ee4fe0cba140d0622bb491acb40784f16a44f8e3da4176
                                            • Instruction Fuzzy Hash: 5A819FA1F0CEC386F6569B75EC4127D6298AF8BB80F4C45B5DA4D67792DE2CE4438700
                                            Function 00007FFB23B19164 Relevance: 16.7, APIs: 11, Instructions: 158COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID:
                                            • API String ID: 2943138195-0
                                            • Opcode ID: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                            • Instruction ID: 1a543eac37598b758899b0f17db191be4dca9d6acc246cac86c31a668822d0b4
                                            • Opcode Fuzzy Hash: 3cac31fbce2037cca8b65a6457a1f6e1f72e09754060cc87a73fdfbcf94b07ef
                                            • Instruction Fuzzy Hash: 22716EB6B14AC29DEB12DF70D8452EC33B1AB4878CB484471DE8D67A89DF34D619C380
                                            Function 00007FFB23AFBEDC Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 147COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CallObjectObject_
                                            • String ID: (%s) $expected %s instance, got %s$incompatible types, %s instance instead of %s instance
                                            • API String ID: 3040866976-3177377183
                                            • Opcode ID: da0bed09d6c4c7642a55c60cff700d17a5054e55ed0849e1e9e84bd3031c1a51
                                            • Instruction ID: 15f45df9ecd4b8feb90b5f817edd96e252931ea1ffec3438a3c409ca745c207d
                                            • Opcode Fuzzy Hash: da0bed09d6c4c7642a55c60cff700d17a5054e55ed0849e1e9e84bd3031c1a51
                                            • Instruction Fuzzy Hash: 60516BA9A09B8681EE0A9F32DD8427D63A1AF86BC4F0C40B5DD4D677A5DF2FE4518340
                                            Function 00007FFB23AF1510 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 142COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Unicode_$ConcatDict_FromInternStringTuple_Update
                                            • String ID: _be
                                            • API String ID: 1858819020-4071763053
                                            • Opcode ID: 559ce25173a1c27affe44ffcbf5eac76ca4fc721e772e58b3bbb8031cb8fa0e1
                                            • Instruction ID: 6c6231890b14ebbc78cba10314db910041536bb44e130c69723001023cc260af
                                            • Opcode Fuzzy Hash: 559ce25173a1c27affe44ffcbf5eac76ca4fc721e772e58b3bbb8031cb8fa0e1
                                            • Instruction Fuzzy Hash: 615104B6A09A8685EB568F35DC8423C33A4FB49B94F1C4575CA8D63764DF3EE4A2C300
                                            Function 00007FFB23AFD80C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 129COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23AFCE68: _PyObject_GC_NewVar.PYTHON312(?,?,?,00007FFB23AFD83C,?,?,?,?,?,00007FFB23AF6F5C), ref: 00007FFB23AFCE7F
                                              • Part of subcall function 00007FFB23AFCE68: memset.VCRUNTIME140(?,?,?,00007FFB23AFD83C,?,?,?,?,?,00007FFB23AF6F5C), ref: 00007FFB23AFCECC
                                              • Part of subcall function 00007FFB23AFCE68: PyObject_GC_Track.PYTHON312(?,?,?,00007FFB23AFD83C,?,?,?,?,?,00007FFB23AF6F5C), ref: 00007FFB23AFCED4
                                            • PyErr_NoMemory.PYTHON312(?,?,?,?,?,00007FFB23AF6F5C), ref: 00007FFB23AFD87C
                                            • _Py_Dealloc.PYTHON312 ref: 00007FFB23AFD9D5
                                              • Part of subcall function 00007FFB23B00100: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFB23AFD859,?,?,?,?,?,00007FFB23AF6F5C), ref: 00007FFB23B00115
                                              • Part of subcall function 00007FFB23B00100: VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FFB23AFD859,?,?,?,?,?,00007FFB23AF6F5C), ref: 00007FFB23B00155
                                            • ffi_prep_cif.LIBFFI-8 ref: 00007FFB23AFD944
                                            • PyErr_Format.PYTHON312 ref: 00007FFB23AFD962
                                            • ffi_prep_closure.LIBFFI-8 ref: 00007FFB23AFD97C
                                            • PyErr_SetString.PYTHON312 ref: 00007FFB23AFD9C1
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Object_$AllocDeallocFormatInfoMemoryStringSystemTrackVirtualffi_prep_cifffi_prep_closurememset
                                            • String ID: ffi_prep_cif failed with %d$ffi_prep_closure failed with %d$invalid result type for callback function
                                            • API String ID: 262837356-3338905684
                                            • Opcode ID: 15313d1be03fe8ba82f9af3bca0b4000765c61de15964a53672694625047f389
                                            • Instruction ID: 0cebab2b3589052576201ce4db463da1474cf8a398f4c8baa0e19318697723d3
                                            • Opcode Fuzzy Hash: 15313d1be03fe8ba82f9af3bca0b4000765c61de15964a53672694625047f389
                                            • Instruction Fuzzy Hash: 28511CB6A08A8285E7579F75DC8477C33A0FB46B84F0800B6DA8D67B68DF3AE455C340
                                            Function 00007FFB23B1AAC8 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 126COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                            • API String ID: 2943138195-1464470183
                                            • Opcode ID: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                            • Instruction ID: 2415520370982065e625979b922e47a8f19cfa3317c845d0dec59077acd01e15
                                            • Opcode Fuzzy Hash: 50e8110e92645124a6d82ffc9330fdaa6dc52167fa44e73d911cd3f80f86a47a
                                            • Instruction Fuzzy Hash: 28518DB9F18A9289FB02CF78EC886BD27B1BB05344F580175DACD67A98DF38A505C300
                                            Function 00007FFB23AFA804 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 61COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$DeallocString$Formatmemcpy
                                            • String ID: byte string too long$bytes expected instead of %s instance$can't delete attribute
                                            • API String ID: 1948958528-1866040848
                                            • Opcode ID: 878b69c854782a11fa9ca58355dba19e066973c0ff4d2c3ff24bd0e91b1d6195
                                            • Instruction ID: b9dbf8c2ae8a6be5ef61059cc382586251651f3a0451776901b4af07d257dfbd
                                            • Opcode Fuzzy Hash: 878b69c854782a11fa9ca58355dba19e066973c0ff4d2c3ff24bd0e91b1d6195
                                            • Instruction Fuzzy Hash: F42121B6E08A82C5EB1A8F35DC8427D23B0FB45B94F185171DA4E67664CF7EE486C740
                                            Function 00007FFB23AFECC4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: String$Free$Err_Mem_$AllocCharFormatUnicode_Wide
                                            • String ID: String too long for BSTR$unicode string expected instead of %s instance
                                            • API String ID: 920172908-178309214
                                            • Opcode ID: c6c2a8d703c7f482e43ad4914e899edf9b3cf9f8ff0be95e2669699956f5b103
                                            • Instruction ID: 0a8ed4c2b115361ac5917803e66fcbc10a00f6fb5d245b41af6016775a486c4a
                                            • Opcode Fuzzy Hash: c6c2a8d703c7f482e43ad4914e899edf9b3cf9f8ff0be95e2669699956f5b103
                                            • Instruction Fuzzy Hash: AD2110A9A09BC281EA598F72EC8417C2360FF49FC0F1C4171E98E63B64DE3DE4558300
                                            Function 00007FFB23B137F8 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 317COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                            • String ID: csm$csm$csm
                                            • API String ID: 211107550-393685449
                                            • Opcode ID: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                            • Instruction ID: c2191bd6e0e969be5a888eaaeb1813202bd856c71edb46bf52d22c3480676374
                                            • Opcode Fuzzy Hash: aad8d4203d0b1849c4fce47835e3c613ec0ba3b35d99662ed70f641d37e67567
                                            • Instruction Fuzzy Hash: 33E1B1B7A087C28AEB229F34D8883AD77A0FB45748F190275DACD67655EF38E581C700
                                            Function 00007FFB23AFC47C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 179COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$Dealloc$AttrErr_InstanceLookupStringTrackUnicode_
                                            • String ID: P$wrong type
                                            • API String ID: 3281777585-281217272
                                            • Opcode ID: a1819c031046163e3ed49b2b66f763ef234531e172fee34c4f4cbeebbbdccc00
                                            • Instruction ID: fda814cfde74a18cad70ee99763f5f6d3fbc069e47c3ff3280e8036961ed0427
                                            • Opcode Fuzzy Hash: a1819c031046163e3ed49b2b66f763ef234531e172fee34c4f4cbeebbbdccc00
                                            • Instruction Fuzzy Hash: D68149E5E49BC281EB569B36DC9823D2390AF56BC4F0C54B0D94E677A5EF2FE4408310
                                            Function 00007FFB23AF1BDC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 137COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_ParseSizeTuple_$Err_Long_StringVoid$AttrAuditCallable_CheckObject_OccurredSequence_Sys_Tuple
                                            • String ID: argument must be callable or integer function address$cannot construct instance of this class: no argtypes
                                            • API String ID: 2570622991-2742191083
                                            • Opcode ID: 29c17a8533f051d9e720a39c7a29545b4aff1810639769562c1101c059ef61b6
                                            • Instruction ID: 932f8680eafe937b566315c768c7c77dc1072452b73473f6425ee02af1da83fe
                                            • Opcode Fuzzy Hash: 29c17a8533f051d9e720a39c7a29545b4aff1810639769562c1101c059ef61b6
                                            • Instruction Fuzzy Hash: A65153B5A097C281EA568F35DC8927D23A0AF46FC4F5C44B1EA4E677A5DF2FE4528300
                                            Function 00007FFB23B1C7F8 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                            • API String ID: 2943138195-2239912363
                                            • Opcode ID: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                            • Instruction ID: 3b0b4d28b2425c3165fb726961643dc99cc72ac006fa470b1286d65f926dae19
                                            • Opcode Fuzzy Hash: 0e84257edd8271f32b759845b73cd3eefe07970f5e22a962a9d02e38f5861642
                                            • Instruction Fuzzy Hash: 28513BAAE18BD198FB128F70DC893BC37B0AB48745F584176DACD22A95DF7C9144D710
                                            Function 00007FFB23AF2740 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 86COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CallDeallocObject_$FromFunctionLongLong_Traceback_
                                            • String ID: GetResult$_ctypes/callproc.c
                                            • API String ID: 2301701745-4166898048
                                            • Opcode ID: 3d67e6de2ae41ded85231d11729c9f902470fa54d39793ce3a405049e77ec417
                                            • Instruction ID: c46155eb04276067cd8ce442b43714cd8262a624bded8521ede99597fef30756
                                            • Opcode Fuzzy Hash: 3d67e6de2ae41ded85231d11729c9f902470fa54d39793ce3a405049e77ec417
                                            • Instruction Fuzzy Hash: E53183A9A1D68285EB579F36EC5827D62A0EF47BC0F4C50B0DA4E66B91DF2FE4418700
                                            Function 00007FFB23AFA4C8 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyObject_IsInstance.PYTHON312(?,?,00000000,00007FFB23AF9216), ref: 00007FFB23AFA4E3
                                            • PyObject_IsInstance.PYTHON312(?,?,00000000,00007FFB23AF9216), ref: 00007FFB23AFA520
                                            • _PyObject_LookupAttr.PYTHON312(?,?,00000000,00007FFB23AF9216), ref: 00007FFB23AFA574
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF9216), ref: 00007FFB23AFA5A3
                                            • PyErr_Format.PYTHON312(?,?,00000000,00007FFB23AF9216), ref: 00007FFB23AFA5C8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$Instance$AttrDeallocErr_FormatLookup
                                            • String ID: ???$expected %s instance instead of %s$expected %s instance instead of pointer to %s
                                            • API String ID: 1373686093-1082101171
                                            • Opcode ID: 56a58eee2a260e7a83130e7e78cf8af44588ce5b848e70a39daaf4a13ce3f2f7
                                            • Instruction ID: 952ce9bb426e6648709b192498967df456ed4157cb1c0133f295d817d3875c23
                                            • Opcode Fuzzy Hash: 56a58eee2a260e7a83130e7e78cf8af44588ce5b848e70a39daaf4a13ce3f2f7
                                            • Instruction Fuzzy Hash: 373150A5A08A8281EB168F35EC442BD2371EF46F94F1C41B1DE4E67768DF3EE8458B40
                                            Function 00007FFB23AFEB84 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocObject_$Arg_AttrCallMethodParseTupleVectorcall
                                            • String ID: OO!
                                            • API String ID: 1421981024-3205451899
                                            • Opcode ID: fa994c2c56ca00a9c1735062e7d494237da7c8e5a625a7a01e4d2e1c3f1ea5e1
                                            • Instruction ID: ca9bfccb793b8f4075d14f08126de4847ea53e4c0ca20996cc2896ff5d1fc114
                                            • Opcode Fuzzy Hash: fa994c2c56ca00a9c1735062e7d494237da7c8e5a625a7a01e4d2e1c3f1ea5e1
                                            • Instruction Fuzzy Hash: 473121B5A09B8281EB1A8F75EC8C72D23A1BB45FD0F084071EA8D67754DF3EE4428740
                                            Function 00007FFB23AFE294 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$BuildDeallocFromLong_OccurredSsize_tStringTuple_Value
                                            • String ID: not a ctypes type or object$siN
                                            • API String ID: 1444022424-92050270
                                            • Opcode ID: b0afe1346ac128eef8fa703228faeb677ff3aa39a0f7da95dfdfd9f6ea7bb435
                                            • Instruction ID: f8a4e890763b13cb07429b15a9ae945d0e52e1e729642b9b9548a51ce76414cd
                                            • Opcode Fuzzy Hash: b0afe1346ac128eef8fa703228faeb677ff3aa39a0f7da95dfdfd9f6ea7bb435
                                            • Instruction Fuzzy Hash: 30212CA5A19BC281EE1E8B35EC8877D62A4AF45B84F0C4075DA4E53754EF3EE4518701
                                            Function 00007FFB23AFA770 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Buffer_Err_ReleaseString$BufferObject_memcpy
                                            • String ID: byte string too long$cannot delete attribute
                                            • API String ID: 1128862751-688604938
                                            • Opcode ID: c44e53222201918b7e3eb5150a848850e39ddaaa9d58f0d22f0e2e605cb4d6fd
                                            • Instruction ID: bfeade078f50d4f760f47d45f25ef740d63d1d0744f27eb5c722ffed87cec7f7
                                            • Opcode Fuzzy Hash: c44e53222201918b7e3eb5150a848850e39ddaaa9d58f0d22f0e2e605cb4d6fd
                                            • Instruction Fuzzy Hash: E101C2E9A1898381EB168F34DC8817C2370FF8AB94B5841B2C99EA7570DF2DE1498700
                                            Function 00007FFB23B1662A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                            • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                            • API String ID: 1852475696-928371585
                                            • Opcode ID: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                            • Instruction ID: 78dcdd45552c94991a27acf18294975c026a294078bfc46b72d6c628937658f7
                                            • Opcode Fuzzy Hash: 4ef8ad2c729168d00ef0645f383a1968f42c4eb1f6a8b3717fe5ffb80b324514
                                            • Instruction Fuzzy Hash: 6D519EAAB19AC692EA22CF34EC997BE6360FB44B84F084571DECD53658DE7CE505C300
                                            Function 00007FFB23B16FE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFB23B171A3,?,?,00000000,00007FFB23B16FD4,?,?,?,?,00007FFB23B16D11), ref: 00007FFB23B17069
                                            • GetLastError.KERNEL32(?,?,?,00007FFB23B171A3,?,?,00000000,00007FFB23B16FD4,?,?,?,?,00007FFB23B16D11), ref: 00007FFB23B17077
                                            • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FFB23B171A3,?,?,00000000,00007FFB23B16FD4,?,?,?,?,00007FFB23B16D11), ref: 00007FFB23B17090
                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FFB23B171A3,?,?,00000000,00007FFB23B16FD4,?,?,?,?,00007FFB23B16D11), ref: 00007FFB23B170A2
                                            • FreeLibrary.KERNEL32(?,?,?,00007FFB23B171A3,?,?,00000000,00007FFB23B16FD4,?,?,?,?,00007FFB23B16D11), ref: 00007FFB23B17110
                                            • GetProcAddress.KERNEL32(?,?,?,00007FFB23B171A3,?,?,00000000,00007FFB23B16FD4,?,?,?,?,00007FFB23B16D11), ref: 00007FFB23B1711C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                            • String ID: api-ms-
                                            • API String ID: 916704608-2084034818
                                            • Opcode ID: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                            • Instruction ID: c368b17621ccaf8db8646bae026f57ab0e23c11d36190266fdbdf612ec20f718
                                            • Opcode Fuzzy Hash: 76e9ed00015fa7378e2762435fe1c6674923b12dca3248f544122840abba5d3b
                                            • Instruction Fuzzy Hash: ED319D69B1A78291EA139F22DC4DA792394BF04BA0F0D0A75DDDD67740EF3CE5458300
                                            Function 00007FFB23AF44B4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 85COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$AttrCallable_CheckErr_LookupObject_String
                                            • String ID: restype must be a type, a callable, or None
                                            • API String ID: 1528254987-4008198047
                                            • Opcode ID: 7fd7035a5982e0303e2ffebe9871f40a9592af07a7eedffd32828372b7a68118
                                            • Instruction ID: 0a8c99605d9449dfd892651b215b611d4726410890cc05ac770517c23b30b404
                                            • Opcode Fuzzy Hash: 7fd7035a5982e0303e2ffebe9871f40a9592af07a7eedffd32828372b7a68118
                                            • Instruction Fuzzy Hash: 6F4130B6A0968282FB9A9F35EC8437D23A4FF46B94F1C5071D64D66694DF3FE4418300
                                            Function 00007FFB23AFBE08 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 52COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CharErr_Unicode_Wide$FormatString
                                            • String ID: can't delete attribute$string too long$unicode string expected instead of %s instance
                                            • API String ID: 530648689-1577475929
                                            • Opcode ID: bb19d4923a29716ae861c806dbbfe566a6a22a3251ba5f9027486d9cf986dec1
                                            • Instruction ID: 21670435fb85c6996a1835a5c64a900d2c73ccc2b3d1e5f14bf60211a629f144
                                            • Opcode Fuzzy Hash: bb19d4923a29716ae861c806dbbfe566a6a22a3251ba5f9027486d9cf986dec1
                                            • Instruction Fuzzy Hash: F1216AA9A19AC685EA19CF31E88427D6371FB45FD4B588072EA4D27A58CE2EE4468300
                                            Function 00007FFB23AFF678 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Long$Long_MaskUnsigned
                                            • String ID: _ctypes/cfield.c pymem$unicode string or integer address expected instead of %s instance
                                            • API String ID: 1805849926-901310697
                                            • Opcode ID: 4e70947fd5875fab5886603dd4c8281d0e3557824814591a28bd2391acc2ac0f
                                            • Instruction ID: 86369015f9b66804f2b176b490542cafc7986b5c83ad13006bf6fa1de15c8c5b
                                            • Opcode Fuzzy Hash: 4e70947fd5875fab5886603dd4c8281d0e3557824814591a28bd2391acc2ac0f
                                            • Instruction Fuzzy Hash: 6A2151F9A097C291EB4A8F25EC9827C6360BF4AB80F5C4075D98E27364DE7EE455C700
                                            Function 00007FFB23AFFFD8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocErr_$CharFormatStringUnicode_Wide
                                            • String ID: one character unicode string expected$unicode string expected instead of %s instance
                                            • API String ID: 3624372013-2255738861
                                            • Opcode ID: d14ef87fc31fa20bfca77617c8960a4e2181c0fc950909c857c35205e8351941
                                            • Instruction ID: 7ab44d1d0a7701767be69aa5205c03fdefbb1a0248f1da5923fa604095753ebf
                                            • Opcode Fuzzy Hash: d14ef87fc31fa20bfca77617c8960a4e2181c0fc950909c857c35205e8351941
                                            • Instruction Fuzzy Hash: ED211FBDA08686C1EB4A8F35EDC827D33A0FB45B94F089171DA8E67664DE3DD485C700
                                            Function 00007FFB23AFE6C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_CharErrorFreeFromLastLocalParseTupleUnicode_Wide
                                            • String ID: <no description>$|i:FormatError
                                            • API String ID: 935104296-1632374824
                                            • Opcode ID: 9931e1c7da4d59381fce37757ca743ce4022999016176820fd070ab4c96b141d
                                            • Instruction ID: 6ff860ac233230ec80d4ee5bb151c397dbfe97c8306729b531a48d4915f2408b
                                            • Opcode Fuzzy Hash: 9931e1c7da4d59381fce37757ca743ce4022999016176820fd070ab4c96b141d
                                            • Instruction Fuzzy Hash: 5B01A5A8B086C282EB568F31EC4417D22A1EF8ABD0B4C4271D9AE536D4EE3ED4418700
                                            Function 00007FFB23AFE750 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 37threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Eval_Thread$Arg_Err_FreeFromLibraryParseRestoreSaveTupleWindows
                                            • String ID: O&:FreeLibrary
                                            • API String ID: 204461231-2600264430
                                            • Opcode ID: 7eea4d8ef9ac10bb99fc403ac004f0694dd23ff56dcd7f4758e29062a4f0ccdf
                                            • Instruction ID: 3595cd8cfd1d1507e41c03b50b18c50e21ac5b08be9f937f96d300b13969027f
                                            • Opcode Fuzzy Hash: 7eea4d8ef9ac10bb99fc403ac004f0694dd23ff56dcd7f4758e29062a4f0ccdf
                                            • Instruction Fuzzy Hash: 5F0140A9A0CAC381E7568F75EC8453D2265EF86FC0B1C44B1D98E63764DE3EE4568700
                                            Function 00007FFB23AFB1A4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: String$Size$AttrBuildBytes_Err_FromObject_Value_
                                            • String ID: O(O(NN))$__dict__$ctypes objects containing pointers cannot be pickled
                                            • API String ID: 1770468409-724424928
                                            • Opcode ID: 7651e9c31f630f780c6db97ff283642fddc8bb70049978562104d7245f5cc2b9
                                            • Instruction ID: 3a7b6dd224725e3e71bba55abbbe08c01d638c78b0c82117bfbc72c17766d8a4
                                            • Opcode Fuzzy Hash: 7651e9c31f630f780c6db97ff283642fddc8bb70049978562104d7245f5cc2b9
                                            • Instruction Fuzzy Hash: 34011EA9A09B8291EA169F25ED8817D6360FB89BC0F484471DE8D63764DF3DE155C700
                                            Function 00007FFB23AF5C40 Relevance: 12.2, APIs: 8, Instructions: 228COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                            • String ID:
                                            • API String ID: 190073905-0
                                            • Opcode ID: 99c39b3a1809f8be88984230382e2913b22c5b50dfac21c28b03e7a00ffbcebe
                                            • Instruction ID: d9ab144d3262fffd8439befb1f80829cf36d2e2472035dee7b5352ba1bd777c3
                                            • Opcode Fuzzy Hash: 99c39b3a1809f8be88984230382e2913b22c5b50dfac21c28b03e7a00ffbcebe
                                            • Instruction Fuzzy Hash: 1681B0E1E086C346FA669B79DC8427D6690AF87780F4C40F5E94D637A6EE3FE4468700
                                            Function 00007FFB23B12C38 Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abort$AdjustPointer
                                            • String ID:
                                            • API String ID: 1501936508-0
                                            • Opcode ID: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                            • Instruction ID: 32280b3b1d51ea86c80ae9116c2874d75c8e2ad8a8a1869eeefa265c0e634670
                                            • Opcode Fuzzy Hash: 65b26e5f074ca0aafdff43cbb52cf6556557cf4e92b090b05be647d0b4ff5bec
                                            • Instruction Fuzzy Hash: 645170A9E29AC281EA679F35DC8C73D6294AF44F84B0D45B5CECD2A795DF2CD4428B00
                                            Function 00007FFB23B12E1C Relevance: 12.1, APIs: 8, Instructions: 148COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abort$AdjustPointer
                                            • String ID:
                                            • API String ID: 1501936508-0
                                            • Opcode ID: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                            • Instruction ID: 71c307440236a1e2fe8805122513175a51edc261c6517f601ce9045458966ce3
                                            • Opcode Fuzzy Hash: d568fcbafcd5d9e8e83e95e63f5b62363508f79f2b2b670005157146ca98b55e
                                            • Instruction Fuzzy Hash: 3A5161AAE296C681EE679F35DC8C73C6394AF48B81F0D45B5DDCD6A684DF2CD4428B00
                                            Function 00007FFB23B0042C Relevance: 12.1, APIs: 8, Instructions: 125COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Mem_$FreeMalloc$Err_Memorymemcpy
                                            • String ID:
                                            • API String ID: 920471837-0
                                            • Opcode ID: 272c43c270a45849302073ecd461276240e927a99e7c949ac09a7f6d10e5673b
                                            • Instruction ID: 7b7846a1594b2ad4863cbe37806a16f2471df9e4f85984970062e539d307a39e
                                            • Opcode Fuzzy Hash: 272c43c270a45849302073ecd461276240e927a99e7c949ac09a7f6d10e5673b
                                            • Instruction Fuzzy Hash: D2511EA6A09BC592E74A8F38D9943BC23A0FB55B44F089274DB9D17396DF38F4A5C300
                                            Function 00007FFB23AF11AC Relevance: 12.1, APIs: 8, Instructions: 106COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dict_$DeallocObject_$AttrCallContainsCurrentErr_ErrorItemMakeOccurredState_ThreadUpdateWith
                                            • String ID:
                                            • API String ID: 2347184808-0
                                            • Opcode ID: 1e4d2fb406662eccd29d2f26baa6db497238eeee409366f2244fbdd2be8b9f26
                                            • Instruction ID: 1c8281617f023c3e50d074a03857591d590199c69806e1b578ba01a4c2c90d2d
                                            • Opcode Fuzzy Hash: 1e4d2fb406662eccd29d2f26baa6db497238eeee409366f2244fbdd2be8b9f26
                                            • Instruction Fuzzy Hash: 7C414DB9E1968282EB5A4F35DD8837D22A0EF46BD4F1C80B1D98D666A5DF3FE441C301
                                            Function 00007FFB23AF5094 Relevance: 12.1, APIs: 8, Instructions: 98COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc
                                            • String ID:
                                            • API String ID: 3617616757-0
                                            • Opcode ID: 4420b88a880239a70c8cc5d597a6fe0d9aecf55099fd6bc52c0a76f2c715eeef
                                            • Instruction ID: 43b8c0492f482d03f870755f8ae9a9a11db3447a9c925768cd5ccde02c721efc
                                            • Opcode Fuzzy Hash: 4420b88a880239a70c8cc5d597a6fe0d9aecf55099fd6bc52c0a76f2c715eeef
                                            • Instruction Fuzzy Hash: 07413AB2D0DA8286EB675F38DD4427D33A8EB47F49F2880B4C64DA5151CF2FA4428750
                                            Function 00007FFB23B1EB88 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID: {for
                                            • API String ID: 2943138195-864106941
                                            • Opcode ID: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                            • Instruction ID: a05222edc5f6646241cc9e99394464efbaab92303a74040c7efde730dcc18b24
                                            • Opcode Fuzzy Hash: ad201dfe96a96ae0dc6555201844fc758e8e36effd4b63a30410ed7392a88b68
                                            • Instruction Fuzzy Hash: A5514EBAA08AC5A9E7029F34D8493EC37A1EB45748F488171EACC67B95DF7CD655C300
                                            Function 00007FFB23AF2198 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 124COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyObject_IsInstance.PYTHON312 ref: 00007FFB23AF731C
                                              • Part of subcall function 00007FFB23AF3EC0: _PyObject_GC_New.PYTHON312(?,?,?,00007FFB23AF20A5), ref: 00007FFB23AF3ECD
                                              • Part of subcall function 00007FFB23AF3EC0: PyObject_GC_Track.PYTHON312(?,?,?,00007FFB23AF20A5), ref: 00007FFB23AF3EEF
                                            • _Py_Dealloc.PYTHON312 ref: 00007FFB23AF730A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$DeallocInstanceTrack
                                            • String ID: wrong type
                                            • API String ID: 2747008106-2191655096
                                            • Opcode ID: 137829a0e4ac3071cf9767b25bc0dbfa7a457bec7e2f774b2b2b7508b8e3e9ec
                                            • Instruction ID: 3699a4dd0c777bb1a228dfc8e39dc976ff3d4613e511c87a6ce4d00075dea3e3
                                            • Opcode Fuzzy Hash: 137829a0e4ac3071cf9767b25bc0dbfa7a457bec7e2f774b2b2b7508b8e3e9ec
                                            • Instruction Fuzzy Hash: 98516DA9A09A8791FA1B9F35EC8423C23A1AF4ABC0F0C95B0D94D67795DF2FE4518340
                                            Function 00007FFB23AFC738 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyObject_IsInstance.PYTHON312 ref: 00007FFB23AFC7E0
                                              • Part of subcall function 00007FFB23AF3EC0: _PyObject_GC_New.PYTHON312(?,?,?,00007FFB23AF20A5), ref: 00007FFB23AF3ECD
                                              • Part of subcall function 00007FFB23AF3EC0: PyObject_GC_Track.PYTHON312(?,?,?,00007FFB23AF20A5), ref: 00007FFB23AF3EEF
                                            • _Py_Dealloc.PYTHON312 ref: 00007FFB23AFC7C7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$DeallocInstanceTrack
                                            • String ID: wrong type
                                            • API String ID: 2747008106-2191655096
                                            • Opcode ID: 26deca5c6314616bd887c9d0d84f44613a585fc828be35a63248c08d563e7c2f
                                            • Instruction ID: eedeefc0ff319c46aff0a5f0ed152a7848d3e4a7de2f5caa57992f4499ff6334
                                            • Opcode Fuzzy Hash: 26deca5c6314616bd887c9d0d84f44613a585fc828be35a63248c08d563e7c2f
                                            • Instruction Fuzzy Hash: BB514FA5E09AC281FA569F36DD8427D23A0AF86BC0F0C44B1D94D677A5DF2FE541C340
                                            Function 00007FFB23AF29C8 Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Tuple_
                                            • String ID:
                                            • API String ID: 828192933-0
                                            • Opcode ID: 40e8066d96f9784084a9e2b1e675cb8c59c4b0cc4f4faf56fee63f8fa5b789a5
                                            • Instruction ID: 78fda5facb586d9e61bd08c5c1a4b3615eb576e781cb37cc3cc6a01a3f8e7d0b
                                            • Opcode Fuzzy Hash: 40e8066d96f9784084a9e2b1e675cb8c59c4b0cc4f4faf56fee63f8fa5b789a5
                                            • Instruction Fuzzy Hash: 104160B690868286EBAB9F35EC4833D3690FF46B94F0C4175DA4D62650DE3FA581CB00
                                            Function 00007FFB23B1E174 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: NameName::atol
                                            • String ID: `template-parameter$void
                                            • API String ID: 2130343216-4057429177
                                            • Opcode ID: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                            • Instruction ID: 6345d830e4faee70790fd4cb1fe24cd9db6624b13e0c6d5f8ce9136e641d6aa3
                                            • Opcode Fuzzy Hash: 1a349dcf90f4e371f1810c8875e562b3843b42aeee856190ba29246ab6ec8260
                                            • Instruction Fuzzy Hash: A6413AA9F04B9588FB028FB4DC592EC2371BF48B84F580275DE8D67A59DF7C95458340
                                            Function 00007FFB23B18EC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 81COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+Replicator::operator[]
                                            • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                            • API String ID: 1405650943-2211150622
                                            • Opcode ID: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                            • Instruction ID: cb66c0ad72745655d670969676430a801f248054a6bb7a1a105c4f1b029976bb
                                            • Opcode Fuzzy Hash: cc95b6719b0dfac949915fa95283a824f9a94d2610a8c8b5f10b5de908d24d67
                                            • Instruction Fuzzy Hash: 72410DA9A08B869CFB028F74DC982BC77A1BB08344F5849B1DACCA2764DF7C9645C740
                                            Function 00007FFB23B1ACC4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 79COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID: char $int $long $short $unsigned
                                            • API String ID: 2943138195-3894466517
                                            • Opcode ID: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                            • Instruction ID: f2d10b048df55e1600c080d7671c7baf1cb8ceeb8df490a7e58487fb039d1d86
                                            • Opcode Fuzzy Hash: 041e2dffe1b489bc893f09ff0a4f423b3d9eca273271e83df22d622629981137
                                            • Instruction Fuzzy Hash: E13142BAA18A9188E7138F78DC982BC37B1BB0A744F484175DACD66B68DF3CE504C710
                                            Function 00007FFB23AFE374 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Arg_FormatNumber_OccurredSsize_tTupleUnpack
                                            • String ID: byref$byref() argument must be a ctypes instance, not '%s'
                                            • API String ID: 169608245-1446499295
                                            • Opcode ID: 972023aace126d140c0fae9769ddbda683d6445617dfd6538763ce6d5dab1098
                                            • Instruction ID: 59f06f4804630730538591833af018fbcf76de5f94bfc630dd4fd3665aaa513f
                                            • Opcode Fuzzy Hash: 972023aace126d140c0fae9769ddbda683d6445617dfd6538763ce6d5dab1098
                                            • Instruction Fuzzy Hash: 65218EB9A08B8681EB0A8F21D89867D73A0FF98B90F084679DA5D57390DF7EE505C300
                                            Function 00007FFB23AFC1DC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Format$Dict_ErrorItemOccurredWith
                                            • String ID: not enough arguments$required argument '%S' missing
                                            • API String ID: 2392320910-3448764933
                                            • Opcode ID: 19241b29e973303e7ef43a032945b63937c78e589d6ad26d672e2b22231e7641
                                            • Instruction ID: 039b740969836e668334ba3988d52ecb73556ac047bfbc902969aef0e50136a0
                                            • Opcode Fuzzy Hash: 19241b29e973303e7ef43a032945b63937c78e589d6ad26d672e2b22231e7641
                                            • Instruction Fuzzy Hash: 1C212FB5A09A8286EB5E9FB6DD8413D63A0EF45BC0B1C80B5DA4D67764DE3EE4418700
                                            Function 00007FFB23AFF5C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CharErr_FormatUnicode_Wide
                                            • String ID: string too long (%zd, maximum length %zd)$unicode string expected instead of %s instance
                                            • API String ID: 2195588020-2061977717
                                            • Opcode ID: ed7bf1eccbe6d49337ee098596c8d7b2faa9e46d540a6c578d1e4d9bb3ea2554
                                            • Instruction ID: 44764b93b09c13ea878248801b39d82ca8b9c13cfa5d741ab47ce79b743ceba4
                                            • Opcode Fuzzy Hash: ed7bf1eccbe6d49337ee098596c8d7b2faa9e46d540a6c578d1e4d9bb3ea2554
                                            • Instruction Fuzzy Hash: 7E1181A9A18BC281EB858F36EC8423D6361EF45FD4F1C4171EA5E67BA4DE3EE4418300
                                            Function 00007FFB23B1ADEC Relevance: 9.2, APIs: 6, Instructions: 161COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+$NameName::
                                            • String ID:
                                            • API String ID: 168861036-0
                                            • Opcode ID: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                            • Instruction ID: 01c84ec9a64b7e021f47d5af5c2c7cbf26e8e1b89a295f4cf66c6362885816ad
                                            • Opcode Fuzzy Hash: 80a690cc5bf4571957900b2ba371d1f0df44bd22a0b18b914ff66e25afa9163e
                                            • Instruction Fuzzy Hash: FA717CBAE0868289E712CF74DC987BC37A1BB45744F588175EACD67A99CF39E542C300
                                            Function 00007FFB23AFC910 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocDict_$CallCurrentErr_FormatFromItemLong_MakeObject_State_ThreadUnicode_Voidstrchr
                                            • String ID:
                                            • API String ID: 1460294238-0
                                            • Opcode ID: 9f8859119532fdfe8e14020b3bac36b141db79e95291738c20230068bb33da50
                                            • Instruction ID: 654ff02efce94e504e28029afd51bf7d5b8087601e3d9d01e203063906cd5a9b
                                            • Opcode Fuzzy Hash: 9f8859119532fdfe8e14020b3bac36b141db79e95291738c20230068bb33da50
                                            • Instruction Fuzzy Hash: 12315EB5A0978281EB5A9F32ED5423D62A1AF46BC4F0C41B0DE4E66795EF3FF4518300
                                            Function 00007FFB23B169F0 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                            • String ID:
                                            • API String ID: 3741236498-0
                                            • Opcode ID: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                            • Instruction ID: b3a5e0ceb8c0027c512f0b19380f22917b78dcc9820222d14dcfb920f3d9c4c3
                                            • Opcode Fuzzy Hash: 0fa2fcead297943da074142d2fbec92c84cd60449e30d9ad217028345c3eb4d3
                                            • Instruction Fuzzy Hash: 1631A16AB2979151EA16CF35DC0866D63A0FB48BD0B5D8671DEAD13380EF3DD842C300
                                            Function 00007FFB23AF38D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 259COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocErr_StringSubtypeType_
                                            • String ID: has no _stginfo_
                                            • API String ID: 402260271-2912685656
                                            • Opcode ID: 6985c4b1e1af1ca630aa8d26355751f3d4343ef64f51c66f942416281e880644
                                            • Instruction ID: 1457533741810cc62541c25c243aa69ff91783e034ec684d528ecafaacdc0292
                                            • Opcode Fuzzy Hash: 6985c4b1e1af1ca630aa8d26355751f3d4343ef64f51c66f942416281e880644
                                            • Instruction Fuzzy Hash: BBB16DB2A09BC585EB668F36E89423D73A5FB85B80F188571CA8D63794DF3EE451C300
                                            Function 00007FFB23B13F60 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 193COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abort$CallEncodePointerTranslator
                                            • String ID: MOC$RCC
                                            • API String ID: 2889003569-2084237596
                                            • Opcode ID: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                            • Instruction ID: e26070e5d27717ddb4b9ffb1082bc6255639d4b7de9dd57af39e745adfaf3116
                                            • Opcode Fuzzy Hash: 93ffbb8a8c38b724cb13d32310db34e78531563cac4ba1370c621256939a6833
                                            • Instruction Fuzzy Hash: ED91AFB7A087818AE752CF75E8483AD7BB0F744788F184129EACD27759DB38D195C700
                                            Function 00007FFB23B1C540 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                            • API String ID: 2943138195-757766384
                                            • Opcode ID: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                            • Instruction ID: 9e6b8c3854a2173021e5d1b9aa468421f3e333b463352dfe9c0c49f2e2e99641
                                            • Opcode Fuzzy Hash: 01adbf8b940f63687fb8b05ad2c3f4aee868cfabe9c87335b9cb2bee01f92b8d
                                            • Instruction Fuzzy Hash: 3C7162FAA08A8288EB168F34DC582BC67A4BB05780F4846B5D9CD63B59DF3CE150D300
                                            Function 00007FFB23B13CF0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 145COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abort$CallEncodePointerTranslator
                                            • String ID: MOC$RCC
                                            • API String ID: 2889003569-2084237596
                                            • Opcode ID: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                            • Instruction ID: 5e4b782943f2703e3e461b5cc3aaea3def9848bfc8f71e1799c71b8ce811448b
                                            • Opcode Fuzzy Hash: 8e034f92e989b9960bc08160daca0ef1833c14a7b13808a87468da7d70181806
                                            • Instruction Fuzzy Hash: 3F618F76908BC581DB628F25E8443AEB7A0FB85B94F084265EBCD13B59DF3CD195CB00
                                            Function 00007FFB23B15C50 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: FileHeader
                                            • String ID: MOC$RCC$csm$csm
                                            • API String ID: 104395404-1441736206
                                            • Opcode ID: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                            • Instruction ID: c61c707e2dfcfba53742ffb0f93b162b5b7331f74aa5e6f9db6c8d99c3948ca2
                                            • Opcode Fuzzy Hash: 5815091cf7d4bf77be2b6452b49c3696097c0f3c73df3e225fc204c9d15c1510
                                            • Instruction Fuzzy Hash: EF51B3BAA0968687EA729F35D98867E26A0FF44744F0C0172DECDA7785DF3CE4618740
                                            Function 00007FFB23AF25E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyMem_Malloc.PYTHON312(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,?,00007FFB23AF373B), ref: 00007FFB23AF262D
                                            • PyMem_Free.PYTHON312(?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,?,00007FFB23AF373B), ref: 00007FFB23AF271B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Mem_$FreeMalloc
                                            • String ID: %zd)$%zd,
                                            • API String ID: 3308143561-2233965340
                                            • Opcode ID: 9dd1eff115a44d2df16be5ab539d5519b308c32aae72e4003cda4e0003961d4d
                                            • Instruction ID: 3a126a69012a900210a17d9252ee243f0c5e4b86cb90dd0de72dde4d256169bf
                                            • Opcode Fuzzy Hash: 9dd1eff115a44d2df16be5ab539d5519b308c32aae72e4003cda4e0003961d4d
                                            • Instruction Fuzzy Hash: 4E41CFAAA187C141EB468F21E8543BDA7A0FB56BD4F4C01B1DE8D67691DF3EE106C340
                                            Function 00007FFB23AF22D8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$CallCurrentDict_MakeMallocMem_Object_State_ThreadUpdate
                                            • String ID: X{}
                                            • API String ID: 2477835321-2140212134
                                            • Opcode ID: 36a70894d017196ada8b388111e3487c5e512bbc1de778f07ed5d5aedc5dc6b9
                                            • Instruction ID: 4f9b0235c0390ae36be4a7cb1e5870671c0011565d9446c5c0a8f3e7970a1a89
                                            • Opcode Fuzzy Hash: 36a70894d017196ada8b388111e3487c5e512bbc1de778f07ed5d5aedc5dc6b9
                                            • Instruction Fuzzy Hash: 11317EB9A19B8281EB1A8F35DD4427D23A0EF46BD4F0C51B1DA8D62790DF3FE0518310
                                            Function 00007FFB23AFAB5C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$FormatInstanceObject_String
                                            • String ID: Pointer does not support item deletion$expected %s instead of %s
                                            • API String ID: 341772743-2046472288
                                            • Opcode ID: 8877239c01122bac72e94d31ddfd5f62e622acb487f59597dd59fb7ce6fc93ec
                                            • Instruction ID: 00b66fe444214560fc87a2ffeb992dbc8584deb6cc581a362d90b7c54380f777
                                            • Opcode Fuzzy Hash: 8877239c01122bac72e94d31ddfd5f62e622acb487f59597dd59fb7ce6fc93ec
                                            • Instruction Fuzzy Hash: E221A4B5A18BC282EB068F39DC441BC2361FF46B94B0C8172DD5EA77A4DE3EE4468700
                                            Function 00007FFB23AFE5DC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Arg_FromLongLong_ParseTuple
                                            • String ID: OO:CopyComPointer
                                            • API String ID: 1908940310-822416302
                                            • Opcode ID: 0126b0ea51a44d31f257208972885c379cef233bc7ddca0bf15f0abbba779953
                                            • Instruction ID: 03928e474fd2658bbc516315ee3929097f56b98f69b3ec19c59f876b6d94c709
                                            • Opcode Fuzzy Hash: 0126b0ea51a44d31f257208972885c379cef233bc7ddca0bf15f0abbba779953
                                            • Instruction Fuzzy Hash: F0217EB6F08A8685FB968F71CC446BC2361EF49F98F0C4672CA5D66694CF3EE4558300
                                            Function 00007FFB23AF5AA8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dict_Err_NextString
                                            • String ID: args not a tuple?$too many initializers
                                            • API String ID: 1977209248-2791065560
                                            • Opcode ID: 40f508b437d3eb982b8fa6ed36981167969b8e3bcf5f27346411b07b361e2cdd
                                            • Instruction ID: 8bcb6cec7dae025b761d9be22ab54d447363abe4eb4a6b886b00a99eed47a592
                                            • Opcode Fuzzy Hash: 40f508b437d3eb982b8fa6ed36981167969b8e3bcf5f27346411b07b361e2cdd
                                            • Instruction Fuzzy Hash: 0221A7A5A08BC181E7159B35D88436D63B0FB45BE4F184375D96D23AD4DF7ED4868700
                                            Function 00007FFB23AFEA98 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                            • String ID: ctypes.set_errno
                                            • API String ID: 928689845-1564666054
                                            • Opcode ID: 91bdb29ce13ed0a2b04da8ad8c9231fa98ddf4b58adaa7e84978e90b4ad73318
                                            • Instruction ID: 31d6e1ff1e0e37d27f12693fb26faf6076cba2f053533469d244799b20e34653
                                            • Opcode Fuzzy Hash: 91bdb29ce13ed0a2b04da8ad8c9231fa98ddf4b58adaa7e84978e90b4ad73318
                                            • Instruction Fuzzy Hash: 1111A7E5E186C682EB1A4F71DCC957D23A0EF45B80F4C9071DA4E56390DE2EE585C700
                                            Function 00007FFB23AFEB44 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_AuditDeallocFromLongLong_ParseSys_Tuple
                                            • String ID: ctypes.set_last_error
                                            • API String ID: 928689845-913187751
                                            • Opcode ID: 9102ca1ef74fd648593576f4e0787333ac48a6915983eec8da2175d114ebc624
                                            • Instruction ID: c6d76b29375bf8ac8a54954a412599ca0da06228d299b1c2dc2750d322cf42f2
                                            • Opcode Fuzzy Hash: 9102ca1ef74fd648593576f4e0787333ac48a6915983eec8da2175d114ebc624
                                            • Instruction Fuzzy Hash: 5D1177E5F0968286EB1A4F71DCC96BD23A0EF45B80F4C8071DA4E56394DE2EE5858700
                                            Function 00007FFB23AFC124 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_FormatSubtypeType_Unicode_strchr
                                            • String ID: 'out' parameter %d must be a pointer type, not %s$PzZ
                                            • API String ID: 3500358371-2360062653
                                            • Opcode ID: 849b9509c61f4afc856e97821131e33f28ccf8ad30b016efe4736d9612173bd1
                                            • Instruction ID: 3b07c575987b86b442251f1ee63073e7a2b61d6fce9f903e44be6f2e6d24402d
                                            • Opcode Fuzzy Hash: 849b9509c61f4afc856e97821131e33f28ccf8ad30b016efe4736d9612173bd1
                                            • Instruction Fuzzy Hash: 011151A5B086C390EB069F32DC9427D23A0EF86B84F0C40B1D94D67665DF3EE495C304
                                            Function 00007FFB23AFCA44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44stringCOMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_FormatSubtypeType_Unicode_strchr
                                            • String ID: cast() argument 2 must be a pointer type, not %s$sPzUZXO
                                            • API String ID: 3500358371-1038790478
                                            • Opcode ID: 6687a30cc57e1ee634c037d25e8a68f94273e432a628233c1c6ccebeb851ecb2
                                            • Instruction ID: 4de82a5b6984a6c35671304e641098501c7de89897c8a212d4376e4377d071d5
                                            • Opcode Fuzzy Hash: 6687a30cc57e1ee634c037d25e8a68f94273e432a628233c1c6ccebeb851ecb2
                                            • Instruction Fuzzy Hash: 5D113DE5E086C390EB46EF32DC8427D23A1AF86B44F4C41B5C94EA62A1DF2EF485C340
                                            Function 00007FFB23AF5AFC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Dict_Err_ItemUnraisableWrite
                                            • String ID: on calling _ctypes.DictRemover
                                            • API String ID: 2766432985-2232269487
                                            • Opcode ID: ce9decf9152d47fee6fd1034f14d17f7001f40ffd19d278da606ad31a1ebc1e4
                                            • Instruction ID: 9ff54d7096d23c789f4b24d97b8fbc7aae7ba545edc15d134c1119d084b72b0a
                                            • Opcode Fuzzy Hash: ce9decf9152d47fee6fd1034f14d17f7001f40ffd19d278da606ad31a1ebc1e4
                                            • Instruction Fuzzy Hash: 2611E8A990AA8281FF6E8F35DC9833C2260EF56B55F1C45B1C51D561A49F2FE4468340
                                            Function 00007FFB23AFBB4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FormatFromUnicode_$Dealloc
                                            • String ID: %s(%R)$<%s object at %p>
                                            • API String ID: 1714529502-296555854
                                            • Opcode ID: 399fc8f02c4e07c7d08670c783edc9bf951ce86b6d3f98243fb28b02e86435f3
                                            • Instruction ID: 00c2208b053e6fc5abf40058b74aa759d853fca501f69462cee971ef85bf38fa
                                            • Opcode Fuzzy Hash: 399fc8f02c4e07c7d08670c783edc9bf951ce86b6d3f98243fb28b02e86435f3
                                            • Instruction Fuzzy Hash: DB015BE9A09AC681EA068F26ED8826D2370FF48BD0F0C9071CA4D137A8DF3DE495C300
                                            Function 00007FFB23AF5288 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyObject_GetAttrString.PYTHON312(?,?,?,00007FFB23AF5270), ref: 00007FFB23AF529C
                                            • PyDict_New.PYTHON312(?,?,?,00007FFB23AF5270), ref: 00007FFB23AF52B0
                                            • PyErr_NewException.PYTHON312(?,?,?,00007FFB23AF5270), ref: 00007FFB23AF52CE
                                              • Part of subcall function 00007FFB23AF530C: PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF533A
                                              • Part of subcall function 00007FFB23AF530C: PyType_FromMetaclass.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF535F
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF537F
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF53A2
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF53C8
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF53EE
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5414
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF543A
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5460
                                              • Part of subcall function 00007FFB23AF530C: PyType_Ready.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5486
                                              • Part of subcall function 00007FFB23AF530C: PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF54AC
                                              • Part of subcall function 00007FFB23AF530C: PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF54D2
                                              • Part of subcall function 00007FFB23AF530C: PyModule_AddType.PYTHON312(?,?,00000000,00007FFB23AF52E8,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF54F8
                                              • Part of subcall function 00007FFB23AF562C: PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF565D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Type_$Ready$Module_$Type$FromMetaclass$AttrDict_Err_ExceptionObjectObject_String
                                            • String ID: _unpickle$ctypes.ArgumentError
                                            • API String ID: 3834246302-165408235
                                            • Opcode ID: 61c522aeb5e7422f7c9f78e4913676dd4da7aa85ec97cf8e62e1549126ed95ca
                                            • Instruction ID: 3c288fc64e270a0630a45fd066da9710e063d5afaaa953ad8cd5b3efd98bb931
                                            • Opcode Fuzzy Hash: 61c522aeb5e7422f7c9f78e4913676dd4da7aa85ec97cf8e62e1549126ed95ca
                                            • Instruction Fuzzy Hash: E40175A8A0DB8381FA279B35EC9823C62D46F49788B4C41B0D89D21A91EE7EF1458710
                                            Function 00007FFB23AFD300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_File_ObjectPrintS_vsnprintfStringSys_Write
                                            • String ID: stderr
                                            • API String ID: 1103062482-1769798200
                                            • Opcode ID: b60cc492cea48f71b35e0efee5128932975766da759c3b5bea36425c8afa858a
                                            • Instruction ID: a4bbc0267cbd9563e1078584c35c01f7533e94c22d838c65d5f89395c7de93fd
                                            • Opcode Fuzzy Hash: b60cc492cea48f71b35e0efee5128932975766da759c3b5bea36425c8afa858a
                                            • Instruction Fuzzy Hash: AA0152A9518BC282EA268F20FC9C3AD7360FB98B80F484176D68D53324DF3CD155CB10
                                            Function 00007FFB23AFFF4C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_Format$memcpy
                                            • String ID: bytes too long (%zd, maximum length %zd)$expected bytes, %s found
                                            • API String ID: 437140070-1985973764
                                            • Opcode ID: 923092f36753403f8b0ee7fa8c585037432f210edccc60c2961ba11fe5a791a0
                                            • Instruction ID: 343d2a38282d8a5a6cbb4d3f1a82d3cc7bc8c489517c6a4150bce129a5ae8b25
                                            • Opcode Fuzzy Hash: 923092f36753403f8b0ee7fa8c585037432f210edccc60c2961ba11fe5a791a0
                                            • Instruction Fuzzy Hash: 390162E8E087C685EA169F75DC8427C2360EB57BA4F6853B2D95D731E0CE2ED4858340
                                            Function 00007FFB23AFE1E8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 25COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AuditErr_StringSubtypeSys_Type_
                                            • String ID: (O)$ctypes.addressof$invalid type
                                            • API String ID: 288810468-3457326693
                                            • Opcode ID: 35ecb1abd72013aaf8f7d12c8d18064d7572f62daed445636574896eca665cc6
                                            • Instruction ID: 995af51516fd730e1283d18d6075db0e1d9fd73a64255f5dd98428ccc0379797
                                            • Opcode Fuzzy Hash: 35ecb1abd72013aaf8f7d12c8d18064d7572f62daed445636574896eca665cc6
                                            • Instruction Fuzzy Hash: DCF054D8B0498381EF0E8F71ECD417C23A0AF44B84B4C50B1D94DA7114EE2DE2868700
                                            Function 00007FFB23AFDC78 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 23COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_AuditParseSys_Tuple
                                            • String ID: (O)$O&:PyObj_FromPtr$ctypes.PyObj_FromPtr
                                            • API String ID: 3491098224-1450318991
                                            • Opcode ID: 3e0660f22e3e8bd3d4190163cf413a8fcc5f7c09731e77086a88a6efcac61909
                                            • Instruction ID: 043ca3778ab04f20b5eaf31af0692f4c853c645186e848e91569ad40739f12c7
                                            • Opcode Fuzzy Hash: 3e0660f22e3e8bd3d4190163cf413a8fcc5f7c09731e77086a88a6efcac61909
                                            • Instruction Fuzzy Hash: 93F0D0A5B085C781E60A8F71EC881BD3361FB46B41B885076D68D67358DE6FE547C740
                                            Function 00007FFB23B1A920 Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: NameName::$Name::operator+
                                            • String ID:
                                            • API String ID: 826178784-0
                                            • Opcode ID: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                            • Instruction ID: 782ba956f2135ae1a3d9a0a83d9340bf5eb63f010eecf911d9fae1706a917353
                                            • Opcode Fuzzy Hash: f125dc20a4fc2cff283c2e4d5124f38be857c51718d1d3c9008137230ed817e4
                                            • Instruction Fuzzy Hash: 054172AAB19AD298EB02CF31DC942BC3764BB15780B9C41B2EACD63795DF38E555C310
                                            Function 00007FFB23AF401C Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocDict_Item
                                            • String ID:
                                            • API String ID: 1953171116-0
                                            • Opcode ID: 375fd31830e156a8d1f3d3e6767368b004f28ef8378829076376f8739ada3fbf
                                            • Instruction ID: 5f4208203573571fba4e52a0efea98684e9d76491fe6747d181a6c21e3563762
                                            • Opcode Fuzzy Hash: 375fd31830e156a8d1f3d3e6767368b004f28ef8378829076376f8739ada3fbf
                                            • Instruction Fuzzy Hash: 52313EB5E0DAC2C6FA268F31DC4427D2294BF46B94F1C40B0DA4D666A5DF3FE4418301
                                            Function 00007FFB23AF1F00 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dict_$DeallocObject_$AttrCallContainsCurrentErr_ErrorItemMakeOccurredState_ThreadUpdateWith
                                            • String ID:
                                            • API String ID: 2347184808-0
                                            • Opcode ID: 36595b7c28ee349259dbeccf8ce500fe5c65e691941119d986b84bcaa8f5fc4d
                                            • Instruction ID: 7c9efa1d709e200fdfa617a692c7d50e14633f6176b76586c10fbc9c4a7f6d24
                                            • Opcode Fuzzy Hash: 36595b7c28ee349259dbeccf8ce500fe5c65e691941119d986b84bcaa8f5fc4d
                                            • Instruction Fuzzy Hash: D2310DB9A09A8281EA4A8F35EC8436D22A0EF45BD4F1C80B1D98D66794DF3EE4528310
                                            Function 00007FFB23AF4ED0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc
                                            • String ID:
                                            • API String ID: 3617616757-0
                                            • Opcode ID: fa858d6f227bc6887a975ecbb5e5812f7fd898f31ad52c2712e4fb6e17f1ee77
                                            • Instruction ID: 6de6787a224f31e5ba634a3b89cd190a78b5f16d8a48f97226f59867715d4278
                                            • Opcode Fuzzy Hash: fa858d6f227bc6887a975ecbb5e5812f7fd898f31ad52c2712e4fb6e17f1ee77
                                            • Instruction Fuzzy Hash: 1C21C6B2E0D68281FB6A8F74DC483BC22A4BB52B19F1880B5C64EA5591CF7F64858310
                                            Function 00007FFB23AFE8C8 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CallObject_$DeallocDict_Err_ErrorItemOccurredWith
                                            • String ID:
                                            • API String ID: 4058657591-0
                                            • Opcode ID: e013da11422303b3c20b6ad5255b7e816b345efb502022c6d61747631e891388
                                            • Instruction ID: 8f3e20d41973f6f0040f76e6a5ec8e6448d1ae282d30f98e0c4a0e3b157c8927
                                            • Opcode Fuzzy Hash: e013da11422303b3c20b6ad5255b7e816b345efb502022c6d61747631e891388
                                            • Instruction Fuzzy Hash: CC0171E5B0D6C281EE5A9F32ED8863D9295AF05FD0F0C80B5D98E17394DE3EE4418310
                                            Function 00007FFB23B1470C Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB23B129EE), ref: 00007FFB23B16E56
                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB23B1488B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abort
                                            • String ID: $csm$csm
                                            • API String ID: 4206212132-1512788406
                                            • Opcode ID: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                            • Instruction ID: 0040927363632c2b5078f15dea0d1890d5ea407b301436adf6946484e627ad77
                                            • Opcode Fuzzy Hash: bd14039b9dc44c48f3afba7226bd4a8f48c08aeb5fb2f86f7c5774b76e28317a
                                            • Instruction Fuzzy Hash: C071C0BAA086C18AD7628F35D88877D7BA0FB45BC9F188175DACC27A89CB3CD551C740
                                            Function 00007FFB23B144E4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB23B129EE), ref: 00007FFB23B16E56
                                            • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB23B145DB
                                            • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FFB23B145EB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Frameabort$EmptyHandler3::StateUnwind
                                            • String ID: csm$csm
                                            • API String ID: 4108983575-3733052814
                                            • Opcode ID: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                            • Instruction ID: 97cb63bc084815bb113243452acdaad9329debca6fd7fc0ee8d331bb8f8c36fe
                                            • Opcode Fuzzy Hash: 08ef0bffa0d8dc861c4a01b7d2fd628c67e896dc6c26123b9582640005c51e48
                                            • Instruction Fuzzy Hash: 485182BAA182C186EB658F31D94836C76A0FB54B98F1C41B5DACC67B99CF3CE451CB00
                                            Function 00007FFB23B1B118 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: NameName::
                                            • String ID: %lf
                                            • API String ID: 1333004437-2891890143
                                            • Opcode ID: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                            • Instruction ID: 2232aef8c5e3512ba6962b34e10f4d6a910950e83594449b1fb1ed59e4a8330d
                                            • Opcode Fuzzy Hash: 7e0deb2cf17bd330c849068a4ca2fc9bc064bfcc9212df10860184869afe9d43
                                            • Instruction Fuzzy Hash: 7231D6A9A087C685EA12DF35EC581BDB760BF55B80F484276EACE63751DF3CE1028740
                                            Function 00007FFB23AF43F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$Err_InstanceStringSubclass
                                            • String ID: abstract class
                                            • API String ID: 1122563627-1623945838
                                            • Opcode ID: 7969c4dd60f3390adfe13a79ac6c05ea7ccbcb7bba5d5859114d7c71d44c075c
                                            • Instruction ID: e63cac334f978a96662c88e20c8d9ae9c0ebcfbae3067016f90ab6224ac6d8e8
                                            • Opcode Fuzzy Hash: 7969c4dd60f3390adfe13a79ac6c05ea7ccbcb7bba5d5859114d7c71d44c075c
                                            • Instruction Fuzzy Hash: 772121F5E0CA8742EA969F35DC9417D23A0BF46B84F0C50B4D94EA77A5DE2FE4018700
                                            Function 00007FFB23AFB07C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocErr_Stringmemcpy
                                            • String ID: abstract class
                                            • API String ID: 4155950771-1623945838
                                            • Opcode ID: fd18b128fecc2a299f82484e9ed0e0eb7c6679629c818f710177082a3189cb0c
                                            • Instruction ID: aec1335a90e0409a18d5fb3f5ed7504c6f2cb5c731d8a75c186a7ae793f143a3
                                            • Opcode Fuzzy Hash: fd18b128fecc2a299f82484e9ed0e0eb7c6679629c818f710177082a3189cb0c
                                            • Instruction Fuzzy Hash: B8214AB6A19B8286EB569F36E88422D73B0FB45F84F1C4171CA8D67794DF3EE4508300
                                            Function 00007FFB23AF4144 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23AF3B00: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFB23AF3B4B
                                            • PyUnicode_FromStringAndSize.PYTHON312 ref: 00007FFB23AF41A8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FromSizeStringUnicode___stdio_common_vsprintf
                                            • String ID: :%x$ctypes object structure too deep
                                            • API String ID: 1484205955-3091822184
                                            • Opcode ID: f6ced9f4229ea631d5a69b049e8159ca2bf50e0c396ed769d6ffa368b4fc5081
                                            • Instruction ID: 2822383c879cf356ca3cc913347554e3a9d7eb4cc6d898111c5e1a997e67f929
                                            • Opcode Fuzzy Hash: f6ced9f4229ea631d5a69b049e8159ca2bf50e0c396ed769d6ffa368b4fc5081
                                            • Instruction Fuzzy Hash: B52181B6B18AC681EB21CF25E8943AD63A0FB4D784F884171DA8D67754DF3DE105CB00
                                            Function 00007FFB23AF3FAC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • bytes or integer address expected instead of %s instance, xrefs: 00007FFB23AF8E47
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Long$Bytes_Long_MaskStringUnsigned
                                            • String ID: bytes or integer address expected instead of %s instance
                                            • API String ID: 3464282214-706233300
                                            • Opcode ID: e54bed9a9a2e68efb98500f78cd56444cd99f83b8b6f4cd07a0f40ad3d2eae14
                                            • Instruction ID: af5acbe9ed26e9d18b336f44136ef6d8740526f36c74abbb9bc7a517b7a53c6d
                                            • Opcode Fuzzy Hash: e54bed9a9a2e68efb98500f78cd56444cd99f83b8b6f4cd07a0f40ad3d2eae14
                                            • Instruction Fuzzy Hash: 931121F9A0868686E7568F39EC8533C23B1BB0AB90F1C8171DA4D97354DE3EE4918700
                                            Function 00007FFB23AFAFE4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AuditErr_StringSys_
                                            • String ID: abstract class$ctypes.cdata
                                            • API String ID: 1384585920-3531133667
                                            • Opcode ID: fc4fb4933edeff987124931ef07e68f14ee698f34ca2f469148ecaf6cb037c02
                                            • Instruction ID: e664be3de345488101417543a2cfd4cf3881d605dedf05d8226ad11dd2f44116
                                            • Opcode Fuzzy Hash: fc4fb4933edeff987124931ef07e68f14ee698f34ca2f469148ecaf6cb037c02
                                            • Instruction Fuzzy Hash: 740130A5B19B8282EB05CF22EC9417D27A4FB88BC4F4C8075DA5D67754DF3DD5028300
                                            Function 00007FFB23AFE85C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AuditDeallocFromLongLong_Sys_
                                            • String ID: ctypes.get_last_error
                                            • API String ID: 2276389247-1232113872
                                            • Opcode ID: 660a066ebdf83c3739a1b599f44066de559cde038ed9a861a627c6ad4da055eb
                                            • Instruction ID: cd5d3846492c94348fa225e4b432d8b5269b53725b666784a7c56fc4291de6d8
                                            • Opcode Fuzzy Hash: 660a066ebdf83c3739a1b599f44066de559cde038ed9a861a627c6ad4da055eb
                                            • Instruction Fuzzy Hash: 6D01A265F096C2C1EB0A9F32ED8863D62A1EF85FD0F4C4070EA4E52694DF2ED5818740
                                            Function 00007FFB23AFE7D8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AuditDeallocFromLongLong_Sys_
                                            • String ID: ctypes.get_errno
                                            • API String ID: 2276389247-2892954555
                                            • Opcode ID: 3d53a867d8d631e0fb3341ab53c51d0add39733d61ae5e8138c0bcf87b13fd56
                                            • Instruction ID: 91f86a758e1164ede2548fdb5d1463a481f2fd63c5fff29dee1044aaeaf760de
                                            • Opcode Fuzzy Hash: 3d53a867d8d631e0fb3341ab53c51d0add39733d61ae5e8138c0bcf87b13fd56
                                            • Instruction Fuzzy Hash: 4601A265F196C2C1EB1A9F31EC8863E62A1EF85F90F4C4070DA4E52694DF3ED4818B40
                                            Function 00007FFB23AF2F90 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocErr_String
                                            • String ID: _type_ must be a type$_type_ must have storage info
                                            • API String ID: 1259552197-214983684
                                            • Opcode ID: 06d7d6b663cfaf0a6e1a814888d0e47f926803f90c2f40678b83c9af0cb871ae
                                            • Instruction ID: db2c16e3f6b84c47ba522b45fc8cfa17d72e57bb7c51c0c0b3a3cdb71a7a5485
                                            • Opcode Fuzzy Hash: 06d7d6b663cfaf0a6e1a814888d0e47f926803f90c2f40678b83c9af0cb871ae
                                            • Instruction Fuzzy Hash: 490140F9E29A8286EA5A8F34DC9437C22A0AF46790F9C41B1D51D66290DF3FE495C341
                                            Function 00007FFB23AFB9C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Callable_CheckDeallocErr_String
                                            • String ID: the errcheck attribute must be callable
                                            • API String ID: 3907376375-3049503998
                                            • Opcode ID: c87b5f3138101e2e295d91e121817c75cf12e9c56682320171790ba0ae871594
                                            • Instruction ID: fccc99063347172149373d80d08f0cc628596bf0ffc2e0d7923acec9f58c00c9
                                            • Opcode Fuzzy Hash: c87b5f3138101e2e295d91e121817c75cf12e9c56682320171790ba0ae871594
                                            • Instruction Fuzzy Hash: C50171B9A09AC282EB5A9F35EC8823C22B0BF45B94F5CC270C65D96654DE3EE4508300
                                            Function 00007FFB23AF51F8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_LongLong_MaskStringUnicode_Unsigned
                                            • String ID: function name must be string, bytes object or integer
                                            • API String ID: 2115587880-3177123413
                                            • Opcode ID: d2308b147cded5a7fba69f0d5811aaef2a09be29bf83eae317ef06bc9ad3d41a
                                            • Instruction ID: 5474a25319c1649ffaf5af72ec53fcf301c364c994fbcf524a4ef293bf1e015b
                                            • Opcode Fuzzy Hash: d2308b147cded5a7fba69f0d5811aaef2a09be29bf83eae317ef06bc9ad3d41a
                                            • Instruction Fuzzy Hash: 4B0186A5B19A8281FB2B4F36DC9827C2261BF4AB54F4C80B0C58D56654DE3ED0428300
                                            Function 00007FFB23AFE458 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_AuditCallObject_ParseSys_Tuplememset
                                            • String ID: O&O!$ctypes.call_function
                                            • API String ID: 886791329-313584727
                                            • Opcode ID: 6ff3988f60b3fca9fa88ba4e42d7ca96b77f9ab28e0fbb512c4aeeef00f5ccd0
                                            • Instruction ID: ffb30d19e969c2a80aa277c7da949b52da3b0aa58455edc7cf8c970fe428169a
                                            • Opcode Fuzzy Hash: 6ff3988f60b3fca9fa88ba4e42d7ca96b77f9ab28e0fbb512c4aeeef00f5ccd0
                                            • Instruction Fuzzy Hash: C10184BAB2CB8781EB11CF61E888BAD63A0FB45784F4401B6E98D57654CF3ED145CB00
                                            Function 00007FFB23AFE4EC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Arg_AuditCallObject_ParseSys_Tuplememset
                                            • String ID: O&O!$ctypes.call_function
                                            • API String ID: 886791329-313584727
                                            • Opcode ID: b1a5fe868c95d9ecea60de7d9a15d289a500ebc67563447067af0cc6e16b580b
                                            • Instruction ID: c932bf2bdd9d3400ce3ae38d409a4744d513f1111b280f0b3c7d804c08ce51e4
                                            • Opcode Fuzzy Hash: b1a5fe868c95d9ecea60de7d9a15d289a500ebc67563447067af0cc6e16b580b
                                            • Instruction Fuzzy Hash: AD0180BAF28B8A81E7018F61EC88BBD23A0FB457C4F4401B2D98D56664DF3ED156CB00
                                            Function 00007FFB23AFF230 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_String
                                            • String ID: cannot be converted to pointer
                                            • API String ID: 1450464846-3065012988
                                            • Opcode ID: ca68c4d4303387785fbe73034196a9130f541336714a785d64d5ce7ddf1740ec
                                            • Instruction ID: 14a5147643ba9cd0211c63d88d6a7fee4b709b0a7e074151f61ab7c8a953c40e
                                            • Opcode Fuzzy Hash: ca68c4d4303387785fbe73034196a9130f541336714a785d64d5ce7ddf1740ec
                                            • Instruction Fuzzy Hash: 88011DADA09B8685EF1A8F75ECC833C23A0AB49BC4F1C80B1D98D27364DE3DD4858300
                                            Function 00007FFB23B12A50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB23B129EE), ref: 00007FFB23B16E56
                                            • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB23B12A8E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abortterminate
                                            • String ID: MOC$RCC$csm
                                            • API String ID: 661698970-2671469338
                                            • Opcode ID: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                            • Instruction ID: 5739d79e5b41958e7f7be7aebdefa51108a219b422978d6322e23c10761942e2
                                            • Opcode Fuzzy Hash: 3ab94ae7472f91afbfb2fa40e8eaefdcfa6935c471aaf11af4776549d32657f7
                                            • Instruction Fuzzy Hash: A2F0AF7B92828785E7616F31E98926D3260EF4CB40F0D51B0CBC86A252CF3CD490CB00
                                            Function 00007FFB23AFA180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$Long_OccurredStringVoid
                                            • String ID: integer expected
                                            • API String ID: 1621529885-2140524511
                                            • Opcode ID: dc35d9ebce5cf53dd8dc084512ae509ec00e36aa63925fab4c9efe132da7abf9
                                            • Instruction ID: 1f27cf5a28dfc8af8c72e64b13b032565f561e3c058b3746ffbc11cd54ab7dc3
                                            • Opcode Fuzzy Hash: dc35d9ebce5cf53dd8dc084512ae509ec00e36aa63925fab4c9efe132da7abf9
                                            • Instruction Fuzzy Hash: 8BF01DA9A087C795EE0A9F35EC8827D6360AF4AFD0F0D90B1D94E1B764DE2DE4958700
                                            Function 00007FFB23AF846D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            • second item in _fields_ tuple (index %zd) must be a C type, xrefs: 00007FFB23AF8489
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocErr_FormatFreeMem_
                                            • String ID: second item in _fields_ tuple (index %zd) must be a C type
                                            • API String ID: 3237669406-2717732800
                                            • Opcode ID: f781b7db594d6fd66c262a05ec1ce0bbd6a4d9bf7fc9a9e876fe4751cc2d9c29
                                            • Instruction ID: 1b9b40538f89ff3db299a078a3cf7ca64ae553db58f183d1cc172ca21dec4600
                                            • Opcode Fuzzy Hash: f781b7db594d6fd66c262a05ec1ce0bbd6a4d9bf7fc9a9e876fe4751cc2d9c29
                                            • Instruction Fuzzy Hash: 18E0E69CA0898382E6099F35DC9813C2320AF42B907184271D95E726A0CE3DA1069304
                                            Function 00007FFB23B1A638 Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID:
                                            • API String ID: 2943138195-0
                                            • Opcode ID: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                            • Instruction ID: 41ed5967eb4cfbefa2ea4b7580727745fb0a0014e49a5790a40a4f36ab7b50d4
                                            • Opcode Fuzzy Hash: cc076bc81e8f2d48ba6aefa04368e4e4f2bc5c7ef048a26b3748b4f62f7846b0
                                            • Instruction Fuzzy Hash: BB917CAAE086D288FB128F70DC483AC37B0BB05748F5841B5DACD77699DF78A946C350
                                            Function 00007FFB23B1D274 Relevance: 6.1, APIs: 4, Instructions: 87COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+$Replicator::operator[]
                                            • String ID:
                                            • API String ID: 3863519203-0
                                            • Opcode ID: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                            • Instruction ID: 8a5df33db54a3b52d7aa654324eb3b0d9d5be60be5dbc6b4140d6c6f458426e2
                                            • Opcode Fuzzy Hash: 57265f9aaea93611d8ae4b0edf9f43af56394ecd72ecd9aef4b3b93798ee479d
                                            • Instruction Fuzzy Hash: BA4179BAA04B8199EB02CF74D8483BC37A0FB48B48F988076DACD67759DF789545C350
                                            Function 00007FFB23AFBC74 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Mem_$DeallocFreeMallocmemcpy
                                            • String ID:
                                            • API String ID: 1346496523-0
                                            • Opcode ID: 55cf28df28b58449b832c635d4d0432f2401b606445630a371e20143c6b676ad
                                            • Instruction ID: 26c2a4786dd91c0dfb78fc1af359e1c9f8dff0813397bf11abfe48c4326aa17c
                                            • Opcode Fuzzy Hash: 55cf28df28b58449b832c635d4d0432f2401b606445630a371e20143c6b676ad
                                            • Instruction Fuzzy Hash: 30212FB6A09B8282EB5A9B36DC5412D22F0FF4DF84B084175DA4D67754DF3EE461C740
                                            Function 00007FFB23AF1434 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23AF23D0: _PyThreadState_GetCurrent.PYTHON312(?,?,?,?,?,00007FFB23AF1F6C), ref: 00007FFB23AF23DD
                                              • Part of subcall function 00007FFB23AF23D0: _PyObject_MakeTpCall.PYTHON312 ref: 00007FFB23AF241C
                                            • PyWeakref_NewProxy.PYTHON312 ref: 00007FFB23AF148C
                                            • PyDict_SetItem.PYTHON312 ref: 00007FFB23AF14B2
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CallCurrentDict_ItemMakeObject_ProxyState_ThreadWeakref_
                                            • String ID:
                                            • API String ID: 203930245-0
                                            • Opcode ID: eb28866a1e99c80186ec1126351aa4feeb841a3e3112d57de4c36a08a6902a40
                                            • Instruction ID: 683b064c26e88f821c42b0d0cdc8501ab9edbc59fd15063efa523792100762b2
                                            • Opcode Fuzzy Hash: eb28866a1e99c80186ec1126351aa4feeb841a3e3112d57de4c36a08a6902a40
                                            • Instruction Fuzzy Hash: C92145B5908A8281E7168F35DC5823D62A4FF96BD1F0C4070DA8D57795DF3ED552C740
                                            Function 00007FFB23AF4B60 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dealloc$Descr_Dict_ItemString
                                            • String ID:
                                            • API String ID: 975051370-0
                                            • Opcode ID: 71e1e29e07fb1b65bb4545898a4dace321655319c0c349aaf2b78cbac9893f3c
                                            • Instruction ID: dcefcc32b68acab8c9bed75dee09223a3b927d02c65bf27eac2bad2d863a480b
                                            • Opcode Fuzzy Hash: 71e1e29e07fb1b65bb4545898a4dace321655319c0c349aaf2b78cbac9893f3c
                                            • Instruction Fuzzy Hash: B71130B9B0DA8285EB5A4F31EC4433D63A4FB46B94F1C5171DB8D62696DF3ED0818701
                                            Function 00007FFB0C079578 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559739079.00007FFB0BED1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFB0BED0000, based on PE: true
                                            • Associated: 0000000E.00000002.2559701059.00007FFB0BED0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560041544.00007FFB0C153000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560041544.00007FFB0C175000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560041544.00007FFB0C17F000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560041544.00007FFB0C182000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560041544.00007FFB0C1F7000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560041544.00007FFB0C2C2000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560399633.00007FFB0C3C7000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560487163.00007FFB0C430000.00000008.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560582996.00007FFB0C4BF000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560601182.00007FFB0C4C1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560634782.00007FFB0C4CC000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560687264.00007FFB0C4F1000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560705090.00007FFB0C4F2000.00000008.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560743858.00007FFB0C4F3000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560779306.00007FFB0C4F4000.00000008.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560814523.00007FFB0C4F6000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560853512.00007FFB0C502000.00000008.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560890267.00007FFB0C503000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560928777.00007FFB0C545000.00000004.00000001.01000000.00000007.sdmpDownload File
                                            • Associated: 0000000E.00000002.2560980405.00007FFB0C562000.00000002.00000001.01000000.00000007.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb0bed0000_python.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                            • String ID:
                                            • API String ID: 2933794660-0
                                            • Opcode ID: 0804c1a51da27741a55dd8b5fed75ef0dd93f8bc7ab32e20a087d6665cd5ec47
                                            • Instruction ID: b8934fcd5e1738fc86c749f0d768ed54d3dda5c5f63df23c800b37788f2c019f
                                            • Opcode Fuzzy Hash: 0804c1a51da27741a55dd8b5fed75ef0dd93f8bc7ab32e20a087d6665cd5ec47
                                            • Instruction Fuzzy Hash: 24112EA2B14F018AEB00CF70E8596B833A4FB197A8F441E31EE6D477A4DF78D5548740
                                            Function 00007FFB23B209FC Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                            • String ID:
                                            • API String ID: 2933794660-0
                                            • Opcode ID: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                            • Instruction ID: 797927aa66a41bec9344d5d6a9d2e1a8921160bfc17c6fcf75d015746d732e2a
                                            • Opcode Fuzzy Hash: 74344bb322e65ea4bb1ed5ded81f371800f489492d84809563666ba838173471
                                            • Instruction Fuzzy Hash: 4F111C66B14B418AEB408F70EC983AD33A4F719758F480E31DAAD967A4DF7CD1598340
                                            Function 00007FFB23AF6118 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                            • String ID:
                                            • API String ID: 2933794660-0
                                            • Opcode ID: e26b8fcd2fae2a2e2c735cea352909aa8fb85775b7390f1754e231914e3e562d
                                            • Instruction ID: 1f47cc7f06cc4dffe87dfbbc99dcbabe98349b02db8f59e1ada1d2629b0fb641
                                            • Opcode Fuzzy Hash: e26b8fcd2fae2a2e2c735cea352909aa8fb85775b7390f1754e231914e3e562d
                                            • Instruction Fuzzy Hash: 7C111C6AB14F418AEB018F71EC983BC33A4F719758F481E31EAAD967A4EF78D1558340
                                            Function 00007FF7C1101670 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2559580449.00007FF7C1101000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7C1100000, based on PE: true
                                            • Associated: 0000000E.00000002.2559542937.00007FF7C1100000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559620208.00007FF7C1102000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            • Associated: 0000000E.00000002.2559657142.00007FF7C1104000.00000002.00000001.01000000.00000006.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ff7c1100000_python.jbxd
                                            Similarity
                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                            • String ID:
                                            • API String ID: 2933794660-0
                                            • Opcode ID: 542a40586e7511344095ce32f383934ba0822ceb8e8c70741707d8073be83bf3
                                            • Instruction ID: aba09fe35f1352eaa9b9d5d665ca8d9d7a0fec7a5a36c59878a0d2fe4dfda347
                                            • Opcode Fuzzy Hash: 542a40586e7511344095ce32f383934ba0822ceb8e8c70741707d8073be83bf3
                                            • Instruction Fuzzy Hash: 58111C26B15F018AEB00DF60E8542A873A4FB19B68F940E31EA6D467A8DFBCD158C350
                                            Function 00007FFB23AFD29C Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: State_$EnsureInitializeInitializedRelease
                                            • String ID:
                                            • API String ID: 2621580956-0
                                            • Opcode ID: b72a41beff6501a3e1dbd2d859c75e982968461f175d8aa0adfd550009c2ca39
                                            • Instruction ID: c15b4c8e96e2fec3961d4932b57a2d7db85f2dda001434997f9c0a3404ad7464
                                            • Opcode Fuzzy Hash: b72a41beff6501a3e1dbd2d859c75e982968461f175d8aa0adfd550009c2ca39
                                            • Instruction Fuzzy Hash: 23F03069B08BC282E7055F72FC8801D6260BB89FD0F5C4075EE8957729CE3DD8828B00
                                            Function 00007FFB23B1F670 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: CurrentImageNonwritableUnwind
                                            • String ID: csm
                                            • API String ID: 451473138-1018135373
                                            • Opcode ID: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                            • Instruction ID: 0dc7a2af6ebd3250333864d8bc23298bd30df2e84276122eaac130d26719c8d5
                                            • Opcode Fuzzy Hash: 88d75f8372be57577a220e465c4aa8d65e851ebfefcdd899ecde71752cd89d28
                                            • Instruction Fuzzy Hash: 7A51A17AB197828ADB15CE25E84CB7C6391EB44B98F188275DACE53788DB7CE851C700
                                            Function 00007FFB23B14E40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abort$CreateFrameInfo
                                            • String ID: csm
                                            • API String ID: 2697087660-1018135373
                                            • Opcode ID: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                            • Instruction ID: 52cc15e18d4f50b0b04f2436606f96adac23e2807a8bc70144c126adb6487c57
                                            • Opcode Fuzzy Hash: a8b8ee24cb783e7d293a6e1db454b28b1bfc46eb23a73e5049af87221528bbc6
                                            • Instruction Fuzzy Hash: 22515BBBA1868186D6229F35E84836E77A4FB89B90F180275EBCD57B55CF3CE451CB00
                                            Function 00007FFB23B1A524 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: Name::operator+
                                            • String ID: void$void
                                            • API String ID: 2943138195-3746155364
                                            • Opcode ID: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                            • Instruction ID: 0611dcf4b9d2e7a08cd1843a84aee3ebf184c8136db398bfddb2ae404c0d587b
                                            • Opcode Fuzzy Hash: d81aed41cb4c8c5c69bd061dfd49733f36ea67ee8bb27e73bf8cb873ba0293ca
                                            • Instruction Fuzzy Hash: D23127AAE28B959CFB028F74EC451EC37B0BB48748B480176EACD62A59DF3CA145C750
                                            Function 00007FFB23AF2F18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: DeallocErr_String
                                            • String ID: abstract class
                                            • API String ID: 1259552197-1623945838
                                            • Opcode ID: aff6ed791d6bb86c92e2718bb690a41d925981b3aaa08f271fa7fde47951dbb0
                                            • Instruction ID: 1784500bbbb14648651c3211d2dde927bc8a5594267c3d0b3b9f49c8712b22ea
                                            • Opcode Fuzzy Hash: aff6ed791d6bb86c92e2718bb690a41d925981b3aaa08f271fa7fde47951dbb0
                                            • Instruction Fuzzy Hash: D51173A5A29B8382EB168B31DC583BD62A0FF8AB94F5C41B4D90D67395DF3FD0548340
                                            Function 00007FFB23B1676F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: FileHeader$ExceptionRaise
                                            • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                            • API String ID: 3685223789-3176238549
                                            • Opcode ID: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                            • Instruction ID: be607142f1692051ce7e970e533130d7027ce1f51a963b354897c962d07973e3
                                            • Opcode Fuzzy Hash: 161e8b28e34caca24568961a6528755d3751e4ffa6d3c1bec0c9a5cac7a2823b
                                            • Instruction Fuzzy Hash: 1F0192E9A29986A1EE02CF34EC9937D2310EF80B44F4854B1E9CE16669DFACD509C700
                                            Function 00007FFB23B16B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: ExceptionFileHeaderRaise
                                            • String ID: csm
                                            • API String ID: 2573137834-1018135373
                                            • Opcode ID: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                            • Instruction ID: e50f17744a10876825ffa68537ea6e967fbab24e48b7f45ab936460c4a0fd55d
                                            • Opcode Fuzzy Hash: 96783e5d5ee86e7ed91570add2de904558e3ade983638e121ecc73efc59d9239
                                            • Instruction Fuzzy Hash: 35114976608B8082EB628F25E84436EB7E4FB88B88F184270EECD17758DF3CC5518B00
                                            Function 00007FFB23AFF840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_FormatLongLong_
                                            • String ID: one character bytes, bytearray or integer expected
                                            • API String ID: 832222675-2748977362
                                            • Opcode ID: 3878d5408eccb3521cc9060d80adb77014c88fd8f6162da3f1f713d8a2fde647
                                            • Instruction ID: caeb063641838dd6d5285dccecc9c5afec32a400b5d4128e9e5fa288deb1ca2b
                                            • Opcode Fuzzy Hash: 3878d5408eccb3521cc9060d80adb77014c88fd8f6162da3f1f713d8a2fde647
                                            • Instruction Fuzzy Hash: 36116DAAA087C695EB1A8F35D88423C27A0EB46F84F1C80B1DA8D57365CF2ED4A4C340
                                            Function 00007FFB23AFA8F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyErr_SetString.PYTHON312 ref: 00007FFB23AFA919
                                              • Part of subcall function 00007FFB23AFB23C: PyErr_SetString.PYTHON312(?,?,?,?,00007FFB23AF9BD5,?), ref: 00007FFB23AFB27D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_String
                                            • String ID: NULL pointer access$Pointer does not support item deletion
                                            • API String ID: 1450464846-1262937747
                                            • Opcode ID: 1574e02875f145846aec373be7fed35aecb47b6d9772933ffc8cfeed4ef31f60
                                            • Instruction ID: ceb316aff49eda250e1830a4bb5732ad4d280746bcf05c115831352aa0046c68
                                            • Opcode Fuzzy Hash: 1574e02875f145846aec373be7fed35aecb47b6d9772933ffc8cfeed4ef31f60
                                            • Instruction Fuzzy Hash: 84018EA5A08BC281DE09CF66EC840BC6360FB86BD4B188171EE8E27794CE3ED1018740
                                            Function 00007FFB23AFF41C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23AFF4B4: PyType_IsSubtype.PYTHON312(?,?,?,?,00007FFB23AFF317), ref: 00007FFB23AFF4C1
                                            • PyErr_SetString.PYTHON312 ref: 00007FFB23AFF458
                                              • Part of subcall function 00007FFB23AFB23C: PyErr_SetString.PYTHON312(?,?,?,?,00007FFB23AF9BD5,?), ref: 00007FFB23AFB27D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_String$SubtypeType_
                                            • String ID: can't delete attribute$not a ctype instance
                                            • API String ID: 3320257282-2740123057
                                            • Opcode ID: 330d0ab20ff3776ae7c8979e08fb12df257704fe225a05f16e69068411798e6a
                                            • Instruction ID: 1a298ba1c4a3789711e891b5b302c36567a0588af9008efa2749e0bce7a69ff5
                                            • Opcode Fuzzy Hash: 330d0ab20ff3776ae7c8979e08fb12df257704fe225a05f16e69068411798e6a
                                            • Instruction Fuzzy Hash: B41179A6A0CF8181EB158F36EC8002D63A0FB48BE4B084172EE8D63B68DF3DD551C700
                                            Function 00007FFB23AF9D94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_ItemSequence_String
                                            • String ID: args not a tuple?
                                            • API String ID: 138718260-274370407
                                            • Opcode ID: 3e2fc462b8f817a65f3f48f64496d468b11c52d2a62d7ab830174f514c56c8de
                                            • Instruction ID: b588173d5228bdbb3692aadbe5eae0bd545ea67703789d5af4e9a2b4d2658232
                                            • Opcode Fuzzy Hash: 3e2fc462b8f817a65f3f48f64496d468b11c52d2a62d7ab830174f514c56c8de
                                            • Instruction Fuzzy Hash: FD01D2B5A08BC285E6168F25E88416D6370FB49FE0F5C9275EAAD67798CF2DD492C300
                                            Function 00007FFB23AF9B6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_String
                                            • String ID: Array does not support item deletion$invalid index
                                            • API String ID: 1450464846-799983634
                                            • Opcode ID: ea7814898e13d10297cd995eeb3df7c5e4e8085d54f97f86b7e1fa03e0da0b83
                                            • Instruction ID: ce4c165d3c5911b1881bbb35c33c44bbb692513075affbf4599fe7bfef226353
                                            • Opcode Fuzzy Hash: ea7814898e13d10297cd995eeb3df7c5e4e8085d54f97f86b7e1fa03e0da0b83
                                            • Instruction Fuzzy Hash: 0B015EE5A08BC681DA1ADB66ECD54BC2378FB85BD4B0851B6EA4D67794DF3FD1018300
                                            Function 00007FFB23AF4460 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyErr_SetString.PYTHON312(?,?,?,00007FFB23AF444E), ref: 00007FFB23AF922D
                                              • Part of subcall function 00007FFB23AF3EC0: _PyObject_GC_New.PYTHON312(?,?,?,00007FFB23AF20A5), ref: 00007FFB23AF3ECD
                                              • Part of subcall function 00007FFB23AF3EC0: PyObject_GC_Track.PYTHON312(?,?,?,00007FFB23AF20A5), ref: 00007FFB23AF3EEF
                                            • _Py_Dealloc.PYTHON312(?,?,?,00007FFB23AF444E), ref: 00007FFB23AF9238
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Object_$DeallocErr_StringTrack
                                            • String ID: expected CData instance
                                            • API String ID: 2415173498-1581534645
                                            • Opcode ID: effd75b3625d795e38a657241171834c47a7b26231666edfc9c5af4cdff4f960
                                            • Instruction ID: 9476ab757bca63f32e5605f43650d254b1963ae0969ac3ea17ed68e5b43d9ea2
                                            • Opcode Fuzzy Hash: effd75b3625d795e38a657241171834c47a7b26231666edfc9c5af4cdff4f960
                                            • Instruction Fuzzy Hash: 5C0112A5A09B8281EB5B8F75DC8423C33A4BF49B44F1C04B5C94D667A5DF3FE4558310
                                            Function 00007FFB23AFBD54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AttrEqualGenericObject_StringUnicode_
                                            • String ID: _fields_
                                            • API String ID: 947992268-3196300388
                                            • Opcode ID: 0c4236e5b07faf87268bea19dd0eeeb5407fef1de8f5775b3e28a163ba2038cb
                                            • Instruction ID: e967e8f7254947da8605c848eb6b0d7f3181462cdac3eead59e01cfbb7e1260a
                                            • Opcode Fuzzy Hash: 0c4236e5b07faf87268bea19dd0eeeb5407fef1de8f5775b3e28a163ba2038cb
                                            • Instruction Fuzzy Hash: 2FF0C264B196C281F7958F32EC8427D6260EF46BD0F5C82B0E95EA37D8CF2ED4818700
                                            Function 00007FFB23AFBA80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Dict_Err_ItemString
                                            • String ID: abstract class
                                            • API String ID: 960913676-1623945838
                                            • Opcode ID: 67eec943a6516e107546b059e64ce1cd494f0f172d2609cf33b68094e0b7c984
                                            • Instruction ID: e9086e52613ac054f1d92b7a2e4ed8131d835f73dd5c43364e9d0759b790647a
                                            • Opcode Fuzzy Hash: 67eec943a6516e107546b059e64ce1cd494f0f172d2609cf33b68094e0b7c984
                                            • Instruction Fuzzy Hash: 48F0A4E8A19A8381EA0A9F35EC8423C2260AF46BD4F5C82B0E96D667E8DE3DD4414340
                                            Function 00007FFB23AFCD34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AuditCharFromSys_Unicode_Wide
                                            • String ID: ctypes.wstring_at
                                            • API String ID: 614261396-2169766756
                                            • Opcode ID: 781883c618e2b48aa4eeb04def8b6abf5eb4899e9f5a818eef51497235ebd4d6
                                            • Instruction ID: 347340c523460c9e930184dc066735100825e0d34a1b88c172b3ebe7f7ecc482
                                            • Opcode Fuzzy Hash: 781883c618e2b48aa4eeb04def8b6abf5eb4899e9f5a818eef51497235ebd4d6
                                            • Instruction Fuzzy Hash: E3F0E994B0C5C251EE164F72FD880BC2210AF09BF4B4C5371D97EA65E0DE2DD1458300
                                            Function 00007FFB23AFCCD8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: AuditBytes_FromSizeStringSys_
                                            • String ID: ctypes.string_at
                                            • API String ID: 1783689829-1910480597
                                            • Opcode ID: 582f7a838847f95fa2499ede27a6e7c25fb55edc6e6cb51bf505bbc228eb7bc1
                                            • Instruction ID: bf78fcdb5940ab897656bbcc3c9d12d79934217f75ed70ee852e54c0ab84d2a4
                                            • Opcode Fuzzy Hash: 582f7a838847f95fa2499ede27a6e7c25fb55edc6e6cb51bf505bbc228eb7bc1
                                            • Instruction Fuzzy Hash: 4EF090E5B0C9C650EB2A4B36FC8817D1A50AF59BE0F185371D97E625D4ED2ED0404300
                                            Function 00007FFB23AF25AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FromLong_Ssize_t
                                            • String ID: this type has no size
                                            • API String ID: 168540982-982649334
                                            • Opcode ID: 5d2582b68ffba53997c4a8044a64522302654b98fedc23bb3593861d6c47a9ca
                                            • Instruction ID: 7b537bb28c473822f70815fd9a3dd7c1c67b9ad5985fc7e615d4e29feadd743f
                                            • Opcode Fuzzy Hash: 5d2582b68ffba53997c4a8044a64522302654b98fedc23bb3593861d6c47a9ca
                                            • Instruction Fuzzy Hash: F3F030D8B2858380EF5A9F72DCA413C13A4AF89BC4F0D50B1C94E67295EE2FE4858340
                                            Function 00007FFB23B1F420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                            Download Yara Rule
                                            APIs
                                              • Part of subcall function 00007FFB23B16E48: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFB23B129EE), ref: 00007FFB23B16E56
                                            • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFB23B1F45A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: abortterminate
                                            • String ID: csm$f
                                            • API String ID: 661698970-629598281
                                            • Opcode ID: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                            • Instruction ID: dcc84341350e2214611f992a513240978467ffb1ae81aad62e4a90614d99336d
                                            • Opcode Fuzzy Hash: f31257b661c57643b6b4b1793288747ab2a9155158c122d579431834bbccefac
                                            • Instruction Fuzzy Hash: F6E037AAD0C3D541D6625F71E58C33D2654AF85B55F1D4274DBC816646CE38D490C701
                                            Function 00007FFB23AFE88C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: PrintableUnicode_
                                            • String ID: '$\
                                            • API String ID: 1291510985-1366717710
                                            • Opcode ID: 68e555232d40e83b39fb227009610d0b81c388a4ed7cd61b3d35d811e84c965e
                                            • Instruction ID: e18d6d522963736c45854330bd1fdf61759add6bd47b429aa5560149eeb3d2da
                                            • Opcode Fuzzy Hash: 68e555232d40e83b39fb227009610d0b81c388a4ed7cd61b3d35d811e84c965e
                                            • Instruction Fuzzy Hash: DCE02651F28685C6FB151E35EC8477D21427B84B60F4C0070D99E263C0CC2FD88243C0
                                            Function 00007FFB23AF3F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Err_$OccurredString
                                            • String ID: PyObject is NULL
                                            • API String ID: 114435612-3221357749
                                            • Opcode ID: 355c341b8e5147979a86be8a9b23e5b4f26093e06cf9b592a0fc7117dbd9fe35
                                            • Instruction ID: d891159c70967fb38015aa3686dc1391e5d89ac6ba868f462b45de3acb9303f8
                                            • Opcode Fuzzy Hash: 355c341b8e5147979a86be8a9b23e5b4f26093e06cf9b592a0fc7117dbd9fe35
                                            • Instruction Fuzzy Hash: 29E0EDB9B0A583C1EB0A5F35EC9423D23A4AF89B48F9C44B5C50E67350DE2EE4158740
                                            Function 00007FFB23AF583A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5848
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5867
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF588A
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF58A9
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9A2A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FromLong_Module_ObjectVoid$Dealloc
                                            • String ID: _memmove_addr
                                            • API String ID: 3221970233-672319157
                                            • Opcode ID: 3a6dafbbce99c897691191f04f0ef3626cecbec49e268000f45a8f415cab1a30
                                            • Instruction ID: eb301bc51a128085c268be67d69be4fc3f569b31455eaa2ee6ca5d34db00b332
                                            • Opcode Fuzzy Hash: 3a6dafbbce99c897691191f04f0ef3626cecbec49e268000f45a8f415cab1a30
                                            • Instruction Fuzzy Hash: 3FE0E5A9A0D78286EA2B9F71DD9427C2660AF06F81B0C01BAC95E72661DE2EB0459311
                                            Function 00007FFB23AF5942 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5950
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF596F
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF598D
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59AC
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59C1
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59E0
                                            • PyLong_FromLong.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF59F8
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5A17
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF99CE
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF99EE
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9A2A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FromLong_Module_Object$DeallocLong$Void
                                            • String ID: _wstring_at_addr
                                            • API String ID: 3789324372-926622358
                                            • Opcode ID: c719728f9d8f1fceec6b767fb32faf7840cb5e6d927dc4d0ed7ad89be90e7c2b
                                            • Instruction ID: 64b205a7d4da50bf5973ad8bebc6c16c327efce4688d0f5cf0f1e1ee3765dff9
                                            • Opcode Fuzzy Hash: c719728f9d8f1fceec6b767fb32faf7840cb5e6d927dc4d0ed7ad89be90e7c2b
                                            • Instruction Fuzzy Hash: CBE0C0A490D78286EB2B5B71DD9427C6B606F06B81B4C01B9CA4E61651DE1FA145C311
                                            Function 00007FFB23AF5900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF590E
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF592D
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF5950
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF596F
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9A2A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FromLong_Module_ObjectVoid$Dealloc
                                            • String ID: _cast_addr
                                            • API String ID: 3221970233-1452554405
                                            • Opcode ID: 2e27b3a9630f9cc4c19acb36e03fbeede101570f1445688dbb59121dc1adfa3a
                                            • Instruction ID: 5d57bb054b5d91b50406d1908d153764be3807115d567596399530b28c33872f
                                            • Opcode Fuzzy Hash: 2e27b3a9630f9cc4c19acb36e03fbeede101570f1445688dbb59121dc1adfa3a
                                            • Instruction Fuzzy Hash: 0DE0E5A5A0E7D242E6279B71C9D827C27606F06F50B0C46BDCA4E62651DF1EA1418351
                                            Function 00007FFB23AF587C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF588A
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF58A9
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF58CC
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF58EB
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9A2A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FromLong_Module_ObjectVoid$Dealloc
                                            • String ID: _memset_addr
                                            • API String ID: 3221970233-2531778111
                                            • Opcode ID: 872357af3f6beff5a52cb8dcda0f2b565f5267e84d55061a6c1f5ec3fdf27cc0
                                            • Instruction ID: 3606305e52f0f2105f7effa3fd67a7e259b6abaed31ad7d7b9031260b446a233
                                            • Opcode Fuzzy Hash: 872357af3f6beff5a52cb8dcda0f2b565f5267e84d55061a6c1f5ec3fdf27cc0
                                            • Instruction Fuzzy Hash: 25E0EDA8A0A38386E62B9F35DC9867C27606F06B84B0C41B9CA4E722A1DF2E70419341
                                            Function 00007FFB23AFF3D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FormatFromUnicode_
                                            • String ID: <Field type=%s, ofs=%zd, size=%zd>$<Field type=%s, ofs=%zd:%zd, bits=%zd>
                                            • API String ID: 3889672380-2914491812
                                            • Opcode ID: 476117b169005f95727f359e015a4d61143d3a6aee1e1c30a7c2d3aa7062988c
                                            • Instruction ID: dd7e6edd654f969fe814fb50a4a6bf03ab17861b7f88b7de504c7d155bf7c349
                                            • Opcode Fuzzy Hash: 476117b169005f95727f359e015a4d61143d3a6aee1e1c30a7c2d3aa7062988c
                                            • Instruction Fuzzy Hash: 71E0EDAAF04A81C1DB198F19DC8446C3720FB55B58F990066CA8C53370DF39D56BC744
                                            Function 00007FFB23AF58BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                            Download Yara Rule
                                            APIs
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF58CC
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF58EB
                                            • PyLong_FromVoidPtr.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF590E
                                            • PyModule_AddObjectRef.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF592D
                                            • _Py_Dealloc.PYTHON312(?,?,00000000,00007FFB23AF52F4,?,?,?,00007FFB23AF5270), ref: 00007FFB23AF9A2A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: FromLong_Module_ObjectVoid$Dealloc
                                            • String ID: _string_at_addr
                                            • API String ID: 3221970233-229390179
                                            • Opcode ID: da20146c8b820d195e782e8b1bab5a207b39d828c4a84d702bd8a942d8272744
                                            • Instruction ID: ae2579ab35399a474fe79e1614a3cc681c1c3d8a037305e61b1255512d768965
                                            • Opcode Fuzzy Hash: da20146c8b820d195e782e8b1bab5a207b39d828c4a84d702bd8a942d8272744
                                            • Instruction Fuzzy Hash: E5E0EDA890D38286E6279B75DD9437C26A06F06F84B0C01F9CA1E71655EF2E71558701
                                            Function 00007FFB23AFFE1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Capsule_FreeMem_Pointer
                                            • String ID: _ctypes/cfield.c pymem
                                            • API String ID: 1268649101-2578739719
                                            • Opcode ID: edd68b0c1a162f0c77e0e80d215a61351acf243995dce8512bb46a683e36898c
                                            • Instruction ID: c3a12d4d1e1e53864cd250d6a2a0e814c8738fff5071248b8be457484e5df16d
                                            • Opcode Fuzzy Hash: edd68b0c1a162f0c77e0e80d215a61351acf243995dce8512bb46a683e36898c
                                            • Instruction Fuzzy Hash: CBC0C998F1668281ED0A5F21EC8812812507F44744B8800B4D44E26261DE2C61178700
                                            Function 00007FFB23AFE94C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON
                                            Download Yara Rule
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2561598399.00007FFB23AF1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFB23AF0000, based on PE: true
                                            • Associated: 0000000E.00000002.2561503801.00007FFB23AF0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561672465.00007FFB23B01000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561724363.00007FFB23B08000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0C000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            • Associated: 0000000E.00000002.2561782211.00007FFB23B0E000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23af0000_python.jbxd
                                            Similarity
                                            • API ID: Capsule_FreeMem_Pointer
                                            • String ID: _ctypes pymem
                                            • API String ID: 1268649101-201515578
                                            • Opcode ID: 3df2ee0103ec446753a17d2684cd35960225fd03b1f9db282863492f2db663f5
                                            • Instruction ID: e17abc1ad20008698a152eb3497f7a8d2301e12ca5f2d17063e040c6be4135f6
                                            • Opcode Fuzzy Hash: 3df2ee0103ec446753a17d2684cd35960225fd03b1f9db282863492f2db663f5
                                            • Instruction Fuzzy Hash: A1C01298F0AB82D1ED0E5F35ECCC12812507F05B40F8800B5D08E26350EE2CA1578300
                                            Function 00007FFB23B16E64 Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                            Download Yara Rule
                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,00007FFB23B16CE9,?,?,?,?,00007FFB23B20582,?,?,?,?,?), ref: 00007FFB23B16E83
                                            • SetLastError.KERNEL32(?,?,?,00007FFB23B16CE9,?,?,?,?,00007FFB23B20582,?,?,?,?,?), ref: 00007FFB23B16F0C
                                            Memory Dump Source
                                            • Source File: 0000000E.00000002.2562063922.00007FFB23B11000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFB23B10000, based on PE: true
                                            • Associated: 0000000E.00000002.2561936989.00007FFB23B10000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562173163.00007FFB23B23000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562328058.00007FFB23B28000.00000004.00000001.01000000.00000008.sdmpDownload File
                                            • Associated: 0000000E.00000002.2562543173.00007FFB23B29000.00000002.00000001.01000000.00000008.sdmpDownload File
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_14_2_7ffb23b10000_python.jbxd
                                            Similarity
                                            • API ID: ErrorLast
                                            • String ID:
                                            • API String ID: 1452528299-0
                                            • Opcode ID: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                            • Instruction ID: 2cbc61d6835949937ec572bf8961c662f16086faa7e6fe5599ca7a476578fe18
                                            • Opcode Fuzzy Hash: 29fbcb28d85caf8942357daff49778de6b87ab13b42ab574bfe6367f35ca65f9
                                            • Instruction Fuzzy Hash: AB114FA8E097C682EA128F35DC5873D2291AF447A0F0C47B4DDEE677D5DE2CE4428710

                                            Execution Graph

                                            Execution Coverage:14.6%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:67
                                            Total number of Limit Nodes:11
                                            execution_graph 2346 1f77b42cae8 LoadLibraryA 2347 1f77b42cb0a 2346->2347 2348 1f77b42cb00 2346->2348 2347->2348 2349 1f77b42cb3a VirtualProtect 2347->2349 2349->2348 2350 1f77b42cb58 2349->2350 2351 1f77b42cb66 VirtualProtect 2350->2351 2352 1f77b42cb86 2351->2352 2352->2348 2353 1f77b42cba1 VirtualProtect 2352->2353 2353->2348 2354 1f77b42cbba 2353->2354 2355 1f77b42cbc8 VirtualProtect 2354->2355 2355->2348 2360 1f77ccf48f0 2361 1f77ccf4952 wprintf 2360->2361 2362 1f77ccf4912 2360->2362 2363 1f77ccf4a4d 2361->2363 2362->2361 2364 1f77ccf5350 2365 1f77ccf53ac 2364->2365 2366 1f77ccf56f3 wprintf 2365->2366 2367 1f77ccf57f5 wprintf 2366->2367 2369 1f77ccf5baf 2367->2369 2370 1f77ccf5e0c 2371 1f77ccf5e5c wprintf 2370->2371 2372 1f77ccf5e1c 2370->2372 2373 1f77ccf5f59 wprintf 2371->2373 2372->2371 2375 1f77ccf62b6 2373->2375 2376 1f77ccf4e09 2377 1f77ccf4e59 CreateProcessW 2376->2377 2378 1f77ccf4e19 2376->2378 2379 1f77ccf4fd4 2377->2379 2378->2377 2380 1f77ccf3888 2381 1f77ccf38ea StrCmpW 2380->2381 2382 1f77ccf38aa 2380->2382 2383 1f77ccf3989 2381->2383 2382->2381 2384 1f77b42d933 2385 1f77b42d95a 2384->2385 2386 1f77b42d995 VirtualAlloc 2385->2386 2394 1f77b42d9b2 2385->2394 2387 1f77b42d9de 2386->2387 2386->2394 2388 1f77b42da97 LoadLibraryA 2387->2388 2389 1f77b42dab2 2387->2389 2387->2394 2388->2387 2389->2394 2397 1f77b42db66 2389->2397 2412 1f77b42cadb 2389->2412 2391 1f77b42db3c 2392 1f77b42db40 2391->2392 2398 1f77b42cbf3 LoadLibraryA 2391->2398 2392->2391 2392->2394 2397->2394 2408 1f77b42e18b 2397->2408 2399 1f77b42cc18 2398->2399 2400 1f77b42cc22 2398->2400 2399->2394 2399->2397 2400->2399 2401 1f77b42cc52 VirtualProtect 2400->2401 2401->2399 2402 1f77b42cc70 2401->2402 2403 1f77b42cc7e VirtualProtect 2402->2403 2404 1f77b42cc9e 2403->2404 2404->2399 2405 1f77b42ccb9 VirtualProtect 2404->2405 2405->2399 2406 1f77b42ccd2 2405->2406 2407 1f77b42cce0 VirtualProtect 2406->2407 2407->2399 2409 1f77b42e1d4 2408->2409 2410 1f77b42e1f1 VirtualAlloc 2409->2410 2411 1f77b42e217 2409->2411 2410->2411 2411->2394 2413 1f77b42cae8 LoadLibraryA 2412->2413 2414 1f77b42cb0a 2413->2414 2415 1f77b42cb00 2413->2415 2414->2415 2416 1f77b42cb3a VirtualProtect 2414->2416 2415->2391 2416->2415 2417 1f77b42cb58 2416->2417 2418 1f77b42cb66 VirtualProtect 2417->2418 2419 1f77b42cb86 2418->2419 2419->2415 2420 1f77b42cba1 VirtualProtect 2419->2420 2420->2415 2421 1f77b42cbba 2420->2421 2422 1f77b42cbc8 VirtualProtect 2421->2422 2422->2415

                                            Executed Functions

                                            Function 000001F77B42D933 Relevance: 3.4, APIs: 2, Instructions: 406memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 126 1f77b42d933-1f77b42d989 call 1f77b42ebb3 * 3 133 1f77b42d98b-1f77b42d98e 126->133 134 1f77b42d9c0 126->134 133->134 135 1f77b42d990-1f77b42d993 133->135 136 1f77b42d9c3-1f77b42d9dd 134->136 135->134 137 1f77b42d995-1f77b42d9b0 VirtualAlloc 135->137 138 1f77b42d9de-1f77b42da09 call 1f77b42f107 call 1f77b42f127 137->138 139 1f77b42d9b2-1f77b42d9b9 137->139 145 1f77b42da0b-1f77b42da40 call 1f77b42ed6f call 1f77b42ec27 138->145 146 1f77b42da46-1f77b42da5d call 1f77b42ebb3 138->146 139->134 141 1f77b42d9bb-1f77b42d9bd 139->141 141->134 145->146 155 1f77b42dcdd-1f77b42dce9 145->155 146->134 152 1f77b42da63-1f77b42da64 146->152 154 1f77b42da6a-1f77b42da70 152->154 156 1f77b42dab2-1f77b42dabc 154->156 157 1f77b42da72 154->157 158 1f77b42dceb-1f77b42dcf5 155->158 159 1f77b42dd1f-1f77b42dd43 call 1f77b42f127 155->159 160 1f77b42daea-1f77b42daf3 156->160 161 1f77b42dabe-1f77b42dad9 call 1f77b42ebb3 156->161 162 1f77b42da74-1f77b42da76 157->162 158->159 165 1f77b42dcf7-1f77b42dd18 call 1f77b42f127 158->165 190 1f77b42dd4a-1f77b42dd4c 159->190 191 1f77b42dd45-1f77b42dd47 159->191 168 1f77b42db0e-1f77b42db11 160->168 169 1f77b42daf5-1f77b42daff call 1f77b42cd0b 160->169 161->155 180 1f77b42dadf-1f77b42dae8 161->180 163 1f77b42da78-1f77b42da7e 162->163 164 1f77b42da93-1f77b42da95 162->164 163->164 170 1f77b42da80-1f77b42da91 163->170 164->156 171 1f77b42da97-1f77b42dab0 LoadLibraryA 164->171 165->159 168->155 176 1f77b42db17-1f77b42db21 168->176 169->155 185 1f77b42db05-1f77b42db0c 169->185 170->162 170->164 171->154 177 1f77b42db2b-1f77b42db32 176->177 178 1f77b42db23-1f77b42db24 176->178 182 1f77b42db66-1f77b42db6a 177->182 183 1f77b42db34-1f77b42db35 177->183 178->177 180->160 180->161 188 1f77b42dc78-1f77b42dc80 182->188 189 1f77b42db70-1f77b42db92 182->189 186 1f77b42db37 call 1f77b42cadb 183->186 185->177 194 1f77b42db3c-1f77b42db3e 186->194 192 1f77b42dcd2-1f77b42dcd8 call 1f77b42e18b 188->192 193 1f77b42dc82-1f77b42dc88 188->193 189->155 204 1f77b42db98-1f77b42dbaf call 1f77b42f107 189->204 190->136 191->190 192->155 195 1f77b42dc8a-1f77b42dc90 193->195 196 1f77b42dc9f-1f77b42dcb1 call 1f77b42d6eb 193->196 197 1f77b42db4d-1f77b42db50 call 1f77b42cbf3 194->197 198 1f77b42db40-1f77b42db47 194->198 195->155 201 1f77b42dc92-1f77b42dc9d call 1f77b42e613 195->201 211 1f77b42dcc3-1f77b42dcd0 call 1f77b42d18b 196->211 212 1f77b42dcb3-1f77b42dcbe call 1f77b42dd53 196->212 207 1f77b42db55-1f77b42db57 197->207 198->155 198->197 201->155 214 1f77b42dbd2-1f77b42dbf9 204->214 215 1f77b42dbb1-1f77b42dbb4 204->215 207->182 213 1f77b42db59-1f77b42db60 207->213 211->155 212->211 213->155 213->182 214->155 223 1f77b42dbff-1f77b42dc73 214->223 215->188 218 1f77b42dbba-1f77b42dbcd call 1f77b42ee8b 215->218 224 1f77b42dc75-1f77b42dc76 218->224 223->155 223->224 224->188
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 000001F77B3DE000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77b3de000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocLibraryLoadVirtual
                                            • String ID:
                                            • API String ID: 3550616410-0
                                            • Opcode ID: fe28ec89fccc7c30a97a41b99cb39f37780980cf65fc522e14c47b80859a8ba4
                                            • Instruction ID: 398c5507bcf441258ac4ece5fe630bfc62adecb2e8f141e34fd985799c40b902
                                            • Opcode Fuzzy Hash: fe28ec89fccc7c30a97a41b99cb39f37780980cf65fc522e14c47b80859a8ba4
                                            • Instruction Fuzzy Hash: D2D17B31628E094BEF64FA2EC4997FA73D1FB59300F58067DD58BC32CADA30E9469641
                                            Function 000001F77B42E18B Relevance: 1.8, APIs: 1, Instructions: 500memoryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 264 1f77b42e18b-1f77b42e1eb 266 1f77b42e5fc-1f77b42e60f 264->266 267 1f77b42e1f1-1f77b42e211 VirtualAlloc 264->267 267->266 268 1f77b42e217-1f77b42e235 call 1f77b42f107 267->268 271 1f77b42e237-1f77b42e262 call 1f77b42f107 268->271 272 1f77b42e264-1f77b42e26c 268->272 271->272 273 1f77b42e26e-1f77b42e27c 272->273 274 1f77b42e2e4-1f77b42e2ec 272->274 273->274 276 1f77b42e27e 273->276 277 1f77b42e38a-1f77b42e392 274->277 278 1f77b42e2f2-1f77b42e2fb 274->278 282 1f77b42e283-1f77b42e287 276->282 280 1f77b42e406-1f77b42e40e 277->280 281 1f77b42e394-1f77b42e3a0 277->281 278->277 283 1f77b42e301-1f77b42e31a 278->283 286 1f77b42e410-1f77b42e418 280->286 287 1f77b42e434-1f77b42e43e 280->287 281->280 284 1f77b42e3a2-1f77b42e3b0 281->284 285 1f77b42e2d0-1f77b42e2da 282->285 300 1f77b42e368-1f77b42e36e 283->300 301 1f77b42e3b2-1f77b42e3c0 284->301 302 1f77b42e3f0-1f77b42e3fc 284->302 291 1f77b42e289-1f77b42e2a1 285->291 292 1f77b42e2dc-1f77b42e2e2 285->292 286->287 288 1f77b42e41a 286->288 289 1f77b42e55a-1f77b42e564 287->289 290 1f77b42e444-1f77b42e467 287->290 294 1f77b42e42c-1f77b42e432 288->294 296 1f77b42e590-1f77b42e5b0 call 1f77b42f127 * 2 289->296 297 1f77b42e566-1f77b42e58b call 1f77b42e90f 289->297 305 1f77b42e5ee-1f77b42e5f7 290->305 314 1f77b42e46d-1f77b42e475 290->314 298 1f77b42e2c2-1f77b42e2c6 291->298 299 1f77b42e2a3-1f77b42e2c0 291->299 292->274 292->282 294->287 303 1f77b42e41c-1f77b42e429 294->303 336 1f77b42e5b2-1f77b42e5cf 296->336 337 1f77b42e5df-1f77b42e5e9 296->337 297->296 304 1f77b42e2cc-1f77b42e2cd 298->304 298->305 299->304 308 1f77b42e31c 300->308 309 1f77b42e370-1f77b42e379 300->309 312 1f77b42e3e8-1f77b42e3ee 301->312 302->284 316 1f77b42e3fe-1f77b42e3ff 302->316 303->294 304->285 305->266 310 1f77b42e329-1f77b42e332 308->310 311 1f77b42e31e-1f77b42e327 308->311 309->283 317 1f77b42e37b-1f77b42e384 309->317 319 1f77b42e34e-1f77b42e354 310->319 320 1f77b42e334-1f77b42e343 call 1f77b42d60b 310->320 331 1f77b42e35c-1f77b42e365 311->331 312->302 324 1f77b42e3c2-1f77b42e3c9 312->324 314->305 322 1f77b42e47b-1f77b42e483 314->322 316->280 317->277 334 1f77b42e359-1f77b42e35a 319->334 320->319 338 1f77b42e345-1f77b42e34c 320->338 322->305 329 1f77b42e489-1f77b42e49c 322->329 327 1f77b42e3cb-1f77b42e3ce 324->327 328 1f77b42e3d0-1f77b42e3d5 324->328 333 1f77b42e3d7-1f77b42e3e5 327->333 328->333 335 1f77b42e49e-1f77b42e4ae call 1f77b42f143 329->335 331->300 333->312 334->331 344 1f77b42e4be-1f77b42e4ca 335->344 345 1f77b42e4b0-1f77b42e4b2 335->345 336->305 343 1f77b42e5d1-1f77b42e5dd 336->343 337->305 338->334 343->305 348 1f77b42e4d4-1f77b42e4f5 call 1f77b42f127 * 2 344->348 346 1f77b42e4cc-1f77b42e4cd 345->346 347 1f77b42e4b4-1f77b42e4bc 345->347 346->348 347->335 348->305 354 1f77b42e4fb-1f77b42e50d 348->354 355 1f77b42e552-1f77b42e555 354->355 356 1f77b42e50f-1f77b42e517 354->356 355->305 357 1f77b42e519-1f77b42e539 356->357 358 1f77b42e53f-1f77b42e54d 356->358 357->358 358->305
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 000001F77B3DE000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77b3de000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: f79c8a23afe56d11b94332f0aa4a683b06ab6a29ecf11af3662490c09a5fc48f
                                            • Instruction ID: 9811a9aff974fe390154d3b9d40180b580729d50f056a843374daf03455b5782
                                            • Opcode Fuzzy Hash: f79c8a23afe56d11b94332f0aa4a683b06ab6a29ecf11af3662490c09a5fc48f
                                            • Instruction Fuzzy Hash: ABF19230268A0A8BDB68EF5AC8497F5B3D0FB54311F58463DD98AC32D5EF34E8429685
                                            Function 000001F77CCF5350 Relevance: 7.8, APIs: 2, Strings: 2, Instructions: 761COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 1f77ccf5350-1f77ccf5444 call 1f77ccf3320 call 1f77ccf3a90 5 1f77ccf5446-1f77ccf54f0 0->5 6 1f77ccf54f6-1f77ccf5515 5->6 7 1f77ccf56bd-1f77ccf56ee 5->7 8 1f77ccf551c-1f77ccf5532 6->8 7->5 9 1f77ccf56b8 8->9 10 1f77ccf5538-1f77ccf55b4 8->10 9->7 11 1f77ccf55bb-1f77ccf55e3 10->11 12 1f77ccf5680-1f77ccf56ad 11->12 13 1f77ccf55e9-1f77ccf561e 11->13 16 1f77ccf56f3-1f77ccf57f3 wprintf 12->16 17 1f77ccf56b3 12->17 14 1f77ccf5624-1f77ccf562f 13->14 15 1f77ccf564c-1f77ccf5654 13->15 14->15 19 1f77ccf5635-1f77ccf5647 14->19 20 1f77ccf565b-1f77ccf567b 15->20 18 1f77ccf57f5-1f77ccf589f 16->18 17->8 21 1f77ccf58a5-1f77ccf58c4 18->21 22 1f77ccf5a6c-1f77ccf5a9d 18->22 19->20 20->11 23 1f77ccf58cb-1f77ccf58e1 21->23 22->18 24 1f77ccf5a67 23->24 25 1f77ccf58e7-1f77ccf5963 23->25 24->22 26 1f77ccf596a-1f77ccf5992 25->26 27 1f77ccf5a2f-1f77ccf5a5c 26->27 28 1f77ccf5998-1f77ccf59cd 26->28 31 1f77ccf5aa2-1f77ccf5bad wprintf 27->31 32 1f77ccf5a62 27->32 29 1f77ccf59d3-1f77ccf59de 28->29 30 1f77ccf59fb-1f77ccf5a03 28->30 29->30 34 1f77ccf59e4-1f77ccf59f6 29->34 35 1f77ccf5a0a-1f77ccf5a2a 30->35 33 1f77ccf5baf-1f77ccf5c59 31->33 32->23 36 1f77ccf5e26-1f77ccf5e57 33->36 37 1f77ccf5c5f-1f77ccf5c9b 33->37 34->35 35->26 36->33 38 1f77ccf5e21 37->38 39 1f77ccf5ca1-1f77ccf5d1d 37->39 38->36 41 1f77ccf5d24-1f77ccf5d4c 39->41 42 1f77ccf5d52-1f77ccf5d87 41->42 43 1f77ccf5de9-1f77ccf5e01 41->43 44 1f77ccf5db5-1f77ccf5dbd 42->44 45 1f77ccf5d8d-1f77ccf5d98 42->45 43->38 47 1f77ccf5dc4-1f77ccf5de4 44->47 45->44 46 1f77ccf5d9e-1f77ccf5db0 45->46 46->47 47->41
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558941586.000001F77CCF1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F77CCF1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77ccf1000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID: ^UH$^UH
                                            • API String ID: 3614878089-4288322697
                                            • Opcode ID: cd0467bb25058187754955881b57e189ea0ee1d03ff72920c450540b919a839a
                                            • Instruction ID: f0cef70ca5cb05864d9862a97331408329b1026e0d0885f8ba2aad417f6c5865
                                            • Opcode Fuzzy Hash: cd0467bb25058187754955881b57e189ea0ee1d03ff72920c450540b919a839a
                                            • Instruction Fuzzy Hash: C862DC7061CB898FD7B5EF18C098BAAB7E5FBA8301F14496ED48DC7261DB709581CB42
                                            Function 000001F77B42CBF3 Relevance: 7.6, APIs: 5, Instructions: 125memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 000001F77B3DE000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77b3de000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ProtectVirtual$LibraryLoad
                                            • String ID:
                                            • API String ID: 895956442-0
                                            • Opcode ID: 1e619bdf4bf7d8a1f72fe11a15149652bafd81afc1c25810297ea3c6b5571fd2
                                            • Instruction ID: c9e7a1295c61df07fb4cb996e823c2c9bc61027063c3faa9f17209ce47848fbe
                                            • Opcode Fuzzy Hash: 1e619bdf4bf7d8a1f72fe11a15149652bafd81afc1c25810297ea3c6b5571fd2
                                            • Instruction Fuzzy Hash: B931923131CA194BDB58BB1EE8592FA73D5EB94310F080269ED4BD32CADAA4DD4687C1
                                            Function 000001F77B42CAE8 Relevance: 7.6, APIs: 5, Instructions: 115memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 000001F77B3DE000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77b3de000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ProtectVirtual$LibraryLoad
                                            • String ID:
                                            • API String ID: 895956442-0
                                            • Opcode ID: cb0b48a04ba6d100bcb83f194f8859affeb3638fd54d705697e528f09cea4154
                                            • Instruction ID: 12d19a5295ad5083477be2dba933953ccef9ead27838cc5577245c39e8deaacb
                                            • Opcode Fuzzy Hash: cb0b48a04ba6d100bcb83f194f8859affeb3638fd54d705697e528f09cea4154
                                            • Instruction Fuzzy Hash: 2A31843531CA094BDB68BA5DA8593B977D6F794320F080269DD0BC32CADD64DD4687C1
                                            Function 000001F77CCF3888 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558941586.000001F77CCF1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F77CCF1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77ccf1000_python.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 7f5b429a7d83c9a93937d9167fb75ff8c49188c4724035ef35a6a62853badde2
                                            • Instruction ID: 1b8acc0f87bb00f41fdad957db1202b90a71a60bcede164aeabe68dc4fd3c880
                                            • Opcode Fuzzy Hash: 7f5b429a7d83c9a93937d9167fb75ff8c49188c4724035ef35a6a62853badde2
                                            • Instruction Fuzzy Hash: 8F41DB7111CB898FD7B5EF18C4A8BEAB7E1FB98300F144A5E908DC7290DB759485CB42
                                            Function 000001F77CCF5E0C Relevance: 3.5, APIs: 2, Instructions: 457COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558941586.000001F77CCF1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F77CCF1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77ccf1000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID:
                                            • API String ID: 3614878089-0
                                            • Opcode ID: 2b2b92e1177cbbd6d7921cb2798bcffe5b8430698eb64afc839c572e73592dbb
                                            • Instruction ID: 08bb89d56fca0a680d936c31a0b03400dd5ca0f3d5f16ab6a32e79dca9aa55d1
                                            • Opcode Fuzzy Hash: 2b2b92e1177cbbd6d7921cb2798bcffe5b8430698eb64afc839c572e73592dbb
                                            • Instruction Fuzzy Hash: 4802CC7420CA898FDBB4EF18C494BEAB7E1FBA9301F14496E958DC7251DB70D881CB46
                                            Function 000001F77CCF48F0 Relevance: 1.8, APIs: 1, Instructions: 344COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 228 1f77ccf48f0-1f77ccf490c 229 1f77ccf4952-1f77ccf4a3f wprintf 228->229 230 1f77ccf4912 228->230 231 1f77ccf4a4d-1f77ccf4a5f 229->231 230->229 232 1f77ccf4a75 231->232 233 1f77ccf4a65-1f77ccf4a70 231->233 234 1f77ccf4a80-1f77ccf4bb9 232->234 233->234 235 1f77ccf4bbb-1f77ccf4c65 234->235 236 1f77ccf4e23-1f77ccf4e54 235->236 237 1f77ccf4c6b-1f77ccf4ca7 235->237 236->235 238 1f77ccf4e1e 237->238 239 1f77ccf4cad-1f77ccf4d29 237->239 238->236 241 1f77ccf4d30-1f77ccf4d58 239->241 242 1f77ccf4de6-1f77ccf4dfe 241->242 243 1f77ccf4d5e-1f77ccf4d90 241->243 242->238 244 1f77ccf4d96-1f77ccf4da1 243->244 245 1f77ccf4dbb-1f77ccf4dc3 243->245 244->245 246 1f77ccf4da7-1f77ccf4db6 244->246 247 1f77ccf4dc7-1f77ccf4de1 245->247 246->247 247->241
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558941586.000001F77CCF1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F77CCF1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77ccf1000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID:
                                            • API String ID: 3614878089-0
                                            • Opcode ID: 9b62ba27d57b37bb9246174b15b6a9ac0dc30f0c88906bbf78c74f26e4fbc882
                                            • Instruction ID: 0cd37a87ee118f199c177d313290d8897be8bcd29a7a1201b8519344d4131a54
                                            • Opcode Fuzzy Hash: 9b62ba27d57b37bb9246174b15b6a9ac0dc30f0c88906bbf78c74f26e4fbc882
                                            • Instruction Fuzzy Hash: 8DE1D67051DB898FD7B5EF18C498BEAB7E5FBA9301F14096E948DC7261DB309680CB42
                                            Function 000001F77CCF4E09 Relevance: 1.8, APIs: 1, Instructions: 306processCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 248 1f77ccf4e09-1f77ccf4e13 249 1f77ccf4e59-1f77ccf4fd2 CreateProcessW 248->249 250 1f77ccf4e19 248->250 251 1f77ccf4fd4-1f77ccf507e 249->251 250->249 252 1f77ccf5084-1f77ccf50c0 251->252 253 1f77ccf523c-1f77ccf526d 251->253 254 1f77ccf50c6-1f77ccf5142 252->254 255 1f77ccf5237 252->255 253->251 257 1f77ccf5149-1f77ccf5171 254->257 255->253 258 1f77ccf51ff-1f77ccf5217 257->258 259 1f77ccf5177-1f77ccf51a9 257->259 258->255 260 1f77ccf51d4-1f77ccf51dc 259->260 261 1f77ccf51af-1f77ccf51ba 259->261 263 1f77ccf51e0-1f77ccf51fa 260->263 261->260 262 1f77ccf51c0-1f77ccf51cf 261->262 262->263 263->257
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558941586.000001F77CCF1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F77CCF1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77ccf1000_python.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 5cae9e121b49277173e6a3d6ca3402613bcde6e39c0516c9c4cfefa2e157f941
                                            • Instruction ID: 4688a37ae73a693a6b4ae7935966b6575583518975d3860761d144343cf811cb
                                            • Opcode Fuzzy Hash: 5cae9e121b49277173e6a3d6ca3402613bcde6e39c0516c9c4cfefa2e157f941
                                            • Instruction Fuzzy Hash: 30C10DB050CB888FDBB4EF18C494BAAB7E1FBA9305F14495ED58DC7251DB70A481CB46
                                            Function 000001F77CCF5222 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 362 1f77ccf5222-1f77ccf522c 363 1f77ccf5272-1f77ccf5320 wprintf call 1f77ccf3430 362->363 364 1f77ccf5232 362->364 366 1f77ccf5325-1f77ccf5346 call 1f77cd1cd90 363->366 364->363
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558941586.000001F77CCF1000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001F77CCF1000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77ccf1000_python.jbxd
                                            Similarity
                                            • API ID: wprintf
                                            • String ID:
                                            • API String ID: 3614878089-0
                                            • Opcode ID: ae017e59c25e42a9652eda579c30f58d9e0cbfec3ba82ae9614462158969d6a2
                                            • Instruction ID: d551396d42f99530ea37b5288a533a8b445b7c529f40d3cb7dd2803a393b6fa5
                                            • Opcode Fuzzy Hash: ae017e59c25e42a9652eda579c30f58d9e0cbfec3ba82ae9614462158969d6a2
                                            • Instruction Fuzzy Hash: C921BC7421CA498FDBF8EB18C494BAAB3E1FBD8315F14455D818EC7294CB35E881CB46
                                            Function 000001F77B42CADB Relevance: 1.5, APIs: 1, Instructions: 35memorylibraryCOMMON
                                            Download Yara Rule

                                            Control-flow Graph

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000017.00000002.2558619186.000001F77B3DE000.00000040.00000020.00020000.00000000.sdmp, Offset: 000001F77B3DE000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_23_2_1f77b3de000_python.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ProtectVirtual$LibraryLoad
                                            • String ID:
                                            • API String ID: 895956442-0
                                            • Opcode ID: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                            • Instruction ID: b4cff933409be08b00776311f32fc3573bfecebed5294c4767b74d849e94ab68
                                            • Opcode Fuzzy Hash: 18f38e2fc847854b46ad59a886f9863d7abffa86fceba1a0e453a632ae2104e0
                                            • Instruction Fuzzy Hash: 73E0D83121CA0D4FF768A69EE84A7F67AD8D796371F04013EE64AC2143E04598924391